Re: [sidr] SIDR ReCharter - to capture/cover path validation work

Fri, 04 Mar 2011 04:04:55 -0800 

---- Original Message ----- 
From: "Joel M. Halpern" <j...@joelhalpern.com>
To: "Randy Bush" <ra...@psg.com>
Cc: "t.petch" <ie...@btconnect.com>; <sidr@ietf.org>
Sent: Wednesday, March 02, 2011 11:25 PM

> Unfortunately, that change shifts things just enough to miss an 
> important part of what I was hoping to achieve.
> While it is true that we can not know why anyone does anything, the 
> reason we care about it is that certain  kinds of path falsification can 
> result in traffic being lured to places that any reasonable model of 
> authorization (not necessarily just the strict mathematical sense, but 
> the more general operational sense) says it aught not go.
> 
> The purpose of the whole exchange was to try to get a motivation into 
> the picture, rather than just another assertion that we want to protect 
> the AS path.  There is no need for new text just saying "we are 
> protecting the AS path because we are protecting the AS path."

I am easy about motivation, whether it is there or not; I wanted to
be clear about scope, AS_Path or everything in the advertisement
which the modified wording is.

I like Donald's addition so while I am content with what is suggested 
below, I would also go for  

"   A BGPsec design MUST allow the receiver of an announcement to
     detect that one or more routers have modified 
     the AS_Path in a way that they are not authorised to do ... "

Leaving Joel to add something like
" ...with the objective of causing traffic to be misdirected. 

And yes, I do think it is worth spending a few days on being 
clear in our words, as opposed to our thoughts:-)

Tom Petch

> Yours,
> Joel
> 
> On 3/2/2011 4:59 PM, Randy Bush wrote:
> >> i could make it something like
> >>
> >>     3.1 A BGPsec design MUST allow the receiver of an announcement to
> >>         detect that one or more ASes have manipulated the AS-Path in an
> >>         attempt to lure the receiver into sending traffic to an incorrect
> >>         next hop.
> >
> > in a private email, a friend pointed out that we neither know nor do we
> > care why charlene falsified the path.  the point is that we must be able
> > to detect that she did.
> >
> > so the wording i think i'll go with is
> >
> >     3.1   A BGPsec design MUST allow the receiver of an announcement to
> >           detect that one or more routers have falsified the AS-Path.
> >
> > last chance for word-diddling.
> >
> > randy
> >
_______________________________________________
sidr mailing list
sidr@ietf.org
https://www.ietf.org/mailman/listinfo/sidr

Reply via email to