Re: [sidr] draft-kent-sidr-adverse-actions-00.txt
Andrei Robachevsky <andrei.robachevsky@gmail.com> Tue, 07 July 2015 15:05 UTC
Return-Path: <andrei.robachevsky@gmail.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 82C701ACD7C for <sidr@ietfa.amsl.com>; Tue, 7 Jul 2015 08:05:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id c7lnHt-QA35s for <sidr@ietfa.amsl.com>; Tue, 7 Jul 2015 08:05:18 -0700 (PDT)
Received: from mail-wg0-x230.google.com (mail-wg0-x230.google.com [IPv6:2a00:1450:400c:c00::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A699E1ACD58 for <sidr@ietf.org>; Tue, 7 Jul 2015 08:05:18 -0700 (PDT)
Received: by wgjx7 with SMTP id x7so170583600wgj.2 for <sidr@ietf.org>; Tue, 07 Jul 2015 08:05:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type; bh=x9YLI4JVmIEFoiTNmUGoe9G1aoBXqzf6EMC+A+cT0Og=; b=QxSRHeUWtgGhGbTAT2gbr/PPi4CzYTQBSHWnAuLMTol+Kech+BphsKOEErsWzEf0DK pBptHmQtiBa9wsaufBSvhTdPZgTg95GrlMvQi0xqA3kNODwg6aIjgJTqWlfF1e3zxHoI 7YYMh/W0qJJWTLg5tu0CeYxY9PsUqHDQoqx9GIh+Dl5aNp+JYfZxvED2MgrLXL93ChV7 Wii7kXNfk8Ft7UfAngjHWTuAHpZIZrHWzsdA98iZuvDu6G9g6yUyOiRIe+VmDiO4Zuk8 ttGBo8HaA1vJ8T/tCkQvYkgqVMHqumhpwjYzsguG5vds5DDd5ZGMHWQiHGEcldkE2fus nv9g==
X-Received: by 10.180.231.40 with SMTP id td8mr67146469wic.9.1436281517318; Tue, 07 Jul 2015 08:05:17 -0700 (PDT)
Received: from ISOC-A1FD58.local ([92.109.76.43]) by mx.google.com with ESMTPSA id um5sm33800468wjc.1.2015.07.07.08.05.15 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 07 Jul 2015 08:05:16 -0700 (PDT)
Message-ID: <559BEAAA.5090400@gmail.com>
Date: Tue, 07 Jul 2015 17:05:14 +0200
From: Andrei Robachevsky <andrei.robachevsky@gmail.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:31.0) Gecko/20100101 Thunderbird/31.7.0
MIME-Version: 1.0
To: Stephen Kent <kent@bbn.com>, sidr <sidr@ietf.org>
References: <556C88FC.3000409@bbn.com>
In-Reply-To: <556C88FC.3000409@bbn.com>
Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="pi6JVQQL1cnJL7aWX8dTvXv3L95Ke9NBe"
Archived-At: <http://mailarchive.ietf.org/arch/msg/sidr/nn30W7FC5x5By_xJj5sGdxYCdGg>
Subject: Re: [sidr] draft-kent-sidr-adverse-actions-00.txt
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Jul 2015 15:05:20 -0000
Hi, Stephen Kent wrote on 01/06/15 18:31: > Di Ma and I, with help from several folks at BBN, have generated this > document to try to characterize the set of attacks/errors that might > adversely impact INR holders in the RPKI context. As we discuss topics > like RPKI path validation, the Suspenders ideas, and Slurm, it seems > appropriate to have a common background on the security issues in question. > > We hope this is a suitable start for this sort of discussion, something > that might become a WG doc, maybe published as an informational RFC (or > not). > > https://datatracker.ietf.org/doc/draft-kent-sidr-adverse-actions/ > > Comments appreciated. > In my opinion it'd be useful to have an analysis of implications of adverse actions with respect to Internet Number Resources (INRs). I understand that probably the intention of this document is to introduce a common vocabulary that can be used for discussion of other issues and solutions, rather than provide solutions on its own. However, I found the document hard to read. It looks like the 3 main sections are not really linked together and the analysis of implications is scattered through the draft. Section 2 catalogs all various bad things that can happen, but does not provide guidance on the severity of different actions. Section 3 avoids any references to specific actions in Section 2, which brings a question of the utility of such classification. Finally, section 4 does not really depend on the considerations in the previous sections, and IMO could be written without such lengthy introduction. I think one of the main problems is that the "analysis is performed from the perspective of an affected INR holder". IMO, it'd be easier to analyze operational impact of various actions if we move the point of view to the RP, who accepts, or discards or de-prefs routing announcements. This could also allow to classify actions, or group them, by severity of the impact, and provide focus on the most critical attack vectors that may require out-of-band support/solutions. Andrei
- [sidr] draft-kent-sidr-adverse-actions-00.txt Stephen Kent
- Re: [sidr] draft-kent-sidr-adverse-actions-00.txt Andrei Robachevsky
- Re: [sidr] draft-kent-sidr-adverse-actions-00.txt Stephen Kent