On Feb 24, 2012, at 7:46 40AM, Danny McPherson wrote:
On Feb 23, 2012, at 10:42 PM, Randy Bush wrote:
the problem is that you have yet to rigorously define it and how to unambiguously and rigorously detect it. lack of that will prevent anyone from helping you prevent it.
You referred to this incident as a "leak" in your message:
"a customer leaked a full table"
I was simply agreeing with you -- i.e., looked like a "leak", smelled like a "leak" - let's call it a leak.
I'm optimistic that all the good folks focusing on this in their day jobs, and expressly funded and resourced to do so, will eventually recognize what I'm calling "leaks" is part of the routing security problem.
Sure; I don't disagree, and I don't think that Randy does. But just because we can't solve the whole problem, does that mean we shouldn't solve any of it? As Randy said, we can't even try for a strong technical solution until we have a definition that's better than "I know it when I see it". --Steve Bellovin, https://www.cs.columbia.edu/~smb