Hello Sue,
However, I would like your feedback on whether you believe RFC7752 has security that is equivalent to, less than, or greater than a trusted domain?
The spring routing architecture (RFC8402) indicates that be default SR operates within a trusted domain.
“Traffic MUST be filtered at the domain boundaries. The use of best practices to reduce the risk of tampering within the trusted domain is important. Such practices are discussed in [RFC4381] and are applicable to both SR-MPLS and SRv6.”
Reading your comments I am also similarly to Les's feelings quite not sure what the point here is.
SR Architecture while completely irrelevant to this thread talks about trusted domain in the context of data plane. Bringing in L3VPNs out of the sudden only because some SR document referred to it's security analysis is also quite a bizarre maneuver.
With control plane and especially with BGP the notion of trusted vs untrusted domain is not something anyone can just pick or state on what his or her believe is.
The short answer is that BGP operates on a per AFI/SAFI basis and level of trust is directly related to the actual configuration applied including level of policy inserted when using such apparatus to distribute various forms of information.
Same SAFI can be configured by one operator quite strictly limiting it to one AS and someone else will like to share his information with entire world publishing it to a looking glass. Are we here to restrict this ? What means of control is there to enforce such restrictions other then perhaps stating simple recommendation in an advisory fashion that one should be a bit careful when publishing content of his LSDB or TED beyond devices he trusts ? **
** Note that even if TE infrastructure addresses or other information are accidentally leaked - there should be no great immediate harm - since well managed network prevents on ingress to the domain any flows which would aim at internal infrastructure address space.
Thx,
R.
R.
