Looks ok to me Tom Petch
----- Original Message ----- From: "John G. Scudder" <[email protected]> To: "t.petch" <[email protected]> Cc: "Christopher Morrow" <[email protected]>; <[email protected]>; <[email protected]>; <[email protected]>; <[email protected]> Sent: Monday, July 27, 2015 3:33 PM P.S. here's what's in my buffer now. I'll issue this as the next version tomorrow unless there's further discussion to incorporate. --John 11. Security Considerations This document defines a mechanism to obtain a full dump or provide continuous monitoring of a BGP speaker's local BGP table, including received BGP messages. This capability could allow an outside party to obtain information not otherwise obtainable. For example, although it's hard to consider the content of BGP routes in the public Internet to be confidential, BGP is used in private contexts as well, for example for L3VPN [RFC4364]. As another example, a clever attacker might be able to infer the content of the monitored router's import policy by comparing the pre-policy routes exposed by BMP, to post-policy routes exported in BGP. Implementations of this protocol MUST require manual configuration of the monitored and monitoring devices. Unless a transport that provides mutual authentication is used, an attacker could masquerade as the monitored router and trick a monitoring station into accepting false information, or could masquerade as a monitoring station and gain unauthorized access to BMP data. Unless a transport that provides confidentiality is used, a passive attacker could gain access to BMP data in flight. However, BGP is not commonly deployed over a transport providing confidentiality, so it's debatable whether it's crucial to provide confidentiality once the data is propagated into BMP. Where the security considerations outlined above are a concern, users of this protocol should consider using some type of transport that provides mutual authentication, data integrity and transport protection, such as IPsec [RFC4303] or TCP-AO [RFC5925]. If confidentiality is considered a concern, a transport providing that as well could be selected. _______________________________________________ GROW mailing list [email protected] https://www.ietf.org/mailman/listinfo/grow
