On Sun, Nov 16, 2014 at 7:13 PM, Randy Bush <[email protected]> wrote: >> Per discussion during IDR/SIDR meeting Friday, there may need to be >> some text in the security considerations around the attack vector of >> sending many updates with long (but valid) AS_Paths > > could you please describe how an attacker can send many long bgpsec > paths? how are these long paths signed? >
I'm not Wes, but I could imagine an attacker who has 2 ASNs making a path that looks like: 192.0.2.0/24 174 3561 17 42 17 42 17 42 .... 17 42 17 42 701 Seems like it would be a lot of work for very little fun, but that's what I'd understood the question to be. W > randy > > _______________________________________________ > sidr mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/sidr -- I don't think the execution is relevant when it was obviously a bad idea in the first place. This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants. ---maf _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
