At 3:04 PM +0200 3/29/12, Shane Amante wrote:
Steve,
Thanks for the response. First, a high-level comment before more
specific responses below.
Shane, sorry to be so late in replying. I think you and Andrew have
already discussed a number of the issues you raised below, so I'll
just make a few, brief comments.
First, as Sriram noted, BGPSEC carries only the secure AS path info,
not the old
As path attribute. So there cannot be a mismatch between the two, and
loop detection should work. Because of the signature requirements, no
bogus ASN's can appear in the secured path, no hops can be stripped,
etc. It's an implementation decision as to whether a router checks
the secured path data before validating the sigs to detect a loop.
One might do this to avoid wasting cycles on crypto.
...
There is text about MITM threat in Section 4.2; however, that seems
to relate to crypto security between two adjacent routers over, say,
a directly connected link. However, what about MITM attacks that
create what appear to be valid BGPSEC_Path_Signature attribute that
would pass verification by downstream parties?
I still do not understand. Unless a MITM has access to the private
keys for the BGP routers in question, it cannot generate sigs that
will validate when checked by downstream parties.'
Steve
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
