Re: [sidr] Burstiness of BGP updates

Russ White <> Wed, 16 November 2011 03:52 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id E242D11E817B for <>; Tue, 15 Nov 2011 19:52:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.58
X-Spam-Status: No, score=-2.58 tagged_above=-999 required=5 tests=[AWL=0.019, BAYES_00=-2.599]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id P2yOKt5G71L5 for <>; Tue, 15 Nov 2011 19:52:41 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 5825911E8172 for <>; Tue, 15 Nov 2011 19:52:41 -0800 (PST)
Received: from [] (port=50371) by with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.69) (envelope-from <>) id 1RQWY9-0000Wu-EL; Tue, 15 Nov 2011 22:52:37 -0500
Message-ID: <>
Date: Tue, 15 Nov 2011 22:52:29 -0500
From: Russ White <>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/20111105 Thunderbird/8.0
MIME-Version: 1.0
To: Jakob Heitz <>
References: <> <> <> <> <> <> <> <> <> <> <> <> <> <>
In-Reply-To: <>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname -
X-AntiAbuse: Original Domain -
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain -
Cc: "" <>
Subject: Re: [sidr] Burstiness of BGP updates
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 16 Nov 2011 03:52:42 -0000

> We are doing it to protect reachability.


>> When you're protecting reachability, what are you protecting?
>> Whether or not someone can reach something. I assume that the
>> "something" you're trying to protect reachability to would/must
>> include things where you enter your password.
>> Hence, I look at this entire problem a little differently than
>> simply trying to enforce a small subset of policies, or as a
>> theoretical exercise... If we can't prevent real world consequences
>> with this work, then --why are we doing it?

> We are not protecting your password in clear text on the internet.

I would challenge you to find any statement of mine where I said this
work is about "protecting your password in clear text on the internet."

"The Internet" is not an abstract collection of "things." It is a set of
reachable destinations. People go to those destinations to transact
business. If people reach the wrong destination, they transact business
with the wrong party. If a "security system," can't protect me from
reaching the wrong destination on a system designed to get me to the
right destination, then the security system is, generally speaking, useless.

I do wish I didn't have to have users connected to the networks I design
and work on --it would really make my life much simpler. But then again,
no users, no network, right? I think we sometimes get so lost in the
theory that we forget what networks are actually _for_.



> --
> Jakob Heitz. x25475. 510-566-2901