Re: [sidr] Route Leaks and BGP Security

Russ White <> Mon, 21 November 2011 16:57 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 180811F0C58 for <>; Mon, 21 Nov 2011 08:57:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.563
X-Spam-Status: No, score=-2.563 tagged_above=-999 required=5 tests=[AWL=0.036, BAYES_00=-2.599]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id ohg8ILZgBEtR for <>; Mon, 21 Nov 2011 08:57:50 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 920FA21F8888 for <>; Mon, 21 Nov 2011 08:57:50 -0800 (PST)
Received: from ([]:64717 helo=[]) by with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.69) (envelope-from <>) id 1RSXBl-0005lt-Bw; Mon, 21 Nov 2011 11:57:49 -0500
Message-ID: <>
Date: Mon, 21 Nov 2011 11:57:42 -0500
From: Russ White <>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/20111105 Thunderbird/8.0
MIME-Version: 1.0
To: Randy Bush <>
References: <> <> <> <> <> <>
In-Reply-To: <>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname -
X-AntiAbuse: Original Domain -
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain -
Subject: Re: [sidr] Route Leaks and BGP Security
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 21 Nov 2011 16:57:51 -0000

>   o a significant portion of the internet's isps will not publish
>     peering and customer business relationships,

You can't secure what you don't tell anyone about. Security is about
allowing others to compare the current state against what the state
should be. What you're asking for is to ask someone else to take some
specific action for you without telling them what that action should be.
An impossibility.

>   o ASs are not homogenous, A gives B local peering and international
>     transit in frankfurt, but B may have no relationship with A in
>     new york, or B may be A's customer in new york, and you will never
>     know (and you do not want to see how this is done if you are
>     anywhere near a meal)

These can be accounted for in some of the systems that have been
proposed in the past, or are now available.

>   o this is just a repeat of the non-sense which wasted years of time
>     of the last ietf attempt in this area,

Which is a worse waste of time --designing a solution first, then
fitting the requirements around it, or figuring out what the problem is,
then thinking through possible solutions?