Hi, On Mon, Aug 08, 2016 at 04:39:56PM +0000, Smith, Donald wrote: > This discusses neighboring networks, and local scope, so one would assume in > most cases these are directly connected peers (or not many hops away), I > think the security section should recommend use of GTSM on such sessions. > > Then it can't easily be spoofed outside of the local network.
While the general recommendation is valid, I'm not seeing why it is particularily relevant to this draft - whether or not a neighbouring BGP session is using a well-defined or privately-agreed code point to signal BGP black holing makes no difference wrt to attacking the local TCP session... (assuming that the "privately-agreed" code point is in fact publicly documented in an IRRdb, which they usually are). Adding a general reference to BGP security best practices won't hurt, of course - 7454 comes to mind (which among others recommends GTSM). Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279 _______________________________________________ GROW mailing list GROW@ietf.org https://www.ietf.org/mailman/listinfo/grow