OK so that is a +1 for protecting prepending, not just optimizing Sigs in the presence of prepending.
From: XIANG Yang <[email protected]> Date: Thu, 28 Jul 2011 23:18:22 +0800 To: Doug Montgomery <[email protected]> Cc: sidr wg list <[email protected]> Subject: Re: [sidr] pCNT & prepending > Sorry for the ambiguity. I mean defending against attacks such as "removing an > AS from the path". > I.e. > suppose the path is <AS1 AS2 AS2 AS3>, > then we need pCNT to avoid AS3 to announce a shorter path <AS1 AS2 AS3>, by > remove one of AS2. > > R. > _____________________________________________________ > Yang Xiang, PhD student, Tsinghua Univ., about.me/xiangyang > <http://about.me/xiangyang> > > > > 2011/7/28 Montgomery, Douglas <[email protected]> >> Did your comment mean complete "AS removal" ... or defending against >> adding/removing pre-pends. >> >> dougm >> >> Doug Montgomery - Manager Internet and Scalable Systems Research Group / >> Information Technology Laboratory / NIST >> ________________________________________ >> From: [email protected] [[email protected]] On Behalf Of XIANG Yang >> [[email protected]] >> Sent: Thursday, July 28, 2011 11:11 AM >> Cc: sidr wg list >> Subject: Re: [sidr] pCNT & prepending >> >> +1 support. >> It's import to defend "AS removal" attack. >> _____________________________________________________ >> Yang Xiang, PhD student, Tsinghua Univ., about.me/xiangyang >> <http://about.me/xiangyang> <http://about.me/xiangyang> >> >> >> >> 2011/7/28 Danny McPherson <[email protected]<mailto:[email protected]>> >> >> Doug et al, >> I like the general objective of pCNT and this seems a good idea to me. My >> only comment at the microphone was that if we add this for compression, then >> validation should require that pCNT MUST be equal to the number of >> _contiguous ASx appearances in the path (i.e., no more, no less, and only >> contiguous). >> >> I do wonder if pCNT=0 for transparent route servers introduces the >> opportunity for some sort of downgrade attack of sorts.. >> >> -danny >> _______________________________________________ >> sidr mailing list >> [email protected]<mailto:[email protected]> >> https://www.ietf.org/mailman/listinfo/sidr >> >> _______________________________________________ >> sidr mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/sidr > > _______________________________________________ sidr mailing list > [email protected] https://www.ietf.org/mailman/listinfo/sidr
_______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
