"Pampers use multiple layers of protection to prevent leakage. Rommel used defense in depth to defend European fortresses." (A.White) [email protected]
>-----Original Message----- >From: [email protected] [mailto:[email protected]] On Behalf Of >Christopher Morrow >Sent: Tuesday, December 04, 2012 7:35 AM >To: Arturo Servin >Cc: [email protected] [email protected]; draft-foo-sidr-simple-leak-attack- >[email protected]; [email protected]; grow- >[email protected] >Subject: Re: [GROW] RouteLeaks - problem or not? > >On Tue, Dec 4, 2012 at 8:35 AM, Arturo Servin <[email protected]> >wrote: >> >> >> draft-foo-sidr-simple-leak-attack-bgpsec-no-help seems as a >good start. >> >> I would suggest to make it more about leaks in general and not >just >> about security attacks (considering that many of the incidents with >> leaks are mistakes and no targeted attacks). I would say that even accidental announcements affect the A (availability) in CIA so it is security. It may not be an attack and this might just be a nit. Additionally I wanted to add my support as an operator for 1. "Yes, route leaks are a problem, please fix them." >> > >that was (one) of my comments, yes. (to the authors) > >> my 20 cents, >> as >> >> >> >> On 04/12/2012 02:04, Christopher Morrow wrote: >>> ok, so after some considerable discussion (and correction of my >>> non-optimally-phrased questions) it seems there's some energy in >>> discussing this in GROW... >>> >>> It seems that the draft: draft-foo-sidr-simple-leak-attack-bgpsec-no- >help >>> >>> looks like a good starting point for this discussion, could we re- >spin >>> this as a GROW draft (re-title and submit) and perhaps send along >>> updates according to the comments received (if any?). >>> >>> Once that appears it'd be grand if the list folks could discuss it a >>> bit more so we can see where the discussion leads. >>> >>> -chris >>> >>> On Wed, Nov 14, 2012 at 5:18 PM, Christopher Morrow >>> <[email protected]> wrote: >>>> GROW Folks, >>>> The SIDR working group is working on security for origination and >path >>>> data related to BGP routes. There has been a note (a few) about >SIDR's >>>> effect(s) or not on 'route leaks'. There have even been a few notes >on >>>> 'what is a route leak'. To date there is a draft which discusses >route >>>> leaks: >>>> <http://tools.ietf.org/html/draft-foo-sidr-simple-leak-attack- >bgpsec-no-help-02> >>>> >>>> where the authors have attempted to describe one (or many possible) >>>> situations which are called 'route leaks'. They also attempt to >>>> outline security issues which are follow-on effects of the situation >>>> described. >>>> >>>> SIDR attempted to look at route-leaks and came up a bit stymied, >they >>>> asked IDR for some assistance with the issue, IDR pushed back to >GROW >>>> to decide: >>>> 1) What is a 'route leak' (perhaps the above draft identifies one >>>> examplar to be used in that definition) >>>> 2) Are 'route leaks' a problem that Operations folks care about >>>> 3) Should IDR (or the IETF proper) address 'route leaks' with some >>>> form(s) of fix action. >>>> >>>> The end result of the above 3 steps is to push back into IDR one of >>>> two action requests: >>>> 1) "Yes, route leaks are a problem, please fix them." >>>> or >>>> 2) "No, route leaks are not a problem, take no action." >>>> >>>> If #1 above is the answer, and IDR decides that changes to the BGP >>>> protocol are warranted (or are a possible solution to the problem) >>>> then SIDR has agreed to do what they can to 'secure' the bits >>>> added/changed/used in that endeavor. >>>> >>>> Could we have some discussion on-list about this problem, and some >>>> discussion about whether or not the draft referenced above fits the >>>> definition we would like to use for 'route leak'? I would also like >>>> the authors of the draft to decide where they would like to take >their >>>> draft: >>>> 1) SIDR >>>> 2) IDR >>>> 3) GROW >>>> 4) other >>>> >>>> Thanks! >>>> -Chris >>>> (co-chair 1:2 of grow, and 1:3 in sidr) >>> _______________________________________________ >>> GROW mailing list >>> [email protected] >>> https://www.ietf.org/mailman/listinfo/grow >>> >_______________________________________________ >GROW mailing list >[email protected] >https://www.ietf.org/mailman/listinfo/grow _______________________________________________ GROW mailing list [email protected] https://www.ietf.org/mailman/listinfo/grow
