GROW Folks,
The SIDR working group is working on security for origination and path
data related to BGP routes. There has been a note (a few) about SIDR's
effect(s) or not on 'route leaks'. There have even been a few notes on
'what is a route leak'. To date there is a draft which discusses route
leaks:
<http://tools.ietf.org/html/draft-foo-sidr-simple-leak-attack-bgpsec-no-help-02>
where the authors have attempted to describe one (or many possible)
situations which are called 'route leaks'. They also attempt to
outline security issues which are follow-on effects of the situation
described.
SIDR attempted to look at route-leaks and came up a bit stymied, they
asked IDR for some assistance with the issue, IDR pushed back to GROW
to decide:
1) What is a 'route leak' (perhaps the above draft identifies one
examplar to be used in that definition)
2) Are 'route leaks' a problem that Operations folks care about
3) Should IDR (or the IETF proper) address 'route leaks' with some
form(s) of fix action.
The end result of the above 3 steps is to push back into IDR one of
two action requests:
1) "Yes, route leaks are a problem, please fix them."
or
2) "No, route leaks are not a problem, take no action."
If #1 above is the answer, and IDR decides that changes to the BGP
protocol are warranted (or are a possible solution to the problem)
then SIDR has agreed to do what they can to 'secure' the bits
added/changed/used in that endeavor.
Could we have some discussion on-list about this problem, and some
discussion about whether or not the draft referenced above fits the
definition we would like to use for 'route leak'? I would also like
the authors of the draft to decide where they would like to take their
draft:
1) SIDR
2) IDR
3) GROW
4) other
Thanks!
-Chris
(co-chair 1:2 of grow, and 1:3 in sidr)
_______________________________________________
GROW mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/grow
