On Nov 4, 2011, at 9:34 PM, Randy Bush wrote:
> o We can not know intent, should Mary have announced the prefix to Bob
>
> o But Joe can formally validate that Mary did announce the prefix to Bob
>
> o Policy on the global Internet changes every 36ms, new customers, new
> peers, circuit moves, ...
>
> o We already have a protocol to distribute policy or its effects, it is
> called BGP
>
> o BGPsec validates that the protocol has not been violated, and is not
> about intent or business policy
o And therefore, BGPsec does not mitigate the leak problem, agreed
o Not mitigating the leak problem could be an unacceptable residual
risk to many looking to better secure BGP, particularly given that it's a
natural evolution to attackers in a world of "BGPSEC/SBGP", and can
happen as a simple matter of misconfiguration, as Jared's leak page
illustrates: http://puck.nether.net/bgp/leakinfo.cgi
o BGPSEC is awfully heavy to not address this fundamental "business
policy" vulnerability
o As for "bits on the wire" solutions, I don't recall seeing that as a hard
requirement, although I will admit that BGPSEC certainly goes a long
way to turn RPKI into "bits on the wire", which has _many implications
o I'm pretty sure I can configure static routes every 36ms with far less
overhead
o By your definition, I'd prefer to solve the "business policy" problem.
-danny
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
