On Fri, Apr 06, 2018 at 09:15:28PM +0800, Di Ma wrote: > Benjamin, > > Thanks very much for your comments. > > Please see my responses in lines. > > > > 在 2018年3月31日,01:54,Benjamin Kaduk <ka...@mit.edu> 写道: > >
[trimming lots of stuff that looks good] > > I also wonder if we would benefit from a little discussion of the > > potential routing issues that could arise from using a "broken" (or > > deliberately adversarial) SLURM file, though I expect that the > > target audience is probably pretty familiar with these already. > > > > Well, it has been stated in this document: > > 'Errors in the SLURM file used by an RP > can undermine the security offered by the RPKI, to that RP. It could > declare as invalid ROAs that would otherwise be valid, and vice > versa. As a result, an RP must carefully consider the security > implications of the SLURM file being used, especially if the file is > provided by a third party.' > > It is not clear to us what more we should cover here. I was wondering if you wanted to say anything about the specific operational consequences of the incorrectly handled ROAs -- for example, traffic getting redirected to an attacker or blackholed, or high levels of traffic directed to something not prepared to handle it. (Presumably there are others.) But if you think this is obvious to the intended audience, there is no need to add it just on my account. Thanks for the updates, Benjamin _______________________________________________ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr
