> I’m not happy with this text in the intro: “issues of business > relationship conformance, of which routing 'leaks' are a subset, > while quite important to operators (as are many other things), are > not security issues per se, and are outside the scope of this > document.” > > My issue with this text is the reason it provides as to why they’re > considered out of scope. I don’t think that it’s entirely accurate to > assert that route leaks are not security issues. While not all route leaks > are security issues, some are.
hence the "per se," meaining in and of itself. some cases of pouring cement into a router (see london tube) are security issues, some are not. how would you make that more clear? > It would be more accurate to reflect the discussion that led us to the > conclusion that we can’t secure them because we don’t know what “them” > is yet i don't think that is entirely true. they are announcements of P by A to B which are not agreed by all parties concerned (including A, B, neighbors of A and B, the originator of P, ...). the problem lies in detecting them, especially from a distance. > and are awaiting GROW to define them in such a way so that we can > evaluate if it’s even possible to secure them in this framework. That > may be a longer discussion that doesn’t belong in the intro, I don’t > know. i agree. and i doubt we want "waiting for grow" in a document which is not ephemeral. > Also I think the parenthetical “as are many other things" is > unnecessary and clunky. easily nuked. randy _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
