Re: [GROW] WGLC: draft-ietf-grow-simple-leak-attack-bgpsec-no-help

[Christopher Morrow <christopher.morrow@gmail.com>]

I should have noted in my follow-up email: "I'm not expressing an
opinion about the document, but here are a few suggestions/questions"
Sorry for not being clear about that.

On Mon, May 12, 2014 at 5:42 PM, George, Wes <wesley.george@twcable.com> wrote:
> I see a thread dated 2013 Nov in GROW, in which substantive discussion and
> comments were provided after -03 was published, in which the authors
> mainly just expressed why they were frustrated with SIDR and the IETF in
> general for in their minds, ignoring this problem because it was hard,
> rather than addressing the concerns raised within the WG. -04 is a
> keepalive to reset the expiration date with no substantive updates. Why
> are we now talking about WGLC?
> Chris, you were one of the ones who said that your comments hadn’t been
> addressed yet.

yup, and there was some discussion which petered out after a while.
Regarding my questions/comments/suggestions to the previous (or
original even) version of the document, I don't recall hearing back
about those, i figured that either I was in the weeds (I didn't think
so) or someone else decided that my suggestions/comments didn't quite
fit into the document.

that's sort of a shame, but if i'm in the weeds: "ok".

> (https://mailarchive.ietf.org/arch/msg/grow/0ho_RU3e15TCvp4p8ScCeObk42Y)
>
> Substantive comments:
> This document provides one example of a route leak causing a problem that
> BGPSec does not protect against, but still does not do much to provide
> guidance on how such a leak would be systematically identified, It does
> note that there are data supporting the assertion that this is a real
> problem, and imply that perhaps additional analysis of that data would
> reveal more information. I don’t think that anyone would dispute that this
> is a valid attack. However:
>         "This document is meant to provide input into routing protocol design
> choices being
>         considered within the IETF, and to foster discussion of the practical
>         implications of "policy" and "intent" in operational routing system
>         security."
>
> This document provides no actionable guidance beyond articulating the
> basics of the attack, certainly no meaningful discussion of policy vs
> intent other than to note that discerning intent is difficult, and as such

possibly the authors are aiming at just defining what a leak is (one
example type) so discussions can progress beyond 'what is a route leak
again? can you point me at an RFC/definition of same?'

I think this was part of the impetus for the document, or that's what I recall.

> the draft is absolutely not ready for publication if the above is its
> goal. We’re not hiding behind SIDR’s carefully crafted requirements and
> charter here, so let’s actually have the discussion about policy and
> intent and see if we can come to some consensus on how to use that info to
> define a route leak such that we can first systematically find, and then
> protect against it. I absolutely want to see a solution to this problem,
> but one example/existence proof isn’t enough to get us moving in that
> direction.
>
> Thanks,
>
> Wes
>
>
>
> On 5/12/14, 9:59 AM, "Christopher Morrow" <christopher.morrow@gmail.com>
> wrote:
>
>>Working Group Folks:
>>
>>The authors of draft-ietf-grow-simple-leak-attack-bgpsec-no-help would
>>like to bring the draft to WGLC, this is that LC. Please have a read
>>through:
>>
>>
>><https://datatracker.ietf.org/doc/draft-ietf-grow-simple-leak-attack-bgpse
>>c-no-help/?include_text=1>
>>
>>Who's abstract is:
>>  "This document describes a very simple attack vector that illustrates
>>   how RPKI-enabled BGPSEC machinery as currently defined can be easily
>>   circumvented in order to launch a Man In The Middle (MITM) attack via
>>   BGP.  It is meant to serve as input to the IETF's Global Routing
>>   Operations Working group (GROW) during routing security requirements
>>   discussions and subsequent specification."
>>
>>and raise questions/comments/suggestions/eggs on this list.
>>
>>I expect this WGLC to last for the normal 2wk period ending:
>>  26-May-2014
>>
>>-chris
>>grow-co-chair
>>
>>_______________________________________________
>>GROW mailing list
>>GROW@ietf.org
>>https://www.ietf.org/mailman/listinfo/grow
>
>
> This E-mail and any of its attachments may contain Time Warner Cable proprietary information, which is privileged, confidential, or subject to copyright belonging to Time Warner Cable. This E-mail is intended solely for the use of the individual or entity to which it is addressed. If you are not the intended recipient of this E-mail, you are hereby notified that any dissemination, distribution, copying, or action taken in relation to the contents of and attachments to this E-mail is strictly prohibited and may be unlawful. If you have received this E-mail in error, please notify the sender immediately and permanently delete the original and any copy of this E-mail and any printout.