Draft:  draft-ietf-grow-bgp-wedgies-02.txt
Reviewer: Black_David@emc.com
Date: Monday 6/6/2005 10:01 AM CST

Summary: This draft is basically ready for publication, but has nits that
should be fixed before publication.

Review Comments:

The draft is well-written, as its description of BGP Wedgie
scenarios is accessible to this reviewer who is definitely not
a BGP expert.

The Security Considerations section needs to have an additional
paragraph added on exploitation of BGP Wedgies by an attacker.
A common theme running through the examples is that starting from
an intended/desired routing state, loss of a connection can flip
the collection of networks into an undesired state from which not
only will they not flop back automatically when connectivity is
restored, but from which significant administrative effort (based
on knowledge that may not be locally available) may be required to
cause a flop back into the intended/desired routing state.  If
an attacker can deliberately cause the initial loss of connectivity
thereby producing the initial flip, the network impacts of the
resulting state being undesired/unintended may be long-lived, far
outliving the temporary interruption of connectivity required to
cause them.  If those impacts (e.g., cost, bandwidth limits) are
significant, this could be an attractive attack vector, and
examples of possible impacts should be listed.

I would hope that this issue can be satisfactorily addressed
without lodging a "Discuss" against this draft.  Consultation
with one of the Security Area Directors may be useful.