IETF Logo Mail Archive

Re: [GROW] WGLC: draft-ietf-grow-simple-leak-attack-bgpsec-no-help

Christopher Morrow <christopher.morrow@gmail.com> Tue, 20 May 2014 21:42 UTC

Return-Path: <christopher.morrow@gmail.com>
X-Original-To: grow@ietfa.amsl.com
Delivered-To: grow@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 13F161A02BC for <grow@ietfa.amsl.com>; Tue, 20 May 2014 14:42:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZSI9kL336Xmr for <grow@ietfa.amsl.com>; Tue, 20 May 2014 14:42:12 -0700 (PDT)
Received: from mail-lb0-x235.google.com (mail-lb0-x235.google.com [IPv6:2a00:1450:4010:c04::235]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3E7101A03AB for <grow@ietf.org>; Tue, 20 May 2014 14:42:12 -0700 (PDT)
Received: by mail-lb0-f181.google.com with SMTP id q8so906670lbi.12 for <grow@ietf.org>; Tue, 20 May 2014 14:42:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=EiH0SJDgQPQ/uCD9QyEg59FBbjWOt2wE4iYqRBovFn8=; b=gc3C2Mq4IVAMicVKDo1u/wGNnm+IItmbaOOtc5G6wFoT6CuFYJdyrYa+YxjmY3tOE5 Yzm9GUnsLoVrdjEiJ7WA3HFvQ6FoBMzFhehnipbq3MC62PkS/WhaIJ2Myo0s4OCDR3Z5 cOMwk14Of9q14pPQENlPBYyaA5rBNoj0h1A+izfFhlKEejG/9ICr/uvmHXqUWxKECxX0 VWKGlZ8OWOOjTi0itQjTqq+2Hh/FdjDzHNBAHfQp2jwkAkD6iQlzWXpWljIRrNyPxkN6 0DrHmbzSUYiBztNZInHalOIaywzk/6fiXq94Fd3Eiy7IoOr8QDvTv6TbA7v0c4/vOGz3 PtIA==
MIME-Version: 1.0
X-Received: by 10.152.234.229 with SMTP id uh5mr4504691lac.56.1400622130292; Tue, 20 May 2014 14:42:10 -0700 (PDT)
Received: by 10.153.5.161 with HTTP; Tue, 20 May 2014 14:42:10 -0700 (PDT)
In-Reply-To: <537B2375.7080408@inex.ie>
References: <CAL9jLabRKA2gezfRdzND1TSYMJO+a_4mVV+M302cLBFTUwYmTQ@mail.gmail.com> <CF96AEDB.1B684%wesley.george@twcable.com> <CAL9jLaZ9J52Dt5n1Wk2KYTqwzmefGxvq-bRcfMfhWBNwf_6ZGg@mail.gmail.com> <EFD759C6-6F35-4397-A27E-BF1E650663BC@tislabs.com> <34076248-B77A-418F-9ED2-E5A607D39B51@tcb.net> <CD783686-9D5B-4D0B-92CC-3D4ACF1A6D07@puck.nether.net> <537B2375.7080408@inex.ie>
Date: Tue, 20 May 2014 17:42:10 -0400
Message-ID: <CAL9jLabsRFg9+W-oemKh4=fSHaFfekqJeMmHiyr1gsVRO-wNig@mail.gmail.com>
From: Christopher Morrow <christopher.morrow@gmail.com>
To: Nick Hilliard <nick@inex.ie>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/grow/yE9zsa-6JRbC8Z6HBKkPT_KtcY0
Cc: "grow@ietf.org grow@ietf.org" <grow@ietf.org>
Subject: Re: [GROW] WGLC: draft-ietf-grow-simple-leak-attack-bgpsec-no-help
X-BeenThere: grow@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Grow Working Group Mailing List <grow.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/grow>, <mailto:grow-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/grow/>
List-Post: <mailto:grow@ietf.org>
List-Help: <mailto:grow-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/grow>, <mailto:grow-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 May 2014 21:42:15 -0000

On Tue, May 20, 2014 at 5:42 AM, Nick Hilliard <nick@inex.ie> wrote:
> On 20/05/2014 02:11, Jared Mauch wrote:
>> Is there a need for this to be explicitly documented within the IETF?  I
>> certainly agree there is a problem, but this feels like operational
>> guidance or perhaps a BCP or similar document?  (eg: Filter your peer
>> ASNs from your other peers).
>
> Well-maintained prefix / asn filters work well up to a certain size, but no
> further.  Poorly maintained filters break connectivity in ways which
> surprise and amaze.  Operationally there is an intersection of operator
> clue, network size and peer network size where prefix filters can work
> really well, but thar be dragons outside that intersection.

one point of the draft (perhaps not the point people are hoping for)
is that 'bgpsec + rpki do not stop valley-free breakage'. I don't know
that this was ever a goal for bgpsec/rpki though.

One goal which I think people (me too) were hoping for with a draft in
GROW was: "Define what a route leak is" followed by: "Tell me if this
is a problem for operations of networks"

I think 'is this a problem" is fairly well coverved by:
   o increased latency (unplanned long paths)
   o increased loss (paths not properly sized/planned/capacity-ready)

There MAY be MiTM problems, but one argument is that there are
whenever a packet crosses out of your administrative control. I don't
know that the hyperbolic argument (everything is a mitm chance!) is
helpful here, so I'd skip that. I would say that there are certainly
cases where a well planned leak can cause traffic inspection to be
possible (and MiTM) where the network operators were previously
unaware of such hazards.

The draft with it's current goal, I think, is easily summed up by:
  "If you don't police the routes in/out of your network bad things
could happen. BGPSEC/RPKI do not inherently police the routes in/out
of your network."

so in like 2 sentences the point made by the authors is clear... Still
no definition of 'route leak' though.

-chris

v2.23.0 | Report a Bug | By Email