Re: [Idr] draft-uttaro-idr-bgp-persistence-00: Security Considerations

[Jakob Heitz <jakob.heitz@ericsson.com>]

On Wednesday, November 02, 2011 1:21 PM, UTTARO, JAMES <mailto:ju1738@att.com> wrote:

> Jakob,
> 
> 	See the security section of the draft.

I did, but it doesn't answer my questions.

It diverts the reader's attention with talk of
malicious disturbance.

Accidental disturbance seems much more real to me.
The chance of such an accidental disturbance seems to
me to be high enough to sink this proposal cold.

However, I don't actually know. Am I scared of ghosts
or is it real? Some credible research results might
relieve my anxiety.

> 
> Jim Uttaro
> 
> -----Original Message-----
> From: Jakob Heitz [mailto:jakob.heitz@ericsson.com]
> Sent: Wednesday, November 02, 2011 4:06 PM
> To: Enke Chen; UTTARO, JAMES
> Cc: idr@ietf.org List; robert@raszuk.net
> Subject: RE: [Idr] draft-uttaro-idr-bgp-persistence-00: Security
> Considerations 
> 
> On Wednesday, October 26, 2011 5:43 PM, Enke Chen <> wrote:
> 
>> Hi, folks:
>> 
>> I have a hard time in understanding what new problems (beyond the GR)
>> the draft try to solve :-(
> 
> Me too.
> 
> The persisting routers will persistently send labeled packets
> into the core. If the intended destination really has disappeared,
> and restarted, what is the chance that such labeled packets
> interfere with other unrelated services, just because of labels
> being reused?
> 
> Quote from 3.1 of the draft:
> The persist-timer
>       should be set to a large value on the order of days to infinity.
> 
> Customers rely on the separation between VPN's. The "P" means private.
> Anything that threatens that "P" should not be taken lightly.
> 
> I'm starting to imagine my video stream intrespersed with dzzt, zzt
> from random packets being injected into it. How real is that?