On Thu, 28 Feb 2008, Vishwas Manral wrote:
> Hi Stephen, > > Ok, I understand the model you talk about now. Yes the CPU may not be > the biggest concern as the server is verifying the Cert's offline. I > guess this would also lead to models like CRL's for revocation. > > Like I said earlier as SIDR does not stop malicious attacks, but only > ones caused unintentionally, is it not possible to actually use a > simpler mechanism to get over such errors? > > Thanks, > Vishwas > Vishwas, the current SIDR work is focused on preventing attacks (faulty/misconfigured/subverted/malicious/whatever) against the origination of routing advertisements, by providing strong assurance of who holds what prefixes, and therefore who can authorize origination of a prefix. (And in the leak that is the subject of this email chain, the fully deployed system would indeed have detected the mis-origination, in any AS that had received the mis-origination, not just the direct link up from the customer.) The concerns you raise are recognized subjects for further work. But all of the very many proposals for securing BGP (see: S-BGP, soBGP, psBGP, SPV, etc., etc.) rely on protecting this initial bit of routing information: originating a route to a prefix. So defining this work is a basis for defining future fuller protection techniques as well. All simpler mechanisms I have ever heard of for protecting origination of routing advertisements are either much lower assurance, or based on data with similar strong protections but not more assurance, or not extensible to protecting more features of BGP exchanges. --Sandy _______________________________________________ Sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
