On 4/19/17 1:52 AM, Stewart Bryant wrote: > > > On 19/04/2017 02:06, Randy Bush wrote: >>>> 5. Security Considerations >>>> >>>> Operators should note the recommendations in Section 11 of BGP >>>> Operations and Security [RFC7454]. >>>> >>>> SB> You do not address the question of whether there are new >>>> SB> considerations, or considerations that are of increased importance? >>> It is my understanding that RFC 8092 "BGP Large Communities" are just >>> like RFC 1997 "BGP Communities", but ... larger (for lack of better >>> words). Referencing RFC 7454 seems plenteous. >>> >>> So, what if there are not any additional considerations, If there were, >>> they would've been (or are) covered in RFC 8092's security section, >>> right? >>> >>> This is an Internet-Draft targetted for Informational status, I'm not >>> sure what you expect here. >>> >>>> SB> Is there is text somewhere that discusses the integrity and >>>> SB> synchronization of the parameters and any consequences that arise? >>> the what now? Can you elaborate on the above? >> you're supposed to guess >> >> the normal hack here is >> >> this document introduces no new security issues beyond those discussed >> in 1997 > > Guessing is horrible, but if that is what you do, that is what you do, > and if the risks are the accepted norm in the BGP > community I am fine. > > Is corruption (deliberate or otherwise) of the community strings > something that BGPsec will address? That seems like a dubious premise given that they are optional. One can simply remove them and substitute / add additional ones if you so inclined and that occcurs in the normal course of events. > - Stewart >
Attachment:
signature.asc
Description: OpenPGP digital signature