IETF Logo Mail Archive

Re: [RPSEC] BGP Security Requirements v08

Curtis Villamizar <curtis@occnc.com> Wed, 18 July 2007 16:14 UTC

Return-path: <rpsec-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IBCAH-0004iS-Nf; Wed, 18 Jul 2007 12:14:13 -0400
Received: from rpsec by megatron.ietf.org with local (Exim 4.43) id 1IBCAG-0004iE-TT for rpsec-confirm+ok@megatron.ietf.org; Wed, 18 Jul 2007 12:14:12 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IBCAG-0004i2-Ju for rpsec@ietf.org; Wed, 18 Jul 2007 12:14:12 -0400
Received: from 69.37.59.172.adsl.snet.net ([69.37.59.172] helo=harbor.brookfield.occnc.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IBCAG-0005Y3-94 for rpsec@ietf.org; Wed, 18 Jul 2007 12:14:12 -0400
Received: from harbor.brookfield.occnc.com (harbor.brookfield.occnc.com [69.37.59.172]) by harbor.brookfield.occnc.com (8.13.6/8.13.6) with ESMTP id l6IGEGrr026084; Wed, 18 Jul 2007 12:14:16 -0400 (EDT) (envelope-from curtis@harbor.brookfield.occnc.com)
Message-Id: <200707181614.l6IGEGrr026084@harbor.brookfield.occnc.com>
To: "James Ko" <jamesko@nortel.com>
From: Curtis Villamizar <curtis@occnc.com>
Subject: Re: [RPSEC] BGP Security Requirements v08
In-reply-to: Your message of "Tue, 17 Jul 2007 11:35:24 EDT." <F1A1D21DA394814E824AC89F5A005BA312CCE59D@zcarhxm0.corp.nortel.com>
Date: Wed, 18 Jul 2007 12:14:16 -0400
X-Spam-Score: 1.7 (+)
X-Scan-Signature: 798b2e660f1819ae38035ac1d8d5e3ab
Cc: rpsec@ietf.org, Russ White <riw@cisco.com>, Stephen Kent <kent@bbn.com>
X-BeenThere: rpsec@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: curtis@occnc.com
List-Id: Routing Protocol Security Requirements <rpsec.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/rpsec>, <mailto:rpsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/rpsec>
List-Post: <mailto:rpsec@ietf.org>
List-Help: <mailto:rpsec-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/rpsec>, <mailto:rpsec-request@ietf.org?subject=subscribe>
Errors-To: rpsec-bounces@ietf.org

In message <F1A1D21DA394814E824AC89F5A005BA312CCE59D@zcarhxm0.corp.nortel.com>
"James Ko" writes:
>  
>  
> Indeed, ideally incoming data should be "authentic" and "verifiable",
> otherwise we are back to square one and this work is no different but to
> give bad guys a window of opportunity to run man-in-the-middle attacks,
> or inject bogus routes.


So why does Internet routing work at all today?  Rhetorical question.

It does work by the way.  Not always perfectly.

Curtis


ps - The answer is because the DOS would be short lived and very
traceable (ie: not much damage and they'd get caught).  The reason for
this is the bogus information would have to be injected from within an
ISP and ISP security of their own infrastructure is reasonably good.


_______________________________________________
RPSEC mailing list
RPSEC@ietf.org
https://www1.ietf.org/mailman/listinfo/rpsec

v2.8.7 | Report a Bug | By Email