On Wed, Nov 16, 2011 at 12:29 AM, Brian Dickson <[email protected]> wrote: > Understanding the "real" threats, and worked, real-world examples, is > important. > > I cannot believe anyone in this WG would be ignorant of things like this: > > http://www.defcon.org/images/defcon-16/dc16-presentations/defcon-16-pilosov-kapela.pdf
this is referred to several times in Stephen Kent's presentations actually, and in Randy's presentations to RIR/etc folk. > Does this illustrate the importance of not only validating origins, > but also only using signed prefixes if you are participating in > BGPsec? sure, but if your customer forgets to pay a bill, calls you up and (post proper 'this is the customer' authentication) says: "Hey, srsly, I forgot, checks in the mail to ARIN, can you accept our route pls?" you may be willing to do same, you may also be willing to do this in the case of internal services routes that you don't actually want externally visible. > And the importance of minimizing or eliminating the ability of someone > currently off-axis, from becoming on-axis? sure, see referenced slides from Kent. (and bgpsec as spec'd would squish pilosov/kapella) > Preferably eliminating exploitation of lack of proper trust boundaries > WRT leakage (reannouncement permissions)? re-announcement is 'harder' since it's not clear if NTT is supposed to be passing cogent aol's routes or not, is it? > (It is difficult to change from off-axis to on-axis without "leaking" > - the only time "leaking" isn't strictly required, is when already > on-axis.) > > Jakob, please view the whole presentation above. It was more than 3 > years ago... You should have heard of it by now. hopefully everyone's read it :) -chris _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
