On Dec 1, 2008, at 5:22 PM, Geoff Huston wrote:
No. Some folk believe that this should be the case, others believe
that this should not be the case. Those who believe that this should
not be the case are proposing the BOA as a form of explicitly
stating what is invalid without having to state what is valid.
Heh, well said. BOAs provide a mechanism to explicit state
*some* of what is invalid, without having to state what is
valid. Seems like a less than optimal foundation for a secure
inter-domain routing protocol, or any protocol, to me.
By the way, given that you have published a ROA aithorizing your
origin AS to advertise the prefix, I suspect that this has created
some further vulnerabilities that a BOA would not create. What
happens if I use this ROA you've created to hijack with your prefix
by prepending your origin AS to my AS? Can a third party detect that
this is a hijack of your prefix from the origination information and
the ROA? I do not think so.
I'm not sure what the point is here, per BOAs, as currently
specified under the SIDR charter and your previous comment on
this specific issue, provide no such protections either.
Professing it as otherwise is misleading.
That's your _assumption_ of the sematics of a ROA. What reference
material or working group draft can you cite for semantic
interpretation of a ROA? draft-ieft-sidr-roa-validation? I don't
think so.
Yeah, I think we prolly need to revisit that as well.
The point of hte BOA draft it that it challenges this assumption by
taking the position that such route aorigination authorities are
explicitly scoped to the authority described in the object, without
the implicit inclusion of any other authority or denial.
AS referred to earlier, here's the list of today's bogon AS numbers,
just in case you thought that this is a non-problem:
Right, so let's automate publication of those BOAs so that
routers can be configured to drop them tomorrow, instead of
only accepting those ASNs or any bogon or hijacked prefixes
from legit sources. And then tomorrow we can deal with the
previous 24 hours of "Bogons - whatever that entails", all
the while the prior set of bogons are half gone but all the
objects remain for security reasons, and all of this gets
really interesting during large route leaks, and possibly even
result in a DOS themselves, and operators can't even pick up
legit objects because there are some many BOAs. And don't
forget that the state of those BOAs change daily, and perhaps
may of those were legit but I "missed picking it up by seconds".
Seems way inefficient to me...
-danny
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
