Re: [GROW] RouteLeaks - problem or not?
Christopher Morrow <christopher.morrow@gmail.com> Wed, 14 November 2012 22:44 UTC
Return-Path: <christopher.morrow@gmail.com>
X-Original-To: grow@ietfa.amsl.com
Delivered-To: grow@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BB01321F887D for <grow@ietfa.amsl.com>; Wed, 14 Nov 2012 14:44:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.599
X-Spam-Level:
X-Spam-Status: No, score=-103.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iMIxC5BS8wgA for <grow@ietfa.amsl.com>; Wed, 14 Nov 2012 14:44:27 -0800 (PST)
Received: from mail-ea0-f172.google.com (mail-ea0-f172.google.com [209.85.215.172]) by ietfa.amsl.com (Postfix) with ESMTP id C46EA21F884D for <grow@ietf.org>; Wed, 14 Nov 2012 14:44:26 -0800 (PST)
Received: by mail-ea0-f172.google.com with SMTP id k13so463981eaa.31 for <grow@ietf.org>; Wed, 14 Nov 2012 14:44:26 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=3kkX/jJpWTmBbdGUB+HfoJWrcIMXBvCxXALTf+LxaAM=; b=nQh/1vjNeNJGy5/fbi0GHqF23/1QppZCSn2noj8lwjhkTiG56UtuVSj3t5Hd/9DXAh wdXWM204xYtbdx9Tu59T2IIKm/UH1kQd1+VEDaPfGIXebrpBMnQUdFA11oHbl7xorwfq Rg3xK6s9/I39dcjs+PeYZ6Zicqrtch7DBeAfCnXFA0kDR7jUKIY3BeNxrTxgZ2sqhbHm 7VIca+KuTGJCQxMoBR3B7NrlgUaNssbEK701YZj2BYzmzw6/y1OLzeQWwWzqnVDMDG1O Ga+kr1CkKRYZTYo9bDbdr1ZeOMVZMEtWGcmwsHzasGEZQIZw3tNReRmUa1XXb2CpNKuK uwJw==
MIME-Version: 1.0
Received: by 10.14.175.71 with SMTP id y47mr91660482eel.36.1352933065988; Wed, 14 Nov 2012 14:44:25 -0800 (PST)
Received: by 10.223.177.71 with HTTP; Wed, 14 Nov 2012 14:44:25 -0800 (PST)
In-Reply-To: <CAL9jLaagY5bBe_8eRST8noEp2-o00Zkm2Qc59Ys7pak++EPGNw@mail.gmail.com>
References: <CAL9jLaagY5bBe_8eRST8noEp2-o00Zkm2Qc59Ys7pak++EPGNw@mail.gmail.com>
Date: Wed, 14 Nov 2012 17:44:25 -0500
Message-ID: <CAL9jLaZT43OBwHqWs-xzy8qCm1UEyfN+hDKTgdrrvCc09xWNHw@mail.gmail.com>
From: Christopher Morrow <christopher.morrow@gmail.com>
To: grow-chairs@tools.ietf.org, grow-ads@tools.ietf.org, "grow@ietf.org grow@ietf.org" <grow@ietf.org>, draft-foo-sidr-simple-leak-attack-bgpsec-no-help@tools.ietf.org
Content-Type: text/plain; charset="ISO-8859-1"
Subject: Re: [GROW] RouteLeaks - problem or not?
