[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Routing Insecurity (Re: BGP in the Washington Post)

Subject: Routing Insecurity (Re: BGP in the Washington Post)
From: russw at riw.us (Russ White)
Date: Wed, 10 Jun 2015 09:44:14 -0400
In-reply-to: <m2si9zofl0.wl%[email protected]>
References: <17689457.2434.1433171075960.JavaMail.mhammett@ThunderFuck> <[email protected]> <CAD6AjGQWs-aKD8axgiRyaYXPB564MswKZsuaOUhjUn--KJXuUg@mail.gmail.com> <[email protected]> <[email protected]> <[email protected]> <CAGvYMCrvPEBXv+P0no3DZ+uKBuvObemz=b0EfaR7=M9xxva82w@mail.gmail.com> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <m2381zpxvf.wl%[email protected]> <[email protected]> <m2si9zofl0.wl%[email protected]>

> folk have different threat models.  yours (and mine) may be propagation of
> router compromise.  for others, it might be a subtle increase in
disclosure of
> router links.  contrary to your original assertion, the protocol supports
both.

The increased disclosure is not "subtle." The alternate -- deploying a new
key to every eBGP speaker in your network while the security of all your
routes is compromised, isn't so "subtle" either. It's a bad tradeoff in
either direction -- typical of solutions that ask the wrong questions in the
first place.

Russ

References:
- Routing Insecurity (Re: BGP in the Washington Post)
  - From: nanog at ics-il.net (Mike Hammett)
- Routing Insecurity (Re: BGP in the Washington Post)
  - From: mark.tinka at seacom.mu (Mark Tinka)
- Routing Insecurity (Re: BGP in the Washington Post)
  - From: cb.list6 at gmail.com (Ca By)
- Routing Insecurity (Re: BGP in the Washington Post)
  - From: marka at isc.org (Mark Andrews)
- Routing Insecurity (Re: BGP in the Washington Post)
  - From: rdobbins at arbor.net (Roland Dobbins)
- Routing Insecurity (Re: BGP in the Washington Post)
  - From: dwcarder at wisc.edu (Dale W. Carder)
- Routing Insecurity (Re: BGP in the Washington Post)
  - From: ethan at cs.washington.edu (Ethan Katz-Bassett)
- Routing Insecurity (Re: BGP in the Washington Post)
  - From: rdobbins at arbor.net (Roland Dobbins)
- Routing Insecurity (Re: BGP in the Washington Post)
  - From: david at mandelberg.org (David Mandelberg)
- Routing Insecurity (Re: BGP in the Washington Post)
  - From: rdobbins at arbor.net (Roland Dobbins)
- Routing Insecurity (Re: BGP in the Washington Post)
  - From: david at mandelberg.org (David Mandelberg)
- Routing Insecurity (Re: BGP in the Washington Post)
  - From: russw at riw.us (Russ White)
- Routing Insecurity (Re: BGP in the Washington Post)
  - From: randy at psg.com (Randy Bush)
- Routing Insecurity (Re: BGP in the Washington Post)
  - From: russw at riw.us (Russ White)
- Routing Insecurity (Re: BGP in the Washington Post)
  - From: randy at psg.com (Randy Bush)

Prev by Date: Routing Insecurity (Re: BGP in the Washington Post)
Next by Date: OT Fiber contractors?
Previous by thread: Routing Insecurity (Re: BGP in the Washington Post)
Next by thread: Routing Insecurity (Re: BGP in the Washington Post)
Index(es):
- Date
- Thread