[175829] in North American Network Operators' Group
Re: BGP Security Research Question
daemon@ATHENA.MIT.EDU (Sandra Murphy)
Tue Nov 4 08:35:01 2014
X-Original-To: nanog@nanog.org
From: Sandra Murphy <sandy@tislabs.com>
In-Reply-To: <5458CDFD.90708@foobar.org>
Date: Tue, 4 Nov 2014 08:34:52 -0500
To: Nick Hilliard <nick@foobar.org>
Cc: nanog@nanog.org, Sandra Murphy <sandy@tislabs.com>
Errors-To: nanog-bounces@nanog.org
--Apple-Mail=_05F6F878-C9BB-4E5E-B533-A274B8DF3F1A
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=windows-1252
On Nov 4, 2014, at 8:00 AM, Nick Hilliard <nick@foobar.org> wrote:
> On 04/11/2014 12:38, sthaug@nethelp.no wrote:
>> These mechanisms do little or nothing to protect against unauthorized
>> origination of routing information. There are plenty of examples =
which
>> say it has *not* been enough, see for instance the Pakistan Telecom -
>> Youtube incident in 2008.
>=20
> mis-origination and related problems are all policy problems rather =
than
> technical transport issues. Policy implies human input at some stage =
along
> the chain, so probably the only way we'll ever see the end of =
unintended
> prefix leaks is to completely eliminate human input in all aspects of
> routing policy management.
>=20
> Nick
I see a distinction between policy and authorization.
Policy is something the ISP decides for themselves - "I make my own =
routing policy as to what is my best path".
BGP was created to make it possible for operators to have that policy =
decision.
Authorization is something else.
Prefix holders want to say "I authorize the origination of this prefix". =
Operators can decide to enforce that authorization in their policy or =
not, but at least the prefix holder gets to make the determination of =
what is authorized. (See IRR route objects, RPKI ROAs)
There are those who call route leaks an authorization problem. [[[I =
think.]]]] They want to be able to say "I authorize my neighbor to =
propagate this announcement with the following constraints (no peers, no =
transit, customers only, etc)." [[[I think.]]] Again, operators could =
decide to enforce that authorization in their policy or not, but those =
wanting to stop route leaks want to make the determination of what is =
authorized.
Policy is local.
Authorization is global. (And so it relies on global access to a =
statement of the authorization, aye, there's the rub.)
--Sandy
--Apple-Mail=_05F6F878-C9BB-4E5E-B533-A274B8DF3F1A
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename=signature.asc
Content-Type: application/pgp-signature;
name=signature.asc
Content-Description: Message signed with OpenPGP using GPGMail
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJUWNX8AAoJEHplpQeet0IZgcYP/insg5WVXU8bMvc7QDaLyfN0
2S4oawQaaiI4+qQdpPLnMtrn3XKxdGVR/8eyFzolOJTFr7VmLt8j4bP0EOH4PVqs
F8y0r/yeb6/YRetMtrAjknU/jJLPIVXDUvM9M5QeVSzZzxMnIqpKZb2oWyRCn3gW
cvmuVO5DwRdD4Jyzq8zQgNDqhaCT+DLp+W/Bbmx9cQBnsLdCUSofxqmb0+caJnBo
AxOLX6kvZUCJalUpgb9ARuG1qDObQfjKVdpgyr5Qjwx7+bAeO00ygUokftdi+X05
uv/a4urO5/QX7YlbdzgniXY20jM0OJjlYcVeaqwyG2UJgsGfxs69JQn2HiAvcakc
jDp6xiIDZE3AjETXycpHafczdy+KpARd1F7KBriYEZ9tDE7HfqgnVR/6ATfFgRSJ
ude4+Qg/DSJ+YvfDsfBTkuHXzIZsfQnwPU599bjvW4NbuspF0+lixRrZfmO2JFFs
Nn0jLNwoOncv0FZfbO8uuefMXnY09cGWltF3h/RocvmpF28UUvOxK9wetwkgqv2k
VrMv48pcxKobYRp04gmScOBKyTTXa/EgYwBKFzehmC/NssqCu4yOcs2Py2+NRx3/
kuqF1afklp/vaQCX+WO9VkrPG20IxWtaI/eNB9JIZF2k7zSkWiSk9ENI4vhCmtUq
2hydGJRrgc7HEqxge5XP
=rViN
-----END PGP SIGNATURE-----
--Apple-Mail=_05F6F878-C9BB-4E5E-B533-A274B8DF3F1A--
