IETF Logo Mail Archive

Re: [sidr] BGPSEC Threat Model ID

Russ White <russw@riw.us> Wed, 02 November 2011 18:17 UTC

Return-Path: <russw@riw.us>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0DD4911E80F8 for <sidr@ietfa.amsl.com>; Wed, 2 Nov 2011 11:17:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.539
X-Spam-Level:
X-Spam-Status: No, score=-2.539 tagged_above=-999 required=5 tests=[AWL=0.060, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fWOX2NkJeg4A for <sidr@ietfa.amsl.com>; Wed, 2 Nov 2011 11:17:30 -0700 (PDT)
Received: from ecbiz91.inmotionhosting.com (ecbiz91.inmotionhosting.com [173.205.124.250]) by ietfa.amsl.com (Postfix) with ESMTP id 2581911E80F0 for <sidr@ietf.org>; Wed, 2 Nov 2011 11:17:30 -0700 (PDT)
Received: from cpe-065-190-155-146.nc.res.rr.com ([65.190.155.146]:62493 helo=Russ-Whites-MacBook-Pro.local) by ecbiz91.inmotionhosting.com with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.69) (envelope-from <russw@riw.us>) id 1RLfNQ-0004tv-OB; Wed, 02 Nov 2011 14:17:28 -0400
Message-ID: <4EB18937.8010006@riw.us>
Date: Wed, 02 Nov 2011 14:17:27 -0400
From: Russ White <russw@riw.us>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:7.0.1) Gecko/20110929 Thunderbird/7.0.1
MIME-Version: 1.0
To: Brian Dickson <brian.peter.dickson@gmail.com>
References: <E96517DD-BAC7-4DD8-B345-562F71788C6A@tcb.net> <p06240807cad42f85eb7d@193.0.26.186> <32744.216.168.239.87.1320175657.squirrel@webmail.tcb.net> <p06240801cad6ab773279@193.0.26.186> <CAH1iCir-UoT+BMOD53oxQ9fdMiGirvaTL0eZDS3A5wVEDuw2LA@mail.gmail.com> <4EB170AD.1030302@riw.us> <CAH1iCiqTST7V=jdHe8R04nfP-0c33NSo9m4gZ_majpx7wUCciw@mail.gmail.com> <4EB180DD.5010401@riw.us> <CAH1iCiq9ugsV2uARRUrb7af3_HAi62EiAWAhoWZnDSr3sb8Z5w@mail.gmail.com>
In-Reply-To: <CAH1iCiq9ugsV2uARRUrb7af3_HAi62EiAWAhoWZnDSr3sb8Z5w@mail.gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - ecbiz91.inmotionhosting.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - riw.us
Cc: sidr@ietf.org
Subject: Re: [sidr] BGPSEC Threat Model ID
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Nov 2011 18:17:31 -0000

>> 2a. If you have a business relationship with this other party, then you
>> already have an enforcement mechanism at hand --signatures and other
>> sorts of things won't provide anything additional.
> 
> Actually, this is not strictly true.

> B and A are peers.

Which means they have a business relationship...

> The agreements between A and C, and between B and C, prohibit C sending anything
> other than C's own routes to A and B.

The only way A and B would know they are C's upstream is for them to
tell one another about it --as you say, this isn't possible within BGP.

According to the folks I've talked to, BGPSEC was specifically not
designed to resolve the problem you're discussing, and there is no way
within the specification to resolve this problem.

:-)

Russ

v2.23.0 | Report a Bug | By Email