On Tue, Dec 4, 2012 at 8:35 AM, Arturo Servin <[email protected]> wrote: > > > draft-foo-sidr-simple-leak-attack-bgpsec-no-help seems as a good > start. > > I would suggest to make it more about leaks in general and not just > about security attacks (considering that many of the incidents with > leaks are mistakes and no targeted attacks). >
that was (one) of my comments, yes. (to the authors) > my 20 cents, > as > > > > On 04/12/2012 02:04, Christopher Morrow wrote: >> ok, so after some considerable discussion (and correction of my >> non-optimally-phrased questions) it seems there's some energy in >> discussing this in GROW... >> >> It seems that the draft: draft-foo-sidr-simple-leak-attack-bgpsec-no-help >> >> looks like a good starting point for this discussion, could we re-spin >> this as a GROW draft (re-title and submit) and perhaps send along >> updates according to the comments received (if any?). >> >> Once that appears it'd be grand if the list folks could discuss it a >> bit more so we can see where the discussion leads. >> >> -chris >> >> On Wed, Nov 14, 2012 at 5:18 PM, Christopher Morrow >> <[email protected]> wrote: >>> GROW Folks, >>> The SIDR working group is working on security for origination and path >>> data related to BGP routes. There has been a note (a few) about SIDR's >>> effect(s) or not on 'route leaks'. There have even been a few notes on >>> 'what is a route leak'. To date there is a draft which discusses route >>> leaks: >>> >>> <http://tools.ietf.org/html/draft-foo-sidr-simple-leak-attack-bgpsec-no-help-02> >>> >>> where the authors have attempted to describe one (or many possible) >>> situations which are called 'route leaks'. They also attempt to >>> outline security issues which are follow-on effects of the situation >>> described. >>> >>> SIDR attempted to look at route-leaks and came up a bit stymied, they >>> asked IDR for some assistance with the issue, IDR pushed back to GROW >>> to decide: >>> 1) What is a 'route leak' (perhaps the above draft identifies one >>> examplar to be used in that definition) >>> 2) Are 'route leaks' a problem that Operations folks care about >>> 3) Should IDR (or the IETF proper) address 'route leaks' with some >>> form(s) of fix action. >>> >>> The end result of the above 3 steps is to push back into IDR one of >>> two action requests: >>> 1) "Yes, route leaks are a problem, please fix them." >>> or >>> 2) "No, route leaks are not a problem, take no action." >>> >>> If #1 above is the answer, and IDR decides that changes to the BGP >>> protocol are warranted (or are a possible solution to the problem) >>> then SIDR has agreed to do what they can to 'secure' the bits >>> added/changed/used in that endeavor. >>> >>> Could we have some discussion on-list about this problem, and some >>> discussion about whether or not the draft referenced above fits the >>> definition we would like to use for 'route leak'? I would also like >>> the authors of the draft to decide where they would like to take their >>> draft: >>> 1) SIDR >>> 2) IDR >>> 3) GROW >>> 4) other >>> >>> Thanks! >>> -Chris >>> (co-chair 1:2 of grow, and 1:3 in sidr) >> _______________________________________________ >> GROW mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/grow >> _______________________________________________ GROW mailing list [email protected] https://www.ietf.org/mailman/listinfo/grow
