Re: [sidr] BGPSEC Threat Model ID
Geoff Huston <gih@apnic.net> Wed, 09 November 2011 19:56 UTC
Return-Path: <gih@apnic.net>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 70E5D21F84AF for <sidr@ietfa.amsl.com>; Wed, 9 Nov 2011 11:56:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -98.086
X-Spam-Level:
X-Spam-Status: No, score=-98.086 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_HOST_EQ_D_D_D_D=0.765, HOST_EQ_AU=0.327, HOST_MISMATCH_AU=2.444, RCVD_IN_SORBS_DUL=0.877, RDNS_DYNAMIC=0.1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YreEQa3XLYrn for <sidr@ietfa.amsl.com>; Wed, 9 Nov 2011 11:56:16 -0800 (PST)
Received: from asmtp.apnic.net (asmtp.apnic.net [IPv6:2001:dc0:2001:11::199]) by ietfa.amsl.com (Postfix) with ESMTP id AEEAE21F84B1 for <sidr@ietf.org>; Wed, 9 Nov 2011 11:56:15 -0800 (PST)
Received: from [192.168.2.5] (d110-33-203-45.mas801.nsw.optusnet.com.au [110.33.203.45]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by asmtp.apnic.net (Postfix) with ESMTP id 59B28B675F; Thu, 10 Nov 2011 05:56:14 +1000 (EST)
Mime-Version: 1.0 (Apple Message framework v1251.1)
Content-Type: text/plain; charset="us-ascii"
From: Geoff Huston <gih@apnic.net>
In-Reply-To: <p06240806caddeb4faae0@[128.89.89.6]>
Date: Thu, 10 Nov 2011 06:56:12 +1100
Content-Transfer-Encoding: quoted-printable
Message-Id: <60C11709-5D46-474A-A4DB-ADE0675E73D8@apnic.net>
References: <E96517DD-BAC7-4DD8-B345-562F71788C6A@tcb.net> <p06240807cad42f85eb7d@193.0.26.186> <32744.216.168.239.87.1320175657.squirrel@webmail.tcb.net> <p06240801cad6ab773279@193.0.26.186> <D9A38669-883D-4090-9F95-BC5C63220950@tcb.net> <p06240801cad800485596@193.0.26.186> <EEBF68E0-FAD9-4AF3-B81B-78760D200D9B@tcb.net> <p06240808cad85ff73d61@193.0.26.186> <080F8FFF-D2C7-4414-B53A-233F88D2009F@vpnc.org> <CAFU7BATC-6DUDNuadakwSa5wj0ryy0=49=XveBXD5Wv=5JL-ag@mail.gmail.com> <m2aa8c489s.wl%randy@psg.com> <53FA9B4A-552C-4998-8F69-592A0F5AA13B@verisign.com> <CAL9jLaZj1wcmDnbm1f9=csUv2Uuq_w3rS6UEYmUHAQDPWT9zFg@mail.gmail.com> <m262iz2xl8.wl%randy@psg.com> <A2661B25-CC2E-44E4-93CE-5AFE4F67E4DA@verisign.com> <m2pqh71hdz.wl%randy@psg.com> <10A3F6FD-1392-4E6E-A048-A8EED1E8C329@apnic.net> <p06240806caddeb4faae0@[128.89.89.6]>
To: Stephen Kent <kent@bbn.com>
X-Mailer: Apple Mail (2.1251.1)
Cc: sidr wg list <sidr@ietf.org>
Subject: Re: [sidr] BGPSEC Threat Model ID
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Nov 2011 19:56:16 -0000
On 10/11/2011, at 5:33 AM, Stephen Kent wrote: > At 3:09 PM +1100 11/5/11, Geoff Huston wrote: >> On 05/11/2011, at 12:34 PM, Randy Bush wrote: >> >>>> I think the distinction between a leak and something more intentional >>>> s a matter of policy. Knowing the policy associated with the >>>> adjacencies that an AS is leaking over would allow leaked >>>> announcements to be identified >>> >>> o We can not know intent, should Mary have announced the prefix to Bob >> >> >> I disagree with this assertion of impossibility. The intention of the routing >> policy databases in their various flavours and incarnations was to publish >> intent and allow others to filter based on intent. > > Geoff, > > I have been told that the lack of widely available, reliable IRR data > out side of the RIPE region is due, in part, to a reluctance by > operators to publish all of these details. If that is true, then it > argues against assuming the existence of such data on a global basis. > > Steve I did not claim it existed - I merely disagreed with the claim of its impossibility of existence. In the same way that the only way you can eliminate the "unknown" validation outcome is to achieve universal adoption of the generation