X-BeenThere: grow@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Grow Working Group Mailing List <grow.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/grow>, <mailto:grow-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/grow>
List-Post: <mailto:grow@ietf.org>
List-Help: <mailto:grow-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/grow>, <mailto:grow-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Nov 2012 22:44:28 -0000
Apologies for the extra spam, there was a topic point I missed in this mail, see below please. On Wed, Nov 14, 2012 at 5:18 PM, Christopher Morrow <christopher.morrow@gmail.com> wrote: > GROW Folks, > The SIDR working group is working on security for origination and path > data related to BGP routes. There has been a note (a few) about SIDR's > effect(s) or not on 'route leaks'. There have even been a few notes on > 'what is a route leak'. To date there is a draft which discusses route > leaks: > <http://tools.ietf.org/html/draft-foo-sidr-simple-leak-attack-bgpsec-no-help-02> > > where the authors have attempted to describe one (or many possible) > situations which are called 'route leaks'. They also attempt to > outline security issues which are follow-on effects of the situation > described. > Additionally there were several drafts written by Brian Dickson aiming to provide some definitions about route-leaks and some direction for a solution, they are: <http://tools.ietf.org/html/draft-dickson-sidr-route-leak-def-03> <http://tools.ietf.org/html/draft-dickson-sidr-route-leak-solns-01> <http://tools.ietf.org/html/draft-dickson-sidr-route-leak-reqts-02> These are probably best read in reverse numerical order: definition requirements solution I believe the author aimed to talk about this in a GROW meeting, or on the GROW list, I have not seen him pipe up as of yet to that end, however. -chris > SIDR attempted to look at route-leaks and came up a bit stymied, they > asked IDR for some assistance with the issue, IDR pushed back to GROW > to decide: > 1) What is a 'route leak' (perhaps the above draft identifies one > examplar to be used in that definition) > 2) Are 'route leaks' a problem that Operations folks care about > 3) Should IDR (or the IETF proper) address 'route leaks' with some > form(s) of fix action. > > The end result of the above 3 steps is to push back into IDR one of > two action requests: > 1) "Yes, route leaks are a problem, please fix them." > or > 2) "No, route leaks are not a problem, take no action." > > If #1 above is the answer, and IDR decides that changes to the BGP > protocol are warranted (or are a possible solution to the problem) > then SIDR has agreed to do what they can to 'secure' the bits > added/changed/used in that endeavor. > > Could we have some discussion on-list about this problem, and some > discussion about whether or not the draft referenced above fits the > definition we would like to use for 'route leak'? I would also like > the authors of the draft to decide where they would like to take their > draft: > 1) SIDR > 2) IDR > 3) GROW > 4) other > > Thanks! > -Chris > (co-chair 1:2 of grow, and 1:3 in sidr)
- Re: [GROW] RouteLeaks - problem or not? Arturo Servin
- [GROW] RouteLeaks - problem or not? Christopher Morrow
- Re: [GROW] RouteLeaks - problem or not? Christopher Morrow
- Re: [GROW] RouteLeaks - problem or not? Jared Mauch
- Re: [GROW] RouteLeaks - problem or not? McPherson, Danny
- Re: [GROW] RouteLeaks - problem or not? Nick Hilliard
- Re: [GROW] RouteLeaks - problem or not? Jared Mauch
- Re: [GROW] RouteLeaks - problem or not? Christopher Morrow
- Re: [GROW] RouteLeaks - problem or not? Nick Hilliard
- Re: [GROW] RouteLeaks - problem or not? Nick Hilliard
- Re: [GROW] RouteLeaks - problem or not? Arturo Servin
- Re: [GROW] RouteLeaks - problem or not? Shane Amante
- Re: [GROW] RouteLeaks - problem or not? Christopher Morrow
- Re: [GROW] RouteLeaks - problem or not? Job Snijders
- Re: [GROW] RouteLeaks - problem or not? Warren Kumari
- Re: [GROW] RouteLeaks - problem or not? Shane Amante
- Re: [GROW] RouteLeaks - problem or not? Christopher Morrow
- Re: [GROW] RouteLeaks - problem or not? Warren Kumari
- Re: [GROW] RouteLeaks - problem or not? MAWATARI Masataka
- Re: [GROW] RouteLeaks - problem or not? Rob Shakir
- Re: [GROW] RouteLeaks - problem or not? Sonalker, Anuja
- Re: [GROW] RouteLeaks - problem or not? Michael Hallgren
- Re: [GROW] RouteLeaks - problem or not? Russ White
- Re: [GROW] RouteLeaks - problem or not? rob.shakir
- Re: [GROW] RouteLeaks - problem or not? Christopher Morrow
- Re: [GROW] RouteLeaks - problem or not? Arturo Servin
- Re: [GROW] RouteLeaks - problem or not? Christopher Morrow
- Re: [GROW] RouteLeaks - problem or not? Smith, Donald
- Re: [GROW] RouteLeaks - problem or not? Christopher Morrow
- Re: [GROW] RouteLeaks - problem or not? Murphy, Sandra
- Re: [GROW] RouteLeaks - problem or not? Danny McPherson