Re: [sidr] BGPSEC Threat Model ID
Danny McPherson <danny@tcb.net> Thu, 03 November 2011 21:09 UTC
Return-Path: <danny@tcb.net>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 806171F0CB6 for <sidr@ietfa.amsl.com>; Thu, 3 Nov 2011 14:09:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.35
X-Spam-Level:
X-Spam-Status: No, score=-102.35 tagged_above=-999 required=5 tests=[AWL=0.248, BAYES_00=-2.599, HTML_MESSAGE=0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QnFqy2TtPJZq for <sidr@ietfa.amsl.com>; Thu, 3 Nov 2011 14:09:02 -0700 (PDT)
Received: from dog.tcb.net (dog.tcb.net [64.78.150.133]) by ietfa.amsl.com (Postfix) with ESMTP id B8FD21F0C76 for <sidr@ietf.org>; Thu, 3 Nov 2011 14:09:01 -0700 (PDT)
Received: by dog.tcb.net (Postfix, from userid 0) id 62013268063; Thu, 3 Nov 2011 15:09:01 -0600 (MDT)
Received: from dul1dmcphers-m1.home (pool-98-118-240-226.clppva.fios.verizon.net [98.118.240.226]) (authenticated-user smtp) (TLSv1/SSLv3 AES128-SHA 128/128) by dog.tcb.net with SMTP; Thu, 03 Nov 2011 15:09:01 -0600 (MDT) (envelope-from danny@tcb.net)
X-Avenger: version=0.7.8; receiver=dog.tcb.net; client-ip=98.118.240.226; client-port=59841; syn-fingerprint=65535:48:1:64:M1460,N,W3,N,N,T,S MacOS 10.4.8; data-bytes=0
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: multipart/alternative; boundary="Apple-Mail-5-597364855"
From: Danny McPherson <danny@tcb.net>
In-Reply-To: <p06240808cad85ff73d61@[193.0.26.186]>
Date: Thu, 03 Nov 2011 17:07:44 -0400
Message-Id: <A0FBE635-F25B-4EA0-B42E-A31246389C5D@tcb.net>
References: <E96517DD-BAC7-4DD8-B345-562F71788C6A@tcb.net> <p06240807cad42f85eb7d@[193.0.26.186]> <32744.216.168.239.87.1320175657.squirrel@webmail.tcb.net> <p06240801cad6ab773279@[193.0.26.186]> <D9A38669-883D-4090-9F95-BC5C63220950@tcb.net> <p06240801cad800485596@[193.0.26.186]> <EEBF68E0-FAD9-4AF3-B81B-78760D200D9B@tcb.net> <p06240808cad85ff73d61@[193.0.26.186]>
To: Stephen Kent <kent@bbn.com>
X-Mailer: Apple Mail (2.1084)
Cc: sidr wg list <sidr@ietf.org>
Subject: Re: [sidr] BGPSEC Threat Model ID
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Nov 2011 21:09:02 -0000
On Nov 3, 2011, at 11:43 AM, Stephen Kent wrote: > Can you point me to reports on those incidents. I have not heard about them. I could cite others, but this should serve the purpose: <http://www.nytimes.com/2011/01/29/technology/internet/29cutoff.html> Consider this and assume operators had infrastructure (e.g., root & TLD servers) that was serving signed zones that couldn't be updated and expired while partitioned from the rest of the Internet. The result is that validating recursive name servers within that catchment couldn't validate the received responses, and they were therefore not valid and not able to resolve resources. Designing a system so reliant on heavy cryptography machinery, but then saying "just use expired certificates if you can't update your caches", that's crazy talk that would likely violate most of our day job security policies for even SSL or VPN access policies -- and here we want to apply it to a newly enhanced routing protocol and resource certification infrastructure --- I challenge that assumption. And on further reflection, I think recommending that expired certificates be used (even in algorithm rollovers, presumably for the purpose of fixing cryptographic vulnerabilities) may well NOT be aligned with our two primary charter objectives: * Is an Autonomous System (AS) authorized to originate an IP prefix * Is the AS-Path represented in the route the same as the path through which the NLRI traveled I intend to ask the security ADs for a statement on suitably of use for expired certificates, and would appreciate such an explanation from the SIDR technical advisor as well as the chairs at the upcoming meeting. -danny
