[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [RPSEC] [secdir] [OSPF] [sidr] Authentication for OSPFv3

To: Acee Lindem <acee at redback.com>
Subject: Re: [RPSEC] [secdir] [OSPF] [sidr] Authentication for OSPFv3
From: Sam Hartman <hartmans-ietf at mit.edu>
Date: Tue, 30 Sep 2008 12:05:28 -0400
Cc: OSPF List <ospf at ietf.org>, secdir at mit.edu, rpsec at ietf.org, David Ward <dward at cisco.com>, sidr at ietf.org, Ross Callon <rcallon at juniper.net>
Delivered-to: ietfarch-rpsec-web-archive at core3.amsl.com
Delivered-to: rpsec at core3.amsl.com
In-reply-to: <BAD965BE-053F-4296-B0F7-CF0F2C9C0779 at redback.com> (Acee Lindem's message of "Tue, 30 Sep 2008 11:08:15 -0400")
List-archive: <http://www.ietf.org/pipermail/rpsec>
List-help: <mailto:rpsec-request@ietf.org?subject=help>
List-id: Routing Protocol Security Requirements <rpsec.ietf.org>
List-post: <mailto:rpsec@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/rpsec>, <mailto:rpsec-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/rpsec>, <mailto:rpsec-request@ietf.org?subject=unsubscribe>
References: <48D96507.4000207 at sri.com> <20080929200231.3E5DD3F443 at pecan.tislabs.com> <77ead0ec0809291853t63940339xc826b13cf5515176 at mail.gmail.com> <C50382B8-74EB-4157-9043-56CB1D3F8594 at cisco.com> <BAD965BE-053F-4296-B0F7-CF0F2C9C0779 at redback.com>
Sender: rpsec-bounces at ietf.org
User-agent: Gnus/5.110006 (No Gnus v0.6) Emacs/21.4 (gnu/linux)

>>>>> "Acee" == Acee Lindem <acee at redback.com> writes:

    Acee> One thing to take into consideration is that the outcome of
    Acee> our KMART BOF was that nobody deploying networks wanted
    Acee> routing infra-structure based on a third-part verified
    Acee> certificates.  Thanks, Acee
    Acee> On Sep 30, 2008, at 10:57 AM, David Ward wrote:

Hmm.  I actually did not get a strong sense of any particular
conclusions from that BOF.  People made it clear  that having the routing infrastructure fail because some security-related third party was unavailable was an operational non-starter.


It's certainly true that some people in the room spoke out against
certificates.  At least some of the reasons given did not actually
inherently apply to certificates as a whole although they did create
some significant constraints for what would not create operational
problems.

_______________________________________________
RPSEC mailing list
RPSEC at ietf.org
https://www.ietf.org/mailman/listinfo/rpsec

Follow-Ups:
- Re: [RPSEC] [secdir] [OSPF] [sidr] Authentication for OSPFv3
  - From: Steven M. Bellovin

References:
- [RPSEC] Authentication for OSPFv3
  - From: Ed Jankiewicz
- Re: [RPSEC] Authentication for OSPFv3
  - From: Sandy Murphy
- Re: [RPSEC] [sidr] Authentication for OSPFv3
  - From: Vishwas Manral
- Re: [RPSEC] [sidr] Authentication for OSPFv3
  - From: David Ward
- Re: [RPSEC] [OSPF] [sidr] Authentication for OSPFv3
  - From: Acee Lindem

Prev by Date: Re: [RPSEC] [OSPF] [sidr] Authentication for OSPFv3
Next by Date: Re: [RPSEC] [Tsvwg] Authentication for OSPFv3
Previous by thread: Re: [RPSEC] [OSPF] [sidr] Authentication for OSPFv3
Next by thread: Re: [RPSEC] [secdir] [OSPF] [sidr] Authentication for OSPFv3
Index(es):
- Date
- Thread