Hi! Yes, the text below works for me. And I would assume it works for Tero as well.
Thanks!! Alvaro. On 11/30/16, 11:20 AM, "John G. Scudder" <j...@juniper.net<mailto:j...@juniper.net>> wrote: On Nov 30, 2016, at 9:18 AM, Randy Bush <ra...@psg.com<mailto:ra...@psg.com>> wrote: section 4.5 of 4593 is relevant, or all of sec 4 Thanks, used in the text below. i am kinda sad that 7132 is not too good on this I looked there first but it's a *path* security threat model so can't really be blamed for not covering this. Candidate new security section below. I'd appreciate an ack from Alvaro that this addresses his concern before I publish. --John 6. Security Considerations Security considerations such as those described in [RFC4272] continue to apply. Since this document introduces an extended community that will generally be used to affect route selection, the analysis in Section 4.5 ("Falsification") of [RFC4593] is relevant. These issues are neither new, nor unique to the origin validation extended community. The security considerations provided in [RFC6811] apply equally to this application of origin validation. In addition, this document describes a scheme where router A outsources validation to some router B. If this scheme is used, the participating routers should have the appropriate trust relationship -- B should trust A either because they are under the same administrative control or for some other reason (for example, consider [I-D.ietf-sidr-route-server-rpki-light]). The security properties of the propagation path between the two routers should also be considered. See [RFC7454] Section 5.1 for advice regarding protection of the propagation path. (all the refs above are in the "informative" section)
_______________________________________________ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr