---- Original Message -----
From: "Joel M. Halpern" <[email protected]>
To: "Randy Bush" <[email protected]>
Cc: "t.petch" <[email protected]>; <[email protected]>
Sent: Wednesday, March 02, 2011 11:25 PM
> Unfortunately, that change shifts things just enough to miss an
> important part of what I was hoping to achieve.
> While it is true that we can not know why anyone does anything, the
> reason we care about it is that certain kinds of path falsification can
> result in traffic being lured to places that any reasonable model of
> authorization (not necessarily just the strict mathematical sense, but
> the more general operational sense) says it aught not go.
>
> The purpose of the whole exchange was to try to get a motivation into
> the picture, rather than just another assertion that we want to protect
> the AS path. There is no need for new text just saying "we are
> protecting the AS path because we are protecting the AS path."
I am easy about motivation, whether it is there or not; I wanted to
be clear about scope, AS_Path or everything in the advertisement
which the modified wording is.
I like Donald's addition so while I am content with what is suggested
below, I would also go for
" A BGPsec design MUST allow the receiver of an announcement to
detect that one or more routers have modified
the AS_Path in a way that they are not authorised to do ... "
Leaving Joel to add something like
" ...with the objective of causing traffic to be misdirected.
And yes, I do think it is worth spending a few days on being
clear in our words, as opposed to our thoughts:-)
Tom Petch
> Yours,
> Joel
>
> On 3/2/2011 4:59 PM, Randy Bush wrote:
> >> i could make it something like
> >>
> >> 3.1 A BGPsec design MUST allow the receiver of an announcement to
> >> detect that one or more ASes have manipulated the AS-Path in an
> >> attempt to lure the receiver into sending traffic to an incorrect
> >> next hop.
> >
> > in a private email, a friend pointed out that we neither know nor do we
> > care why charlene falsified the path. the point is that we must be able
> > to detect that she did.
> >
> > so the wording i think i'll go with is
> >
> > 3.1 A BGPsec design MUST allow the receiver of an announcement to
> > detect that one or more routers have falsified the AS-Path.
> >
> > last chance for word-diddling.
> >
> > randy
> >
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
