Re: [GROW] WGLC: draft-ietf-grow-simple-leak-attack-bgpsec-no-help

[Sandra Murphy <sandy@tislabs.com>]

On May 12, 2014, at 11:35 PM, Christopher Morrow <christopher.morrow@gmail.com> wrote:

>> 
>> This document provides no actionable guidance beyond articulating the
>> basics of the attack, certainly no meaningful discussion of policy vs
>> intent other than to note that discerning intent is difficult, and as such
> 
> possibly the authors are aiming at just defining what a leak is (one
> example type) so discussions can progress beyond 'what is a route leak
> again? can you point me at an RFC/definition of same?'
> 
> I think this was part of the impetus for the document, or that's what I recall.

Sort of a late reply to this, but…

The draft's simple example of this behavior serves as a way to frame its discussion of some of the problems that can result.  But it does not produce a definition.  If that was the wg's purpose for this document, then this doesn't suit.

The draft itself says that it is not intended to provide a definition:

   While the formal definition of a 'route-leak' has proven elusive in
   literature, the rampant occurrence and persistent operational threats
   have proven to be anything but uncommon.  This document is intended
   to serve as a proof of existence for the referenced attack vector and
   any supplementary formal models are left for future work.

As a motivating example, this draft works.  As a definition of what is and is not a route leak, it does not.

I suspect if an explicit definition is not worked out now, it will get worked out in the middle of trying to work out a solution, which will be very messy.  It is always hard to work toward a solution when you aren't working from a common understanding of what you are solving.

--Sandy