> -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Christopher > Morrow > Sent: Sunday, November 20, 2011 10:06 PM > To: Jakob Heitz > Cc: Danny McPherson; sidr wg list > Subject: Re: [sidr] Route Leaks and BGP Security > > On Mon, Nov 21, 2011 at 12:40 AM, Jakob Heitz > <[email protected]> wrote: > > To make the route leak problem tractable, we need a definition. > > Here is my attempt: > > > > danny's draft actually does a decent job of saying what a leak is > (one instance of a leak at least, which is fine), it just doesn't > say how you'd know that from 2 as-hops away... (today, with out bgp > changes and/or external knowledge about the ASes in the AS-Path) > > <snip> > > > When S sends a packet to D, that packet should traverse only ASs > that > > S trusts OR that D trusts. If the packet traverses an AS that > NEITHER > > S NOR D trusts, then a route leak has occurred. > > how is this 'trust' known? how does it translate down the chain? I > don't trust AS9001 anymore than 4134 than 4366 than 3 ... I do > happen to fling packets through them though :(
You contracted it to provide you connectivity. If it doesn't, it breaks the contract. > > > When a route announcement leaves the set of ASs trusted by its > > originator, Brian's "transit" bit turns off. > > I doubt the originator trusts anyone except itself... and MAYBE it's > transits. > > why mix two topics? :( (also, how does the route know it crossed > this boundary and a bit needs flipping?) When the provider sends it to another customer or another AS that is not contracted to provide connectivity for that route. > > -chris The trust I'm talking about is the trust to provide connectivity, not the trust not to snoop your packets or anything else. _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
