IETF Logo Mail Archive

Re: [GROW] New Version Notification for draft-gersch-grow-revdns-bgp-00.txt

Joseph Gersch <joe.gersch@secure64.com> Wed, 14 March 2012 16:14 UTC

Return-Path: <joe.gersch@secure64.com>
X-Original-To: grow@ietfa.amsl.com
Delivered-To: grow@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4072D21F85CD for <grow@ietfa.amsl.com>; Wed, 14 Mar 2012 09:14:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.495
X-Spam-Level:
X-Spam-Status: No, score=-0.495 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RDNS_NONE=0.1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7i4q309eIdYI for <grow@ietfa.amsl.com>; Wed, 14 Mar 2012 09:14:02 -0700 (PDT)
Received: from zimbra.secure64.com (unknown [64.92.221.189]) by ietfa.amsl.com (Postfix) with ESMTP id C484021F85C2 for <grow@ietf.org>; Wed, 14 Mar 2012 09:14:02 -0700 (PDT)
Received: from localhost (localhost.localdomain [127.0.0.1]) by zimbra.secure64.com (Postfix) with ESMTP id 77F42B84E1; Wed, 14 Mar 2012 10:14:01 -0600 (MDT)
X-Virus-Scanned: amavisd-new at secure64.com
Received: from zimbra.secure64.com ([127.0.0.1]) by localhost (zimbra.secure64.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7oylgcCwJb0W; Wed, 14 Mar 2012 10:13:59 -0600 (MDT)
Received: from [10.138.15.6] (unknown [192.168.254.4]) by zimbra.secure64.com (Postfix) with ESMTPSA id 0B28EB8488; Wed, 14 Mar 2012 10:13:58 -0600 (MDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=secure64.com; s=2010; t=1331741639; bh=enCwDVZaHIR3hJio21YW+swd94BfZUdVO6W2BxvSMjk=; h=Subject:Mime-Version:Content-Type:From:In-Reply-To:Date:Cc: Content-Transfer-Encoding:Message-Id:References:To; b=JoL3Mp8x+iIW +RMeo2jNSUZCvd9aBEwzlbZKccrx7IXvVw7VPrPMgkyzmFTwRzfJSOmf5UZ0bV54m2N BtNoY2I/SpYgee/wNI9IcEt1wJ7AN8FIM94LPNb7rJwbBMlmErW04e9FzHRylrVRDqo STrhGX5uwZiPROzXr2FkUm52I=
Mime-Version: 1.0 (Apple Message framework v1257)
Content-Type: text/plain; charset="iso-8859-1"
From: Joseph Gersch <joe.gersch@secure64.com>
In-Reply-To: <CB7BAEBE.2272B%terry.manderson@icann.org>
Date: Wed, 14 Mar 2012 10:13:59 -0600
Content-Transfer-Encoding: quoted-printable
Message-Id: <C4A95AAF-391A-452D-AD59-28A5F9DA546F@secure64.com>
References: <CB7BAEBE.2272B%terry.manderson@icann.org>
To: grow@ietf.org
X-Mailer: Apple Mail (2.1257)
Subject: Re: [GROW] New Version Notification for draft-gersch-grow-revdns-bgp-00.txt
X-BeenThere: grow@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Grow Working Group Mailing List <grow.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/grow>, <mailto:grow-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/grow>
List-Post: <mailto:grow@ietf.org>
List-Help: <mailto:grow-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/grow>, <mailto:grow-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Mar 2012 16:14:04 -0000

This thread is raising two questions:
   1) should the discussion be in GROW or SIDR?
   2) hasn't this idea been discussed before

--- Regarding the location for the draft,  the group presented arguments on both sides.    We believe that GROW is the proper place to lead the discussion.  However we have been invited to give a summary presentation at SIDR to ensure that all interested parties are aware of this proposal.  However, SIDR limits their scope to:    

> * Is an Autonomous System (AS) authorized to originate an IP prefix 
> * Is the AS-Path represented in the route the same as the path through 
> which the NLRI traveled 

Neither of these really fit our draft well.   You cannot use our approach to see all the prefixes that are authorized to originate from a given AS.   Instead of looking at prefix ranges or an AS,  this approach starts from a specific prefix and asks to identify its origin AS.   This is similar,  but not identical to what SIDR seeks to do. 

