On May 12, 2014, at 11:35 PM, Christopher Morrow <christopher.mor...@gmail.com> wrote:
>> >> This document provides no actionable guidance beyond articulating the >> basics of the attack, certainly no meaningful discussion of policy vs >> intent other than to note that discerning intent is difficult, and as such > > possibly the authors are aiming at just defining what a leak is (one > example type) so discussions can progress beyond 'what is a route leak > again? can you point me at an RFC/definition of same?' > > I think this was part of the impetus for the document, or that's what I > recall. Sort of a late reply to this, but… The draft's simple example of this behavior serves as a way to frame its discussion of some of the problems that can result. But it does not produce a definition. If that was the wg's purpose for this document, then this doesn't suit. The draft itself says that it is not intended to provide a definition: While the formal definition of a 'route-leak' has proven elusive in literature, the rampant occurrence and persistent operational threats have proven to be anything but uncommon. This document is intended to serve as a proof of existence for the referenced attack vector and any supplementary formal models are left for future work. As a motivating example, this draft works. As a definition of what is and is not a route leak, it does not. I suspect if an explicit definition is not worked out now, it will get worked out in the middle of trying to work out a solution, which will be very messy. It is always hard to work toward a solution when you aren't working from a common understanding of what you are solving. --Sandy _______________________________________________ GROW mailing list GROW@ietf.org https://www.ietf.org/mailman/listinfo/grow