of credentials, the general visibility of intent relies on universal adoption on the generation of routing policy. It is not impossible per se, it just relies on universal adoption! In the case of the efforts relating to RPSL, reality has not achieved such targets of universal adoption, as you point out. In the case of the efforts relating to the BGP security mechanisms you are working on, it is an open issue as to how many folk would adopt it, but our experiences of other technologies, including 4 byte ASN support indicate that universal adoption is an extremely challenging objective. Geoff
- [sidr] BGPSEC Threat Model ID Danny McPherson
- Re: [sidr] BGPSEC Threat Model ID Stephen Kent
- Re: [sidr] BGPSEC Threat Model ID Danny McPherson
- Re: [sidr] BGPSEC Threat Model ID Stephen Kent
- Re: [sidr] BGPSEC Threat Model ID Brian Dickson
- Re: [sidr] BGPSEC Threat Model ID Russ White
- Re: [sidr] BGPSEC Threat Model ID Stephen Kent
- Re: [sidr] BGPSEC Threat Model ID Brian Dickson
- Re: [sidr] BGPSEC Threat Model ID Russ White
- Re: [sidr] BGPSEC Threat Model ID Randy Bush
- Re: [sidr] BGPSEC Threat Model ID Brian Dickson
- Re: [sidr] BGPSEC Threat Model ID Russ White
- Re: [sidr] BGPSEC Threat Model ID Danny McPherson
- Re: [sidr] BGPSEC Threat Model ID Danny McPherson
- Re: [sidr] BGPSEC Threat Model ID Stephen Kent
- Re: [sidr] BGPSEC Threat Model ID Russ White
- Re: [sidr] BGPSEC Threat Model ID Danny McPherson
- Re: [sidr] BGPSEC Threat Model ID Stephen Kent
- Re: [sidr] BGPSEC Threat Model ID Paul Hoffman
- Re: [sidr] BGPSEC Threat Model ID George, Wes
- Re: [sidr] BGPSEC Threat Model ID Shane Amante
- Re: [sidr] BGPSEC Threat Model ID Randy Bush
- Re: [sidr] BGPSEC Threat Model ID Eric Osterweil
- Re: [sidr] BGPSEC Threat Model ID George, Wes
- Re: [sidr] BGPSEC Threat Model ID Danny McPherson
- Re: [sidr] BGPSEC Threat Model ID Jen Linkova
- Re: [sidr] BGPSEC Threat Model ID Christopher Morrow
- Re: [sidr] BGPSEC Threat Model ID Brian Dickson
- Re: [sidr] BGPSEC Threat Model ID Randy Bush
- Re: [sidr] BGPSEC Threat Model ID Randy Bush
- Re: [sidr] BGPSEC Threat Model ID Sriram, Kotikalapudi
- Re: [sidr] BGPSEC Threat Model ID Eric Osterweil
- Re: [sidr] BGPSEC Threat Model ID Brian Dickson
- Re: [sidr] BGPSEC Threat Model ID Christopher Morrow
- Re: [sidr] BGPSEC Threat Model ID Christopher Morrow
- Re: [sidr] BGPSEC Threat Model ID Jakob Heitz
- Re: [sidr] BGPSEC Threat Model ID Christopher Morrow
- Re: [sidr] BGPSEC Threat Model ID Brian Dickson
- Re: [sidr] BGPSEC Threat Model ID Randy Bush
- Re: [sidr] BGPSEC Threat Model ID Randy Bush
- Re: [sidr] BGPSEC Threat Model ID Eric Osterweil
- Re: [sidr] BGPSEC Threat Model ID Randy Bush
- Re: [sidr] BGPSEC Threat Model ID Christopher Morrow
- Re: [sidr] BGPSEC Threat Model ID Christopher Morrow
- Re: [sidr] BGPSEC Threat Model ID Danny McPherson
- Re: [sidr] BGPSEC Threat Model ID Shane Amante
- Re: [sidr] BGPSEC Threat Model ID Christopher Morrow
- Re: [sidr] BGPSEC Threat Model ID Shane Amante
- Re: [sidr] BGPSEC Threat Model ID Christopher Morrow
- Re: [sidr] BGPSEC Threat Model ID Geoff Huston
- Re: [sidr] BGPSEC Threat Model ID Jakob Heitz
- Re: [sidr] BGPSEC Threat Model ID Brian Dickson
- Re: [sidr] BGPSEC Threat Model ID Russ White
- Re: [sidr] BGPSEC Threat Model ID Russ White
- Re: [sidr] BGPSEC Threat Model ID Russ White
- Re: [sidr] BGPSEC Threat Model ID Brian Dickson
- Re: [sidr] BGPSEC Threat Model ID Brian Dickson
- Re: [sidr] BGPSEC Threat Model ID Stephen Kent
- Re: [sidr] BGPSEC Threat Model ID Geoff Huston
- Re: [sidr] BGPSEC Threat Model ID Stephen Kent
- Re: [sidr] BGPSEC Threat Model ID Danny McPherson