Re: [Idr] New Version Notification for draft-ietf-idr-route-leak-detection-mitigation-01.txt
"Sriram, Kotikalapudi" <kotikalapudi.sriram@nist.gov> Tue, 20 October 2015 15:08 UTC
Return-Path: <kotikalapudi.sriram@nist.gov>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0BD871B35DA; Tue, 20 Oct 2015 08:08:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NECS21v4XCKK; Tue, 20 Oct 2015 08:08:13 -0700 (PDT)
Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1on0737.outbound.protection.outlook.com [IPv6:2a01:111:f400:fc10::737]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 927E01B3471; Tue, 20 Oct 2015 08:01:54 -0700 (PDT)
Received: from SN1PR09MB0799.namprd09.prod.outlook.com (10.162.101.145) by SN1PR09MB0800.namprd09.prod.outlook.com (10.162.101.146) with Microsoft SMTP Server (TLS) id 15.1.300.14; Tue, 20 Oct 2015 15:01:36 +0000
Received: from SN1PR09MB0799.namprd09.prod.outlook.com ([10.162.101.145]) by SN1PR09MB0799.namprd09.prod.outlook.com ([10.162.101.145]) with mapi id 15.01.0300.010; Tue, 20 Oct 2015 15:01:36 +0000
From: "Sriram, Kotikalapudi" <kotikalapudi.sriram@nist.gov>
To: "idr@ietf.org" <idr@ietf.org>
Thread-Topic: New Version Notification for draft-ietf-idr-route-leak-detection-mitigation-01.txt
Thread-Index: AQHRCroALjIarZRc5UG7WVkGh6cKsZ50d37w
Date: Tue, 20 Oct 2015 15:01:35 +0000
Message-ID: <SN1PR09MB0799F875835DA02F5F89F39684390@SN1PR09MB0799.namprd09.prod.outlook.com>
References: <20151019220332.9222.33714.idtracker@ietfa.amsl.com>
In-Reply-To: <20151019220332.9222.33714.idtracker@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=kotikalapudi.sriram@nist.gov;
x-originating-ip: [129.6.140.100]
x-microsoft-exchange-diagnostics: 1; SN1PR09MB0800; 5:dH/yMiDR9pd5dyp7VRp9t/teDChPca0DsO07Plj9b8aRQs8Bf++Y9iU0PvUcxD+UL7aniHtmqZB8mmmBWiYDwiJ7JnibQYoAAWyLdN7juC0oXG8NIASVezM2/vG9dJaFygit8V4StLeYx7DAoDx1kw==; 24:OoRGuOTTgrUq3zDSOeJ6y+C1KBGbrMYfualoS2OE7H39dU+uRBLbMY3OOK+ZZqiFz7XUi1rAAeeJqEyA+3LxfJe7F+R8eHQ97yrD77Btwig=; 20:2dpWjJGcw+pX/wQNaGAFjDfa1gVfXzuXmIsIZoY4dajxVQ8U84QzlgdOXiA6DwKztQOvJ6D0CPVC6o1aq/sLeg==
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:SN1PR09MB0800;
x-microsoft-antispam-prvs: <SN1PR09MB08009F86AE9D4C39366837E684390@SN1PR09MB0800.namprd09.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(95692535739014)(51492898944892)(65766998875637);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(2401047)(5005006)(520078)(8121501046)(3002001); SRVR:SN1PR09MB0800; BCL:0; PCL:0; RULEID:; SRVR:SN1PR09MB0800;
x-forefront-prvs: 073515755F
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(13464003)(199003)(377454003)(377424004)(189002)(66066001)(122556002)(230783001)(76176999)(2501003)(189998001)(97736004)(81156007)(40100003)(5004730100002)(106116001)(11100500001)(5003600100002)(5007970100001)(101416001)(99286002)(106356001)(5008740100001)(2900100001)(19580395003)(92566002)(4001150100001)(19580405001)(87936001)(54356999)(64706001)(2950100001)(77096005)(74316001)(50986999)(5001920100001)(102836002)(86362001)(15975445007)(450100001)(10400500002)(110136002)(5001960100002)(46102003)(76576001)(2351001)(33656002)(105586002)(5002640100001); DIR:OUT; SFP:1102; SCL:1; SRVR:SN1PR09MB0800; H:SN1PR09MB0799.namprd09.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts)
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Oct 2015 15:01:35.9392 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR09MB0800
Archived-At: <http://mailarchive.ietf.org/arch/msg/idr/CagBR0-LlQPKd2z_So-w7BS7rMo>
Cc: "sidr wg list (sidr@ietf.org)" <sidr@ietf.org>
Subject: Re: [Idr] New Version Notification for draft-ietf-idr-route-leak-detection-mitigation-01.txt
