When S sends a packet to D, that packet should traverse only ASs that S trusts OR that D trusts. If the packet traverses an AS that NEITHER S NOR D trusts, then a route leak has occurred.
I would generally avoid using packet flow models as a way to describe BGP security issues... The ultimate goal is to protect the packet flow, so I went back to that to come up with a definition. How to translate that into BGP is just the next step. _______________________________________________ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr