Re: That pesky AS path corruption bug...
On Tue, 23 May 2000, Jeff Haas wrote:
The only valid defense against such mucking that I can think of is verifying AS adjacencies against some registry and flagging unknown paths. This is not a cheap thing to do. This, however, is far saner than cryptographically signing all routing updates which is one solution I've heard proposed. :-P
You can cryptographically sign bad information as well as good information. Cryptography is good for detecting alterations, not if the information was correct in the first place.
On 23 May 2000, Sean Donelan wrote:
On Tue, 23 May 2000, Jeff Haas wrote:
The only valid defense against such mucking that I can think of is verifying AS adjacencies against some registry and flagging unknown paths. This is not a cheap thing to do. This, however, is far saner than cryptographically signing all routing updates which is one solution I've heard proposed. :-P
You can cryptographically sign bad information as well as good information. Cryptography is good for detecting alterations, not if the information was correct in the first place.
Ahhh... But, if the router is sufficiently confused to be screwing up the update, it will quite possibly be too confused to successfully sign the update and it will fail authentication when the peer receives it. --- John Fraizer EnterZone, Inc
On Wed, May 24, 2000, John Fraizer wrote:
On 23 May 2000, Sean Donelan wrote:
On Tue, 23 May 2000, Jeff Haas wrote:
The only valid defense against such mucking that I can think of is verifying AS adjacencies against some registry and flagging unknown paths. This is not a cheap thing to do. This, however, is far saner than cryptographically signing all routing updates which is one solution I've heard proposed. :-P
You can cryptographically sign bad information as well as good information. Cryptography is good for detecting alterations, not if the information was correct in the first place.
Ahhh... But, if the router is sufficiently confused to be screwing up the update, it will quite possibly be too confused to successfully sign the update and it will fail authentication when the peer receives it.
Assuming that because the router is partially broken ensures its fully broken will come back and bite you very very hard. :) Cryptographically signing here ensures someone isn't going to tamper with your route announcements in transit. When script kiddies have the technology to splice fibre cabes in their backyard and sniff/replace data at line speed, I'm sure they will have more fun things to do than mess with your BGP session. Adrian -- Adrian Chadd Build a man a fire, and he's warm for the <adrian@creative.net.au> rest of the evening. Set a man on fire and he's warm for the rest of his life.
participants (3)
-
Adrian Chadd
-
John Fraizer
-
Sean Donelan