[150451] in North American Network Operators' Group
Re: do not filter your customers
daemon@ATHENA.MIT.EDU (Steven Bellovin)
Fri Feb 24 13:11:34 2012
From: Steven Bellovin <smb@cs.columbia.edu>
In-Reply-To: <9EC6688B-9D77-4512-8718-D872D0CEB0CB@tcb.net>
Date: Fri, 24 Feb 2012 13:10:23 -0500
To: Danny McPherson <danny@tcb.net>
Cc: North American Network Operators' Group <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Feb 24, 2012, at 7:46 40AM, Danny McPherson wrote:
>
> On Feb 23, 2012, at 10:42 PM, Randy Bush wrote:
>
>> the problem is that you have yet to rigorously define it and how to
>> unambiguously and rigorously detect it. lack of that will prevent
>> anyone from helping you prevent it.
>
> You referred to this incident as a "leak" in your message:
>
> "a customer leaked a full table"
>
> I was simply agreeing with you -- i.e., looked like a "leak", smelled
> like a "leak" - let's call it a leak.
>
> I'm optimistic that all the good folks focusing on this in their day
> jobs, and expressly funded and resourced to do so, will eventually
> recognize what I'm calling "leaks" is part of the routing security
> problem.
>
Sure; I don't disagree, and I don't think that Randy does. But just
because we can't solve the whole problem, does that mean we shouldn't
solve any of it?
As Randy said, we can't even try for a strong technical solution
until we have a definition that's better than "I know it when I see it".
--Steve Bellovin, https://www.cs.columbia.edu/~smb
