IETF Logo Mail Archive

Re: [sidr] BGPSEC proposal to drop AS_PATH [was: Fwd: request for agenda items for interim meeting 6 Jun]

Russ White <russw@riw.us> Wed, 30 May 2012 23:07 UTC

Return-Path: <russw@riw.us>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 23A7C21F8616 for <sidr@ietfa.amsl.com>; Wed, 30 May 2012 16:07:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jSD3ITZFzuAT for <sidr@ietfa.amsl.com>; Wed, 30 May 2012 16:07:08 -0700 (PDT)
Received: from da31.namelessnet.net (da31.namelessnet.net [74.124.205.66]) by ietfa.amsl.com (Postfix) with ESMTP id AB67E21F8615 for <sidr@ietf.org>; Wed, 30 May 2012 16:07:08 -0700 (PDT)
Received: from rrcs-24-199-145-66.midsouth.biz.rr.com ([24.199.145.66] helo=[192.168.3.115]) by da31.namelessnet.net with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.77) (envelope-from <russw@riw.us>) id 1SZryt-0004GE-Tq for sidr@ietf.org; Wed, 30 May 2012 16:07:08 -0700
Message-ID: <4FC6A81C.1090306@riw.us>
Date: Wed, 30 May 2012 19:07:08 -0400
From: Russ White <russw@riw.us>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20120428 Thunderbird/12.0.1
MIME-Version: 1.0
To: sidr@ietf.org
References: <5BA9D6DE-BE0E-4922-9E09-7B85BD6F9342@juniper.net> <CE876529-6CDB-44ED-9184-CA73DFD2D048@juniper.net> <C37AE148-0873-4D9A-B1B2-1959A427435D@bgp.nu> <7309FCBCAE981B43ABBE69B31C8D213921BFA65FD8@EUSAACMS0701.eamcs.ericsson.se> <m2sjeise8s.wl%randy@psg.com>
In-Reply-To: <m2sjeise8s.wl%randy@psg.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-Antivirus-Scanner: Seems clean. You should still use an Antivirus Scanner
Subject: Re: [sidr] BGPSEC proposal to drop AS_PATH [was: Fwd: request for agenda items for interim meeting 6 Jun]
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 May 2012 23:07:09 -0000

> AS_PATH specifies the ASs through which the routing announcement has
> passed.
> 
>> Signed_AS_PATH is to verify the path that the update message takes.

....

> and here i thought that detecting that they differ, as an attack, is the
> core goal of as-path validation.

Okay, I seem to be confused. The AS Path isn't about where the update
has passed through, but the same attribute, when signed, is a mechanism
to provide security. And while the AS Path isn't about showing the path
of the update or the traffic, when it doesn't match the new attribute
that is supposed to show the path of the update this means there is an
attack of some sort.

Russ

-- 
<><
riwhite@verisign.com
russw@riw.us

v2.23.0 | Report a Bug | By Email