IETF Logo Mail Archive

Re: [sidr] BGPSEC Threat Model ID

Randy Bush <randy@psg.com> Fri, 04 November 2011 08:11 UTC

Return-Path: <randy@psg.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 58FC321F8BF4 for <sidr@ietfa.amsl.com>; Fri, 4 Nov 2011 01:11:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.592
X-Spam-Level:
X-Spam-Status: No, score=-2.592 tagged_above=-999 required=5 tests=[AWL=0.007, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dDtHUyZa1Jzw for <sidr@ietfa.amsl.com>; Fri, 4 Nov 2011 01:11:14 -0700 (PDT)
Received: from ran.psg.com (ran.psg.com [IPv6:2001:418:1::36]) by ietfa.amsl.com (Postfix) with ESMTP id EA20621F8AEC for <sidr@ietf.org>; Fri, 4 Nov 2011 01:11:13 -0700 (PDT)
Received: from localhost ([127.0.0.1] helo=rair.psg.com.psg.com) by ran.psg.com with esmtp (Exim 4.76 (FreeBSD)) (envelope-from <randy@psg.com>) id 1RMErp-000Iv2-Gg; Fri, 04 Nov 2011 08:11:13 +0000
Date: Fri, 04 Nov 2011 09:11:11 +0100
Message-ID: <m2aa8c489s.wl%randy@psg.com>
From: Randy Bush <randy@psg.com>
To: Jen Linkova <furry13@gmail.com>
In-Reply-To: <CAFU7BATC-6DUDNuadakwSa5wj0ryy0=49=XveBXD5Wv=5JL-ag@mail.gmail.com>
References: <E96517DD-BAC7-4DD8-B345-562F71788C6A@tcb.net> <p06240807cad42f85eb7d@193.0.26.186> <32744.216.168.239.87.1320175657.squirrel@webmail.tcb.net> <p06240801cad6ab773279@193.0.26.186> <D9A38669-883D-4090-9F95-BC5C63220950@tcb.net> <p06240801cad800485596@193.0.26.186> <EEBF68E0-FAD9-4AF3-B81B-78760D200D9B@tcb.net> <p06240808cad85ff73d61@193.0.26.186> <080F8FFF-D2C7-4414-B53A-233F88D2009F@vpnc.org> <CAFU7BATC-6DUDNuadakwSa5wj0ryy0=49=XveBXD5Wv=5JL-ag@mail.gmail.com>
User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/22.3 Mule/5.0 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka")
Content-Type: text/plain; charset="US-ASCII"
Cc: sidr wg list <sidr@ietf.org>
Subject: Re: [sidr] BGPSEC Threat Model ID
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Nov 2011 08:11:14 -0000

> 5) I totally agree that route leaks don't violate BGP as a protocol
> and are related to policies. But it doesn't mean route leaks are not
> security threats. Receiving spam/viruses via email is a threat
> although it doesn't violate any SMTP standards.
> 
> 6) route leaking is related to a BGP threat model and isn't specific
> to BGPSEC, and BGPSEC doesn't provide any protection from that threat.
> So I'd like to second the idea of clarifying that in the document.

could someone post a clear technical explanation of WHAT a route leak
is, HOW one would definitively detect all cases of them, and WHAT one
would do about it?

you are correct, BGPsec tries to secure the BGP protocol against abuse,
not protect the internet.  the latter is a very worthy goal but a bit
nebulous.  of course an internet draft or two might clarify that.

randy

v2.23.0 | Report a Bug | By Email