To make the route leak problem tractable, we need a definition. Here is my attempt:
If a destination AS, D originates a route and announces it to provider P1, and P1 agrees to provide connectivity to D, then D trusts P1 to do the right thing with the route. If P1 has further contracted provider P2 to provide it with connectivity, then it trusts P2 to do the right thing with the routes it originates. By extension, D also trusts P2. This chain may continue. It may also branch. The result is a set of ASs that D trusts to do the right thing with the routes it originates. A source AS, S similarly has a set of ASs it trusts to do the right thing with its routes. When S sends a packet to D, that packet should traverse only ASs that S trusts OR that D trusts. If the packet traverses an AS that NEITHER S NOR D trusts, then a route leak has occurred. When a route announcement leaves the set of ASs trusted by its originator, Brian's "transit" bit turns off. -- Jakob Heitz. > -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf > Of Danny McPherson > Sent: Wednesday, November 16, 2011 8:23 PM > To: sidr wg list > Subject: [sidr] Route Leaks and BGP Security > > > Team, > I've updated this draft based on some feedback received already. > Given the discussion at the WG session, and the list discussion as > of late, I'd like to ask that it become a WG item and used to inform > the BGP Threat Model document -- particularly with regards to what's > an acceptable residual risk and what is not. Once that's > comprehensive it can be used to inform secure routing requirements > documents in the working group, and then we can begin assessing the > feasibility of reducing various risks. > > <http://tools.ietf.org/html/draft-foo-sidr-simple-leak-attack- > bgpsec-no-help-01> > > Thanks! > > -danny > > > Begin forwarded message: > > > From: [email protected] > > Date: November 16, 2011 11:01:24 PM EST > > To: [email protected] > > Subject: I-D Action: > > draft-foo-sidr-simple-leak-attack-bgpsec-no-help-01.txt > > Reply-To: [email protected] > > > > > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > > > > Title : Route Leak Attacks Against BGPSEC > > Author(s) : Danny McPherson > > Shane Amante > > Filename : draft-foo-sidr-simple-leak-attack-bgpsec- > no-help-01.txt > > Pages : 5 > > Date : 2011-11-16 > > > > This document describes a very simple attack vector that > illustrates > > how RPKI-enabled BGPSEC machinery as currently defined can be > easily > > circumvented in order to launch a Man In The Middle (MITM) > attack via > > BGP. It is meant to serve as input to the IETF's Secure Inter- > Domain > > Routing working group during routing security requirements > > discussions and subsequent specification. > > > > > > A URL for this Internet-Draft is: > > http://www.ietf.org/internet-drafts/draft-foo-sidr-simple-leak- > attack- > > bgpsec-no-help-01.txt > > > > Internet-Drafts are also available by anonymous FTP at: > > ftp://ftp.ietf.org/internet-drafts/ > > > > This Internet-Draft can be retrieved at: > > ftp://ftp.ietf.org/internet-drafts/draft-foo-sidr-simple-leak- > attack-b > > gpsec-no-help-01.txt > > > > _______________________________________________ > > I-D-Announce mailing list > > [email protected] > > https://www.ietf.org/mailman/listinfo/i-d-announce > > Internet-Draft directories: http://www.ietf.org/shadow.html or > > ftp://ftp.ietf.org/ietf/1shadow-sites.txt > > _______________________________________________ > sidr mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/sidr _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
