On Nov 7, 2012, at 9:34 PM, Christopher Morrow <morrowc.li...@gmail.com> wrote:
>> http://tools.ietf.org/html/draft-ietf-sidr-bgpsec-threats-03#section-5
>> ---snip---
>> o "Route leaks" are viewed as a routing security problem by many
>> operators, even though there is no IETF-codified definition of a
>> route leak. BGP itself does not include semantics that preclude
>> what many perceive as route leaks. Moreover, route leaks are
>> outside the scope of PATHSEC, at this time, based on the SIDR
>> charter. Thus route leaks are not addressed in this threat model.
>> ---snip---
>
> admittedly I'd have probably said in parts:
> "'Route leaks" are viewed as a routing security problem..."
> with a reference to the draft in the GROW-WG that talks about how
> route leaks are a problem to be resolved.
Nice try; however, you didn't address the crux of the matter, which are these
statements in the threats document:
---snip----
BGP itself does not include semantics that preclude
what many perceive as route leaks. Moreover, route leaks are
outside the scope of PATHSEC, at this time, based on the SIDR
charter. Thus route leaks are not addressed in this threat model.
---snip----
IMO, until those latter three statements are stricken from the threats draft,
it IS NOT worth anyone's time or effort in bringing forth any proposed
solutions, because it's very easy to dismiss them as "out-of-scope".
>> First, the threats document says "there is no IETF-codified definition of a
>> route leak",
>> even though there exists the following:
>> <http://tools.ietf.org/html/draft-foo-sidr-simple-leak-attack-bgpsec-no-help-02>
>> and,
>> apparently, based on other messages /no where in the IETF to even discuss
>> it/!
>
> I think the 'codified definition' Stephen's looking for is an rfc... I
> could be wrong though.
If that's all it took, could the authors of
draft-foo-sidr-simple-leak-attack-bgpsec-no-help-02 ask for it to be published
as an RFC via the Independent Submissions process? I imagine -- but I could be
[very] wrong -- that the Independent Submissions process does not meet the
rigor of an "IETF-codified definition of a route leak" that is stated in the
route-leaks document. Thus, that Independent Submissions process would be
pointless. So, the question is: what WG and/or IETF process does it need to go
through?
> I also think there are several messages that tell you where you could
> talk about route leaks. (in the ietf I mean).
Let me go pour over the recent barrage of list messages to see if I can find
that ...
>> Second, there is this sentence: "BGP itself ***does not include semantics***
>> that
>> preclude what many perceive as route leaks." ... That statement reads to me
>> as
>> stating that _because_ BGP does include semantics to solve for route-leaks,
>> it's
>> out-of-scope for PATHSEC.
>
> read the sentence again, I think you misread it.
I don't think so.
-shane
_______________________________________________
sidr mailing list
sidr@ietf.org
https://www.ietf.org/mailman/listinfo/sidr
