Looking at the security section of the document, in the "no bad data"
portion, you list three "threats":
o Directing legitimate traffic away from a target, causing
a denial-of-service attack by preventing legitimate data
from reaching its destination,
o Directing additional traffic (going to other
destinations which are 'innocent bystanders') to a
target, causing the target to be overloaded, or
o Directing traffic addressed to the target to a place
where the attacker can copy, snoop, alter, or otherwise
affect the traffic.
I understand the first two. I think I am missing the point of the
third. There seem to be two kinds of problems it might be addressing. One
problem is where the snooper could be dropping all the packets, so must be
prevented according to the first bullet. The other problem would be
someone who is forwarding the traffic towards the destination, but snooping
in passing. I do not understand how the routing system could worry about
that. From a routing perspective it looks (I think) indistinguishable from
a legitimate transit provider. The two ways I know of to approach the
problem are policy (a separate element) and end-to-end information hiding
(again a separate element).
Can someone give me an example of what might be meant by the third bullet
that is not covered by the first two bullets.
(Note: I am not trying to question whether the first two are
achievable. That is a separate question.)
Yours,
Joel
This archive was generated by hypermail 2b29 : Mon Aug 04 2003 - 04:10:04 EDT