IETF Logo Mail Archive

Re: [sidr] pCNT & prepending

Doug Montgomery <dougm.tlist@gmail.com> Thu, 28 July 2011 15:24 UTC

Return-Path: <dougm.tlist@gmail.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BCA4721F8CD3 for <sidr@ietfa.amsl.com>; Thu, 28 Jul 2011 08:24:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.202
X-Spam-Level:
X-Spam-Status: No, score=-2.202 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=1.396, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tNVcopV5tvyE for <sidr@ietfa.amsl.com>; Thu, 28 Jul 2011 08:24:25 -0700 (PDT)
Received: from mail-qw0-f44.google.com (mail-qw0-f44.google.com [209.85.216.44]) by ietfa.amsl.com (Postfix) with ESMTP id 5728321F8CD9 for <sidr@ietf.org>; Thu, 28 Jul 2011 08:24:25 -0700 (PDT)
Received: by qwc23 with SMTP id 23so1859827qwc.31 for <sidr@ietf.org>; Thu, 28 Jul 2011 08:24:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=user-agent:date:subject:from:to:cc:message-id:thread-topic :in-reply-to:mime-version:content-type; bh=HXAR1XUYVweK1l01N52uDTCXS3TPBFHYHhwQZiBqpiE=; b=URmFNeGNqprYcgrAtdLMFBjuiWb7JJu1NfCnQuugwGpKb7VwH2uqpwp5FXW7mu1kpL 5kimM48jF3RWt2FcUKFKWH9pXF5MQvJ5frGJjtZIm5CEpvl0mjRUpGUC7oL9AAdX5ARR oXRNyysqRTigiXY073H8DPdKwptdpkXZFXLeI=
Received: by 10.224.198.68 with SMTP id en4mr121662qab.223.1311866662192; Thu, 28 Jul 2011 08:24:22 -0700 (PDT)
Received: from [130.129.87.22] (dhcp-5716.meeting.ietf.org [130.129.87.22]) by mx.google.com with ESMTPS id 1sm734338qcy.43.2011.07.28.08.24.20 (version=SSLv3 cipher=OTHER); Thu, 28 Jul 2011 08:24:21 -0700 (PDT)
User-Agent: Microsoft-MacOutlook/14.10.0.110310
Date: Thu, 28 Jul 2011 11:24:17 -0400
From: Doug Montgomery <dougm.tlist@gmail.com>
To: XIANG Yang <xiangy08@csnet1.cs.tsinghua.edu.cn>, Doug Montgomery <dougm@nist.gov>
Message-ID: <CA56F6E8.5AC30%dougm.tlist@gmail.com>
Thread-Topic: [sidr] pCNT & prepending
In-Reply-To: <CA+rW-LBNxsNKyobP3DMRE+_K+vhSX1kx9ky2TNS1YdNoncYHbw@mail.gmail.com>
Mime-version: 1.0
Content-type: multipart/alternative; boundary="B_3394697060_4652465"
Cc: sidr wg list <sidr@ietf.org>
Subject: Re: [sidr] pCNT & prepending
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Jul 2011 15:24:27 -0000

OK ­ so that is a +1 for protecting prepending, not just optimizing Sigs in
the presence of prepending.


From:  XIANG Yang <xiangy08@csnet1.cs.tsinghua.edu.cn>
Date:  Thu, 28 Jul 2011 23:18:22 +0800
To:  Doug Montgomery <dougm@nist.gov>
Cc:  sidr wg list <sidr@ietf.org>
Subject:  Re: [sidr] pCNT & prepending

> Sorry for the ambiguity. I mean defending against attacks such as "removing an
> AS from the path".
> I.e.
> suppose the path is <AS1 AS2 AS2 AS3>,
> then we need pCNT to avoid AS3 to announce a shorter path <AS1 AS2 AS3>, by
> remove one of AS2.
> 
> R.
> _____________________________________________________
> Yang Xiang, PhD student, Tsinghua Univ., about.me/xiangyang
> <http://about.me/xiangyang>
> 
> 
> 
> 2011/7/28 Montgomery, Douglas <dougm@nist.gov>
>> Did your comment mean complete "AS removal" ... or defending against
>> adding/removing pre-pends.
>> 
>> dougm
>> 
>> Doug Montgomery - Manager Internet and Scalable Systems Research Group /
>> Information Technology Laboratory / NIST
>> ________________________________________
>> From: sidr-bounces@ietf.org [sidr-bounces@ietf.org] On Behalf Of XIANG Yang
>> [xiangy08@csnet1.cs.tsinghua.edu.cn]
>> Sent: Thursday, July 28, 2011 11:11 AM
>> Cc: sidr wg list
>> Subject: Re: [sidr] pCNT & prepending
>> 
>> +1 support.
>> It's import to defend "AS removal" attack.
>> _____________________________________________________
>> Yang Xiang, PhD student, Tsinghua Univ., about.me/xiangyang
>> <http://about.me/xiangyang> <http://about.me/xiangyang>
>> 
>> 
>> 
>> 2011/7/28 Danny McPherson <danny@tcb.net<mailto:danny@tcb.net>>
>> 
>> Doug et al,
>> I like the general objective of pCNT and this seems a good idea to me.  My
>> only comment at the microphone was that if we add this for compression, then
>> validation should require that pCNT MUST be equal to the number of
>> _contiguous ASx appearances in the path (i.e., no more, no less, and only
>> contiguous).
>> 
>> I do wonder if pCNT=0 for transparent route servers introduces the
>> opportunity for some sort of downgrade attack of sorts..
>> 
>> -danny
>> _______________________________________________
>> sidr mailing list
>> sidr@ietf.org<mailto:sidr@ietf.org>
>> https://www.ietf.org/mailman/listinfo/sidr
>> 
>> _______________________________________________
>> sidr mailing list
>> sidr@ietf.org
>> https://www.ietf.org/mailman/listinfo/sidr
> 
> _______________________________________________ sidr mailing list
> sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr

v2.23.0 | Report a Bug | By Email