Re: [sidr] draft-sriram-route-leak-protection-00
"Sriram, Kotikalapudi" <kotikalapudi.sriram@nist.gov> Tue, 29 July 2014 17:09 UTC
Return-Path: <kotikalapudi.sriram@nist.gov>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6E9601B29F5; Tue, 29 Jul 2014 10:09:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZuZBBe0zUIs4; Tue, 29 Jul 2014 10:09:53 -0700 (PDT)
Received: from na01-by2-obe.outbound.protection.outlook.com (mail-by2lp0241.outbound.protection.outlook.com [207.46.163.241]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C69D61B2997; Tue, 29 Jul 2014 10:09:52 -0700 (PDT)
Received: from BN1PR09MB0274.namprd09.prod.outlook.com (25.160.80.23) by BN1PR09MB0275.namprd09.prod.outlook.com (25.160.80.24) with Microsoft SMTP Server (TLS) id 15.0.995.14; Tue, 29 Jul 2014 17:09:51 +0000
Received: from BN1PR09MB0274.namprd09.prod.outlook.com ([25.160.80.23]) by BN1PR09MB0274.namprd09.prod.outlook.com ([25.160.80.23]) with mapi id 15.00.0995.014; Tue, 29 Jul 2014 17:09:51 +0000
From: "Sriram, Kotikalapudi" <kotikalapudi.sriram@nist.gov>
To: "Jakob Heitz (jheitz)" <jheitz@cisco.com>, IETF SIDR <sidr@ietf.org>, "idr@ietf.org" <idr@ietf.org>, "grow@ietf.org" <grow@ietf.org>
Thread-Topic: draft-sriram-route-leak-protection-00
Thread-Index: Ac+p/vnHoWsppmC3R8uDlV6ghI7lHQBSoyTQ
Date: Tue, 29 Jul 2014 17:09:50 +0000
Message-ID: <671badb13318451098ddea1430afbc2f@BN1PR09MB0274.namprd09.prod.outlook.com>
References: <075DE01702BBC249BE1357EFD20DCFE50CF04B96@xmb-aln-x02.cisco.com>
In-Reply-To: <075DE01702BBC249BE1357EFD20DCFE50CF04B96@xmb-aln-x02.cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [129.6.140.100]
x-microsoft-antispam: BCL:0;PCL:0;RULEID:
x-forefront-prvs: 0287BBA78D
x-forefront-antispam-report: SFV:NSPM; SFS:(6009001)(189002)(199002)(105586002)(99396002)(92566001)(2656002)(561944003)(87936001)(101416001)(107046002)(77096002)(50986999)(85306003)(54356999)(106356001)(99286002)(66066001)(33646002)(2201001)(21056001)(74316001)(107886001)(76176999)(95666004)(76482001)(46102001)(77982001)(4396001)(74502001)(81342001)(86362001)(83072002)(81542001)(31966008)(76576001)(85852003)(80022001)(83322001)(64706001)(74662001)(20776003)(108616002)(24736002); DIR:OUT; SFP:; SCL:1; SRVR:BN1PR09MB0275; H:BN1PR09MB0274.namprd09.prod.outlook.com; FPR:; MLV:sfv; PTR:InfoNoRecords; MX:1; LANG:en;
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
Archived-At: http://mailarchive.ietf.org/arch/msg/sidr/FNECV3dRcR2fWUP8sYRgWql6hE0
Subject: Re: [sidr] draft-sriram-route-leak-protection-00
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Jul 2014 17:09:58 -0000
Jacob, Please see comment inline below. Sriram >Add a new attribute that means "this route may be advertised up". >This attribute must be signed by the originator of the route. >Add a second attribute that means "The first attribute was added". >This attribute must be included in the BGPSEC signature. >If an AS asserts that the route can no longer be advertised up, > It simply removes the first attribute along with its signature. >Since the first attribute must be signed by the originator, no one else can add it back. The assertion "no one else can add it back" is not true. In your proposal, as I understand it, only the origin AS is signing the first attribute to its neighbor (i.e. second AS). Therefore, after an AS along the path removes the first attribute along with the origin's signature, a subsequent adversary AS can always cut and paste that thing back. Please let me know if I misunderstood something. (Note: We carefully avoided this kind of cut and paste problem in Path Signing in BGPSEC by requiring each AS to sign to the next AS in the AS path.) Sriram >Now, an AS that considers itself a provider of the advertised route to the peer from which it received the advertisement can filter on the presence of the second attribute and the lack of the first to prevent the leak. >The advantage of this solution is that it will not expose the customer-provider relationship to any customers. >--Jakob
- [sidr] draft-sriram-route-leak-protection-00 Jakob Heitz (jheitz)
- Re: [sidr] draft-sriram-route-leak-protection-00 Sriram, Kotikalapudi
- Re: [sidr] draft-sriram-route-leak-protection-00 Jakob Heitz (jheitz)
- Re: [sidr] draft-sriram-route-leak-protection-00 Sriram, Kotikalapudi
- Re: [sidr] draft-sriram-route-leak-protection-00 Jakob Heitz (jheitz)
- Re: [sidr] draft-sriram-route-leak-protection-00 Sriram, Kotikalapudi
- Re: [sidr] draft-sriram-route-leak-protection-00 Jakob Heitz (jheitz)
- Re: [sidr] draft-sriram-route-leak-protection-00 Sriram, Kotikalapudi
- Re: [sidr] draft-sriram-route-leak-protection-00 Robert Raszuk
- Re: [sidr] draft-sriram-route-leak-protection-00 Jakob Heitz (jheitz)