Hey Chris, On Mar 21, 2012, at 5:00 PM, Christopher Morrow wrote:
> On Wed, Mar 21, 2012 at 3:40 PM, Eric Osterweil <eosterw...@verisign.com> > wrote: >> My input is that the current work that does not address the real route leak >> threat, and it is therefore insufficient. > > and many, many times ... 'how would you do this, really, show me the > math' has been asked. the closest so far is Brian's set of 3 id's > which are being chattered about in IDR and some in SIDR as well. As I mentioned to Steve, ``If a system is repeatedly subverted along a specific attack vector, the fact that you can see evidence of subversion, but you can't model it with a closed form equation or a formal proof does _not_ mean you should withhold the development of protections! That's like saying: I haven't got a formal proof for what a local escalation of privileges is, on my Linux box... I hope Linus comes up w/ a formal definition soon so that I stop getting pwnd!'' I don't know that math (or any other formalism) is generally considered a requirement for the incorporation of security protections when they are needed. Indeed, the notion that security protections must be predicated on some form of formal analysis seems like a severe/unnecessary hindrance. I don't know that the current BGPSEC design is evolvable to remediate the threats we currently face, but that does _not_ mean we should avoid addressing the problem. > > btw, Is 'the real route leak threat' different in some way than other > (what other?) route-leak-threats? and is it the only thing you care > about? (I think there are others, is this the only uncovered hole in > the pasture? or are you worried about breaking your leg on something > else as well?) 1) Sorry, 'real' was only added to emphasize that this is an existing problem. Nothing more... 2) I am actually listening to what those operators that I talk to are worried about. I've heard many issue warnings about the threat that route leaks pose, and some of my own research tends to underscore some more subtle (but I think very dangerous) threats that I think route leaks enable quite nicely. Thus, this is my view of what I've heard many people say and what I have seen. I'm sure there are others, but that's where an accepted requirements doc would be helpful. Eric _______________________________________________ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr