Re: [Sidr] [OPSEC] pccw as17557 leak...

"Vishwas Manral" <vishwas.ietf@gmail.com> Sun, 02 March 2008 16:40 UTC

Return-Path: <sidr-bounces@ietf.org>
X-Original-To: ietfarch-sidr-archive@core3.amsl.com
Delivered-To: ietfarch-sidr-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DD9183A68BB; Sun, 2 Mar 2008 08:40:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.59
X-Spam-Level:
X-Spam-Status: No, score=-0.59 tagged_above=-999 required=5 tests=[AWL=-0.153, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_ORG=0.611, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6SonhE+RLzqx; Sun, 2 Mar 2008 08:40:44 -0800 (PST)
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B32123A69B3; Sun, 2 Mar 2008 08:40:33 -0800 (PST)
X-Original-To: sidr@core3.amsl.com
Delivered-To: sidr@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 69A1B3A6A6D for <sidr@core3.amsl.com>; Sun, 2 Mar 2008 08:40:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SLhszQqGA+9C for <sidr@core3.amsl.com>; Sun, 2 Mar 2008 08:40:28 -0800 (PST)
Received: from wf-out-1314.google.com (wf-out-1314.google.com [209.85.200.173]) by core3.amsl.com (Postfix) with ESMTP id C52B23A6D81 for <sidr@ietf.org>; Sun, 2 Mar 2008 08:37:49 -0800 (PST)
Received: by wf-out-1314.google.com with SMTP id 25so5983905wfa.31 for <sidr@ietf.org>; Sun, 02 Mar 2008 08:37:41 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=XyfwY+Thq8ZXAL6cFFyY772AVKh+sGTX2d3YYUBLUoA=; b=Oh+5MXjp5zWR5kw1Y7O77O2MG+2occOyw/oEQP3AWPjEPBV2dtnRJ3IxeCL2tCxix7luBJbVnt/yctiD0y8A/On4mwYa0AsPkUy3G634vPsmsASP6QOsQzyQlTCyir/m2hF42sjrT08I1eFeJaKVgf7WQKcilcwsLuEmzy3JtfA=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=AQwNCxinfIWAU0GPpTXCq96nSLGA3WWhvEsdgvz5l4hi8rgwzgWuVlaJNrsdgJNKUscsv20oPcSqRJ5GfN73xPilzyfmVUXfKJ1SQ+NFJNI9sBI1omuoc5J5SkvAMH7s0iCmKF96HeOU7ANzCoqxmixcZO/AVXEpdBqSGW2Q/GM=
Received: by 10.142.89.9 with SMTP id m9mr8404181wfb.116.1204475861520; Sun, 02 Mar 2008 08:37:41 -0800 (PST)
Received: by 10.143.164.14 with HTTP; Sun, 2 Mar 2008 08:37:41 -0800 (PST)
Message-ID: <77ead0ec0803020837s16bccee8ledbc9ae1bb60e117@mail.gmail.com>
Date: Sun, 02 Mar 2008 08:37:41 -0800
From: Vishwas Manral <vishwas.ietf@gmail.com>
To: Sandra Murphy <sandy@sparta.com>
In-Reply-To: <Pine.WNT.4.64.0802281604190.2416@SANDYM-LT.columbia.ads.sparta.com>
MIME-Version: 1.0
Content-Disposition: inline
References: <47C4E38E.1070105@bogus.com> <77ead0ec0802272031j6d958279tf3028c4096093020@mail.gmail.com> <p0624050cc3ebfc54fb15@169.223.13.71> <77ead0ec0802280649k66671fc9s9fc24314963c68a0@mail.gmail.com> <Pine.WNT.4.64.0802281109260.2416@SANDYM-LT.columbia.ads.sparta.com> <77ead0ec0802280956s3dcff81cx25fd152ea1c798fb@mail.gmail.com> <Pine.WNT.4.64.0802281259530.2416@SANDYM-LT.columbia.ads.sparta.com> <77ead0ec0802281056y2862d71dt8b753f5f3f3b0df9@mail.gmail.com> <77ead0ec0802281102o3e2efedl479ff6351dca0f63@mail.gmail.com> <Pine.WNT.4.64.0802281604190.2416@SANDYM-LT.columbia.ads.sparta.com>
Cc: Roland Dobbins <rdobbins@cisco.com>, opsec wg mailing list <opsec@ietf.org>, sidr@ietf.org
Subject: Re: [Sidr] [OPSEC] pccw as17557 leak...
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: sidr-bounces@ietf.org
Errors-To: sidr-bounces@ietf.org

Hi Sandra,

I also noted the services of RIPE are currently accessible through
http and not https. That is an issue too.

I have notified RIPE about the same.

Thanks,
Vishwas

On Thu, Feb 28, 2008 at 1:12 PM, Sandra Murphy <sandy@sparta.com> wrote:
>
>
>  On Thu, 28 Feb 2008, Vishwas Manral wrote:
>
>  > Hi Sandra,
>  >
>
> > To further clarify,
>  >>  The only point I want to add to the discussion is because we have to
>  >>  verify the Origin only in the first hop peer, we do not need a global
>  >>  database (as I mentioned we are not saving against malicious attacks
>  >>  in any case).
>  > This would mean for someone who gets the information from RIPE does
>  > not need to necessarily use the mechanism the way it currently stands.
>  >
>
>
>  As long as:
>
>  (a) you were interested in protecting only those prefixes that are managed
>  by RIPE - data in RIPE about other prefixes doesn't fall under the
>  protection of their security model, and the RIPE database does not
>  contain all prefixes,
>
>  and
>
>  (b) you were comfortable with the trust model of RIPE (they authenticate
>  the upload of the data with varying strength of authentication and you
>  must get the data, whose aussurance you can not yourself verify, from them
>  and only them with a protected transport they support).
>
>  As an additional wrinkle, I believe that RIPE does allocate prefixes to
>  LIRs.  I do not know if the LIRs are required to maintain the RIPE
>  security model in their allocations.
>
>  --Sandy
>
_______________________________________________
Sidr mailing list
Sidr@ietf.org
https://www.ietf.org/mailman/listinfo/sidr