> > C2. [Major] Security Considerations. I think that there is one > > consideration that should be mentioned in this section: Given that the > > largest value is preferred (2 = invalid), there is an attack vector where a > > router in the path (yes, even an internal router) can inject a community > > indicating that the route is invalid; the communities are not protected. > > This action could result in inconsistent routing or in even a DoS. I know > > the document is not explicit about what to do with the validation state > > (which is ok), but the clear intention (from rfc6811 and rfc7115) is that > > it will be used to make routing decisions. Please add some text about this > > potential issue. > > I started to write something about this and then realized I don't understand > what you mean. At first I thought you were saying that an attacker that can > forge an OV community can bias route selection. While this is true of course, > it's also not unique to OV (Localpref has this property for example). It > probably wouldn't be hard to write a sentence to summarize this, if > necessary. > > However, you specifically refer to the invalid state: "a router in the path > ... can inject a community indicating that the route is invalid". This makes > me think you think there's something special about "invalid", and I don't > know what it is. You also say something about the sorting order, which I'm > also not sure why that would matter. > > As far as I can tell, injecting "a community indicating that the route is > invalid" is kind of boring attack -- it just makes the route less likely to > be selected by the downstream router. The "bad" router could also just fail > to propagate the route at all ("underclaiming") making it flat-out impossible > for the downstream to select it, or could use any number of other path > attribute manipulations (Localpref, AS path, etc) to make the route less > preferable. Are you suggesting there is some fancier attack than this, or are > you just asking us to acknowledge BGP doesn't work very well in the face of > an on-path attacker? > > By all means, if anyone has text to send, do.
you have out-sourced your security. the party to which you have out- sourced it can send you anything. get over it. as the OV signaling is vanilla bgp, there is no integrity enforcement, not even a useless checksum; any monkey in the middle can fake anything. get over it. none of this is new. you'll really love the wonderful new blackhole community. randy _______________________________________________ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr