<div dir="ltr">Lars, peace, and thanks for your comments. <div><br></div><div>The reason that I didn't include the abstract is that this list , to my understanding, is mostly for operational issues and discussions btwl operators, and I didn't want to annoy subscribers by excessive text on an academic paper. </div><div><br></div><div>For the same reason, I'm hesitant in responding to such technical questions on this list, unless people are really interested in us doing this here; maybe we should do such discussion off list? [I also have a bit of crazy schedule in rest of this week and next, so I may be unable to response promptly as I normally do; btw part of it is for giving tutorial on PKI and participating in the CANS conference, if anybody interested, it's free ; not that I understand why I agreed to do it :) </div><div><br></div><div>Cheers, Amir<br clear="all"><div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div>-- <br><div>Amir Herzberg<br></div><div><br></div><div>Comcast professor of Security Innovations, University of Connecticut</div><div><br>Homepage: <a href="https://sites.google.com/site/amirherzberg/home" target="_blank">https://sites.google.com/site/amirherzberg/home</a></div><div><br></div><div>Foundations of Cyber-Security (part I: applied crypto, part II: network-security): </div><div><a href="https://www.researchgate.net/project/Foundations-of-Cyber-Security" target="_blank">https://www.researchgate.net/project/Foundations-of-Cyber-Security</a></div><br></div></div></div></div></div></div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Dec 9, 2020 at 1:42 PM Lars Prehn <<a href="mailto:lprehn@mpi-inf.mpg.de">lprehn@mpi-inf.mpg.de</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
  
    
  
  <div>
    <p>Hi Amir, <br>
    </p>
    <p>Neither providing an abstract nor the high-level takeaways of
      your work is a rather blunt way to promote your paper. I have a
      bunch of comments and questions, but I'm only a student so take
      them with a grain of salt. <br>
      <br>
      Regarding ROV++ v1: Let's modify your example in Figure 2a
      slightly such that AS 666 announces 1.2.3/24 also via AS 86.
      Further, let's say AS 88 also uses ROV++ v1. Now, let's replay
      your example from the paper. AS 78 still sees the same
      announcements you describe, and you recommend using a different,
      previously less-preferred route for 1.2/16. Yet, all routes
      available to AS 78 ultimately run into the same hijack behavior
      (which is not visible from AS 78's routing table alone). In a
      nutshell, your recommendation did not affect the outcome for
      1.2.3/24---the traffic still goes towards the hijacker---but you
      effectively moved all the remaining traffic inside 1.2/16 from an
      optimal route to a sub-optimal one. Your approach not only may
      have no effects on the fate of the attacked traffic, but it may
      also mess with previously unaffected traffic. <br>
      <br>
      Regarding ROV++ v2: A simple sub-prefix hijack would still not
      yield a "valid" during your ROV. The moment you propagate such a
      route, you reject the entire idea of ROV. I understand that you
      drop the traffic, but your proposal still feels like a step
      backward. However, I'm not an expert on this---I might just be
      wrong. <br>
      <br>
      Regarding goals: I think that you only meet your first design goal
      since your definition of 'harm' is very restricted. The moment you
      add more dimensions, e.g., QoS degradation for previously
      unaffected traffic, this goal is no longer met. <br>
      <br>
      Regarding your evaluation: Which of CAIDA's serials do you use?
      Serial-1 is known to miss a significant fraction of peering links,
      while Serial-2 contains potentially non-existing links (as they
      are inferred using heuristics). Since coverage and validity of
      links varies drastically between serials (and for serial-2 even
      between snapshots), it is unclear to which degree your topology
      reflects reality. I like that you assumed the basic Gao-Rexford
      Model for the best-path decision process. Yet, you ignored that
      various networks deploy things like prefix-aggregation,
      peer-locking, or more-specifics (referring to /25 .. /30 IPv4
      prefixes) filters. Further, I do not get why you randomly picked
      ROV-deploying networks. I am sure people like Job Snijders or
      Cecilia Testart could have provided you an up-to-date list of ASes
      that currently deploy ROV.  It is not clear to me why it is useful
      to look at scenarios in which those networks potentially no longer
      deploy ROV. <br>
      <br>
      Those are at least my thoughts. I hope they initiate some
      discussion. <br>
      Best regards, <br>
      Lars <br>
    </p>
    <div>On 09.12.20 09:04, Amir Herzberg wrote:<br>
    </div>
    <blockquote type="cite">
      
      <div dir="ltr">
        <div class="gmail_quote">
          <div dir="ltr">Hi, the paper: 
            <div>            ROV++: Improved Deployable Defense against
              BGP Hijacking
              <div>will be presented in the NDSS'21 conference. </div>
              <div><br>
              </div>
              <div>The paper is available in:</div>
              <div><a href="https://www.researchgate.net/publication/346777643_ROV_Improved_Deployable_Defense_against_BGP_Hijacking" target="_blank">https://www.researchgate.net/publication/346777643_ROV_Improved_Deployable_Defense_against_BGP_Hijacking</a></div>
              <div><br>
              </div>
              <div>Feedback, by discussion here or by direct email to
                me, is welcome, thanks.</div>
              <div><br>
              </div>
              <div>btw, I keep most publications there (researchgate),
                incl. the drafts of `foundations of cybersecurity' ; the
                1st part (mostly applied crypto) is in pretty advanced
                stage, feedback is also very welcome. URL in sig.</div>
              <div>
                <div>
                  <div dir="ltr">
                    <div dir="ltr">
                      <div>
                        <div dir="ltr">
                          <div>
                            <div dir="ltr">
                              <div>
                                <div dir="ltr">
                                  <div>
                                    <div dir="ltr">
                                      <div>
                                        <div dir="ltr">
                                          <div>
                                            <div dir="ltr">
                                              <div dir="ltr">
                                                <div>
                                                  <div>--</div>
                                                  <div>Amir Herzberg<br>
                                                  </div>
                                                  <div><br>
                                                  </div>
                                                  <div>Comcast professor
                                                    of Security
                                                    Innovations,
                                                    University of
                                                    Connecticut</div>
                                                  <div><br>
                                                    Homepage: <a href="https://sites.google.com/site/amirherzberg/home" target="_blank">https://sites.google.com/site/amirherzberg/home</a></div>
                                                  <div><br>
                                                  </div>
                                                  <div>Foundations of
                                                    Cyber-Security (part
                                                    I: applied crypto,
                                                    part II:
                                                    network-security): </div>
                                                  <div><a href="https://www.researchgate.net/project/Foundations-of-Cyber-Security" target="_blank">https://www.researchgate.net/project/Foundations-of-Cyber-Security</a></div>
                                                </div>
                                                <div><br>
                                                  <br>
                                                </div>
                                              </div>
                                            </div>
                                          </div>
                                        </div>
                                      </div>
                                    </div>
                                  </div>
                                </div>
                              </div>
                            </div>
                          </div>
                        </div>
                      </div>
                    </div>
                  </div>
                </div>
              </div>
            </div>
          </div>
        </div>
      </div>
    </blockquote>
  </div>

</blockquote></div>