Re: [sidr] draft-ietf-sidr-bgpsec-threats-02: Path shortening & lengthening

Oops: s/BGPSEC_Path_Signature/BGPSEC_Path_Signatures/ ___ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr

Re: [sidr] draft-ietf-sidr-bgpsec-threats-02: Path shortening & lengthening

On 4/6/2012 2:10 PM, Murphy, Sandra wrote: So where's the dos attack? (Do note that the bgpsec signatures would detect this at the first point that checked the signatures, so your neighbor would have spotted the injection - unless it was the source of the injection.) So I think I finally see

Re: [sidr] draft-ietf-sidr-bgpsec-threats-02: Path shortening & lengthening

Speaking as regular ol' member Shane, I'm having some trouble following your argument. Here's what I think you are saying. You are exploring options for dropping an update based on detecting a loop - whether the loop detection should be before or after the check of the path signatures. If you

Re: [sidr] draft-ietf-sidr-bgpsec-threats-02: Path shortening & lengthening

On Apr 6, 2012, at 10:20 AM, Andrew Chi wrote: > On 4/6/2012 11:21 AM, Shane Amante wrote: >> a) BGP performs loop detection on the AS_PATH attribute *before* verifying >> any BGPSEC_Path_Signature, in which case you drop the UPDATE, thus causing a >> DoS because you're not propagating what *ma

Re: [sidr] draft-ietf-sidr-bgpsec-threats-02: Path shortening & lengthening

On 4/6/2012 11:21 AM, Shane Amante wrote: a) BGP performs loop detection on the AS_PATH attribute *before* verifying any BGPSEC_Path_Signature, in which case you drop the UPDATE, thus causing a DoS because you're not propagating what *may* be legitimate reachability info further downstream.

Re: [sidr] draft-ietf-sidr-bgpsec-threats-02: Path shortening & lengthening

On Apr 6, 2012, at 8:26 AM, Andrew Chi wrote: > On 3/29/2012 9:04 AM, Shane Amante wrote: >> Regardless, I think >> that its best to acknowledge, in this draft, that there is a threat of >> DoS to the availability of the BGP control plane > > Maybe I'm missing something. > > Intermediate routers

Re: [sidr] draft-ietf-sidr-bgpsec-threats-02: Path shortening & lengthening

On 3/29/2012 9:04 AM, Shane Amante wrote: Regardless, I think that its best to acknowledge, in this draft, that there is a threat of DoS to the availability of the BGP control plane Maybe I'm missing something. Intermediate routers or MITM entities can always drop updates. If BGPSEC is enabl

[sidr] I-D Action: draft-ietf-sidr-rpsl-sig-04.txt

A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Secure Inter-Domain Routing Working Group of the IETF. Title : Securing RPSL Objects with RPKI Signatures Author(s) : Robert Kisteleki