[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [RPSEC] I-D ACTION:draft-ietf-rpsec-bgpsecrec-10.txt

To: Tony Tauber <ttauber at 1-4-5.net>
Subject: Re: [RPSEC] I-D ACTION:draft-ietf-rpsec-bgpsecrec-10.txt
From: Geoff Huston <gih at apnic.net>
Date: Thu, 20 Nov 2008 06:07:12 +1100
Cc: Ross Callon <rcallon at juniper.net>, rpsec at ietf.org, David Ward <dward at cisco.com>
Delivered-to: ietfarch-rpsec-web-archive at core3.amsl.com
Delivered-to: rpsec at core3.amsl.com
In-reply-to: <49242629.3050206 at cisco.com>
List-archive: <http://www.ietf.org/pipermail/rpsec>
List-help: <mailto:rpsec-request@ietf.org?subject=help>
List-id: Routing Protocol Security Requirements <rpsec.ietf.org>
List-post: <mailto:rpsec@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/rpsec>, <mailto:rpsec-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/rpsec>, <mailto:rpsec-request@ietf.org?subject=unsubscribe>
References: <20081103183001.907703A6BB4 at core3.amsl.com> <20081117035407.GB28269 at 1-4-5.net> <49242629.3050206 at cisco.com>
Sender: rpsec-bounces at ietf.org

SIDR WG co-chair hat ON
Hi Tony,
The draft still contains the text:

o AS_PATH Feasibility Check: The AS_PATH list may correspond to avalid list of autonomous systems according to the first verificationcategory listed in the "Areas to Secure" Section above. Further studywill determine the extent to which this is a security requirement.o Update Transit Check: Routing information carried through BGP mayinclude information that can be used to verify the re- advertisementor modification by each autonomous system through which the UPDATE haspassed. This check is more rigorous than the "valid list of autonomoussystems" above. Further study will determine the extent to which thisis a security requirement.SIDR has the chartered role to work on means of implementing thosesecurity requirements as identified by the RPSEWC working group. Thecharter states: The SIDR working group will develop securitymechanisms which fulfill those requirements which have been agreed onby the RPSEC working group.

As it stands it is somewhat difficult to figure out what to do aboutAS Path validation given that the text punts on this with a referenceto "further study. It seems that AS Path validation, in either form,is not a agreed requirement from the RPSEC working group. Is this acorrect interpretation of the situation Tony? Do you have any adviceyou can pass to the SIDR WG on this topic?


regards,

  Geoff
  co-chair SIDR WG


On 20/11/2008, at 1:43 AM, Russ White wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Russ, can we move forward with this?


I don't see why not.... I would say it's time to issue a last call on
this one, and move ahead.

:-)

Russ

- --
russ at cisco.com CCIE CCDE <>< Grace Alone

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJJCYpER27sUhU9OQRAh7+AKDf/AUJdl6iknHj9hSenjopWbie6QCg7z98
+ekbhVfA2yl8GS6Y6unvgo4=
=8a6b
-----END PGP SIGNATURE-----
_______________________________________________
RPSEC mailing list
RPSEC at ietf.org
https://www.ietf.org/mailman/listinfo/rpsec


_______________________________________________
RPSEC mailing list
RPSEC at ietf.org
https://www.ietf.org/mailman/listinfo/rpsec

References:
- [RPSEC] I-D ACTION:draft-ietf-rpsec-bgpsecrec-10.txt
  - From: Internet-Drafts
- Re: [RPSEC] I-D ACTION:draft-ietf-rpsec-bgpsecrec-10.txt
  - From: Tony Tauber
- Re: [RPSEC] I-D ACTION:draft-ietf-rpsec-bgpsecrec-10.txt
  - From: Russ White

Prev by Date: [RPSEC] Last Call For draft-ietf-rpsec-bgpsecrec-10.txt
Next by Date: Re: [RPSEC] Last Call For draft-ietf-rpsec-bgpsecrec-10.txt
Previous by thread: Re: [RPSEC] I-D ACTION:draft-ietf-rpsec-bgpsecrec-10.txt
Next by thread: [RPSEC] Last Call For draft-ietf-rpsec-bgpsecrec-10.txt
Index(es):
- Date
- Thread