Re: [sidr] BGPSEC Threat Model ID

Eric Osterweil <> Thu, 03 November 2011 17:49 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id E21DE1F0C40 for <>; Thu, 3 Nov 2011 10:49:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id Y-WZJu7gz4Jq for <>; Thu, 3 Nov 2011 10:49:48 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id DE13F1F0CC0 for <>; Thu, 3 Nov 2011 10:49:47 -0700 (PDT)
Received: from ([]) (using TLSv1) by ([]) with SMTP; Thu, 03 Nov 2011 10:49:47 PDT
Received: from ( []) by (8.13.6/8.13.4) with ESMTP id pA3HnZKi005100; Thu, 3 Nov 2011 13:49:35 -0400
Received: from ([]) by with Microsoft SMTPSVC(6.0.3790.4675); Thu, 3 Nov 2011 13:49:34 -0400
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: text/plain; charset=us-ascii
From: Eric Osterweil <>
In-Reply-To: <p06240808cad85ff73d61@[]>
Date: Thu, 3 Nov 2011 13:49:34 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <>
References: <> <p06240807cad42f85eb7d@[]> <> <p06240801cad6ab773279@[]> <> <p06240801cad800485596@[]> <> <p06240808cad85ff73d61@[]>
To: Stephen Kent <>
X-Mailer: Apple Mail (2.1084)
X-OriginalArrivalTime: 03 Nov 2011 17:49:34.0787 (UTC) FILETIME=[F2C3A130:01CC9A50]
Cc: sidr wg list <>
Subject: Re: [sidr] BGPSEC Threat Model ID
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 03 Nov 2011 17:49:49 -0000

On Nov 3, 2011, at 11:43 AM, Stephen Kent wrote:

> Danny,
> I'm reducing my reply to minimize what has become a tedious process.
> ...
>> The charter is temporal and the product of the WG in the form of RFCs
>> will be much more persistent, I'm concerned by a line of reasoning that
>> says "Let's ignore and not even enumerate or concern ourselves with
>> these obvious threats because the current charter [deliberately] says
>> all we have to do is provide semantic validation of the AS_PATH" [and
>> doing anything more would quite possibly NOT be conducive to
>> expedited publication of BGPSEC].
> While I appreciate your concerns, comments from one WG member do not warrant changing the scope of a document to extend beyond the WG charter. When the charter changes, or upon direction of the WG chairs I will revise the doc.

So, I have been watching this thread and reading the interplay.  Likely many of us (but at the very least, I) have been waiting with baited breath for answers to these issues, or at least a beginning to discussions of follow-on work to address them.

However, since there appears to be need for more than one person on record: I also share these concerns.  Fair?


>> We've already seen issues where such an approach has been problematic with
>> DNSSEC in the wake of portions of the Internet being fragmented and causing
>> issues and inability to update certificates in the system at root, TLD and SLD
>> levels, and what you're proposing here is far far more troubling.
> Can you point me to reports on those incidents. I have not heard about them.
> ...
>> If you're intended to play the "charter says .." card then we're wasting our time.
> Yes, we are both wasting our time at this stage.

Disagree.  These are important issues, and it seems that some design work needs to be done to address them.  afaict, there are issues in the design that may be exposing attack vectors.  I can't see how claiming, "we are both wasting our time at this stage," is an acceptable response.  These are real security threats that may exist if specifications are minted as is.  imho, they _must_ be addressed, not ignored.