- [sidr] BGPSEC Threat Model ID Danny McPherson
- Re: [sidr] BGPSEC Threat Model ID Stephen Kent
- Re: [sidr] BGPSEC Threat Model ID Danny McPherson
- Re: [sidr] BGPSEC Threat Model ID Stephen Kent
- Re: [sidr] BGPSEC Threat Model ID Brian Dickson
- Re: [sidr] BGPSEC Threat Model ID Russ White
- Re: [sidr] BGPSEC Threat Model ID Stephen Kent
- Re: [sidr] BGPSEC Threat Model ID Brian Dickson
- Re: [sidr] BGPSEC Threat Model ID Russ White
- Re: [sidr] BGPSEC Threat Model ID Randy Bush
- Re: [sidr] BGPSEC Threat Model ID Brian Dickson
- Re: [sidr] BGPSEC Threat Model ID Russ White
- Re: [sidr] BGPSEC Threat Model ID Danny McPherson
- Re: [sidr] BGPSEC Threat Model ID Danny McPherson
- Re: [sidr] BGPSEC Threat Model ID Stephen Kent
- Re: [sidr] BGPSEC Threat Model ID Russ White
- Re: [sidr] BGPSEC Threat Model ID Danny McPherson
- Re: [sidr] BGPSEC Threat Model ID Stephen Kent
- Re: [sidr] BGPSEC Threat Model ID Paul Hoffman
- Re: [sidr] BGPSEC Threat Model ID George, Wes
- Re: [sidr] BGPSEC Threat Model ID Shane Amante
- Re: [sidr] BGPSEC Threat Model ID Randy Bush
- Re: [sidr] BGPSEC Threat Model ID Eric Osterweil
- Re: [sidr] BGPSEC Threat Model ID George, Wes
- Re: [sidr] BGPSEC Threat Model ID Danny McPherson
- Re: [sidr] BGPSEC Threat Model ID Jen Linkova
- Re: [sidr] BGPSEC Threat Model ID Christopher Morrow
- Re: [sidr] BGPSEC Threat Model ID Brian Dickson
- Re: [sidr] BGPSEC Threat Model ID Randy Bush
- Re: [sidr] BGPSEC Threat Model ID Randy Bush
- Re: [sidr] BGPSEC Threat Model ID Sriram, Kotikalapudi
- Re: [sidr] BGPSEC Threat Model ID Eric Osterweil
- Re: [sidr] BGPSEC Threat Model ID Brian Dickson
- Re: [sidr] BGPSEC Threat Model ID Christopher Morrow
- Re: [sidr] BGPSEC Threat Model ID Christopher Morrow
- Re: [sidr] BGPSEC Threat Model ID Jakob Heitz
- Re: [sidr] BGPSEC Threat Model ID Christopher Morrow
- Re: [sidr] BGPSEC Threat Model ID Brian Dickson
- Re: [sidr] BGPSEC Threat Model ID Randy Bush
- Re: [sidr] BGPSEC Threat Model ID Randy Bush
- Re: [sidr] BGPSEC Threat Model ID Eric Osterweil
- Re: [sidr] BGPSEC Threat Model ID Randy Bush
- Re: [sidr] BGPSEC Threat Model ID Christopher Morrow
- Re: [sidr] BGPSEC Threat Model ID Christopher Morrow
- Re: [sidr] BGPSEC Threat Model ID Danny McPherson
- Re: [sidr] BGPSEC Threat Model ID Shane Amante
- Re: [sidr] BGPSEC Threat Model ID Christopher Morrow
- Re: [sidr] BGPSEC Threat Model ID Shane Amante
- Re: [sidr] BGPSEC Threat Model ID Christopher Morrow
- Re: [sidr] BGPSEC Threat Model ID Geoff Huston
- Re: [sidr] BGPSEC Threat Model ID Jakob Heitz
- Re: [sidr] BGPSEC Threat Model ID Brian Dickson
- Re: [sidr] BGPSEC Threat Model ID Russ White
- Re: [sidr] BGPSEC Threat Model ID Russ White
- Re: [sidr] BGPSEC Threat Model ID Russ White
- Re: [sidr] BGPSEC Threat Model ID Brian Dickson
- Re: [sidr] BGPSEC Threat Model ID Brian Dickson
- Re: [sidr] BGPSEC Threat Model ID Stephen Kent
- Re: [sidr] BGPSEC Threat Model ID Geoff Huston
- Re: [sidr] BGPSEC Threat Model ID Stephen Kent
- Re: [sidr] BGPSEC Threat Model ID Danny McPherson