[sidr] Route Leaks and BGP Security

Danny McPherson <danny@tcb.net> Thu, 17 November 2011 04:24 UTC

Return-Path: <danny@tcb.net>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5BBC411E80F5 for <sidr@ietfa.amsl.com>; Wed, 16 Nov 2011 20:24:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g0-jh1WVged1 for <sidr@ietfa.amsl.com>; Wed, 16 Nov 2011 20:24:34 -0800 (PST)
Received: from dog.tcb.net (dog.tcb.net [64.78.150.133]) by ietfa.amsl.com (Postfix) with ESMTP id BB5BE11E80F3 for <sidr@ietf.org>; Wed, 16 Nov 2011 20:24:34 -0800 (PST)
Received: by dog.tcb.net (Postfix, from userid 0) id 8092B268081; Wed, 16 Nov 2011 21:24:24 -0700 (MST)
Received: from dhcp-1267.meeting.ietf.org (dhcp-1267.meeting.ietf.org [130.129.18.103]) (authenticated-user smtp) (TLSv1/SSLv3 AES128-SHA 128/128) by dog.tcb.net with SMTP; for sidr@ietf.org; Wed, 16 Nov 2011 21:24:24 -0700 (MST) (envelope-from danny@tcb.net)
From: Danny McPherson <danny@tcb.net>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Date: Wed, 16 Nov 2011 23:23:28 -0500
References: <20111117040124.18551.47190.idtracker@ietfa.amsl.com>
To: sidr wg list <sidr@ietf.org>
Message-Id: <0863194F-7564-40A9-BB73-ABF8BB97C3AB@tcb.net>
Mime-Version: 1.0 (Apple Message framework v1084)
X-Mailer: Apple Mail (2.1084)
Subject: [sidr] Route Leaks and BGP Security
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Nov 2011 04:24:35 -0000

	
Team, 
I've updated this draft based on some feedback received already.  Given 
the discussion at the WG session, and the list discussion as of late, I'd like 
to ask that it become a WG item and used to inform the BGP Threat Model 
document -- particularly with regards to what's an acceptable residual risk and 
what is not.  Once that's comprehensive it can be used to inform secure routing 
requirements documents in the working group, and then we can begin assessing 
the feasibility of reducing various risks.

<http://tools.ietf.org/html/draft-foo-sidr-simple-leak-attack-bgpsec-no-help-01>

Thanks!

-danny


Begin forwarded message:

> From: internet-drafts@ietf.org
> Date: November 16, 2011 11:01:24 PM EST
> To: i-d-announce@ietf.org
> Subject: I-D Action: draft-foo-sidr-simple-leak-attack-bgpsec-no-help-01.txt
> Reply-To: internet-drafts@ietf.org
> 
> 
> A New Internet-Draft is available from the on-line Internet-Drafts directories.
> 
> 	Title           : Route Leak Attacks Against BGPSEC
> 	Author(s)       : Danny McPherson
>                          Shane Amante
> 	Filename        : draft-foo-sidr-simple-leak-attack-bgpsec-no-help-01.txt
> 	Pages           : 5
> 	Date            : 2011-11-16
> 
>   This document describes a very simple attack vector that illustrates
>   how RPKI-enabled BGPSEC machinery as currently defined can be easily
>   circumvented in order to launch a Man In The Middle (MITM) attack via
>   BGP.  It is meant to serve as input to the IETF's Secure Inter-Domain
>   Routing working group during routing security requirements
>   discussions and subsequent specification.
> 
> 
> A URL for this Internet-Draft is:
> http://www.ietf.org/internet-drafts/draft-foo-sidr-simple-leak-attack-bgpsec-no-help-01.txt
> 
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
> 
> This Internet-Draft can be retrieved at:
> ftp://ftp.ietf.org/internet-drafts/draft-foo-sidr-simple-leak-attack-bgpsec-no-help-01.txt
> 
> _______________________________________________
> I-D-Announce mailing list
> I-D-Announce@ietf.org
> https://www.ietf.org/mailman/listinfo/i-d-announce
> Internet-Draft directories: http://www.ietf.org/shadow.html
> or ftp://ftp.ietf.org/ietf/1shadow-sites.txt