1) BGP Security Concerns
The primary security concern that needs to be addressed is the
incentive to hijack legitimate IP address blocks via BGP spoofing.
Is this the same IP spoofing issue being addressed in the end of this
message:
http://www1.ietf.org/mail-archive/working-groups/asrg/current/
msg08549.html
No. A BGP level attack is an attack on the Internet backbone, I simply
inject
fake routes into the system. BGP does not have much of an authentication
model
and that which it does have is not very good.
So far the only proposal to fix this is not at all credible. It would
require
new software on all the backbone routers at a minimum (not going to happen)
and it would probably require replacement in many cases.
2) DNS Security Concerns
The DNS statement is incorrect. The DNS does have security, it just
is not very good and it is not cryptographically based.
Doesn't this cover this:
"2.3.2 Increased incentive for DNS cracks
LMAP will also have the effect of increasing the incentives
for spammers to crack and subvert DNS servers (in order to
spoof receivers doing LMAP checks against the DNS database).
I was referring to Levine's Yet Another RMX Specification, (YARS/FSV)
rather than the requirements paper.
At this point it is very clear that LMAP is not going to happen as
a new spec. Introducing the acronym is unhelpful as it suggests
that there is an uncertainty there and a new proposal on the table,
this is not the case at this point.
YARS is even less helpful. At this point the issue is a straight
standards fight between SPF and CallerID in the IP auth area.
Nothing else has acquired significant momentum or backing.
I do not see any statement in YARS that specifies what is wrong with
the other proposals that creates the need for a new scheme that does
what is already done.
Phill
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg