IETF Logo Mail Archive

Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2?

Danny McPherson <danny@tcb.net> Mon, 04 April 2011 12:21 UTC

Return-Path: <danny@tcb.net>
X-Original-To: sidr@core3.amsl.com
Delivered-To: sidr@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A657628B23E for <sidr@core3.amsl.com>; Mon, 4 Apr 2011 05:21:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.31
X-Spam-Level:
X-Spam-Status: No, score=-110.31 tagged_above=-999 required=5 tests=[AWL=0.289, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JDuqCr-gQCju for <sidr@core3.amsl.com>; Mon, 4 Apr 2011 05:20:59 -0700 (PDT)
Received: from farnsworth.verisignlabs.com (farnsworth.verisignlabs.com [72.13.58.64]) by core3.amsl.com (Postfix) with ESMTP id A83BE3A69E6 for <sidr@ietf.org>; Mon, 4 Apr 2011 05:20:59 -0700 (PDT)
Received: from monsoon.verisignlabs.com (h87.s239.verisign.com [216.168.239.87]) by farnsworth.verisignlabs.com (Postfix) with ESMTP id E2B8CA53D; Mon, 4 Apr 2011 12:22:41 +0000 (UTC)
Received: from dul1dmcphers-m2.vcorp.ad.vrsn.com (dul1dmcphers-m2.vcorp.ad.vrsn.com [10.100.0.90]) by monsoon.verisignlabs.com (Postfix) with ESMTP id 7BE9B2420FA; Mon, 4 Apr 2011 08:22:41 -0400 (EDT)
Mime-Version: 1.0 (Apple Message framework v1082)
Content-Type: text/plain; charset="us-ascii"
From: Danny McPherson <danny@tcb.net>
In-Reply-To: <20110404083237.GA1860@juniper.net>
Date: Mon, 04 Apr 2011 08:22:42 -0400
Content-Transfer-Encoding: 7bit
Message-Id: <FFD0D281-AA3C-4CF2-8AF2-E1A2FE0A53A0@tcb.net>
References: <AANLkTimq3hcdK7-f_Pa9sWJJOTzF_GBLcYu36sB3WszN@mail.gmail.com> <AANLkTikfn_ZRQNQx0QLV7fJa8DDeqMa=yRqWUH4krMHD@mail.gmail.com> <AANLkTinV88U3cF6z51eNtPeF-xKG1aWVgALd06CPq4kE@mail.gmail.com> <m2d3l6cj2l.wl%randy@psg.com> <289DB32D-D175-49DE-AA82-100407F64C23@juniper.net> <Pine.WNT.4.64.1104012156360.4612@mw-PC> <20110401210506.GA3082@juniper.net> <Pine.WNT.4.64.1104021120430.4612@mw-PC> <20110404083237.GA1860@juniper.net>
To: Hannes Gredler <hannes@juniper.net>
X-Mailer: Apple Mail (2.1082)
Cc: sidr wg list <sidr@ietf.org>
Subject: Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2?
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Apr 2011 12:21:00 -0000

On Apr 4, 2011, at 4:32 AM, Hannes Gredler wrote:

> 
> so my question is: "why do we need to solve the same problem
> (= protecting message integrity) 2 times in different ways" ?

This new machinery simply introduces object-level integrity functions 
in the application (i.e., BGP), it does nothing to ameliorate attacks 
at lower layers - all those substrate attack vectors (e.g., transport 
connection resets, injection or replay attacks) still exist and 
require controls as well -- else things might break in even uglier ways 
at higher layers.

Viva la layered security, 

-danny

v2.23.0 | Report a Bug | By Email