Hi,
On Mon, Aug 08, 2016 at 04:39:56PM +0000, Smith, Donald wrote:
> This discusses neighboring networks, and local scope, so one would assume in
> most cases these are directly connected peers (or not many hops away), I
> think the security section should recommend use of GTSM on such sessions.
>
> Then it can't easily be spoofed outside of the local network.
While the general recommendation is valid, I'm not seeing why it is
particularily relevant to this draft - whether or not a neighbouring
BGP session is using a well-defined or privately-agreed code point to
signal BGP black holing makes no difference wrt to attacking the local
TCP session... (assuming that the "privately-agreed" code point is
in fact publicly documented in an IRRdb, which they usually are).
Adding a general reference to BGP security best practices won't hurt,
of course - 7454 comes to mind (which among others recommends GTSM).
Gert Doering
-- NetMaster
--
have you enabled IPv6 on something today...?
SpaceNet AG Vorstand: Sebastian v. Bomhard
Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
_______________________________________________
GROW mailing list
GROW@ietf.org
https://www.ietf.org/mailman/listinfo/grow
