On Feb 24, 2012, at 7:46 40AM, Danny McPherson wrote: > > On Feb 23, 2012, at 10:42 PM, Randy Bush wrote: > >> the problem is that you have yet to rigorously define it and how to >> unambiguously and rigorously detect it. lack of that will prevent >> anyone from helping you prevent it. > > You referred to this incident as a "leak" in your message: > > "a customer leaked a full table" > > I was simply agreeing with you -- i.e., looked like a "leak", smelled > like a "leak" - let's call it a leak. > > I'm optimistic that all the good folks focusing on this in their day > jobs, and expressly funded and resourced to do so, will eventually > recognize what I'm calling "leaks" is part of the routing security > problem. > Sure; I don't disagree, and I don't think that Randy does. But just because we can't solve the whole problem, does that mean we shouldn't solve any of it?
As Randy said, we can't even try for a strong technical solution until we have a definition that's better than "I know it when I see it". --Steve Bellovin, https://www.cs.columbia.edu/~smb