IETF Logo Mail Archive

Re: [sidr] Request for WG Last Call fordraft-ietf-sidr-bogons-02.txt anddraft-ietf-sidr-roa-validation-01.txt

Danny McPherson <danny@tcb.net> Tue, 02 December 2008 02:43 UTC

Return-Path: <sidr-bounces@ietf.org>
X-Original-To: sidr-archive@megatron.ietf.org
Delivered-To: ietfarch-sidr-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 88ADE3A6AA7; Mon, 1 Dec 2008 18:43:17 -0800 (PST)
X-Original-To: sidr@core3.amsl.com
Delivered-To: sidr@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 197A73A6AA7 for <sidr@core3.amsl.com>; Mon, 1 Dec 2008 18:43:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.06
X-Spam-Level:
X-Spam-Status: No, score=-1.06 tagged_above=-999 required=5 tests=[AWL=0.057, BAYES_00=-2.599, DNS_FROM_RFC_BOGUSMX=1.482]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3CrSK3L30V+e for <sidr@core3.amsl.com>; Mon, 1 Dec 2008 18:43:16 -0800 (PST)
Received: from dog.tcb.net (dog.tcb.net [64.78.150.133]) by core3.amsl.com (Postfix) with ESMTP id 40E223A6887 for <sidr@ietf.org>; Mon, 1 Dec 2008 18:43:16 -0800 (PST)
Received: by dog.tcb.net (Postfix, from userid 0) id BE21C368025; Mon, 1 Dec 2008 19:43:12 -0700 (MST)
Received: from [192.168.0.100] (97-122-99-176.hlrn.qwest.net [97.122.99.176]) (authenticated-user danny) (TLSv1/SSLv3 AES128-SHA 128/128) by dog.tcb.net with SMTP; Mon, 01 Dec 2008 19:43:12 -0700 (MST) (envelope-from danny@tcb.net)
X-Avenger: version=0.7.8; receiver=dog.tcb.net; client-ip=97.122.99.176; client-port=52278; syn-fingerprint=65535:55:1:64:M1316,N,W3,N,N,T,S; data-bytes=0
Message-Id: <39C4DBEA-893B-4069-B0BF-4D06A82A891B@tcb.net>
From: Danny McPherson <danny@tcb.net>
To: Geoff Huston <gih@apnic.net>
In-Reply-To: <3C4C05F3-8554-4F68-9508-F6B1E3E20660@apnic.net>
Mime-Version: 1.0 (Apple Message framework v929.2)
Date: Mon, 01 Dec 2008 19:43:11 -0700
References: <C542C40B.5166%andy@arin.net><A3751517-D15C-45DD-B530-027758F36B04@apnic.net><FC10BBCC-6144-4420-ACFC-9454F26444BE@tcb.net><6F70023C-57B1-4C8D-8DDF-B9D7D8F139F9@apnic.net><56AFA6B5-BCFB-4CDC-B921-3590F71CCBA0@tcb.net><0072BC84-507D-497C-B8B6-0F26DE804316@apnic.net><19318B76-0E1E-4DC5-8017-D2350352169C@tcb.net><16C1A7B4-C46F-4354-B1F8-4AF8EB5249B9@apnic.net><C4A37FE7-88F1-4DEC-AB81-CC2EC6A96C79@tcb.net><D1AE3911-CBB9-451A-AE47-CB254E403DED@apnic.net><EC1B7F06-4137-4F97-8EE5-7676DB0E7155@tcb.net><BD48FF05-04D0-4B71-AF1B-F074E0199202@apnic.net><A09B46E4-02B0-4825-888C-CA24CD68EF50@tcb.net><CB9CD7AF-8CD3-4636-8D64-E876B9216B47@apnic.net><264FCEF8-3DD1-49AB-B41F-56FD0A1B2870@tcb.net> <76720B94-5516-48BB-9D83-F3182969A6DE@apnic.net> <04CAD96D4C5A3D48B1919248A8FE0D540835895A@xmb-sjc-215.amer.cisco.com> <3C4C05F3-8554-4F68-9508-F6B1E3E20660@apnic.net>
X-Mailer: Apple Mail (2.929.2)
Cc: sidr@ietf.org
Subject: Re: [sidr] Request for WG Last Call fordraft-ietf-sidr-bogons-02.txt anddraft-ietf-sidr-roa-validation-01.txt
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"; DelSp="yes"
Sender: sidr-bounces@ietf.org
Errors-To: sidr-bounces@ietf.org

On Dec 1, 2008, at 5:22 PM, Geoff Huston wrote:

>
>
> No. Some folk believe that this should be the case, others believe  
> that this should not be the case. Those who believe that this should  
> not be the case are  proposing the BOA as a form of explicitly  
> stating what is invalid without having to state what is valid.

Heh, well said.  BOAs provide a mechanism to explicit state
*some* of what is invalid, without having to state what is
valid.  Seems like a less than optimal foundation for a secure
inter-domain routing protocol, or any protocol, to me.

> By the way, given that you have published a ROA aithorizing your  
> origin AS to advertise the prefix, I suspect that this has created  
> some further vulnerabilities that a BOA would not create. What  
> happens if I use this ROA you've created to hijack with your prefix  
> by prepending your origin AS to my AS? Can a third party detect that  
> this is a hijack of your prefix from the origination information and  
> the ROA? I do not think so.

I'm not sure what the point is here, per BOAs, as currently
specified under the SIDR charter and your previous comment on
this specific issue, provide no such protections either.
Professing it as otherwise is misleading.

> That's your _assumption_ of the sematics of a ROA. What reference  
> material or working group draft can you cite for semantic  
> interpretation of a ROA? draft-ieft-sidr-roa-validation? I don't  
> think so.

Yeah, I think we prolly need to revisit that as well.

> The point of hte BOA draft it that it challenges this assumption by  
> taking the position that such route aorigination authorities are  
> explicitly scoped to the authority described in the object, without  
> the implicit inclusion of any other authority or denial.
>
> AS referred to earlier, here's the list of today's bogon AS numbers,  
> just in case you thought  that this is a non-problem:

Right, so let's automate publication of those BOAs so that
routers can be configured to drop them tomorrow, instead of
only accepting those ASNs or any bogon or hijacked prefixes
from legit sources.  And then tomorrow we can deal with the
previous 24 hours of "Bogons - whatever that entails", all
the while the prior set of bogons are half gone but all the
objects remain for security reasons, and all of this gets
really interesting during large route leaks, and possibly even
result in a DOS themselves, and operators can't even pick up
legit objects because there are some many BOAs.  And don't
forget that the state of those BOAs change daily, and perhaps
may of those were legit but I "missed picking it up by seconds".

Seems way inefficient to me...

-danny

_______________________________________________
sidr mailing list
sidr@ietf.org
https://www.ietf.org/mailman/listinfo/sidr

v2.23.0 | Report a Bug | By Email