[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Do Not Complicate Routing Security with Voodoo Economics

Subject: Do Not Complicate Routing Security with Voodoo Economics
From: ms7 at CS.Princeton.EDU (Michael Schapira)
Date: Mon, 05 Sep 2011 10:25:50 -0400 (EDT)
In-reply-to: <f4d7e84a-6b20-44f5-9f4b-ff191344ed0b@suckerpunch-mbx-0.CS.Princeton.EDU>

On Sep 5, 2011, at 11:55 AM, Dobbins, Roland wrote:

> The idea of origin validation is a simple one.  The idea of path validation isn't to determine the 'correctness' or 'desirability' of a
> particular AS-path, but rather to determine the *validity* (or at least the *feasability*) of a given AS-path.

Sorry, I was misunderstood. To clarify, I was referring only to our work (http://www.cs.utoronto.ca/~phillipa/sbgpTrans.html), where security does play a small role in the route selection process (after LocalPref and AS-PATH length), and not to the BGPsec spec. The reason why we assume that security affects the route selection process is because otherwise, even an AS that deploys S*BGP, remains vulnerable to attacks. To see why, take a look at slides 10-13 of our NANOG presentation (http://www.cs.bu.edu/~goldbe/papers/Goldberg-TransitionToSBGP-NANOG.pdf, video available at http://www.cs.utoronto.ca/~phillipa/sbgpTrans.html). The basic idea is: if an AS prefers short paths over secure paths they'll be just as vulnerable to path-shortening attacks with and without S*BGP.

Prev by Date: Do Not Complicate Routing Security with Voodoo Economics
Next by Date: Preferring peers over customers [was: Do Not Complicate Routing Security with Voodoo Economics]
Previous by thread: Do Not Complicate Routing Security with Voodoo Economics
Next by thread: anyone from netnames / ascio on list?
Index(es):
- Date
- Thread