Re: [sidr] GOST & SIDR

To: Sandra Murphy <sandy at sparta.com>
Subject: Re: [sidr] GOST & SIDR
From: Randy Bush <randy at psg.com>
Date: Mon, 20 Apr 2009 20:29:51 -0400
Cc: sidr at ietf.org
Delivered-to: sidr at core3.amsl.com
In-reply-to: <Pine.WNT.4.64.0904201852410.6032 at SANDYM-LT.columbia.ads.sparta.com>
List-archive: <http://www.ietf.org/mail-archive/web/sidr>
List-help: <mailto:sidr-request@ietf.org?subject=help>
List-id: Secure Interdomain Routing <sidr.ietf.org>
List-post: <mailto:sidr@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
References: <D556D856-C2C3-4D60-BD8C-472619375DFB at tcb.net> <49DA347E.8010801 at burkov.aha.ru> <alpine.BSF.2.00.0904161158110.27241 at fledge.watson.org> <m2ocuwtdgi.wl%randy at psg.com> <alpine.BSF.2.00.0904171136500.30042 at fledge.watson.org> <m2tz4jc6ti.wl%randy at psg.com> <alpine.BSF.2.00.0904201819210.87636 at fledge.watson.org> <m2myabc5c1.wl%randy at psg.com> <Pine.WNT.4.64.0904201852410.6032 at SANDYM-LT.columbia.ads.sparta.com>
User-agent: Wanderlust/2.15.5 (Almost Unreal) SEMI/1.14.6 (Maruoka) FLIM/1.14.9 (Gojō) APEL/10.7 Emacs/22.3 (i386-apple-darwin9.6.0) MULE/5.0 (SAKAKI)

> Except that if a significant portion of the world uses an algorithm
> your validator code can't handle, then you can't validate routes to
> that part of the world.

like if drc decides to change in a panic because dean anderson said he
broke X?

> I would think that the validation of routes is not only of benefit in
> packets reaching you, but in you being more confident that your
> packets are going where they are meant to go.

hard to disagreee with that.  though, to be pedantic, we are securing,
or attempting to secure, the control plane, not the data plane.

> Are you really advocating a system that could not support a change of
> algorithm?  A new algorithm means a new RPKI-v2?

i really do not think it's gonna be reasonable to add a new algorithm
without serious operational planning and roll-out.  if this stuff
deploys successful, N years from now, there will likely be a significant
part of the net that just won't except non-validatable routing data.
and we can't just let chunks of the net go unroutable.

i also worry that non-trivial chunks of the net may not manage their
certification data well, just as they do not manage bogon filters well
today.

basically, i think we need a few years of experience to get a feeling
for what kinds of change we can tolerate and what kinds we need.

> (How is that different from an RPKI with a new OID in the alg field?)

probably not much.  excuse the jet lag wipeout.  at least i managed to
get some food.

but if there is negligible difference, then why/what exactly does sam
want to change? :)

randy

Follow-Ups:
- Re: [sidr] GOST & SIDR
  - From: Sandra Murphy

References:
- [sidr] GOST & SIDR
  - From: Danny McPherson
- Re: [sidr] GOST & SIDR
  - From: Dmitry Burkov
- Re: [sidr] GOST & SIDR
  - From: Samuel Weiler
- Re: [sidr] GOST & SIDR
  - From: Randy Bush
- Re: [sidr] GOST & SIDR
  - From: Samuel Weiler
- Re: [sidr] GOST & SIDR
  - From: Randy Bush
- Re: [sidr] GOST & SIDR
  - From: Samuel Weiler
- Re: [sidr] GOST & SIDR
  - From: Randy Bush
- Re: [sidr] GOST & SIDR
  - From: Sandra Murphy

Prev by Date: Re: [sidr] GOST & SIDR
Next by Date: Re: [sidr] GOST & SIDR
Previous by thread: Re: [sidr] GOST & SIDR
Next by thread: Re: [sidr] GOST & SIDR
Index(es):
- Date
- Thread

Re: [sidr] GOST & SIDR

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.