On Nov 13, 2016, at 1:40 AM, Alvaro Retana (aretana) <aret...@cisco.com> wrote: > C1. The reference to rfc7607 should be Informative.
Done (in -10 candidate source). > C2. [Major] Security Considerations. I think that there is one consideration > that should be mentioned in this section: Given that the largest value is > preferred (2 = invalid), there is an attack vector where a router in the path > (yes, even an internal router) can inject a community indicating that the > route is invalid; the communities are not protected. This action could > result in inconsistent routing or in even a DoS. I know the document is not > explicit about what to do with the validation state (which is ok), but the > clear intention (from rfc6811 and rfc7115) is that it will be used to make > routing decisions. Please add some text about this potential issue. I started to write something about this and then realized I don't understand what you mean. At first I thought you were saying that an attacker that can forge an OV community can bias route selection. While this is true of course, it's also not unique to OV (Localpref has this property for example). It probably wouldn't be hard to write a sentence to summarize this, if necessary. However, you specifically refer to the invalid state: "a router in the path ... can inject a community indicating that the route is invalid". This makes me think you think there's something special about "invalid", and I don't know what it is. You also say something about the sorting order, which I'm also not sure why that would matter. As far as I can tell, injecting "a community indicating that the route is invalid" is kind of boring attack -- it just makes the route less likely to be selected by the downstream router. The "bad" router could also just fail to propagate the route at all ("underclaiming") making it flat-out impossible for the downstream to select it, or could use any number of other path attribute manipulations (Localpref, AS path, etc) to make the route less preferable. Are you suggesting there is some fancier attack than this, or are you just asking us to acknowledge BGP doesn't work very well in the face of an on-path attacker? By all means, if anyone has text to send, do. Thanks, --John _______________________________________________ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr