[180778] in North American Network Operators' Group
Re: Routing Insecurity (Re: BGP in the Washington Post)
daemon@ATHENA.MIT.EDU (Sandra Murphy)
Wed Jun 10 11:49:12 2015
X-Original-To: nanog@nanog.org
From: Sandra Murphy <sandy@tislabs.com>
In-Reply-To: <049501d0a373$c3611370$4a233a50$@riw.us>
Date: Wed, 10 Jun 2015 11:46:15 -0400
To: "Russ White" <russw@riw.us>
Cc: 'David Mandelberg' <david@mandelberg.org>, nanog@nanog.org,
Sandra Murphy <sandy@tislabs.com>
Errors-To: nanog-bounces@nanog.org
--Apple-Mail=_BE712111-A2D4-42C1-A661-A4E3084FF1C1
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=us-ascii
On Jun 10, 2015, at 7:51 AM, "Russ White" <russw@riw.us> wrote:
>=20
> I'm not saying BGPSEC a bad solution for the questions asked -- I'm =
saying it's is too heavyweight given the tradeoffs, and that we probably =
started with the wrong questions in the first place.
>=20
> What's needed is to spend some time thinking about what questions =
really need to be answered, the lowest cost way to answer those =
questions, and a complete examination of the tradeoffs involved. Is =
"what path did this update travel," or "are the BGP semantics being =
properly followed," really questions that want asking? Or are there =
other, more pertinent questions available?=20
>=20
Not liking the solution is not a reason to abandon the problem. This =
sounds like "I don't like eating right and exercising, so keeping my =
weight under control is the wrong question"
All protocols rely on certain assumptions of what the fields mean - when =
you send them and when you receive them. Analyzing a protocol for =
vulnerabilities starts with identifying what happens if those =
assumptions are broken. (Like the assumption in IP that the source =
address is the node that sent the packet - spoofing breaks that =
assumption.) Breaking the semantics creates attacks.
--Sandy
--Apple-Mail=_BE712111-A2D4-42C1-A661-A4E3084FF1C1
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename=signature.asc
Content-Type: application/pgp-signature;
name=signature.asc
Content-Description: Message signed with OpenPGP using GPGMail
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJVeFvHAAoJEHplpQeet0IZgY8P/1cw+fMzF35NqqMn5G8yRjWk
T/0rqQpMjPYF74mbvy1ZuPccbxAYloM5Iz5mdou68+CCCu2jlI3PeZTnKdgKqkUg
PjgRibXDmP4nnKxzua3capLGDHN3JYT4EWhJ7prGx8ZrEGfTqqOhV+4r6vPS99pj
HWpQBGw7OokOY4a2bnV5GnUWoxVPkVQ/QSIhff82HsEbQvUCS1hb+Gq4H0Kq/3Z+
mzEuhgzMZT/SLmhoRcFhFsTqEXxXQWQLcyjsOT9aEkcxI09Sx++lel1qpn/0ioHn
YzdGY7c9r9Oxt92UcXcZqC2njBz3ny991dD+89v0/Nx40xXl6WI2JrJ6JfEFlvM7
LhyMiwConRRIMhEg5tOZqK/pOt8iERPTZv7iXK3mn5sIJp3v2vFdnxtl4pdkrYee
JYaSpaFNrIE/9hJd01XBya6dbB9Zc8Ob1P6jGsLPZ0ej3aE9R4XbYiK5t7phg+ar
a56FaKaNCIrTTCTNwIkJKReYjTEMZOShWF2z9i45LLSiYw2uXWNb2VOkDpK120mR
84g4iaI8Dx2PG6+aL8MKY/DGsvWeV1CNYNghBvv9xROmq8YGogUhpXGy4c9l0RJV
yw6cPR4LR6cAuS4LEvlYVaEk3dhfik+dAwrq5scU1IgzJXTyAJ/+wCDgkWXiroHI
SfK54zwCQPr0JFvoFVQu
=ho0p
-----END PGP SIGNATURE-----
--Apple-Mail=_BE712111-A2D4-42C1-A661-A4E3084FF1C1--
