IETF Logo Mail Archive

Re: [GROW] WGLC: draft-ietf-grow-simple-leak-attack-bgpsec-no-help

Tony Tauber <ttauber@1-4-5.net> Wed, 21 May 2014 14:02 UTC

Return-Path: <ttauber@1-4-5.net>
X-Original-To: grow@ietfa.amsl.com
Delivered-To: grow@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 642151A0833 for <grow@ietfa.amsl.com>; Wed, 21 May 2014 07:02:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ThtWtZkbmXuK for <grow@ietfa.amsl.com>; Wed, 21 May 2014 07:02:23 -0700 (PDT)
Received: from mail-yk0-f182.google.com (mail-yk0-f182.google.com [209.85.160.182]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D020B1A0838 for <grow@ietf.org>; Wed, 21 May 2014 07:01:46 -0700 (PDT)
Received: by mail-yk0-f182.google.com with SMTP id 9so1575954ykp.41 for <grow@ietf.org>; Wed, 21 May 2014 07:01:45 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=jkfa3DGZUtVlHE3UMFmBdHUlYduM/rb+jrXPY8rCFZ4=; b=a/c8qn3C3tcN54A9lhe8V5j5W/IBiun0nlJKeYayMxcpWn62g3NJYylrrO8d+GQMLk CysJ6wFRRc5YqW5F++2ifJeq3h+GQHCgyD9S9Fsfa32XfaECpwMAA2c73pYX9ID7UvGt 5qApkIFRCD2c4b/v4JUXPn9Ijtp7p8BGvXTMP5eiHpB9fdBsfKwlZLLuWINshi8xw2gA 07CUJX6Xpt/G7gvDzDiWsIPaCELzhtGE+nV9hATGQNjzkq4PZL2WQ4xR5PouwJlyiw4Q ULCxcT57gI5sKtINAKkTkWcKr6/yMt9fURwY0W6aXIxWSgFWwmlc/BR64staTRmdYlBM FxjA==
X-Gm-Message-State: ALoCoQkW8aMYUu+YpsJGSyQSSM7uoHt52ygtOWFqIvhC2MQnmZTPsNRZ4kmqA43/WM8fUwmyvvgl
MIME-Version: 1.0
X-Received: by 10.236.88.116 with SMTP id z80mr43994158yhe.112.1400680905460; Wed, 21 May 2014 07:01:45 -0700 (PDT)
Received: by 10.170.51.69 with HTTP; Wed, 21 May 2014 07:01:45 -0700 (PDT)
X-Originating-IP: [24.104.152.66]
In-Reply-To: <CAL9jLabsRFg9+W-oemKh4=fSHaFfekqJeMmHiyr1gsVRO-wNig@mail.gmail.com>
References: <CAL9jLabRKA2gezfRdzND1TSYMJO+a_4mVV+M302cLBFTUwYmTQ@mail.gmail.com> <CF96AEDB.1B684%wesley.george@twcable.com> <CAL9jLaZ9J52Dt5n1Wk2KYTqwzmefGxvq-bRcfMfhWBNwf_6ZGg@mail.gmail.com> <EFD759C6-6F35-4397-A27E-BF1E650663BC@tislabs.com> <34076248-B77A-418F-9ED2-E5A607D39B51@tcb.net> <CD783686-9D5B-4D0B-92CC-3D4ACF1A6D07@puck.nether.net> <537B2375.7080408@inex.ie> <CAL9jLabsRFg9+W-oemKh4=fSHaFfekqJeMmHiyr1gsVRO-wNig@mail.gmail.com>
Date: Wed, 21 May 2014 10:01:45 -0400
Message-ID: <CAGQUKcc_A9UaNpP7WndqESuZ-2ARyDf6BpCWws2KTthwUxj9yw@mail.gmail.com>
From: Tony Tauber <ttauber@1-4-5.net>
To: Christopher Morrow <christopher.morrow@gmail.com>
Content-Type: multipart/alternative; boundary="20cf301b642bd0627e04f9e96f9d"
Archived-At: http://mailarchive.ietf.org/arch/msg/grow/PkE3F4CQG81q_10ebtQBXIcardQ
Cc: "grow@ietf.org grow@ietf.org" <grow@ietf.org>
Subject: Re: [GROW] WGLC: draft-ietf-grow-simple-leak-attack-bgpsec-no-help
X-BeenThere: grow@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Grow Working Group Mailing List <grow.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/grow>, <mailto:grow-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/grow/>
List-Post: <mailto:grow@ietf.org>
List-Help: <mailto:grow-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/grow>, <mailto:grow-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 May 2014 14:02:24 -0000

On Tue, May 20, 2014 at 5:42 PM, Christopher Morrow <
christopher.morrow@gmail.com> wrote:

>
>  There MAY be MiTM problems, but one argument is that there are
> whenever a packet crosses out of your administrative control. I don't
> know that the hyperbolic argument (everything is a mitm chance!) is
> helpful here, so I'd skip that. I would say that there are certainly
> cases where a well planned leak can cause traffic inspection to be
> possible (and MiTM) where the network operators were previously
> unaware of such hazards.
>

I would agree that focusing on MiTM attacks is hyperbolic and that the more
frequent consequence has been blackholing or (extreme) packet loss due to
congestion.

Also it's worthy to note that the leaks with naive causes (vs. malicious)
have been more common by far.

(And would second that Shane's contact info needs updating, esp. since I
think the Auth48 check before publication will go quicker with it.)

Thanks,
Tony


> The draft with it's current goal, I think, is easily summed up by:
>   "If you don't police the routes in/out of your network bad things
> could happen. BGPSEC/RPKI do not inherently police the routes in/out
> of your network."
>
> so in like 2 sentences the point made by the authors is clear... Still
> no definition of 'route leak' though.
>
> -chris
>

v2.23.0 | Report a Bug | By Email