It strikes me that if we wish to allow for inter-domain communication
using GRASP, in conjunction with intra-domain usage, then the security
considerations are more complex than noted so far.
I think this can be addressed by writing security considerations text
that explicitly talks about the need to be careful about what
information is exchanged between intra and inter-domain grasp instances,
so as to avoid either leakage or contamination.
If this is done, then additional text in 3.3.1 could point to that to
make sure that these limited instances are properly limited.
I do wonder, given the possibility of such information leakage, if there
is an added complication of information being improperly attributed
after such exchanges. I would hope we can avoid a Grasp version of the
famous cases of BGP information being injected into IGPs, and then
re-exported as if it were locally sourced information.
Yours,
Joel
On 8/2/16 1:02 AM, Brian E Carpenter wrote:
Hi,
Here's a summary of the active open issues in GRASP following
IETF 96. Not all of these were listed in the -06 draft.
Comments please! It would be helpful to include the issue number in the Subject.
...
49. Section 3.3.1 should say more about signaling between two
autonomic networks/domains.
==> Proposed resolution is to briefly describe a separate GRASP instance
to allow this without risking the security of the normal GRASP instance.
...
Regards
Brian Carpenter
Anima signaling design team
_______________________________________________
Anima mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/anima
