Re: [sidr] beacons and bgpsec
Sandra Murphy <Sandra.Murphy@sparta.com> Wed, 10 August 2011 17:43 UTC
Return-Path: <Sandra.Murphy@cobham.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DA8A921F8876 for <sidr@ietfa.amsl.com>; Wed, 10 Aug 2011 10:43:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.213
X-Spam-Level:
X-Spam-Status: No, score=-102.213 tagged_above=-999 required=5 tests=[AWL=0.386, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ar3h7Q29NxBK for <sidr@ietfa.amsl.com>; Wed, 10 Aug 2011 10:43:40 -0700 (PDT)
Received: from M4.sparta.com (M4.sparta.com [157.185.61.2]) by ietfa.amsl.com (Postfix) with ESMTP id 4F3C221F886D for <sidr@ietf.org>; Wed, 10 Aug 2011 10:43:40 -0700 (PDT)
Received: from Beta5.sparta.com (beta5.sparta.com [157.185.63.21]) by M4.sparta.com (8.13.5/8.13.5) with ESMTP id p7AHiBxo030272; Wed, 10 Aug 2011 12:44:11 -0500
Received: from mailbin2.ads.sparta.com (mailbin.sparta.com [157.185.85.6]) by Beta5.sparta.com (8.13.8/8.13.8) with ESMTP id p7AHi6JZ021757; Wed, 10 Aug 2011 12:44:08 -0500
Received: from SMURPHY-LT.columbia.ads.sparta.com ([157.185.81.128]) by mailbin2.ads.sparta.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.4675); Wed, 10 Aug 2011 13:44:00 -0400
Date: Wed, 10 Aug 2011 13:44:00 -0400
From: Sandra Murphy <Sandra.Murphy@sparta.com>
To: sidr wg list <sidr@ietf.org>, "Montgomery, Douglas" <dougm@nist.gov>
In-Reply-To: <CA67FEA7.5D697%dougm@nist.gov>
Message-ID: <Pine.WNT.4.64.1108101237230.8688@SMURPHY-LT.columbia.ads.sparta.com>
References: <CA67FEA7.5D697%dougm@nist.gov>
X-X-Sender: sandy@mailbin.sparta.com
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"; format="flowed"
X-OriginalArrivalTime: 10 Aug 2011 17:44:00.0879 (UTC) FILETIME=[16A08FF0:01CC5785]
Subject: Re: [sidr] beacons and bgpsec
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Aug 2011 17:43:41 -0000
Speaking as a regular ol' member On Wed, 10 Aug 2011, Montgomery, Douglas wrote: > > On 8/9/11 9:42 PM, "George Michaelson" <ggm@pobox.com> wrote: > >> >> On 10/08/2011, at 11:34 AM, Danny McPherson wrote: >> >>> >>> On Aug 9, 2011, at 9:23 PM, George Michaelson wrote: >>> >>>> <snip> > > I think it important to remember that BGPSEC and Origin Validation are > basically preventative, not reactionary/response mechanisms. That is > infrastructure that is manipulated in human time scales (e.g., ROAs, > AS/router Certs) that prevent future false announcements. I think it is > the assumption that having ROAs in place will address most pop-up spam > false announcements. > I agree that the RPKI is an infrastructure whose contents change in human time scales, with the examples you mention. But the bgpsec protocol operates in-line and at bgp time scales. (Whether that is human scale or not, I'll leave to the operators.) Certainly ROAs would make the pop-up spammers work harder, but I don't know that ROAs could be said to address them completely. Danny has pointed out many times that origin validation does not prevent a bad actor from attaching the valid origin to a bogus path. That was a motivation for doing path validation. I would think pop-up spammers might be determined enough to go to the effort of doing the attach-valid-to-bogus step. They seem to be determined enough to take steps to thwart any other measure thrown in their path. --Sandy
- [sidr] beacons and bgpsec Danny McPherson
- Re: [sidr] beacons and bgpsec George Michaelson
- Re: [sidr] beacons and bgpsec Danny McPherson
- Re: [sidr] beacons and bgpsec George Michaelson
- Re: [sidr] beacons and bgpsec Danny McPherson
