Looking at the Security Considerations, I would like to see more. An SNMP MIB module calls out which objects might be sensitive to a GET (or SET) while this just has a blanket warning. The Internet only exists because this kind of information is propagated to all and sundry so if this introduces a threat, then I think more detail is needed, especially as the I-D goes on to say 'MAY use some type of secure transport' which is somewhat open! If, for example, this is more sensitive because it is exposing Adj-RIB-in pre the application of policy, then I think that that needs saying; or whatever.
I think that the last paragaph makes a good point, identifying a threat, but weakens it by calling for mutual authentication, which can be a pig to achieve. If the threat is masquerade of a monitored router, then only the router needs authentication which is much easier, and so more likely to happen. /IPSec/IPsec/ Tom Petch ----- Original Message ----- From: "Christopher Morrow" <[email protected]> To: <[email protected]>; <[email protected]>; <[email protected]>; <[email protected]> Sent: Sunday, July 19, 2015 12:05 AM > Howdy Grow folk, > I think at the meeting in 48hrs time Jon Scudder plans to ask (again) > for WGLC for: draft-ietf-grow-bmp > (https://www.ietf.org/internet-drafts/draft-ietf-grow-bmp-09.txt) > > Let's all have read through ,decide if we're happy and get this > pushed along to the IESG for review/pulication. This is the abstract > of the document: > > "This document defines a protocol, BMP, that can be used to monitor > BGP sessions. BMP is intended to provide a more convenient interface > for obtaining route views for research purpose than the screen- > scraping approach in common use today. The design goals are to keep > BMP simple, useful, easily implemented, and minimally service- > affecting. BMP is not suitable for use as a routing protocol." > > Thanks! > -chris morrow > (co-chair 1 or 2) _______________________________________________ GROW mailing list [email protected] https://www.ietf.org/mailman/listinfo/grow
