Eugeniu Patrascu <eugen@imacandi.net> writes:
On Fri, Sep 1, 2023 at 12:56 PM Bjørn Mork <bjorn@mork.no> wrote:
But there's obviously not been enough thought applied to realize that optional transitive attributes must be considered evil by default. They can only be used after extremely careful parsing.
Yeah, no. The logic is that if you understand them, you treat them according to whatever routing policy you have and then pass them along.
That's where you get into problems, depending on your defintition of "understand" and "treat". This implies parsing unvalidated input. Understanding RFC compliant attributes is a minor part of that task. The real problem is dealing with absolutely anything, including values specifically designed to attack your parser, or policy, or whatever logic you apply to the attribute value.
If you don't, you just pass them along and that's it. Nothing more, nothing less.
This is obviously not a problem. You may be acting as a proxy for attacking your peers, but there's nothing you can do about that without breaking the protocol.
This is the BGP version of
select * from mytable where field = $unvalidated_user_input;
No here as well. Because passing along a transitive attribute you don't understand does not affect you in any way.
I didn't say so either. Those who _believe_ they understand it is the problem. And I'm slowly starting to see why we still have so many implementations where the optional transitive problem has been pretty much ignored. Bjørn