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Oct 2015 15:08:17 -0000
We (authors) have made a significant changes/updates in this new version-01 of the route leaks solution draft. The changes are as follow: 1. The route leak types are realigned with the new order that is used in the new version-03 of the route leaks definition draft that is in progress in the GROW WG: https://tools.ietf.org/html/draft-ietf-grow-route-leak-problem-definition-03 2. Several comments, suggestions that were received on the mailing lists prior to Prague, at the IDR interim (webex) meeting in July, and at the SIDR meeting in Prague have been incorporated. 2. We provide a simpler, clearer description of the route leak detection algorithm (see Section 3). 3. In Section 5.1, we have added discussions of upgrade and downgrade attack possibilities (in the absence of BGPsec security protection for the RLP bits). This topic was discussed on the IDR list in July and was presented and discussed at the SIDR WG meeting in Prague. 4. Section 5.2 is new and discusses the topic “Are there cases when valley-free violations can be considered legitimate?’’ This question was discussed briefly at the SIDR WG meeting in Prague. 6. Keyur Patel and Andrei Robachevsky have been contributing, and have joined in as authors. Sriram -----Original Message----- From: internet-drafts@ietf.org [mailto:internet-drafts@ietf.org] Sent: Monday, October 19, 2015 6:04 PM To: Brian Dickson <brian.peter.dickson@gmail.com>; Montgomery, Douglas <dougm@nist.gov>; Keyur Patel <keyupate@cisco.com>; Andrei Robachevsky <robachevsky@isoc.org>; Sriram, Kotikalapudi <kotikalapudi.sriram@nist.gov> Subject: New Version Notification for draft-ietf-idr-route-leak-detection-mitigation-01.txt A new version of I-D, draft-ietf-idr-route-leak-detection-mitigation-01.txt has been successfully submitted by Kotikalapudi Sriram and posted to the IETF repository. Name: draft-ietf-idr-route-leak-detection-mitigation Revision: 01 Title: Methods for Detection and Mitigation of BGP Route Leaks Document date: 2015-10-19 Group: idr Pages: 18 URL: https://www.ietf.org/internet-drafts/draft-ietf-idr-route-leak-detection-mitigation-01.txt Status: https://datatracker.ietf.org/doc/draft-ietf-idr-route-leak-detection-mitigation/ Htmlized: https://tools.ietf.org/html/draft-ietf-idr-route-leak-detection-mitigation-01 Diff: https://www.ietf.org/rfcdiff?url2=draft-ietf-idr-route-leak-detection-mitigation-01 Abstract: In [I-D.ietf-grow-route-leak-problem-definition], the authors have provided a definition of the route leak problem, and also enumerated several types of route leaks. In this document, we first examine which of those route-leak types are detected and mitigated by the existing origin validation (OV) [RFC 6811] and BGPSEC path validation [I-D.ietf-sidr-bgpsec-protocol]. Where the current OV and BGPSEC protocols don't offer a solution, this document suggests an enhancement that would extend the route-leak detection and mitigation capability of BGPSEC. The solution can be implemented in BGP without necessarily tying it to BGPSEC. Incorporating the solution in BGPSEC is one way of implementing it in a secure way. We do not claim to have provided a solution for all possible types of route leaks, but the solution covers several, especially considering some significant route-leak attacks or occurrences that have been observed in recent years. The document also includes a stopgap method for detection and mitigation of route leaks for the phase when BGPSEC (path validation) is not yet deployed but only origin validation is deployed.
- Re: [Idr] New Version Notification for draft-ietf… Sriram, Kotikalapudi