[53160] in North American Network Operators' Group
Re: BGP security in practice
daemon@ATHENA.MIT.EDU (Eric Anderson)
Mon Nov 4 13:59:54 2002
Date: Mon, 4 Nov 2002 10:59:18 -0800
From: Eric Anderson <anderson@cs.uoregon.edu>
To: nanog@merit.edu
Cc: alex@yuriev.com
In-Reply-To: <Pine.LNX.4.10.10211041317480.25326-100000@s1.yuriev.com>
Errors-To: owner-nanog-outgoing@merit.edu
Yes, but... A protocol in which principal A's misconfiguration can
seriously harm principle B is more broken than one in which it
cannot. That's why the protocol for crossing a busy street includes
"In addition to the light status, look for actual moving vehicles."
That way, you don't get run over by someone else's misconfiguration.
Time for a new metaphor, methinks.
-
Eric Anderson
Thus spake alex@yuriev.com (alex@yuriev.com):
>
> Every protocol is vulnerable if the principals are mis-configured (i.e. do not
> follow the protocol).
>
> The protocol for crossing a busy street at the light involves checking for
> the green light before crossing the street. A mis-configured principal checks
> the light, ignores red or yellow, and immediately crosses. Does it mean that
> the protocol is broken or does it mean that a principal is broken?
> P.S. In this specific case I am strictly looking at "misconfiguration causes
> problems" implies brokenness of the protocol.