The second SIDR objective does not fit our work at all.    We do not seek to validate a complete many hop path.    In this sense, we don't fit SIDR.    As we mentioned above,  we are interested in getting comments from SIDR,  but we feel GROW is a better fit.    In addition,  we have an operational testbed and are working to get more participants in operations.   This is something people can participate in now.   So in this sense,  we were shooting for something we view as more of a routing operation issue and hence GROW.  

This proposal also impacts the DNSOP and DNSEXT groups.  We have asked people on those mailing lists for comments, and a presentation will be made at DNSOP as well.

--- Regarding the "already discussed issue":
   This earlier proposal was the T Bates / R Bush draft from 1998.  A lot of progress has taken place during the last 14 years.  The root zone and in-addr.arpa are signed with DNSSEC.   A naming convention for CIDR addresses in the reverse DNS is being proposed at DNSOP.   These new record types enable some interesting capabilities that are
worth discussing at GROW.  

- Joe Gersch and Dan Massey


On Mar 5, 2012, at 7:08 PM, Terry Manderson wrote:

> from the draft in question:
> 
> " We limit the scope of this internet draft to the prevention of origin
>   and sub-prefix hijacks -- a capability that can be implemented and
>   deployed in a reasonable time frame."
> 
> I think SIDR has completed its work on this item.
> 
> This looks to me like a fresh set of eyes on the problem.
> 
> I'd be willing, if there is time on the grow agenda, to listen to what the
> authors are proposing and then reflect on the GROW v SIDR question.
> 
> You may be right - it may be a SIDR item. But given the SIDR space right now
> seems to be focused on the interaction with and between routers I'm not sure
> presenting it in SIDR will be be good for either SIDR or the Authors.
> .. just saying is all..
> 
> Cheers
> Terry
> 
> 
> On 6/03/12 11:48 AM, "Ronald Bonica" <rbonica@juniper.net> wrote:
> 
>> Is it attempting to solve a problem which is also being worked in SIDR?
>> 
>>                                                Ron
>> 
>>> -----Original Message-----
>>> From: Terry Manderson [mailto:terry.manderson@icann.org]
>>> Sent: Monday, March 05, 2012 8:38 PM
>>> To: Christopher Morrow; Ronald Bonica
>>> Cc: grow@ietf.org
>>> Subject: Re: [GROW] Fwd: New Version Notification for draft-gersch-
>>> grow-revdns-bgp-00.txt
>>> 
>>> From my reading of the SIDR charter:
>>> 
>>> " Building upon the already completed and implemented framework:
>>> 
>>> * Resource Public Key Infrastructure (RPKI)
>>> * Distribution of RPKI data to routing devices and its use in
>>> operational networks
>>> * Document the use of certification objects within the secure routing
>>> architecture "
>>> 
>>> I didn't see any RPKI use mentioned in revdns-bgp.
>>> 
>>> So my guess is that if you went to present this at SIDR, most SIDR folk
>>> would say "it doesn't use RPKI" this is not the place. Irrespective of
>>> how flexible the chairs implement the charter under the allowances of
>>> the responsible AD.
>>> 
>>> Cheers.
>>> T.
>>> 
>>> 
>>> On 6/03/12 11:31 AM, "Christopher Morrow"
>>> <christopher.morrow@gmail.com>
>>> wrote:
>>> 
>>>> On Mon, Mar 5, 2012 at 8:12 PM, Ronald Bonica <rbonica@juniper.net>
>>> wrote:
>>>>> Chris,
>>>>> 
>>>>> This draft appears to be operating in the same area as the origin
>>>>> authentication work that is currently progressing in SIDR. Shouldn't
>>>>> all of that work be in one place?
>>>>> 
>>>>> My guess is that it belongs in SIDR.
>>>> 
>>>> also was my guess, just looking for consensus on that I believe I
>>> was.
>>>> 
>>>> -chris
>>>> 
>>>>>                                                 Ron
