Closed gloinul closed 3 years ago
This is a duplicate of #2. Adding text to security considerations will provide guidance to implementors.
Actually, not intended to be a duplicate. For the upper part I find the usage "willing to route" unclear in which directions that action apply. For the later part it was a suggestion to where to link in the security consideraitons and the importance of that MAY.
Ah, thanks for clarifying. Reopening to track clarifying what "willing to route" means.
Fixed by #17
Section 6.4 says:
The ROUTE_ADVERTISEMENT message allows an endpoint to communicate to its peer that it is willing to route traffic to a given prefix.
I think willing to route traffic is unclear. I believe this to has the meaning of: The message sending party have a route to the advertised prefix and willing to forward traffic onto that route.
Upon receiving the ROUTE_ADVERTISEMENT message, an endpoint MAY start routing IP packets in that prefix to its peer.
And here I would clarify that the installation of a route on the receiving endpoint needs to be done only after consideration of the affect and following local security policies on the endpoint. Further see security consideration.