In reviewing the discussions about the threat document, the wg eventual consensus wrt one topic was not clear to the chairs.
The ORIGIN attribute was mentioned by some as having the potential to be used out-of-spec to influence routing through the neighbor (and their neighbors, etc.). One response was that there is no way to verify the authenticity of the ORIGIN's original value, so the origin AS could mis-use this attribute no matter what we do. Also, a later discussion pointed out that the original need for the ORIGN attribute had long since been OBE, but that ISPs had re-purposed the attribute for influencing traffic. Several operators mentioned that ISPs find it useful to modify this attribute and spoke against protecting the integrity (ie preventing the modification). The current draft does not mention the ORIGIN attribute as a threat. Is that the right outcome? That is, was the desired outcome: (1) yes, we know it is a threat but we know we can't & don't want to protect it, so might as well leave it out. (current state). why do make-work. (2) we should mention it as a threat but then mention the bits about can't authenticate the original value and don't want to protect the integrity (ie want to permit modification). If there's no interest in changing, the threats draft stands as it is on this point. --Sandy _______________________________________________ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr
