[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [RPSEC] Last Call For draft-ietf-rpsec-bgpsecrec-10.txt

To: rpsec at ietf.org
Subject: Re: [RPSEC] Last Call For draft-ietf-rpsec-bgpsecrec-10.txt
From: Joe Touch <touch at ISI.EDU>
Date: Wed, 19 Nov 2008 12:20:54 -0800
Delivered-to: ietfarch-rpsec-web-archive at core3.amsl.com
Delivered-to: rpsec at core3.amsl.com
In-reply-to: <492426CE.3070805 at cisco.com>
List-archive: <http://www.ietf.org/pipermail/rpsec>
List-help: <mailto:rpsec-request@ietf.org?subject=help>
List-id: Routing Protocol Security Requirements <rpsec.ietf.org>
List-post: <mailto:rpsec@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/rpsec>, <mailto:rpsec-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/rpsec>, <mailto:rpsec-request@ietf.org?subject=unsubscribe>
References: <20081103183001.907703A6BB4 at core3.amsl.com> <20081117035407.GB28269 at 1-4-5.net> <492426CE.3070805 at cisco.com>
Sender: rpsec-bounces at ietf.org
User-agent: Thunderbird 2.0.0.17 (Windows/20080914)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Russ White wrote:
> Folks:
> 
> This draft has been around a long long time, and has been subject to a
> great deal of discussion. I would like to start a two week last call on
> this one, at the end of which we'll forward this to the ADs for final
> preparations for publication.
> 
> Please post any comments to the list.

Hi, all,

I have feedback dating back to June 2007 which remains unaddressed. I
repeat it here, as well as adding additional comment from the current
version.

Joe

- --------------------------
- From June 2007:

Abstract - I disagree that securing the info between the parties is an
easy technical matter; if it were, transport or network would be in more
regular use.

This document should note explicitly (e.g., in the abstract or at latest
in Sec 2.3) that network and transport security are not addressed in
this document.

- ---------------------------

This document really should have a section that addresses the
relationship of BGP security to transport and network security. It would
 be useful to point out that BGP interprets transport reachability as
routing reachability - and that this decision renders it particularly
vulnerable to attacks that interrupt the transport layer. This implies
that BGP SHOULD protect its TCP connection, e.g., via IPsec or TCP-AO.

This section should also state that some other issues noted throughout
this document - e.g., DDOS overload protection, processing
considerations, buffering considerations, router configuration,
initialization, key management, etc. - apply to the TCP protection as
well as BGP.

- ---------------------------

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkkkdSYACgkQE5f5cImnZrvnGACg03oNtBWZFvFolnSU1n0yhWsm
LpEAn3agN6KgXnI8mGTqe6KTrsKI7+Rh
=7JL6
-----END PGP SIGNATURE-----
_______________________________________________
RPSEC mailing list
RPSEC at ietf.org
https://www.ietf.org/mailman/listinfo/rpsec

References:
- [RPSEC] I-D ACTION:draft-ietf-rpsec-bgpsecrec-10.txt
  - From: Internet-Drafts
- Re: [RPSEC] I-D ACTION:draft-ietf-rpsec-bgpsecrec-10.txt
  - From: Tony Tauber
- [RPSEC] Last Call For draft-ietf-rpsec-bgpsecrec-10.txt
  - From: Russ White

Prev by Date: Re: [RPSEC] Last Call For draft-ietf-rpsec-bgpsecrec-10.txt
Next by Date: [RPSEC] WG Action: Conclusion of Routing Protocol Security Requirements (rpsec)
Previous by thread: Re: [RPSEC] Last Call For draft-ietf-rpsec-bgpsecrec-10.txt
Next by thread: [RPSEC] WG Action: Conclusion of Routing Protocol Security Requirements (rpsec)
Index(es):
- Date
- Thread