On 4/19/17 1:52 AM, Stewart Bryant wrote:
On 19/04/2017 02:06, Randy Bush wrote:
5. Security Considerations
Operators should note the recommendations in Section 11 of BGP
Operations and Security [RFC7454].
SB> You do not address the question of whether there are new
SB> considerations, or considerations that are of increased importance?
It is my understanding that RFC 8092 "BGP Large Communities" are just
like RFC 1997 "BGP Communities", but ... larger (for lack of better
words). Referencing RFC 7454 seems plenteous.
So, what if there are not any additional considerations, If there were,
they would've been (or are) covered in RFC 8092's security section,
right?
This is an Internet-Draft targetted for Informational status, I'm not
sure what you expect here.
SB> Is there is text somewhere that discusses the integrity and
SB> synchronization of the parameters and any consequences that arise?
the what now? Can you elaborate on the above?
you're supposed to guess
the normal hack here is
this document introduces no new security issues beyond those discussed
in 1997
Guessing is horrible, but if that is what you do, that is what you do,
and if the risks are the accepted norm in the BGP
community I am fine.
Is corruption (deliberate or otherwise) of the community strings
something that BGPsec will address?
That seems like a dubious premise given that they are optional. One can
simply remove them and substitute / add additional ones if you so
inclined and that occcurs in the normal course of events.
- Stewart
signature.asc
Description: OpenPGP digital signature