nanog mailing list archives

Re: Routing Insecurity (Re: BGP in the Washington Post)

From: Sandra Murphy <sandy () tislabs com>
Date: Wed, 10 Jun 2015 11:46:15 -0400


On Jun 10, 2015, at 7:51 AM, "Russ White" <russw () riw us> wrote:


I'm not saying BGPSEC a bad solution for the questions asked -- I'm saying it's is too heavyweight given the 
tradeoffs, and that we probably started with the wrong questions in the first place.

What's needed is to spend some time thinking about what questions really need to be answered, the lowest cost way to 
answer those questions, and a complete examination of the tradeoffs involved. Is "what path did this update travel," 
or "are the BGP semantics being properly followed," really questions that want asking? Or are there other, more 
pertinent questions available?


Not liking the solution is not a reason to abandon the problem.  This sounds like "I don't like eating right and 
exercising, so keeping my weight under control is the wrong question"

All protocols rely on certain assumptions of what the fields mean - when you send them and when you receive them.  
Analyzing a protocol for vulnerabilities starts with identifying what happens if those assumptions are broken.  (Like 
the assumption in IP that the source address is the node that sent the packet - spoofing breaks that assumption.)  
Breaking the semantics creates attacks.

--Sandy

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

Current thread:

Re: Routing Insecurity (Re: BGP in the Washington Post), (continued)
- - - Re: Routing Insecurity (Re: BGP in the Washington Post) Valdis . Kletnieks (Jun 09)
    - RE: Routing Insecurity (Re: BGP in the Washington Post) Russ White (Jun 10)
    - Re: Routing Insecurity (Re: BGP in the Washington Post) Randy Bush (Jun 10)
    - RE: Routing Insecurity (Re: BGP in the Washington Post) Russ White (Jun 10)
    - Re: Routing Insecurity (Re: BGP in the Washington Post) Randy Bush (Jun 10)
    - RE: Routing Insecurity (Re: BGP in the Washington Post) Russ White (Jun 10)
    - Re: Routing Insecurity (Re: BGP in the Washington Post) Sandra Murphy (Jun 10)
    - RE: Routing Insecurity (Re: BGP in the Washington Post) Russ White (Jun 11)
    - RE: Routing Insecurity (Re: BGP in the Washington Post) David Mandelberg (Jun 11)
    - Re: Routing Insecurity (Re: BGP in the Washington Post) Christopher Morrow (Jun 11)
    - Re: Routing Insecurity (Re: BGP in the Washington Post) Sandra Murphy (Jun 10)
    - RE: Routing Insecurity (Re: BGP in the Washington Post) Russ White (Jun 11)
    - Re: Routing Insecurity (Re: BGP in the Washington Post) David Mandelberg (Jun 04)
    - Re: Routing Insecurity (Re: BGP in the Washington Post) Mark Andrews (Jun 02)
    - Re: Routing Insecurity (Re: BGP in the Washington Post) Danny McPherson (Jun 03)
    - Re: Routing Insecurity (Re: BGP in the Washington Post) Roland Dobbins (Jun 01)
    - Re: Routing Insecurity (Re: BGP in the Washington Post) Mark Tinka (Jun 01)
- Re: BGP in the Washngton Post Max Tulyev (Jun 01)
  - Re: BGP in the Washngton Post Mark Andrews (Jun 02)
    - Re: BGP in the Washngton Post Randy Bush (Jun 02)
    - Re: BGP in the Washngton Post Saku Ytti (Jun 03)

(Thread continues...)