[pim] IETF67 pimwg mtg notes

To: pim at ietf.org
Subject: [pim] IETF67 pimwg mtg notes
From: Mike McBride <mmcbride at cisco.com>
Date: Tue, 5 Dec 2006 13:56:32 -0800 (PST)
Authentication-results: sj-dkim-3; header.From=mmcbride@cisco.com; dkim=pass ( sig from cisco.com/sjdkim3002 verified; );
Dkim-signature: v=0.5; a=rsa-sha256; q=dns/txt; l=4782; t=1165355793; x=1166219793; c=relaxed/simple; s=sjdkim3002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=mmcbride@cisco.com; z=From:=20Mike=20McBride=20<mmcbride@cisco.com> |Subject:=20[pim]=20IETF67=20pimwg=20mtg=20notes |Sender:=20; bh=PHeji4YVR6bvvV6CEeLIpstT5eU6jMzT8m90VDLjVf8=; b=OENHcM0Ro0ZXAmDlen+yzfAg7l6nzgV3kRrIB/3wkolrQpcwSMq8upzEGBUFqNiT1ji43+Uw 782MERSdE4iMBkC4ZnvY/inWCgGpjErPOeUKWUhiZy6SDQvukqYjej7d;
List-help: <mailto:pim-request@ietf.org?subject=help>
List-id: Protocol Independent Multicast <pim.ietf.org>
List-post: <mailto:pim@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/pim>, <mailto:pim-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/pim>, <mailto:pim-request@ietf.org?subject=unsubscribe>

Please send me any corrections. Thanks to Tom for the notes.

Monday Nov 6th, IETF 67 PIM WG

pim mib forwarded to bill after wglc
    andy brought up fact that we could use number assigned
    bill status - mib doctor review
        dan sent two requests but no one has picked up on it yet
        after mib doctor review, iesg last call for 2 weeks
        not more than about 4 weeks after that you can get OID bsr mib
    limited resources of mib doctors should focus on pim mib and not bsr
    mib then we can have them look at bsr mib
    it has passed wglc and been sent to bill

pim join attributes draft
    wglc success
    minor nits fixed

pim rpf vector draft
    need wglc since changes made

pim last hop threats
    needs wg review

linklocal
    atwood to present during this meeting

bidir
    sent to IESG
    waiting on bill to look for gotchas like security considerations
    nothing for wg to do

recharting
    remove promote
    dino - should 1000's be 2000, 10000, 100000

milestones
    j/p refresh reduction proposal?
    submit improved assert processing?
    submit pim-snooping?
    tom pusateri - should solve real problems

cain
    pim snooping in VPLS draft needs to document best common practices

dino
    if AMT picks up steam, where does amt/pim interworking belong mboned
    or pim?

Toerless
    in response to Dino, need special

Dino
    not sure if there is a problem but for example, consider
    preference of using RPF for pim or amt

Bill
    Does Thalers multiple protocol interop document already handle this?
    RFC 2715

Toerless
    we don't have interaction currently

Venu
    want to revive the refresh reduction
    complexity in BGP to do PIM would be easier if were just done in PIM

Tom
    we either need to update milestones and charter or close

Bill Atwood
    security pim sm link-local messages
    motivation
        goal: permit authenticating router-to-router traffic sent to
            ALL_PIM_ROUTERS
        no effort to secure unicast pim messages
    see slides
    Toerless
        are you effectively reducing PIM to point-to-point neighbor
            relationships?
        you will have N+1 SAs
            one SA for outgoing
            N SA's (one per peer)

Lorenzo
    could you explain why source address is enough to lookup SA
    attwood: they have to use globally routable addresses

Stig
    must use link-local for IPv6
    hello option to send all addresses
    but parallel links on unnumbered links would allow same address

Toerless
    link local scope addresses should be unique

Stig
    Private addresses RFC 1918 may also create same addresses

Fenner
    PIM spec says "between the lines" that the link local address is used
    for all messages for IPv6.

Atwood
    conclusion changed then
    www.cse.concordia.ca/~bill/internet-drafts/IETF67-LinkLocal-00.pdf

Toerless
    is anyone else doing this for other link local multicast packets
    atwood: yes, neighbor discovery
    would like to see this done for other protocols (general solution)

Brian W.
    SA management
    1 sa per sender (can use anti-replay)
    otherwise, just use GDI and 1 SA for all senders

Atwood
    Do we need confidentiality

Toerless
    if you have snooping switches, may not want it

Stig
    Agree

Brian
    If you just use ESP, you let security policy of user decide

Should automated key management be must, should, or may?

Toerless
    Can't decide until we see specific proposal

Bill
    There is a document that says must use automatic key management
    but may be wiggle room if we can't figure out how to do it
    but certainly a push to do automatic key management

Brian W.
    GDOI solves problem of key management so don't need to invent
    something new.

Bill
    RFC 2947 guidelines for cryptographic systems
    RFC 4535 GSAKMP

Dorian Kim
    Is there operational requirement for confidentiality?
    Not even considered as an operator so I don't think it is needed.
    don't think its even needed for OSPF

Atwood
    can I go against pim spec recommendation to use AH

Fenner
    Don't feel constrained by pim spec, the security guys didn't like
    it anyway

Atwood
    Next slides:
    Group key Management for pim sm routers

www.cse.concordia.ca/~bill/internet-drafts/IETF67-LinkLocal-00.pdf/IETF67-KeyManagement.pdf

Bill
    You looked at GDOI and think its too heavy weight?
        yes
    Have you looked at GSAKMP?

Brian W.
    We have implemented it and don't find it too heavy (from author)

_______________________________________________
pim mailing list
pim at ietf.org
https://www1.ietf.org/mailman/listinfo/pim

Prev by Date: Re: [pim] wglc draft-ietf-pim-rpf-vector-03
Next by Date: [pim] MIB Doctor review of draft-ietf-pim-mib-v2-07.txt
Previous by thread: [pim] wglc draft-ietf-pim-rpf-vector-03
Next by thread: [pim] MIB Doctor review of draft-ietf-pim-mib-v2-07.txt
Index(es):
- Date
- Thread

[pim] IETF67 pimwg mtg notes

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.