Re: [Sidr] [OPSEC] pccw as17557 leak...

Sandra Murphy <sandy@sparta.com> Thu, 28 February 2008 16:35 UTC

Return-Path: <sidr-bounces@ietf.org>
X-Original-To: ietfarch-sidr-archive@core3.amsl.com
Delivered-To: ietfarch-sidr-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7FBFD3A6C6A; Thu, 28 Feb 2008 08:35:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.867
X-Spam-Level:
X-Spam-Status: No, score=-0.867 tagged_above=-999 required=5 tests=[AWL=-0.430, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_ORG=0.611, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gPk-bYpEEiyq; Thu, 28 Feb 2008 08:35:37 -0800 (PST)
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 05E6A28C1CC; Thu, 28 Feb 2008 08:35:37 -0800 (PST)
X-Original-To: sidr@core3.amsl.com
Delivered-To: sidr@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5C54B28C29D; Thu, 28 Feb 2008 08:35:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yBe3yFjoImCS; Thu, 28 Feb 2008 08:35:30 -0800 (PST)
Received: from M4.sparta.com (M4.sparta.com [157.185.61.2]) by core3.amsl.com (Postfix) with ESMTP id CAEA828C1CC; Thu, 28 Feb 2008 08:35:30 -0800 (PST)
Received: from Beta5.sparta.com (beta5.sparta.com [157.185.63.21]) by M4.sparta.com (8.13.5/8.13.5) with ESMTP id m1SGYviS029835; Thu, 28 Feb 2008 10:34:57 -0600
Received: from nemo.columbia.ads.sparta.com (nemo.columbia.sparta.com [157.185.80.75]) by Beta5.sparta.com (8.12.11/8.13.1) with ESMTP id m1SGYZmi013181; Thu, 28 Feb 2008 10:34:56 -0600
Received: from SANDYM-LT.columbia.ads.sparta.com ([157.185.81.104]) by nemo.columbia.ads.sparta.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.3959); Thu, 28 Feb 2008 11:34:52 -0500
Date: Thu, 28 Feb 2008 11:34:48 -0500
From: Sandra Murphy <sandy@sparta.com>
To: Vishwas Manral <vishwas.ietf@gmail.com>
In-Reply-To: <77ead0ec0802280649k66671fc9s9fc24314963c68a0@mail.gmail.com>
Message-ID: <Pine.WNT.4.64.0802281109260.2416@SANDYM-LT.columbia.ads.sparta.com>
References: <47C4E38E.1070105@bogus.com> <77ead0ec0802262229wd5e695ag95021040d7492828@mail.gmail.com> <E54F9525-AE5E-4F96-A044-FCEBEBCA6DB3@tcb.net> <3DD63532-9442-4B12-B1DF-5EA70A66C87D@cisco.com> <77ead0ec0802271712m53e8a1d4sc9cae09ee75686f7@mail.gmail.com> <p06240500c3ebd2c48236@192.168.101.9> <77ead0ec0802271913u2c032ec2y2d03b73cb36de37f@mail.gmail.com> <p06240509c3ebe4459c93@169.223.13.71> <77ead0ec0802272031j6d958279tf3028c4096093020@mail.gmail.com> <p0624050cc3ebfc54fb15@169.223.13.71> <77ead0ec0802280649k66671fc9s9fc24314963c68a0@mail.gmail.com>
X-X-Sender: sandy@nemo.columbia.sparta.com
MIME-Version: 1.0
X-OriginalArrivalTime: 28 Feb 2008 16:34:52.0240 (UTC) FILETIME=[D7C53D00:01C87A27]
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-3.0 (M4.sparta.com [157.185.61.2]); Thu, 28 Feb 2008 10:34:57 -0600 (CST)
Cc: Roland Dobbins <rdobbins@cisco.com>, opsec wg mailing list <opsec@ietf.org>, sidr@ietf.org
Subject: Re: [Sidr] [OPSEC] pccw as17557 leak...
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: sidr-bounces@ietf.org
Errors-To: sidr-bounces@ietf.org


On Thu, 28 Feb 2008, Vishwas Manral wrote:

> Hi Stephen,
>
> Ok, I understand the model you talk about now. Yes the CPU may not be
> the biggest concern as the server is verifying the Cert's offline. I
> guess this would also lead to models like CRL's for revocation.
>
> Like I said earlier as SIDR does not stop malicious attacks, but only
> ones caused unintentionally, is it not possible to actually use a
> simpler mechanism to get over such errors?
>
> Thanks,
> Vishwas
>

Vishwas, the current SIDR work is focused on preventing attacks 
(faulty/misconfigured/subverted/malicious/whatever) against the 
origination of routing advertisements, by providing strong assurance of 
who holds what prefixes, and therefore who can authorize origination of 
a prefix.

(And in the leak that is the subject of this email chain, the fully 
deployed system would indeed have detected the mis-origination, in any AS 
that had received the mis-origination, not just the direct link up from 
the customer.)

The concerns you raise are recognized subjects for further work.

But all of the very many proposals for securing BGP (see: S-BGP, soBGP, 
psBGP, SPV, etc., etc.) rely on protecting this initial bit of routing 
information: originating a route to a prefix.  So defining this work is a 
basis for defining future fuller protection techniques as well.

All simpler mechanisms I have ever heard of for protecting origination of 
routing advertisements are either much lower assurance, or based on data 
with similar strong protections but not more assurance, or not extensible 
to protecting more features of BGP exchanges.


--Sandy
_______________________________________________
Sidr mailing list
Sidr@ietf.org
https://www.ietf.org/mailman/listinfo/sidr