>>>>> 
>>>>> 
>>>>>> -----Original Message-----
>>>>>> From: grow-bounces@ietf.org [mailto:grow-bounces@ietf.org] On
>>> Behalf
>>>>>> Of Christopher Morrow
>>>>>> Sent: Monday, March 05, 2012 4:22 PM
>>>>>> To: Joseph Gersch
>>>>>> Cc: grow@ietf.org
>>>>>> Subject: Re: [GROW] Fwd: New Version Notification for draft-gersch-
>>>>>> grow-revdns-bgp-00.txt
>>>>>> 
>>>>>> It would be helpful to the chairs (at least) to get a sense of the
>>>>>> 'room' (list) on this topic, it seems that the focus is really on a
>>>>>> dnsops sort of paper, though interaction could be had in the
>>> routing
>>>>>> space as well (or that's an intent of the draft's work).
>>>>>> 
>>>>>> It's not clear that GROW is the place for this work, but keeping
>>>>>> folks informed isn't a bad plan either (I think).
>>>>>> 
>>>>>> -chris
>>>>>> (co-chair)
>>>>>> 
>>>>>> On Tue, Feb 28, 2012 at 3:58 PM, Joseph Gersch
>>>>>> <joe.gersch@secure64.com> wrote:
>>>>>>> All,
>>>>>>>   we have submitted a new draft that we would like to present at
>>>>>>> the Paris IETF meeting.
>>>>>>> Please take the time to send any comments and suggestions
>>> regarding
>>>>>>> this idea on using records in  the reverse DNS to help secure BGP
>>>>>> route origins.
>>>>>>> 
>>>>>>> Best regards,
>>>>>>>    - Joe Gersch, Dan Massey, Eric Osterweil and Lixia Zhang
>>>>>>> 
>>>>>>> Begin forwarded message:
>>>>>>> 
>>>>>>> From: internet-drafts@ietf.org
>>>>>>> Subject: New Version Notification for
>>>>>>> draft-gersch-grow-revdns-bgp-00.txt
>>>>>>> Date: February 28, 2012 1:51:59 PM MST
>>>>>>> To: joe.gersch@secure64.com
>>>>>>> Cc: lixia@cs.ucla.edu, eosterweil@verisign.com,
>>>>>>> massey@cs.colostate.edu
>>>>>>> 
>>>>>>> A new version of I-D, draft-gersch-grow-revdns-bgp-00.txt has been
>>>>>>> successfully submitted by Joe Gersch and posted to the IETF
>>>>>> repository.
>>>>>>> 
>>>>>>> Filename: draft-gersch-grow-revdns-bgp
>>>>>>> Revision: 00
>>>>>>> Title: DNS Resource Records for BGP Routing Data Creation date:
>>>>>>> 2012-02-29 WG ID: Individual Submission Number of pages: 22
>>>>>>> 
>>>>>>> Abstract:
>>>>>>>   This draft proposes the creation of two DNS record types for
>>>>>> storing
>>>>>>>   BGP routing information in the reverse DNS.  The RLOCK record
>>>>>> allows
>>>>>>>   prefix owners to indicate whether the DNS is being used to
>>>>>>> publish
>>>>>>>   routing data.  The SRO record allows operators to indicate
>>>>>>> whether an
>>>>>>>   IPv4 or IPv6 prefix ought to appear in global routing tables and
>>>>>>>   identifies authorized origin Autonomous System Number(s) for
>>> that
>>>>>>>   prefix.  The published data can be used in a variety of contexts
>>>>>> and
>>>>>>>   can be extended to include additional information.  This work is
>>>>>>> part
>>>>>>>   of an on-going effort and is accessible in an active testbed.
>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>>> The IETF Secretariat
>>>>>>> 
>>>>>>> 
>>>>>>> Joseph Gersch
>>>>>>> Chief Operating Officer
>>>>>>> Secure64 Software Corporation
>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>>> _______________________________________________
>>>>>>> GROW mailing list
>>>>>>> GROW@ietf.org
>>>>>>> https://www.ietf.org/mailman/listinfo/grow
>>>>>>> 
>>>>>> _______________________________________________
>>>>>> GROW mailing list
>>>>>> GROW@ietf.org
>>>>>> https://www.ietf.org/mailman/listinfo/grow
>>>> _______________________________________________
>>>> GROW mailing list
>>>> GROW@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/grow
>> 
> 
> _______________________________________________
> GROW mailing list
> GROW@ietf.org
> https://www.ietf.org/mailman/listinfo/grow

Joseph Gersch
Chief Operating Officer
Secure64 Software Corporation

v2.23.0 | Report a Bug | By Email