Opened 10 years ago

Closed 9 years ago

#69 closed technical (fixed)

Inadequate solution for ETR overclaims (from Y. Rekhter's review)

Reported by: luigi@… Owned by:
Priority: major Component: draft-ietf-lisp
Severity: - Keywords:
Cc:

Description (last modified by luigi@…)

This is Comment 25 of Rekhter's review

Section 6.1.5.1

This section correctly identifies an attack where an ETR overclaims,
saying that it owns a larger span of prefixes than it really does. The
proposed solutions seem inadequate; in particular, the limiting the
mask-length that you'll accept from a given ETR seems weak. I.e., how
could an ITR determine a "configured prefix length" for a given EID
prefix?

This is a serious deficiency. It is somewhat analogous to the weakness
of the BGP routing system, except that it is much less amenable to
auditing than BGP (since the mapping data is only presented on demand,
an auditor can't simply get a feed) and there are many more machines
playing than in the BGP system.

Change History (4)

comment:1 Changed 10 years ago by luigi@…

  • Priority changed from minor to major

comment:2 Changed 10 years ago by luigi@…

  • Description modified (diff)

comment:3 Changed 9 years ago by jmh@…

  • Resolution set to fixed
  • Status changed from new to resolved

See the resolution of ticket #27 for the plans to address this issue in the future.

comment:4 Changed 9 years ago by luigi@…

  • Status changed from resolved to closed
Note: See TracTickets for help on using tickets.