hi job,
TEXT:
An edge site which does not provide transit and trusts its
upstream(s) SHOULD only originate a signed prefix announcement and
need not validate received announcements.
COMMENT:
If you are multihomed and receive full (or partial) tables, there is
benefit in validating the received routes, if not: why not? One
upstream might be poisoned while the other isn't? Mabye the text
should be amended to make it clear that this might apply if the stub
ASN only takes default-originates?
that is why it is SHOULD. and note it does say "and trusts its
upstream(s)." going down the rat-hole of trusting upstreams differently
seems an exercise in adding words but not adding value.
note that doing path validation would pretty much mean the end site buys
new hardware. pointing out that one could avoid that was the purpose of
the paragraph.
if i made any change, it would be a rant about out-sourcing security.
e.g. "Note that this is out-sourcing security, which is generally
unwise. But the trade-off is likely out-sourcing security or buying
bigger hardware."
randy