Re: [karp] Shen review, draft-lebovitz-kmart-roadmap-01.txt

To: Sean Shen <sshen at huawei.com>,karp at ietf.org
Subject: Re: [karp] Shen review, draft-lebovitz-kmart-roadmap-01.txt
From: "Gregory M. Lebovitz" <gregory.ietf at gmail.com>
Date: Wed, 04 Nov 2009 02:07:00 -0800
Delivered-to: karp at core3.amsl.com
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:x-mailer:date:to :from:subject:in-reply-to:references:mime-version:content-type; bh=p+LMjd11Az4DTO8R4PaOEVbUtQ+RL3EcwiKOOB2IOXc=; b=q73u1Nz5OqX6bEQ9dreg/YrvHQdGu5Z9SUw07V6abpwFnxRKEqOcDk8VlXgYcFlbdR AgDk1BDTJ/sdaz2ntsdeMKg5a33R20LIJFl3hLOHAz0u6/lTRQXUKX4svzoQ7PMqwIXs iRk4w3yXhO1Rmz9kYnbH0XlFfrhGaef27ciwM=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:x-mailer:date:to:from:subject:in-reply-to:references :mime-version:content-type; b=kiiyLTSDsaY5Lk1o0EVSCucCEKjZ+iejT4mQosSqc/lEAsMze3cQCTiBWomizjKeA0 4UgjlHt05GmEG2JUPwXMwmqF5zxaE73VJZ6gV0hd+zWzJHnsIeo0mSMJSudZ0kyin7xd 6L3Giu/0HxBVwttPqTHeFcL6/hHfDkgB4KIAI=
In-reply-to: <042501c9a876$e42e59e0$800c6f0a at china.huawei.com>
List-archive: <http://www.ietf.org/mail-archive/web/karp>
List-help: <mailto:karp-request@ietf.org?subject=help>
List-id: Discussion list for key management for routing and transport protocols <karp.ietf.org>
List-post: <mailto:karp@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/karp>, <mailto:karp-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/karp>, <mailto:karp-request@ietf.org?subject=unsubscribe>
References: <f1548840903161311y5714d123oe7bece57662d6bd0 at mail.gmail.com> <042501c9a876$e42e59e0$800c6f0a at china.huawei.com>

Hey Sean,

Thanks for the review. I'm not sure how it slipped through the cracks, but I just came across it in my inbox today, while updating the document. See comments below...
(and note: I'm cc'ing the new list "KARP", because we moved away from the name "kmart"P

At 01:41 AM 3/19/2009, Sean Shen wrote:

Hi, Gregory,
I found the draft content is rich and valuable. I have not finished reading all details and have some questions/comments so far, hopefully will fire out more soon.

#1.
The first paragraph of section 3 gives me the feeling that the classification for KMP purpose. I am not sure my understanding is correct.

We do the categorization to try to group problem spaces / solutions. This is partly for KMP purpose, but also for how the keys and message transactions will need to occur. Did you have proposed text changes?

#2.
The classification in Section 3.1. What's the difference between "one-to-one" and "client-server" (in KMP point of view?)? Plan to use out-of-band KMP for one-to-one and in-line KMP for client-server?

You know, I'm not really sure that the distinction is clear enough to last. When we originally brainstormed it (we = me, sec AD's, rtg AD's, Danny McPherson) we thought of BGP as a clear example of one-to-one. And we thought of end-point discovery protocols as examples of client-server, or perhaps something like BGP route reflector as client-server. One reason they could be different is because if one is clearly the client (i.e. a BGP router) and one is clearly a server (the route reflector), then a client-server model for authentication could be used, where each of the clients is configured with the credentials for the server, and the server is configured with the credentials of the clients, but not all the clients know of each other apriori. Just thinking outlout. We definitely need more discussiona dn work on these definitions.

#3
The requrements for Phase1 update in section 4.2 is critical, are there any priority order?

not really, no.

Defining what elements should be protected might be done first,

This might well be different for each Routing Protocol.

some of the work (like what are strong algorithms) are fairly independent of routing protocols themselfs ,

agreed.

some (like rekeying) are not,

agreed, that the exact mechanism will be different per protcol, but that the basic way one does this should be pretty consistent, i.e. something connection specific used in a KDF along with the Master Key which yields a connection specific Traffic Key, and some indication of keyID so that each knows which key is being used.

Were you thinking there needs to be text in the document associated with these questions? Or are these just clarification for yourself? Please feel free to propose text.

overall, will there be a schedule?

what type of schedule? There will be milestones associated with the WG, once formed. Is that what you meant?

#4.
For all the keying work in section 4.2, are you refering to currently used keying? Namely, one single manual key, from the survey info in section 1.2.4?

Yes, the requirements there are for Phase 1, which is enhancing the Routing Protocol's manual key mechanism so that it can do the things listed in 4.2. Once that is done, we can get to work on layering on a KMP.

Please let me know if you think the answers above should in some way generate new/different text for the draft.

Thanks again for the review,
Gregory.

Best,

Sean

From: rtgwg-bounces at ietf.org [ mailto:rtgwg-bounces at ietf.org] On Behalf Of Gregory Lebovitz

Sent: Tuesday, March 17, 2009 4:12 AM

To: kmart at ietf.org; saag at ietf.org; rtgwg at ietf.org

Cc: Ross Callon; Tim Polk; Pasi Eronen; Danny McPherson

Subject: Pls review draft-lebovitz-kmart-roadmap-01.txt

Hey all,

The -01 draft that captures the goals, definition of work, and order of priorities for securing routing protocol transports is here:

http://www.ietf.org/internet-drafts/draft-lebovitz-kmart-roadmap-01.txt

This represents joint work of the IAB, RTG and SAAG areas, under the guidance of the ADs of both.

This document will be presented in IETF74 at:

- RTG WG

- SAAG

- SIDR (brief advertisement)

- Others ? (pls let me know)

Pls respond with comments to me, and cc the kmart at ietf.org mail list.

Gregory.

--

----

IETF related email from

Gregory M. Lebovitz

Juniper Networks

References:
- [kmart] Pls review draft-lebovitz-kmart-roadmap-01.txt
  - From: Gregory Lebovitz
- Re: [kmart] Pls review draft-lebovitz-kmart-roadmap-01.txt
  - From: Sean Shen

Prev by Date: [karp] s/kmart/karp on BoF page
Next by Date: Re: [karp] [IAB] Fwd: Attached: draft-lebovitz-kmart-roadmap-01-00.txt
Previous by thread: Re: [kmart] Pls review draft-lebovitz-kmart-roadmap-01.txt
Next by thread: Re: [kmart] Pls review draft-lebovitz-kmart-roadmap-01.txt
Index(es):
- Date
- Thread

Re: [karp] Shen review, draft-lebovitz-kmart-roadmap-01.txt

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.