Re: [babel] babel Digest, Vol 21, Issue 9
Tony Przygienda <tonysietf@gmail.com> Mon, 29 May 2017 17:09 UTC
Return-Path: <tonysietf@gmail.com>
X-Original-To: babel@ietfa.amsl.com
Delivered-To: babel@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B9CB71241FC for <babel@ietfa.amsl.com>; Mon, 29 May 2017 10:09:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.299
X-Spam-Level:
X-Spam-Status: No, score=-1.299 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GHjSYc05_dKj for <babel@ietfa.amsl.com>; Mon, 29 May 2017 10:09:56 -0700 (PDT)
Received: from mail-wm0-x22b.google.com (mail-wm0-x22b.google.com [IPv6:2a00:1450:400c:c09::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7DEEB1200C5 for <babel@ietf.org>; Mon, 29 May 2017 10:09:56 -0700 (PDT)
Received: by mail-wm0-x22b.google.com with SMTP id 7so62990872wmo.1 for <babel@ietf.org>; Mon, 29 May 2017 10:09:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=A7Uj+4d0yzLU3k66DSahXiVN8IwX0ELujaSwuhOWMD8=; b=qWLz05D+bz8ejO9ra1MZCmXIvQmF+OtSV9C9tQdpWQa+SUs6OpgdfhE+kTBFL8MXrK Mu9A9YgdP0HG3aFHTvHy07iFfFB2X9pUuuXNHtfs+uM9+wg/HNlFeiTDcj0iwxAD8aai uy9aAwJHSKogz0JLAGIcc6gh9wRsoRXY4Fnq/70ePwlggCO7pwwDMvL7RvCwlf33hM2O zISflluX2tEigQ927XF79TDHvTUTdR+5OXNUyZiraIyP0FaQdvDxugtXy5mgGh+S6pRW UdQcqCJ8WmLLPZ6VDmPNwxJKdE54ODnel1ObjJ/FjCZU0w8/60ifN8frEifsomnaVooE fbrA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=A7Uj+4d0yzLU3k66DSahXiVN8IwX0ELujaSwuhOWMD8=; b=MdIInQRv0s+M1Gxou71xskp43MScdNzh+5SDCBV73vsZMUxOm1lj5ifD1HYO6Z6TzE QpM+KaIrnXxZa5rN0XcukwmUv+BSwc1XlWOkPly1j8N7DtYPvo5C2lq9EiL1IvLHhTP1 tDdUV92mQ0b9G7DwvLc47ik6ujh4QTYOr4C5BXbfuhee/BkJZs5BnKzl0aJCnCG5OZg8 bkfRPx8ACyV0abfaETPp8U6Y2epYCk+sw6v5OW1y85cYh8iAFMpRNC1pu9ILVnvZclCl WdM1wvuGoEcpOZ547cEXRsWkyHcBZsDqW8iKwReSIXiSyJGOtzPpN2qU64bxl2UZ8s+z zTBA==
X-Gm-Message-State: AODbwcD26WA70lN9bPoDEUaxBpwmbhSyi22LdchvN2aASut+SK6OXOOd +IYg0R7R2wuvjy3swcTTikvkCZohG3BH
X-Received: by 10.80.151.131 with SMTP id e3mr13879797edb.61.1496077794836; Mon, 29 May 2017 10:09:54 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.80.159.37 with HTTP; Mon, 29 May 2017 10:09:14 -0700 (PDT)
In-Reply-To: <mailman.2034.1496053459.4563.babel@ietf.org>
References: <mailman.2034.1496053459.4563.babel@ietf.org>
From: Tony Przygienda <tonysietf@gmail.com>
Date: Mon, 29 May 2017 10:09:14 -0700
Message-ID: <CA+wi2hNizgKxPcKOyb0RydwDLos+Z2NN2bq+qE8_+dHb2XmnPg@mail.gmail.com>
To: Babel at IETF <babel@ietf.org>
Content-Type: multipart/alternative; boundary="94eb2c0e481c84858f0550acc1b4"
Archived-At: <https://mailarchive.ietf.org/arch/msg/babel/XREK3Bv9stfYn3f61KA-bobOQ-E>
Subject: Re: [babel] babel Digest, Vol 21, Issue 9
X-BeenThere: babel@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "A list for discussion of the Babel Routing Protocol." <babel.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/babel>, <mailto:babel-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/babel/>
List-Post: <mailto:babel@ietf.org>
List-Help: <mailto:babel-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/babel>, <mailto:babel-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 May 2017 17:09:58 -0000
> > > Network wide keys are useless. > > Depends on the size of the network, I guess. > >From experience, I would dissuade you from pursuing a "network wide-key approach" to secure a routing protocol (in terms of node associations, i.e. adjacencies). Routing protocol is the substrate on which very often things like X.509 run (or Radius or any other key infra "du jour"). In case you loose the protocol nodes due to bugs, unexpected behavior, key expiration and so on you loose the infra and with that you may never recover the routing since key infra cannot reach the nodes anymore ... Key roll-over/withdrawal/repudiation are especially tricky. Having a distro of keys across the network to provide "path-security", i.e. I do not only trust my neighbor but trust the whole chain an update passed is doable but too expensive to bother for routing (well, BGP will get there eventually I guess) and benefits from a key infra obviously or rather cannot be run without some kind of key infra. my 2c --- tony
- Re: [babel] babel Digest, Vol 21, Issue 9 Tony Przygienda
- Re: [babel] babel Digest, Vol 21, Issue 9 Markus Stenberg
- Re: [babel] babel Digest, Vol 21, Issue 9 Ted Lemon
- Re: [babel] babel Digest, Vol 21, Issue 9 Markus Stenberg
- Re: [babel] babel Digest, Vol 21, Issue 9 Ted Lemon