Last Call Review of draft-ietf-idr-bgp-gr-notification-15
review-ietf-idr-bgp-gr-notification-15-secdir-lc-nir-2018-04-28-00

Request Review of draft-ietf-idr-bgp-gr-notification
Requested rev. no specific revision (document currently at 16)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2018-04-24
Requested 2018-04-10
Draft last updated 2018-04-28
Completed reviews Rtgdir Early review of -03 by Mach Chen (diff)
Rtgdir Early review of -05 by Mach Chen (diff)
Rtgdir Early review of -07 by Emmanuel Baccelli (diff)
Rtgdir Telechat review of -15 by Bruno Decraene (diff)
Opsdir Last Call review of -15 by Qin Wu (diff)
Secdir Last Call review of -15 by Yoav Nir (diff)
Assignment Reviewer Yoav Nir
State Completed
Review review-ietf-idr-bgp-gr-notification-15-secdir-lc-nir-2018-04-28
Reviewed rev. 15 (document currently at 16)
Review result Ready
Review completed: 2018-04-28

Review
review-ietf-idr-bgp-gr-notification-15-secdir-lc-nir-2018-04-28

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the IESG.
These comments were written primarily for the benefit of the security
area directors.  Document editors and WG chairs should treat these
comments just like any other last call comments.

The document extends the BGP Graceful Restart feature from RFC 4724 to also cover Notification messages. It does not make significant changes to the security properties of the original RFC. 

The one concern I had while reading the draft was in section 4.1 where when the extension is active, stale routes are not deleted, so an attacker can use repeated resets (the BGP connection is just TCP) to prevent stale route deletion. As the security considerations section says, this is mitigating by elevating the stale timer (after which stale routes are deleted) from MAY to MUST in that case.

In summary, the document is well-written and deals with the security issues adequately.