ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Last Call: <draft-ietf-sidr-bgpsec-threats-06.txt> (Threat Model for BGP Path Security) to Informational RFC

2013-09-19 16:24:07
from [Danny McPherson] [Permanent Link] 

I read this draft and tried to participate in shaping into something I as an 
operator believe useful in SIDR WG, but to no avail -- IMO because the protocol 
work, and then the requirements work, were largely completed already.  I 
believe this approach will cause more harm than good and result in more 
instability than security, and it leaves some considerable holes with which I 
am actually concerned about related to inter-domain routing security (and 
autonomy) on the Internet.   As such, myself and some other operators published 
this document, which has since been accepted and evolved as a WG document 
within the Global Routing Operations WG (GROW):

http://tools.ietf.org/html/draft-ietf-grow-simple-leak-attack-bgpsec-no-help-02
 
I've given up on SIDR, I wish them well….

-danny


On Sep 9, 2013, at 6:26 PM, The IESG <iesg-secretary(_at_)ietf(_dot_)org> wrote:



The IESG has received a request from the Secure Inter-Domain Routing WG
(sidr) to consider the following document:
- 'Threat Model for BGP Path Security'
 <draft-ietf-sidr-bgpsec-threats-06.txt> as Informational RFC

The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive comments to the
ietf(_at_)ietf(_dot_)org mailing lists by 2013-09-23. Exceptionally, comments 
may be
sent to iesg(_at_)ietf(_dot_)org instead. In either case, please retain the
beginning of the Subject line to allow automated sorting.

Abstract


  This document describes a threat model for the context in which
  (E)BGP path security mechanisms will be developed.  The threat model
  includes an analysis of the RPKI, and focuses on the ability of an AS
  to verify the authenticity of the AS path info received in a BGP
  update.  We use the term PATHSEC to refer to any BGP path security
  technology that makes use of the RPKI.  PATHSEC will secure BGP
  [RFC4271], consistent with the inter-AS security focus of the RPKI
  [RFC6480].

  The document characterizes classes of potential adversaries that are
  considered to be threats, and examines classes of attacks that might
  be launched against PATHSEC.  It does not revisit attacks against
  unprotected BGP, as that topic has already been addressed in
  [RFC4271].  It concludes with brief discussion of residual
  vulnerabilities.




The file can be obtained via
http://datatracker.ietf.org/doc/draft-ietf-sidr-bgpsec-threats/

IESG discussion can be tracked via
http://datatracker.ietf.org/doc/draft-ietf-sidr-bgpsec-threats/ballot/


No IPR declarations have been submitted directly on this I-D.

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: ORCID - unique identifiers for contributors, John Levine
Next by Date:  RE: Last Call: <draft-ietf-sidr-bgpsec-threats-06.txt> (Threat Model for BGP Path Security) to Informational RFC, Russ White
Previous by Thread:  Transparency in Specifications and PRISM-class attacks, Phillip Hallam-Baker
Next by Thread:  RE: Last Call: <draft-ietf-sidr-bgpsec-threats-06.txt> (Threat Model for BGP Path Security) to Informational RFC, Russ White
Indexes:  [Date] [Thread] [Top] [All Lists]