Hi, Stephen Kent wrote on 01/06/15 18:31: > Di Ma and I, with help from several folks at BBN, have generated this > document to try to characterize the set of attacks/errors that might > adversely impact INR holders in the RPKI context. As we discuss topics > like RPKI path validation, the Suspenders ideas, and Slurm, it seems > appropriate to have a common background on the security issues in question. > > We hope this is a suitable start for this sort of discussion, something > that might become a WG doc, maybe published as an informational RFC (or > not). > > https://datatracker.ietf.org/doc/draft-kent-sidr-adverse-actions/ > > Comments appreciated. >
In my opinion it'd be useful to have an analysis of implications of adverse actions with respect to Internet Number Resources (INRs). I understand that probably the intention of this document is to introduce a common vocabulary that can be used for discussion of other issues and solutions, rather than provide solutions on its own. However, I found the document hard to read. It looks like the 3 main sections are not really linked together and the analysis of implications is scattered through the draft. Section 2 catalogs all various bad things that can happen, but does not provide guidance on the severity of different actions. Section 3 avoids any references to specific actions in Section 2, which brings a question of the utility of such classification. Finally, section 4 does not really depend on the considerations in the previous sections, and IMO could be written without such lengthy introduction. I think one of the main problems is that the "analysis is performed from the perspective of an affected INR holder". IMO, it'd be easier to analyze operational impact of various actions if we move the point of view to the RP, who accepts, or discards or de-prefs routing announcements. This could also allow to classify actions, or group them, by severity of the impact, and provide focus on the most critical attack vectors that may require out-of-band support/solutions. Andrei
signature.asc
Description: OpenPGP digital signature
_______________________________________________ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr