IETF Logo Mail Archive

Re: [sidr] BGPSEC Threat Model ID

Randy Bush <randy@psg.com> Sat, 05 November 2011 01:34 UTC

Return-Path: <randy@psg.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5951B11E80C1 for <sidr@ietfa.amsl.com>; Fri, 4 Nov 2011 18:34:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.592
X-Spam-Level:
X-Spam-Status: No, score=-2.592 tagged_above=-999 required=5 tests=[AWL=0.007, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lOqAlpAenwmR for <sidr@ietfa.amsl.com>; Fri, 4 Nov 2011 18:34:53 -0700 (PDT)
Received: from ran.psg.com (ran.psg.com [IPv6:2001:418:1::36]) by ietfa.amsl.com (Postfix) with ESMTP id 7A88911E8094 for <sidr@ietf.org>; Fri, 4 Nov 2011 18:34:51 -0700 (PDT)
Received: from localhost ([127.0.0.1] helo=rair.psg.com.psg.com) by ran.psg.com with esmtp (Exim 4.76 (FreeBSD)) (envelope-from <randy@psg.com>) id 1RMV9m-000MCw-Gb; Sat, 05 Nov 2011 01:34:50 +0000
Date: Sat, 05 Nov 2011 02:34:48 +0100
Message-ID: <m2pqh71hdz.wl%randy@psg.com>
From: Randy Bush <randy@psg.com>
To: Eric Osterweil <eosterweil@verisign.com>
In-Reply-To: <A2661B25-CC2E-44E4-93CE-5AFE4F67E4DA@verisign.com>
References: <E96517DD-BAC7-4DD8-B345-562F71788C6A@tcb.net> <p06240807cad42f85eb7d@193.0.26.186> <32744.216.168.239.87.1320175657.squirrel@webmail.tcb.net> <p06240801cad6ab773279@193.0.26.186> <D9A38669-883D-4090-9F95-BC5C63220950@tcb.net> <p06240801cad800485596@193.0.26.186> <EEBF68E0-FAD9-4AF3-B81B-78760D200D9B@tcb.net> <p06240808cad85ff73d61@193.0.26.186> <080F8FFF-D2C7-4414-B53A-233F88D2009F@vpnc.org> <CAFU7BATC-6DUDNuadakwSa5wj0ryy0=49=XveBXD5Wv=5JL-ag@mail.gmail.com> <m2aa8c489s.wl%randy@psg.com> <53FA9B4A-552C-4998-8F69-592A0F5AA13B@verisign.com> <CAL9jLaZj1wcmDnbm1f9=csUv2Uuq_w3rS6UEYmUHAQDPWT9zFg@mail.gmail.com> <m262iz2xl8.wl%randy@psg.com> <A2661B25-CC2E-44E4-93CE-5AFE4F67E4DA@verisign.com>
User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/22.3 Mule/5.0 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka")
Content-Type: text/plain; charset="US-ASCII"
Cc: sidr wg list <sidr@ietf.org>
Subject: Re: [sidr] BGPSEC Threat Model ID
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 05 Nov 2011 01:34:53 -0000

> I think the distinction between a leak and something more intentional
> s a matter of policy.  Knowing the policy associated with the
> adjacencies that an AS is leaking over would allow leaked
> announcements to be identified

o We can not know intent, should Mary have announced the prefix to Bob

o But Joe can formally validate that Mary did announce the prefix to Bob

o Policy on the global Internet changes every 36ms, new customers, new
  peers, circuit moves, ...

o We already have a protocol to distribute policy or its effects, it is
  called BGP 

o BGPsec validates that the protocol has not been violated, and is not
  about intent or business policy

randy

v2.23.0 | Report a Bug | By Email