o We can not know intent, should Mary have announced the prefix to Bob
Let me point out a fundamental issue here.
Security is, and always has been, about matching intent with reality. If
I lock my doors, there is an implied intent that no-one go into my house
(in band). If I give a neighbor a key, I will give them explicit
instructions as to my intent --"only go in if the dog is barking, or to
feed the dog, or..." (out of band)
You MUST know intent to provide security. Get over it. You can't match
expectations to reality unless you know what the expectations are.
What is the entire security model of the RPKI and origin auth? To ensure
the intent of the RIR in assigning address space is followed, and to
ensure the intent of the owner of that address space is carried out.
You could argue that you're only trying to secure the "semantics of
BGP," which means you're trying to enforce the intent of the BGP
specifications (you can't get away from intent!), but that opens up
another wormhole of problems.
"You can't prove intent" is a red herring.
:-)
Russ
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
