I-D Action: draft-sriram-replay-protection-design-discussion-06.txt
internet-drafts@ietf.org Mon, 18 April 2016 16:25 UTC
Return-Path: <internet-drafts@ietf.org>
X-Original-To: i-d-announce@ietf.org
Delivered-To: i-d-announce@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id A758812E152 for <i-d-announce@ietf.org>; Mon, 18 Apr 2016 09:25:18 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: internet-drafts@ietf.org
To: i-d-announce@ietf.org
Subject: I-D Action: draft-sriram-replay-protection-design-discussion-06.txt
X-Test-IDTracker: no
X-IETF-IDTracker: 6.19.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <20160418162518.9271.75793.idtracker@ietfa.amsl.com>
Date: Mon, 18 Apr 2016 09:25:18 -0700
Archived-At: <http://mailarchive.ietf.org/arch/msg/i-d-announce/d0JrqTVFjGV8YS6uI3XVRnKu7ic>
X-BeenThere: i-d-announce@ietf.org
X-Mailman-Version: 2.1.17
Reply-To: internet-drafts@ietf.org
List-Id: Internet Draft Announcements only <i-d-announce.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i-d-announce>, <mailto:i-d-announce-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i-d-announce/>
List-Post: <mailto:i-d-announce@ietf.org>
List-Help: <mailto:i-d-announce-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i-d-announce>, <mailto:i-d-announce-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Apr 2016 16:25:18 -0000
A New Internet-Draft is available from the on-line Internet-Drafts directories.
Title : Design Discussion and Comparison of Protection Mechanisms for Replay Attack and Withdrawal Suppression in BGPsec
Authors : Kotikalapudi Sriram
Doug Montgomery
Filename : draft-sriram-replay-protection-design-discussion-06.txt
Pages : 17
Date : 2016-04-18
Abstract:
In the context of BGPsec, a withdrawal suppression occurs when an
adversary AS suppresses a prefix withdrawal with the intension of
continuing to attract traffic for that prefix based on a previous
(signed and valid) BGPsec announcement that was earlier propagated.
Subsequently if the adversary AS had a BGPsec session reset with a
neighboring BGPsec speaker and when the session is restored, the AS
replays said previous BGPsec announcement (even though it was
withdrawn), then such a replay action is called a replay attack. The
BGPsec protocol should incorporate a method for protection from
Replay Attack and Withdrawal Suppression (RAWS), at least to control
the window of exposure. This informational document provides design
discussion and comparison of multiple alternative RAWS protection
mechanisms weighing their pros and cons. This is meant to be a
companion document to the standards track I-D.-ietf-sidr-bgpsec-
rollover that will specify a method to be used with BGPsec for RAWS
protection.
The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-sriram-replay-protection-design-discussion/
There's also a htmlized version available at:
https://tools.ietf.org/html/draft-sriram-replay-protection-design-discussion-06
A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-sriram-replay-protection-design-discussion-06
Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
- I-D Action: draft-sriram-replay-protection-design… internet-drafts