DavidSchinazi
commented
3 years ago This is a duplicate of #2. Adding text to security considerations will provide guidance to implementors.
Closed gloinul closed 3 years ago
DavidSchinazi
commented
3 years ago This is a duplicate of #2. Adding text to security considerations will provide guidance to implementors.
gloinul
commented
3 years ago Actually, not intended to be a duplicate. For the upper part I find the usage "willing to route" unclear in which directions that action apply. For the later part it was a suggestion to where to link in the security consideraitons and the importance of that MAY.
DavidSchinazi
commented
3 years ago Ah, thanks for clarifying. Reopening to track clarifying what "willing to route" means.
DavidSchinazi
commented
3 years ago Fixed by #17
Section 6.4 says:
The ROUTE_ADVERTISEMENT message allows an endpoint to communicate to its peer that it is willing to route traffic to a given prefix.
I think willing to route traffic is unclear. I believe this to has the meaning of: The message sending party have a route to the advertised prefix and willing to forward traffic onto that route.
Upon receiving the ROUTE_ADVERTISEMENT message, an endpoint MAY start routing IP packets in that prefix to its peer.
And here I would clarify that the installation of a route on the receiving endpoint needs to be done only after consideration of the affect and following local security policies on the endpoint. Further see security consideration.