Sorry for the ambiguity. I mean defending against attacks such as "removing an AS from the path". I.e. suppose the path is <AS1 AS2 AS2 AS3>, then we need pCNT to avoid AS3 to announce a shorter path <AS1 AS2 AS3>, by remove one of AS2.
R. _____________________________________________________ Yang Xiang, PhD student, Tsinghua Univ., about.me/xiangyang 2011/7/28 Montgomery, Douglas <[email protected]> > Did your comment mean complete "AS removal" ... or defending against > adding/removing pre-pends. > > dougm > > Doug Montgomery - Manager Internet and Scalable Systems Research Group / > Information Technology Laboratory / NIST > ________________________________________ > From: [email protected] [[email protected]] On Behalf Of XIANG > Yang [[email protected]] > Sent: Thursday, July 28, 2011 11:11 AM > Cc: sidr wg list > Subject: Re: [sidr] pCNT & prepending > > +1 support. > It's import to defend "AS removal" attack. > _____________________________________________________ > Yang Xiang, PhD student, Tsinghua Univ., about.me/xiangyang< > http://about.me/xiangyang> > > > > 2011/7/28 Danny McPherson <[email protected]<mailto:[email protected]>> > > Doug et al, > I like the general objective of pCNT and this seems a good idea to me. My > only comment at the microphone was that if we add this for compression, then > validation should require that pCNT MUST be equal to the number of > _contiguous ASx appearances in the path (i.e., no more, no less, and only > contiguous). > > I do wonder if pCNT=0 for transparent route servers introduces the > opportunity for some sort of downgrade attack of sorts.. > > -danny > _______________________________________________ > sidr mailing list > [email protected]<mailto:[email protected]> > https://www.ietf.org/mailman/listinfo/sidr > > _______________________________________________ > sidr mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/sidr >
_______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