- Re: [sidr] beacons and bgpsec George Michaelson
- Re: [sidr] beacons and bgpsec Randy Bush
- Re: [sidr] beacons and bgpsec Danny McPherson
- Re: [sidr] beacons and bgpsec Paul Hoffman
- Re: [sidr] beacons and bgpsec Danny McPherson
- Re: [sidr] beacons and bgpsec Montgomery, Douglas
- Re: [sidr] beacons and bgpsec Jakob Heitz
- Re: [sidr] beacons and bgpsec Stephen Kent
- Re: [sidr] beacons and bgpsec Stephen Kent
- Re: [sidr] beacons and bgpsec Sandra Murphy
- Re: [sidr] beacons and bgpsec Sandra Murphy
- Re: [sidr] beacons and bgpsec Stephen Kent
- Re: [sidr] beacons and bgpsec Danny McPherson
- Re: [sidr] beacons and bgpsec Jakob Heitz
- Re: [sidr] beacons and bgpsec Sandra Murphy
- Re: [sidr] beacons and bgpsec Jakob Heitz
- Re: [sidr] beacons and bgpsec Geoff Huston
- [sidr] BGPSec scaling (was RE: beacons and bgpsec) George, Wesley
- Re: [sidr] BGPSec scaling (was RE: beacons and bg… Rob Shakir
- Re: [sidr] BGPSec scaling (was RE: beacons and bg… Jakob Heitz
- Re: [sidr] BGPSec scaling (was RE: beacons and bg… Randy Bush
- Re: [sidr] BGPSec scaling (was RE: beacons and bg… Rob Shakir
- Re: [sidr] BGPSec scaling (was RE: beacons and bg… George, Wesley
- Re: [sidr] BGPSec scaling (was RE: beacons and bg… t.petch
- Re: [sidr] BGPSec scaling (was RE: beacons and bg… George, Wesley
- Re: [sidr] BGPSec scaling (was RE: beacons and bg… Smith, Donald
- Re: [sidr] BGPSec scaling (was RE: beacons and bg… Robert Raszuk
- Re: [sidr] BGPSec scaling (was RE: beacons and bg… Sriram, Kotikalapudi
- Re: [sidr] BGPSec scaling (was RE: beacons and bg… Shane Amante
- Re: [sidr] BGPSec scaling (was RE: beacons and bg… t.petch
- Re: [sidr] BGPSec scaling (was RE: beacons and bg… Rob Shakir
- Re: [sidr] BGPSec scaling (was RE: beacons and bg… George, Wesley
- Re: [sidr] BGPSec scaling (was RE: beacons and bg… Jakob Heitz
- Re: [sidr] BGPSec scaling (was RE: beacons and bg… Robert Raszuk
- Re: [sidr] BGPSec scaling (was RE: beacons and bg… Sriram, Kotikalapudi
- Re: [sidr] BGPSec scaling (was RE: beacons and bg… Sriram, Kotikalapudi
- Re: [sidr] BGPSec scaling (was RE: beacons and bg… Randy Bush
- Re: [sidr] BGPSec scaling (was RE: beacons and bg… Russ White
- Re: [sidr] BGPSec scaling (was RE: beacons and bg… Randy Bush
- Re: [sidr] BGPSec scaling (was RE: beacons and bg… Russ White
- Re: [sidr] BGPSec scaling (was RE: beacons and bg… Randy Bush
- Re: [sidr] BGPSec scaling (was RE: beacons and bg… Jakob Heitz
- Re: [sidr] BGPSec scaling (was RE: beacons and bg… Russ White
- Re: [sidr] BGPSec scaling (was RE: beacons and bg… Christopher Morrow
- Re: [sidr] BGPSec scaling (was RE: beacons and bg… Randy Bush
- Re: [sidr] BGPSec scaling (was RE: beacons and bg… Jakob Heitz
- Re: [sidr] BGPSec scaling (was RE: beacons and bg… Randy Bush
- Re: [sidr] BGPSec scaling (was RE: beacons and bg… Sriram, Kotikalapudi
- Re: [sidr] BGPSec scaling (was RE: beacons and bg… Sriram, Kotikalapudi
- Re: [sidr] BGPSec scaling (was RE: beacons and bg… Sriram, Kotikalapudi
- Re: [sidr] BGPSec scaling (was RE: beacons and bg… George, Wesley
- Re: [sidr] BGPSec scaling (was RE: beacons and bg… Randy Bush
- Re: [sidr] BGPSec scaling (was RE: beacons and bg… George, Wesley
- Re: [sidr] BGPSec scaling (was RE: beacons and bg… Jakob Heitz
- Re: [sidr] BGPSec scaling (was RE: beacons and bg… Randy Bush
- Re: [sidr] BGPSec scaling (was RE: beacons and bg… Robert Raszuk
- Re: [sidr] BGPSec scaling (was RE: beacons and bg… George, Wesley
- Re: [sidr] BGPSec scaling (was RE: beacons and bg… Christopher Morrow
- Re: [sidr] BGPSec scaling (was RE: beacons and bg… Rob Shakir