I have a few textual nits which I will forward to the authors, however I have an areas of concern in from an implementation perspective. section-3 page 10 paragraph states If a given component type within a prefix in unknown, the prefix in question cannot be used for traffic filtering purposes by the receiver. Since a Flow Specification as the semantics of a logical AND of all components, if a component is FALSE by definition it cannot be applied. However for the purposes of BGP route propagation this prefix should still be transmitted since BGP route distribution is independent on NLRI semantics. It seems possible that a maliciously crafted set of components or construct that might cause damage to a particular implementation could be created such that it would bypass some routers(implementations) and not other's, such that malicious data could be injected into routing system some distance from the target and blindly forwarded because the point of injection is unable to validate the components it doesn't implement. I would of course be happy to have my impression be mollified if it is unjustified. _______________________________________________ OPS-DIR mailing list OPS-DIR@xxxxxxxx https://www.ietf.org/mailman/listinfo/ops-dir _______________________________________________ Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf