At 1:06 PM -0500 2/18/11, Russ White wrote:
...
Let me ask you something --does IPsec try to verify the path the packet
takes, or the contents of the packet? If the right solution for IPsec is
to validate the content of the packet, then why is the right solution
for BGP to verify the path of the packet?
:-)
Russ
Russ,
IPsec provides end-to-end secruity services (confidentiality, integrity,
data origin authentication, and optional anti-replay) between peers.
It need not worry about the path taken by the traffic that is
protected by IPsec. The security semantics for IPsec-protected
traffic are purely end-to-end. IPsec attempts to provide security
consistent with an agreed-upon notion of what IP traffic should
expect in a benign environment (e.g., no passive or active
wiretapping), plus a recognition of real world limitations (e.g.,
variable delays happen, packets are dropped or reordered, etc.).
IPsec is not an appropriate analogy for the BGP security context. In
BGP the recipient of an update is allowed to transform it in certain
ways, and to pass it on to other routers (at its discretion). It is
not an end-to-end security model of the sort that IPsec embodies.
It seems that we have a major disagreement over what constitutes the
semantics of routing security relative to a benign environment. You
stated that
"... the "semantic of BGP" has never been that the AS Path is used
for anything other than determining if the path is loop free."
That assertion seems to ignore the fact that routing decisions often
take into account path length. Are you saying that such decisions are
not part of the semantics of BGP, as interpreted by most ASes?
Steve
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
