On 2015-08-27 15:23, Borchert, Oliver wrote:
If I understand Davids attack vector correct than the attack would
look
as follows:
For the path -> A -> B -> C -> D -> E with A and D conspiring and B
and C
only signing but not validating:
A signs the path to D and not to B but sends it to B. Because B and C
do not validate, just sign they forward the path to D.
D removed B and C from the path and forwards the path as -> A -> D
to E.
Now E verifies the path as valid and moves on.
If this is what David had in mind then I agree that the security
guarantee
in 7.1 does not hold up.
This is one type of attack that uses the issue I raised, but this
specific attack doesn't seem problematic to me. A and D can always set
up a BGPsec tunnel to accomplish the same result of removing B and C
from the path, and there's not much we can do to stop that.
--
David Eric Mandelberg / dseomn
http://david.mandelberg.org/
_______________________________________________
sidr mailing list
sidr@ietf.org
https://www.ietf.org/mailman/listinfo/sidr