Re: [Sidr] [OPSEC] pccw as17557 leak...

Curtis Villamizar <curtis@occnc.com> Thu, 06 March 2008 05:34 UTC

Return-Path: <sidr-bounces@ietf.org>
X-Original-To: ietfarch-sidr-archive@core3.amsl.com
Delivered-To: ietfarch-sidr-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B330628C4D9; Wed, 5 Mar 2008 21:34:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -100.413
X-Spam-Level:
X-Spam-Status: No, score=-100.413 tagged_above=-999 required=5 tests=[AWL=0.024, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_ORG=0.611, RDNS_NONE=0.1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O1BdLMnbz0gx; Wed, 5 Mar 2008 21:34:30 -0800 (PST)
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D6C823A6CEF; Wed, 5 Mar 2008 21:34:30 -0800 (PST)
X-Original-To: sidr@core3.amsl.com
Delivered-To: sidr@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B62383A6BB4; Wed, 5 Mar 2008 21:34:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 57RykufjhaGh; Wed, 5 Mar 2008 21:34:29 -0800 (PST)
Received: from harbor.brookfield.occnc.com (unknown [69.37.59.172]) by core3.amsl.com (Postfix) with ESMTP id 7C19828C498; Wed, 5 Mar 2008 21:33:41 -0800 (PST)
Received: from harbor.brookfield.occnc.com (harbor.brookfield.occnc.com [69.37.59.172]) by harbor.brookfield.occnc.com (8.13.6/8.13.6) with ESMTP id m265Y4To002722; Thu, 6 Mar 2008 00:34:04 -0500 (EST) (envelope-from curtis@harbor.brookfield.occnc.com)
Message-Id: <200803060534.m265Y4To002722@harbor.brookfield.occnc.com>
To: Sandra Murphy <sandy@sparta.com>
From: Curtis Villamizar <curtis@occnc.com>
In-reply-to: Your message of "Tue, 04 Mar 2008 11:34:18 EST." <Pine.WNT.4.64.0803041119370.4228@SANDYM-LT.columbia.ads.sparta.com>
Date: Thu, 06 Mar 2008 00:34:04 -0500
Cc: opsec wg mailing list <opsec@ietf.org>, sidr@ietf.org
Subject: Re: [Sidr] [OPSEC] pccw as17557 leak...
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: curtis@occnc.com
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: sidr-bounces@ietf.org
Errors-To: sidr-bounces@ietf.org

In message <Pine.WNT.4.64.0803041119370.4228@SANDYM-LT.columbia.ads.sparta.com>
Sandra Murphy writes:
>  
> [---8<---snip---]
>  
> > The
> > idea is can we get a similar security with the current infrastructure,
> > by doing minor improvements. There is a certain cost involved with the
> > SIDR infrastructure.
>  
> No, we cannot get similar security with current infrastructure, even with 
> MAJOR improvements to the security of the current infrastructure.  The 
> structure of the current infrastructure does not permit similar security 
> to what the RPKI provides.
>  
> Unless, of course, you want to add all RPKI features to the IRR model, so 
> that the IRR becomes the same as the RPKI.  Of course, you adopt the cost 
> as well.
>  
> --Sandy


Sandy,

Would you please enumerate those things that the IRR model does not
support after reading RFC2725 and RFC2769.

Note that RFC2769 has not been implemented but would provide the
missing functionality (ability to authenticate information held in
other registries).  It also provides efficient replication of
databases so anyone can have a local copy of any database of interest
to improve query time.

I am not advocating going in that direction, simply pointing out that
SIDR to a large extent reinvents the wheel.  If anything I think SIDR
not implementing the full RPSL semantics is deficient.

Curtis
_______________________________________________
Sidr mailing list
Sidr@ietf.org
https://www.ietf.org/mailman/listinfo/sidr