Re: [sidr] Route Leaks and BGP Security

To make the route leak problem tractable, we need a definition.
Here is my attempt:

If a destination AS, D originates a route and announces it
to provider P1, and P1 agrees to provide connectivity to
D, then D trusts P1 to do the right thing with the route.
If P1 has further contracted provider P2 to provide it
with connectivity, then it trusts P2 to do the right thing
with the routes it originates. By extension, D also trusts
P2. This chain may continue. It may also branch. The result
is a set of ASs that D trusts to do the right thing with
the routes it originates.

A source AS, S similarly has a set of ASs it trusts to
do the right thing with its routes.

When S sends a packet to D, that packet should traverse
only ASs that S trusts OR that D trusts. If the packet
traverses an AS that NEITHER S NOR D trusts, then a route
leak has occurred.

When a route announcement leaves the set of ASs trusted
by its originator, Brian's "transit" bit turns off.

--
Jakob Heitz.

> -----Original Message-----
> From: sidr-bounces@ietf.org [mailto:sidr-bounces@ietf.org] On Behalf
> Of Danny McPherson
> Sent: Wednesday, November 16, 2011 8:23 PM
> To: sidr wg list
> Subject: [sidr] Route Leaks and BGP Security
> 
> 
> Team,
> I've updated this draft based on some feedback received already.
> Given the discussion at the WG session, and the list discussion as
> of late, I'd like to ask that it become a WG item and used to inform
> the BGP Threat Model document -- particularly with regards to what's
> an acceptable residual risk and what is not.  Once that's
> comprehensive it can be used to inform secure routing requirements
> documents in the working group, and then we can begin assessing the
> feasibility of reducing various risks.
> 
> <http://tools.ietf.org/html/draft-foo-sidr-simple-leak-attack-
> bgpsec-no-help-01>
> 
> Thanks!
> 
> -danny
> 
> 
> Begin forwarded message:
> 
> > From: internet-drafts@ietf.org
> > Date: November 16, 2011 11:01:24 PM EST
> > To: i-d-announce@ietf.org
> > Subject: I-D Action:
> > draft-foo-sidr-simple-leak-attack-bgpsec-no-help-01.txt
> > Reply-To: internet-drafts@ietf.org
> >
> >
> > A New Internet-Draft is available from the on-line Internet-Drafts
> directories.
> >
> > 	Title           : Route Leak Attacks Against BGPSEC
> > 	Author(s)       : Danny McPherson
> >                          Shane Amante
> > 	Filename        : draft-foo-sidr-simple-leak-attack-bgpsec-
> no-help-01.txt
> > 	Pages           : 5
> > 	Date            : 2011-11-16
> >
> >   This document describes a very simple attack vector that
> illustrates
> >   how RPKI-enabled BGPSEC machinery as currently defined can be
> easily
> >   circumvented in order to launch a Man In The Middle (MITM)
> attack via
> >   BGP.  It is meant to serve as input to the IETF's Secure Inter-
> Domain
> >   Routing working group during routing security requirements
> >   discussions and subsequent specification.
> >
> >
> > A URL for this Internet-Draft is:
> > http://www.ietf.org/internet-drafts/draft-foo-sidr-simple-leak-
> attack-
> > bgpsec-no-help-01.txt
> >
> > Internet-Drafts are also available by anonymous FTP at:
> > ftp://ftp.ietf.org/internet-drafts/
> >
> > This Internet-Draft can be retrieved at:
> > ftp://ftp.ietf.org/internet-drafts/draft-foo-sidr-simple-leak-
> attack-b
> > gpsec-no-help-01.txt
> >
> > _______________________________________________
> > I-D-Announce mailing list
> > I-D-Announce@ietf.org
> > https://www.ietf.org/mailman/listinfo/i-d-announce
> > Internet-Draft directories: http://www.ietf.org/shadow.html or
> > ftp://ftp.ietf.org/ietf/1shadow-sites.txt
> 
> _______________________________________________
> sidr mailing list
> sidr@ietf.org
> https://www.ietf.org/mailman/listinfo/sidr