IETF Logo Mail Archive

Re: [sidr] New version : draft-ietf-sidr-bgpsec-protocol-10

Warren Kumari <warren@kumari.net> Mon, 17 November 2014 22:21 UTC

Return-Path: <warren@kumari.net>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C06031ACD1B for <sidr@ietfa.amsl.com>; Mon, 17 Nov 2014 14:21:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.978
X-Spam-Level:
X-Spam-Status: No, score=-1.978 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yZrsrmY3ERxv for <sidr@ietfa.amsl.com>; Mon, 17 Nov 2014 14:21:08 -0800 (PST)
Received: from mail-wi0-f181.google.com (mail-wi0-f181.google.com [209.85.212.181]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8A1A71ACD95 for <sidr@ietf.org>; Mon, 17 Nov 2014 14:21:08 -0800 (PST)
Received: by mail-wi0-f181.google.com with SMTP id r20so4323297wiv.2 for <sidr@ietf.org>; Mon, 17 Nov 2014 14:21:07 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=g+qSDZBQO2gqVw5vuV+YGwvZN6Zq5O8Pk26VLcHviaY=; b=MCSD8cCyxjYxCIQEkWMIl8z5/mY55MxzCM5oRX5BH3Vs8839PfWoWcRHEAuXO1uMsZ wVTMJDXz2SF1TKJf5MfsYrSMP3DHSVs9r1B89jV8yc8qhesAaHP6+ptAETAdMF+3flRa lbn0OABk4pRDmqCN0bpomH5uWHXoAchxoKnZgzblL9OUjrsCRhpLoL/FAQABBKBAJyzJ ynPZ66xKEbJN0djknHuypjg/JfO3VR3bJgdVhCe4jDbw5mm/HAFd2ajanzT6tS1SvHPE Xnp0UQCAAz4CoX88uq4k3mftnKXqUuv6H1wEgj/L3nAIISDIp5eFVI7oFyV84QcoX/j1 mJZw==
X-Gm-Message-State: ALoCoQmPgqw658Wd9r09uhZlt8tAXJC3oycAO//51yIkQTTITszPXv9PhUFAvaGFMGXJRSpuqlV8
MIME-Version: 1.0
X-Received: by 10.194.93.168 with SMTP id cv8mr14749494wjb.114.1416262867301; Mon, 17 Nov 2014 14:21:07 -0800 (PST)
Received: by 10.194.64.37 with HTTP; Mon, 17 Nov 2014 14:21:07 -0800 (PST)
In-Reply-To: <m2a93qjtoq.wl%randy@psg.com>
References: <CANTg3aDtmrF3yBpnHchBa4d8h0xiybZmCg-_6jZci1cVLBsk9w@mail.gmail.com> <D08BD518.36828%wesley.george@twcable.com> <m2a93qjtoq.wl%randy@psg.com>
Date: Mon, 17 Nov 2014 12:21:07 -1000
Message-ID: <CAHw9_iJF_brgGr8FkhTs25tzbb3O_e2Qy3WnK7fg+YPOQJbU-g@mail.gmail.com>
From: Warren Kumari <warren@kumari.net>
To: Randy Bush <randy@psg.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/sidr/TFWY38YhmE2uLKhDMKaOE_EcLDs
Cc: sidr wg list <sidr@ietf.org>
Subject: Re: [sidr] New version : draft-ietf-sidr-bgpsec-protocol-10
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Nov 2014 22:21:19 -0000

On Sun, Nov 16, 2014 at 7:13 PM, Randy Bush <randy@psg.com> wrote:
>> Per discussion during IDR/SIDR meeting Friday, there may need to be
>> some text in the security considerations around the attack vector of
>> sending many updates with long (but valid) AS_Paths
>
> could you please describe how an attacker can send many long bgpsec
> paths?  how are these long paths signed?
>

I'm not Wes, but I could imagine an attacker who has 2 ASNs making a
path that looks like:

192.0.2.0/24   174 3561 17 42 17 42 17 42 .... 17 42 17 42 701

Seems like it would be a lot of work for very little fun, but that's
what I'd understood the question to be.

W


> randy
>
> _______________________________________________
> sidr mailing list
> sidr@ietf.org
> https://www.ietf.org/mailman/listinfo/sidr



-- 
I don't think the execution is relevant when it was obviously a bad
idea in the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair
of pants.
   ---maf

v2.23.0 | Report a Bug | By Email