On Jan 17, 2013, at 4:41 PM, Andrew Chi wrote:
> On 1/17/2013 4:23 PM, [email protected] wrote:
>> A diff from the previous version is available at:
>> http://www.ietf.org/rfcdiff?url2=draft-ietf-sidr-bgpsec-threats-04
>
> This revision clarifies the wording on route leaks as a residual
> vulnerability, addressing a comment by Chris Morrow.
I have a few problems with this draft, and in particular, with the new text:
- The anecdote at the top of the modified paragraph on page 19 says, ``It has
been stated that...'' without a citation, however, the paragraph then goes on
to say that without an _RFC_ citation we cannot address route leaks. I would
submit that moving from anecdotal hearsay to omission without a normative
reference is an awkward transition.
- While there is no definition of a route leak in an RFC, there is an entire
GROW draft dedicated to it.
- I also don't understand how the text in this (a threats document) can claim
that route leaks are beyond the scope of PATHSEC in a fait accompli manner...
This is a threats document, right? This is a threat to BGP, right? The RPKI
provides semantics that ``BGP, itself does not include semantics...'' for... I
don't think applying this exclusion to route leaks survives a sniff test.
Overall, I think the threats document is still missing a badly needed treatise
on route leaks. I would suggest a good starting point for informational
reading might be the draft:
http://tools.ietf.org/html/draft-grow-simple-leak-attack-bgpsec-no-help-00
Eric
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
