I just made another pass through sidr-as-migration and bgpsec-protocol-13 back to back to make sure that they are in sync, and I only found one sentence in the security considerations (7.4) that probably needs to be changed:
Current: However, entities other than route servers could conceivably use this mechanism (set the pCount to zero) to attract traffic (by reducing the effective length of the AS-PATH) illegitimately. This risk is largely mitigated if every BGPsec speaker drops incoming update messages that set pCount to zero but come from a peer that is not a route server. Proposed: ... if every BGPsec speaker drops incoming update messages that set pCount to zero unless explicitly configured to accept them from a specific peer where pCount=0 messages are expected, such as a route server. Thanks, Wes On 7/6/15, 7:21 PM, "sidr on behalf of internet-dra...@ietf.org" <sidr-boun...@ietf.org on behalf of internet-dra...@ietf.org> wrote: > >A New Internet-Draft is available from the on-line Internet-Drafts >directories. > This draft is a work item of the Secure Inter-Domain Routing Working >Group of the IETF. > > Title : BGPsec Protocol Specification > Author : Matthew Lepinski >Filename : draft-ietf-sidr-bgpsec-protocol-13.txt >Pages : 39 >Date : 2015-07-06 > >Abstract: > This document describes BGPsec, an extension to the Border Gateway > Protocol (BGP) that provides security for the path of autonomous > systems through which a BGP update message passes. BGPsec is > implemented via a new optional non-transitive BGP path attribute that > carries a digital signature produced by each autonomous system that > propagates the update message. > > > >The IETF datatracker status page for this draft is: >https://datatracker.ietf.org/doc/draft-ietf-sidr-bgpsec-protocol/ > >There's also a htmlized version available at: >https://tools.ietf.org/html/draft-ietf-sidr-bgpsec-protocol-13 > >A diff from the previous version is available at: >https://www.ietf.org/rfcdiff?url2=draft-ietf-sidr-bgpsec-protocol-13 > > >Please note that it may take a couple of minutes from the time of >submission >until the htmlized version and diff are available at tools.ietf.org. > >Internet-Drafts are also available by anonymous FTP at: >ftp://ftp.ietf.org/internet-drafts/ > >_______________________________________________ >sidr mailing list >sidr@ietf.org >https://www.ietf.org/mailman/listinfo/sidr ________________________________ This E-mail and any of its attachments may contain Time Warner Cable proprietary information, which is privileged, confidential, or subject to copyright belonging to Time Warner Cable. This E-mail is intended solely for the use of the individual or entity to which it is addressed. If you are not the intended recipient of this E-mail, you are hereby notified that any dissemination, distribution, copying, or action taken in relation to the contents of and attachments to this E-mail is strictly prohibited and may be unlawful. If you have received this E-mail in error, please notify the sender immediately and permanently delete the original and any copy of this E-mail and any printout. _______________________________________________ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr
