IETF Logo Mail Archive

Re: [sidr] pCNT & prepending

XIANG Yang <xiangy08@csnet1.cs.tsinghua.edu.cn> Thu, 28 July 2011 15:19 UTC

Return-Path: <sharangxy@gmail.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ACEAE21F8C3F for <sidr@ietfa.amsl.com>; Thu, 28 Jul 2011 08:19:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.33
X-Spam-Level:
X-Spam-Status: No, score=-2.33 tagged_above=-999 required=5 tests=[AWL=0.646, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3X8xrkiWX4oL for <sidr@ietfa.amsl.com>; Thu, 28 Jul 2011 08:19:03 -0700 (PDT)
Received: from mail-vw0-f54.google.com (mail-vw0-f54.google.com [209.85.212.54]) by ietfa.amsl.com (Postfix) with ESMTP id D551F21F8BF2 for <sidr@ietf.org>; Thu, 28 Jul 2011 08:19:02 -0700 (PDT)
Received: by vws18 with SMTP id 18so3843563vws.27 for <sidr@ietf.org>; Thu, 28 Jul 2011 08:19:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:from:date :x-google-sender-auth:message-id:subject:to:cc:content-type; bh=Q0rK9v8PgZKvoSvnS6MOnaI2SxbPxZUio/kzD1Y6a8o=; b=DfoDSw+YenE3I8awZrMWtWgsuVmOUKkUzFIgQGg63Huzk+Y+HyvUO4P7aNDizDT5/L ZglKHOlJEuvr8TOu/odHumDMCFH9SXb4MwTE4TrnFnott/cYJlJmLhlxIT+Jqy0wTgy5 lolw5iT5LFN1GGFt+a5D1xdz6SomMXXq5BsA0=
Received: by 10.220.189.74 with SMTP id dd10mr44909vcb.38.1311866342154; Thu, 28 Jul 2011 08:19:02 -0700 (PDT)
MIME-Version: 1.0
Sender: sharangxy@gmail.com
Received: by 10.220.190.199 with HTTP; Thu, 28 Jul 2011 08:18:22 -0700 (PDT)
In-Reply-To: <D7A0423E5E193F40BE6E94126930C493087C7907AF@MBCLUSTER.xchange.nist.gov>
References: <3E7A5153-26C1-4974-9A1B-33AB92FCD657@tcb.net> <CA+rW-LBMWPRYhK+Q7fhymKnvhYetroqBG0p=CvuN-OnysSK4QA@mail.gmail.com> <D7A0423E5E193F40BE6E94126930C493087C7907AF@MBCLUSTER.xchange.nist.gov>
From: XIANG Yang <xiangy08@csnet1.cs.tsinghua.edu.cn>
Date: Thu, 28 Jul 2011 23:18:22 +0800
X-Google-Sender-Auth: D2kJBkxvfXY8rHnPHXq8-7HnE08
Message-ID: <CA+rW-LBNxsNKyobP3DMRE+_K+vhSX1kx9ky2TNS1YdNoncYHbw@mail.gmail.com>
To: "Montgomery, Douglas" <dougm@nist.gov>
Content-Type: multipart/alternative; boundary="90e6ba53ab4051206604a922af65"
Cc: sidr wg list <sidr@ietf.org>
Subject: Re: [sidr] pCNT & prepending
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Jul 2011 15:19:03 -0000

Sorry for the ambiguity. I mean defending against attacks such as "removing
an AS from the path".
I.e.
suppose the path is <AS1 AS2 AS2 AS3>,
then we need pCNT to avoid AS3 to announce a shorter path <AS1 AS2 AS3>, by
remove one of AS2.

R.
_____________________________________________________
Yang Xiang, PhD student, Tsinghua Univ., about.me/xiangyang



2011/7/28 Montgomery, Douglas <dougm@nist.gov>

> Did your comment mean complete "AS removal" ... or defending against
> adding/removing pre-pends.
>
> dougm
>
> Doug Montgomery - Manager Internet and Scalable Systems Research Group /
> Information Technology Laboratory / NIST
> ________________________________________
> From: sidr-bounces@ietf.org [sidr-bounces@ietf.org] On Behalf Of XIANG
> Yang [xiangy08@csnet1.cs.tsinghua.edu.cn]
> Sent: Thursday, July 28, 2011 11:11 AM
> Cc: sidr wg list
> Subject: Re: [sidr] pCNT & prepending
>
> +1 support.
> It's import to defend "AS removal" attack.
> _____________________________________________________
> Yang Xiang, PhD student, Tsinghua Univ., about.me/xiangyang<
> http://about.me/xiangyang>
>
>
>
> 2011/7/28 Danny McPherson <danny@tcb.net<mailto:danny@tcb.net>>
>
> Doug et al,
> I like the general objective of pCNT and this seems a good idea to me.  My
> only comment at the microphone was that if we add this for compression, then
> validation should require that pCNT MUST be equal to the number of
> _contiguous ASx appearances in the path (i.e., no more, no less, and only
> contiguous).
>
> I do wonder if pCNT=0 for transparent route servers introduces the
> opportunity for some sort of downgrade attack of sorts..
>
> -danny
> _______________________________________________
> sidr mailing list
> sidr@ietf.org<mailto:sidr@ietf.org>
> https://www.ietf.org/mailman/listinfo/sidr
>
> _______________________________________________
> sidr mailing list
> sidr@ietf.org
> https://www.ietf.org/mailman/listinfo/sidr
>

v2.23.0 | Report a Bug | By Email