On 03/08/2016 07:07, Michael Richardson wrote: > > Joel M. Halpern <[email protected]> wrote: > > It strikes me that if we wish to allow for inter-domain communication > using > > GRASP, in conjunction with intra-domain usage, then the security > > considerations are more complex than noted so far. > > I agree strongly. > > In particular, I would suggest that this really calls for a different > instance/profile of GRASP. I.e. that routers should run a different context > (same as running OSPF in different VRFs), and that we should even consider > that it should do discovery on a different port.
I agree too. But there's an inevitable risk. One use case for this is a little bit 'back to the future' - consider ASAs that act as bandwidth brokers. Network A has a bandwidth broker. Network B has a bandwidth broker. They communicate between domains using separate TLS-based GRASP instances. Faulty information from A contaminates B's state, in complete security. Brian _______________________________________________ Anima mailing list [email protected] https://www.ietf.org/mailman/listinfo/anima
