Re: [sidr] draft-ietf-sidr-bgpsec-protocol-13's security guarantees

Randy Bush <> Thu, 27 August 2015 21:02 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id E63B41A92E6 for <>; Thu, 27 Aug 2015 14:02:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id bcnlcnw7WdS8 for <>; Thu, 27 Aug 2015 14:02:38 -0700 (PDT)
Received: from ( [IPv6:2001:418:8006::18]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 62E8A1A8AB5 for <>; Thu, 27 Aug 2015 14:02:30 -0700 (PDT)
Received: from localhost ([] by with esmtp (Exim 4.82) (envelope-from <>) id 1ZV4JY-00046I-HS; Thu, 27 Aug 2015 21:02:28 +0000
Date: Fri, 28 Aug 2015 06:02:27 +0900
Message-ID: <>
From: Randy Bush <>
To: Sandra Murphy <>
In-Reply-To: <>
References: <> <> <>
User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/22.3 Mule/5.0 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.7 - "Harue")
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <>
Cc: sidr wg list <>
Subject: Re: [sidr] draft-ietf-sidr-bgpsec-protocol-13's security guarantees
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Secure Interdomain Routing <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 27 Aug 2015 21:02:40 -0000

>> an intermediate AS, which does not validate but signs, could apply 
> I’d say that the intermediate AS who didn’t verify the signatures it
> received could be acting on bad info at any time, without any
> conspiring ASs around.  The intermediate AS has no more assurance than
> a non-bgpsec speaker that the route it receives is valid.

it is not worse than unsecured is a form of reasoning i do not buy.

>> prefix-based local policy based on the wrong prefix.  same for any
>> bgp4 peers it may have.
> I see nothing in David’s message about a prefix, so I’m not sure what
> you are talking about.

sorry, i forgot that bgp announces beers.

the colluding systems could have signed a hash of lager when the label
on the announcement was pils.  the intermediate system which does not
validate could base it's mains order on pils and tell it's
non-validating peers to have a pils with them.

> But the intermediate AS and any bgp4 (i.e. non-bgpsec speakers?) peers
> have chosen to be insecure - I see no reason to be concerned.

same fallacious argument.  we are supposed to be making things better,
not leaving them the same.