On 1/24/14, 10:04 AM, "Warren Kumari" <[email protected]> wrote:
>Would simply: >"issues of business relationship conformance (of which routing 'leaks' >are a subset), while important to operators, are outside the scope of >this document.” > >cover things well enough? It would at least address the concern about declaring them not to be security concerns, and is enough for the intro, IMO > >>My issue with this text is the reason it provides as to why they’re >> considered out of scope. I don’t think that it’s entirely accurate to >> assert that route leaks are not security issues. While not all route >>leaks >> are security issues, some are. It would be more accurate to reflect the >> discussion that led us to the conclusion that we can’t secure them >>because >> we don’t know what “them” is yet, and are awaiting GROW to define them >>in >> such a way so that we can evaluate if it’s even possible to secure them >>in >> this framework. That may be a longer discussion that doesn’t belong in >>the >> intro, I don’t know. >> > >I suspect it is. It somewhat seems like a non-terminating discussion.... I think it might be appropriate to add a new req in the form of req 3.3 to explain why this is out of scope, or bolster 3.22 to expand on intent as it relates to this, perhaps with some reference to the fact that route leaks are currently not well-enough defined to consistently (and more importantly, systematically) identify them and secure the right BGP attributes to help prevent them Thanks Wes This E-mail and any of its attachments may contain Time Warner Cable proprietary information, which is privileged, confidential, or subject to copyright belonging to Time Warner Cable. This E-mail is intended solely for the use of the individual or entity to which it is addressed. If you are not the intended recipient of this E-mail, you are hereby notified that any dissemination, distribution, copying, or action taken in relation to the contents of and attachments to this E-mail is strictly prohibited and may be unlawful. If you have received this E-mail in error, please notify the sender immediately and permanently delete the original and any copy of this E-mail and any printout. _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
