Re: BGP-4+
Brad Smith <brad@cse.ucsc.edu> Thu, 19 December 1996 22:31 UTC
Received: from cnri by ietf.org id aa15896; 19 Dec 96 17:31 EST
Received: from merit.edu by CNRI.Reston.VA.US id aa22962; 19 Dec 96 17:31 EST
Received: (from daemon@localhost) by merit.edu (8.8.4/merit-2.0) id RAA12237
for idr-outgoing; Thu, 19 Dec 1996 17:09:05 -0500 (EST)
Received: from interlock.ans.net (interlock.ans.net [147.225.5.5]) by
merit.edu (8.8.4/merit-2.0) with SMTP id RAA12118 for <bgp@merit.edu>;
Thu, 19 Dec 1996 17:08:55 -0500 (EST)
Received: by interlock.ans.net id AA02638
(InterLock SMTP Gateway 3.0 for bgp@ans.net);
Thu, 19 Dec 1996 17:08:53 -0500
Received: by interlock.ans.net (Internal Mail Agent-1);
Thu, 19 Dec 1996 17:08:53 -0500
Message-Id: <199612192208.OAA11834@toltec.cse.ucsc.edu>
To: "Dorian R. Kim" <dorian@cic.net>
Cc: bgp@ans.net
Subject: Re: BGP-4+
In-Reply-To: Your message of "Thu, 19 Dec 1996 15:21:42 EST."
<Pine.GSO.3.95.961219151510.22740C-100000@nic.hq.cic.net>
Date: Thu, 19 Dec 1996 14:08:51 PST
From: Brad Smith <brad@cse.ucsc.edu>
Sender: owner-idr@merit.edu
Precedence: bulk
> Permit me to observe here that when there is subverted speaker, change to BGP > protocol spec isn't good enough to contain possible damage. This is certainly the challenge; however, I think, if you take the perspective of minimizing or eliminating what a speaker can say about resources it doesn't have authority for, you can go a long way toward containing damage. > While this threat is not that unlikely and should not be ignored, my view on > this is that the prevention should take the form of speaker/host hardening > rather than modification of BGP transport. Hardening involves procedures and people in addition to technology; what you say implies imposing significant restrictions on who can operate a BGP speaker to achieve any significant improvements in security. Is this realistic? > I especially wonder about scalability aspect of such modifications, strictly > from an operational perspective. Absolutely. This is the final measure... is the illness more painful than the cure. It is certainly going to be quite painful. Brad
- Re: BGP-4+ Yakov Rekhter
- Re: BGP-4+ Susan Hares
- Re: BGP-4+ Susan Hares
- Re: BGP-4+ John W. Stewart III
- Re: BGP-4+ Yakov Rekhter
- Re: BGP-4+ John W. Stewart III
- Re: BGP-4+ Yakov Rekhter
- Re: BGP-4+ Yakov Rekhter
- Re: BGP-4+ Brandon Black
- Re: BGP-4+ John W. Stewart III
- Re: BGP-4+ Dorian R. Kim
- Re: BGP-4+ Yakov Rekhter
- Re: BGP-4+ Tony Bates
- BGP-4+ Dave Katz
- Re: BGP-4+ Dimitry Haskin
- Re: BGP-4+ John W. Stewart III
- Re: BGP-4+ Brad Smith
- Re: BGP-4+ Dorian R. Kim
- Re: BGP-4+ bmanning
- Re: BGP-4+ Tony Li
- Re: BGP-4+ Brad Smith
- Re: BGP-4+ Dorian R. Kim
- Re: BGP-4+ Brad Smith
- Re: BGP-4+ Curtis Villamizar
- Re: BGP-4+ Curtis Villamizar
- Re: BGP-4+ Curtis Villamizar
- Re: BGP-4+ Curtis Villamizar
- Re: BGP-4+ Dennis Ferguson
- Re: BGP-4+ Brandon Black
- Re: BGP-4+ Yakov Rekhter
- Re: BGP-4+ Dennis Ferguson
- Re: BGP-4+ John W. Stewart III
- Re: BGP-4+ Yakov Rekhter
- Re: BGP-4+ Yakov Rekhter
- Re: BGP-4+ John W. Stewart III
- Re: BGP-4+ Yakov Rekhter
- Re: BGP-4+ Geert Jan de Groot
- Re: BGP-4+ Brad Smith
- Re: BGP-4+ [QOS et al] John G. Scudder
- Re: BGP-4+ Paul Traina