On Aug 9, 2011, at 9:23 PM, George Michaelson wrote: > > You seemed to be saying "some people are saying beacons wont work"
No, that's precisely why I referenced Randy's presentation, if you didn't see it you should have a look at the proceedings... > when you said: "I think Randy successfully convinced me during his talk at > the Quebec City WG session that "beacons" at a frequency of 24 hours (or > anything in the "hours" range) are pretty much useless and add considerable > churn and complexity with little return from a practical attack surface > perspective. " > > So, I am asking, are we removing support for beacons in BGPSEC because we > don't understand their impact on BGPSEC and they add complexity which makes > BGPSEC harder to push uphill. I was contemplating the ROI for a newly designed protocol (bgpsec) and why they were put there in the first place (replay attacks [and more frequent wedgie oscillation :)]) and considering attack surface and practical implications, realizing that from an engineering tradeoff perspective they're quite likely not worth the effort. Hence my broken attempt at a corollary with phishing site lifetime and RIPv1 scaling properties, because I don't have quantitative empirical data handy of routing hijack duration, nor could I possibly predict what it might entail in a bgpsec-enabled world, but I do suspect 24 hours is, umm... quite a while. > Its very probably an unfair question. Thats why I called it the peanut > gallery. If it makes any difference, I think Randy both proposed beacons, and made a compelling case for removing them. -danny _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
