Hi, On Fri, Nov 4, 2011 at 3:19 AM, Paul Hoffman <paul.hoff...@vpnc.org> wrote: > Maybe not. The charter does not say "every other topic cannot even be > mentioned": instead, the charter limits the topics that are meant to be fully > covered by the protocols. > > Personally, I would prefer to see the threat model document say in the > introduction "the following topics are considered to be BGP security threats > but are not dealt with in this document:" followed by a list that includes > route leakage (with a concise definition of what is meant by it in this > context). A similar statement in the Security Considerations section would > also be useful for the people who tend to skip introductions but still need > to know the limitations of the document.
First of all, sorry to butt in. Just a few comments if you don't mind. 0) There are some security issues with BGP. (Sorry for making such commonplace remark); then: 1) BGPSEC offers countermeasures for some BGP-specific threats mentioned above (! not all of them indeed) but: 2) it also introduces some additional new threads (specific to BGPSEC); 3) after reading this thread (please excuse me if I missed smth) I got an impression that there is a kind of confusion about if the document in question shall describe #1, #2, #3 or all of them. Probably it should be clarified. 4) I might be horribly wrong but route leaks is a security thread as it affects an availability of a target system (providing we define information security as confidentiality, integrity and availability of information). 5) I totally agree that route leaks don't violate BGP as a protocol and are related to policies. But it doesn't mean route leaks are not security threats. Receiving spam/viruses via email is a threat although it doesn't violate any SMTP standards. 6) route leaking is related to a BGP threat model and isn't specific to BGPSEC, and BGPSEC doesn't provide any protection from that threat. So I'd like to second the idea of clarifying that in the document. -- SY, Jen Linkova aka Furry _______________________________________________ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr
