> danny's draft actually does a decent job of saying what a leak is (one
> instance of a leak at least, which is fine), it just doesn't say how
> you'd know that from 2 as-hops away... (today, with out bgp changes
> and/or external knowledge about the ASes in the AS-Path)
I came to the conclusion
What about using a "BGP community" to set your bit "1/0" and propose mechanisms
to sign the communities tagged by an AS?
Mickael
-Message d'origine-
De : sidr-boun...@ietf.org [mailto:sidr-boun...@ietf.org] De la part de Jakob
Heitz
Envoyé : vendredi 4 novembre 2011 06:18
À : Brian Dick
On Nov 20, 2011, at 1:56 AM, Christopher Morrow wrote:
> On Fri, Nov 18, 2011 at 2:34 AM, Sean Turner wrote:
>>> that can not do the 'new hotness' (B in your example) you will have to
>
> do I have to apologize for the MIB refernce?
Absolutely not! I was surprised no one gave you props
When S sends a packet to D, that packet should traverse
only ASs that S trusts OR that D trusts. If the packet
traverses an AS that NEITHER S NOR D trusts, then a route
leak has occurred.
I would generally avoid using packet flow models as a way to describe
BGP security issues...
The ultimate goa
> The solution isn't to rule out such problems because they're
> "unsolvable." There are, in fact, at least two systems that can solve
> this problem.
in the harsh realities such as
o a significant portion of the internet's isps will not publish
peering and customer business relationships,
These ideas have floated around for 20+ years. They have even appeared in
early BGP specs ... See "LINK TYPE" in http://www.ietf.org/rfc/rfc1105.txt.
I actually think this is a useful idea, but the discussion always rat
holes in the supposition of absolute filtering rules and proof by counter
exa
> o a significant portion of the internet's isps will not publish
> peering and customer business relationships,
You can't secure what you don't tell anyone about. Security is about
allowing others to compare the current state against what the state
should be. What you're asking for is to a
>>o a significant portion of the internet's isps will not publish
>> peering and customer business relationships,
Randy,
This is very true statement how every last week we have had a number of
conversations where the same significant portions of ISPs expressed very
great interest in i
Hi Chris,
On Nov 20, 2011, at 10:35 PM, Christopher Morrow wrote:
> On Wed, Nov 16, 2011 at 11:23 PM, Danny McPherson wrote:
>>
>> Team,
>> I've updated this draft based on some feedback received already. Given
>> the discussion at the WG session, and the list discussion as of late, I'd
>> lik
On Mon, Nov 21, 2011 at 6:08 PM, Shane Amante wrote:
> Hi Chris,
howdy!
> On Nov 20, 2011, at 10:35 PM, Christopher Morrow wrote:
>> On Wed, Nov 16, 2011 at 11:23 PM, Danny McPherson wrote:
>>>
>>> Team,
>>> I've updated this draft based on some feedback received already. Given
>>> the discuss
On Nov 16, 2011, at 2:50 AM, Stephen Kent wrote:
>
>> Here's my primary question. If I wanted to form a 'federation' of sorts for
>> resiliency would I have to use additional TALs in conjunction with my
>> LTA and paracertificate hierarchy? If so, can an RP include some sort of
>> filter to con
Speaking for myself on this one.
On 22/11/2011, at 12:47 PM, Christopher Morrow wrote:
>
> ok, so if we step forward and ask for 'give me an attribute to
> indicate customer/peer/other', would we then trust that? it'd be
> (presumably) set per as-hop, is that anymore trustworthy than the
> commu
On Mon, Nov 21, 2011 at 11:15 PM, Terry Manderson wrote:
>
> Speaking for myself on this one.
>
> On 22/11/2011, at 12:47 PM, Christopher Morrow wrote:
>>
>> ok, so if we step forward and ask for 'give me an attribute to
>> indicate customer/peer/other', would we then trust that? it'd be
>> (presu
On 22/11/2011, at 3:13 PM, Christopher Morrow wrote:
>
> 'if it is intended' ... means:
> a) "is intended to be seen at the vantage point it was observed at"
> (3 as-hops away)
> b) "with the as-path it shows up with" (isp1 - as1 - isp2 - me)
> c) something else?
>
> it's not clear what you
On Tue, Nov 22, 2011 at 12:52 AM, Terry Manderson wrote:
>
> On 22/11/2011, at 3:13 PM, Christopher Morrow wrote:
>
>>
>> 'if it is intended' ... means:
>> a) "is intended to be seen at the vantage point it was observed at"
>> (3 as-hops away)
>> b) "with the as-path it shows up with" (isp1 - as
15 matches
Mail list logo
