Re: [sidr] Burstiness of BGP updates (was: WGLC: draft-ietf-sidr-bgpsec-reqs)

Jakob Heitz <jakob.heitz@ericsson.com> Wed, 16 November 2011 02:50 UTC

Return-Path: <jakob.heitz@ericsson.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DC79C11E8164 for <sidr@ietfa.amsl.com>; Tue, 15 Nov 2011 18:50:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.22
X-Spam-Level:
X-Spam-Status: No, score=-6.22 tagged_above=-999 required=5 tests=[AWL=0.152, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, SARE_SUB_OBFU_Q1=0.227]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IZHfhfhgKg78 for <sidr@ietfa.amsl.com>; Tue, 15 Nov 2011 18:50:11 -0800 (PST)
Received: from imr4.ericy.com (imr4.ericy.com [198.24.6.9]) by ietfa.amsl.com (Postfix) with ESMTP id 2AA2111E8151 for <sidr@ietf.org>; Tue, 15 Nov 2011 18:50:11 -0800 (PST)
Received: from eusaamw0712.eamcs.ericsson.se ([147.117.20.181]) by imr4.ericy.com (8.14.3/8.14.3/Debian-9.1ubuntu1) with ESMTP id pAG2o8MG021398; Tue, 15 Nov 2011 20:50:10 -0600
Received: from EUSAACMS0701.eamcs.ericsson.se ([169.254.1.111]) by eusaamw0712.eamcs.ericsson.se ([147.117.20.181]) with mapi; Tue, 15 Nov 2011 21:50:07 -0500
From: Jakob Heitz <jakob.heitz@ericsson.com>
To: Russ White <russw@riw.us>, "sidr@ietf.org" <sidr@ietf.org>
Date: Tue, 15 Nov 2011 21:50:04 -0500
Thread-Topic: [sidr] Burstiness of BGP updates (was: WGLC: draft-ietf-sidr-bgpsec-reqs)
Thread-Index: Acyj/3kh5VnJ46rLRJu60THnXRpdZwACSK4Q
Message-ID: <7309FCBCAE981B43ABBE69B31C8D21391A45A2061F@EUSAACMS0701.eamcs.ericsson.se>
References: <D7A0423E5E193F40BE6E94126930C49308E9E35567@MBCLUSTER.xchange.nist.gov> <7309FCBCAE981B43ABBE69B31C8D21391A45A1F85D@EUSAACMS0701.eamcs.ericsson.se> <m2fwhqeq5i.wl%randy@psg.com> <CCE759E6-BEA6-433B-957A-6559C67BAD52@ericsson.com> <DCC302FAA9FE5F4BBA4DCAD4656937791452387941@PRVPEXVS03.corp.twcable.com> <7309FCBCAE981B43ABBE69B31C8D21391A45A1FE9F@EUSAACMS0701.eamcs.ericsson.se> <DCC302FAA9FE5F4BBA4DCAD4656937791452387978@PRVPEXVS03.corp.twcable.com> <7309FCBCAE981B43ABBE69B31C8D21391A45A1FEC8@EUSAACMS0701.eamcs.ericsson.se> <4EC3125D.4000309@riw.us>
In-Reply-To: <4EC3125D.4000309@riw.us>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [sidr] Burstiness of BGP updates (was: WGLC: draft-ietf-sidr-bgpsec-reqs)
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Nov 2011 02:50:16 -0000

How to treat unsigned paths is a matter of policy.
This is up to each provider to configure as he pleases.
I would prefer a signed route over an unsigned one,
but prefer an unsigned route over no route.
For more security sensitive routes, you may prefer no route
over an unsigned route. It's up to you.

I am saying, do not delay the regular updates.
Send the signatures in a separate connection.

A performance sensitive implementation does both
the signing and the checking in a low priority
process anyway. That results in two updates, one
with the regular update followed by a copy with
the signature.

I am saying to put that signature into a separate
connection, so as not to delay the higher urgency
regular updates.

--
Jakob Heitz.

> -----Original Message-----
> From: sidr-bounces@ietf.org [mailto:sidr-bounces@ietf.org] On Behalf
> Of Russ White
> Sent: Tuesday, November 15, 2011 5:31 PM
> To: sidr@ietf.org
> Subject: Re: [sidr] Burstiness of BGP updates (was: WGLC: draft-
> ietf-sidr-bgpsec-reqs)
> 
> 
> 
> >>> I can not believe that it will be 2X.
> 
> It will likely be worse.
> 
> > Now, for a regular update that changes the bestpath, the signature
> > will likely come later (in my proposal). If it replaces an
> existing
> > valid path, the bestpath will not change until the signature
> arrives.
> > If it replaces no path, then the regular update will produce a
> > bestpath change, but the signature will not.
> 
> So you are arguing that if you have two signed paths, and you
> receive a new unsigned path replacing one of the signed paths --in
> fact, replacing the signed path that is currently your bestpath--
> you would keep using the old bestpath even though it has a lower
> security preference than the other existing signed path.
> 
> How does a system that says, "replay attacks are okay, you may
> accept unsigned information over signed information, it's okay if
> timers are expired, it's okay if AS' in the middle of that path can
> be attacked through replays, etc.," really provide security? I'm
> seeing a lot of work for little to no net gain here.
> 
> :-)
> 
> Russ
> _______________________________________________
> sidr mailing list
> sidr@ietf.org
> https://www.ietf.org/mailman/listinfo/sidr