David, David Freedman wrote:
In the case of a malform AS4_PATH attribute, rejecting the route would also result in the loss of connectivity, and thus can also be used as a remote attack vehicle.Yes, but the attack would be constrained to all prefixes with the malformed AS4_PATH attribute and not all prefixes received over the session.
All the prefixes could have the malformed AS4_PATH attribute (from a remote router). In that case, rejecting the routes has the same effect as tearing down the session.
Considering the following factors: 1) the tradeoffs, 2) especially the concern for the remote attack, 3) AS4_PATH being optional, I believe that what is proposed in the draft (accepting the routes) is more preferred than rejecting the route.How about not making it mandatory to accept it?
I am concerned about it. Please see the above comment. Regards, -- Enke _______________________________________________ Idr mailing list Idr at ietf.org https://www.ietf.org/mailman/listinfo/idr