IETF Logo Mail Archive

Re: [sidr] draft-ietf-sidr-bgpsec-protocol-13's security guarantees

Randy Bush <randy@psg.com> Tue, 15 September 2015 01:12 UTC

Return-Path: <randy@psg.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C0ACF1A885F for <sidr@ietfa.amsl.com>; Mon, 14 Sep 2015 18:12:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.79
X-Spam-Level:
X-Spam-Status: No, score=0.79 tagged_above=-999 required=5 tests=[BAYES_50=0.8, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dyR-Cv3a6YfE for <sidr@ietfa.amsl.com>; Mon, 14 Sep 2015 18:12:26 -0700 (PDT)
Received: from ran.psg.com (ran.psg.com [IPv6:2001:418:8006::18]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3643F1B36B2 for <sidr@ietf.org>; Mon, 14 Sep 2015 18:12:23 -0700 (PDT)
Received: from localhost ([127.0.0.1] helo=ryuu.psg.com) by ran.psg.com with esmtp (Exim 4.82) (envelope-from <randy@psg.com>) id 1ZbenD-0006Uw-SB; Tue, 15 Sep 2015 01:12:20 +0000
Date: Tue, 15 Sep 2015 07:12:16 +0600
Message-ID: <m2613ca3kf.wl%randy@psg.com>
From: Randy Bush <randy@psg.com>
To: "Sriram, Kotikalapudi" <kotikalapudi.sriram@nist.gov>
In-Reply-To: <CY1PR09MB0793BF45F9F58C5E5D5A62B0845C0@CY1PR09MB0793.namprd09.prod.outlook.com>
References: <SN1PR09MB079938B1A44171328C0B16CA846A0@SN1PR09MB0799.namprd09.prod.outlook.com> <D20B8CAC.45839%dougm@nist.gov> <CY1PR09MB079376AC097FDDB73531814184690@CY1PR09MB0793.namprd09.prod.outlook.com>
User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/22.3 Mule/5.0 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.7 - "Harue")
Content-Type: text/plain; charset="US-ASCII"
Archived-At: <http://mailarchive.ietf.org/arch/msg/sidr/cRSN1zIESbKTs__UmYCaQ5ymrnM>
Cc: "sidr@ietf.org" <sidr@ietf.org>, David Mandelberg <david@mandelberg.org>
Subject: Re: [sidr] draft-ietf-sidr-bgpsec-protocol-13's security guarantees
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Sep 2015 01:12:28 -0000

> In the example with -- > A --> B --> C --> D -->, if B and C (the ones
> that were signing but not verifying) return to the update to verify,
> then they will realize that the update they last signed (for the
> prefix) was invalid, and will propagate an alternate valid signed
> announcement or send a withdrawal message to D.

and all the packts will return to their origins with a loud swoosh and
re-route correctly :)

> At this point, B and C have taken their corrective action.

not really.  the internet is all about the data plane.  the control
plane is there to help the data plane.

randy

v2.23.0 | Report a Bug | By Email