Re: Genart last call review of draft-ietf-grow-large-communities-usage-06

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





On 19/04/2017 00:58, Job Snijders wrote:

============

5.  Security Considerations

    Operators should note the recommendations in Section 11 of BGP
    Operations and Security [RFC7454].

SB> You do not address the question of whether there are new
SB> considerations, or considerations that are of increased importance?
It is my understanding that RFC 8092 "BGP Large Communities" are just
like RFC 1997 "BGP Communities", but ...  larger (for lack of better
words). Referencing RFC 7454 seems plenteous.

So, what if there are not any additional considerations, If there were,
they would've been (or are) covered in RFC 8092's security section,
right?

This is an Internet-Draft targetted for Informational status, I'm not
sure what you expect here.
I was wondering if there was more scope to make mischief at a distance in a less
less obvious way than before.

If everyone is happy that there is no additional risk then I am fine, but seems to me the more knobs you give the mischeif maker to turn the more security risks
you have.

SB> Is there is text somewhere that discusses the integrity and
SB> synchronization of the parameters and any consequences that arise?
the what now? Can you elaborate on the above?
So you rely on the nodes that receive these community strings to interpret them in a common way. Maybe this is an already solved problem, or an known risk, but what
if the dictionaries get out of sync?

===========

Minor issues:

2.2.  Action Communities

    Action Communities are added as a label to request that a route be
    treated in a particular way within an AS.  The operator of the AS
    defines a routing policy that adjusts path attributes based on the
    community.  For example, the route's propagation characteristics,
    the LOCAL_PREF (local preference), the next-hop, or the number of
    AS_PATH prepends to be added when it is received or propagated can
    be changed.

SB> Although these are well known to the target audience, I think you
SB> need some references in the above para.
What reference would you suggest? You feel the section 2.2 text cannot
stand on its own?
As I said I imagine that all readers will know the definition of LOCAL_PREF and
AS_PATH, but normally we give a reference in a documnet like this.

- Stewart




[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]