Re: [Idr] Fw: New Version Notification for draft-sriram-idr-route-leak-detection-mitigation-01
"Susan Hares" <shares@ndzh.com> Sun, 05 July 2015 15:29 UTC
Return-Path: <shares@ndzh.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 76A331A9067 for <idr@ietfa.amsl.com>; Sun, 5 Jul 2015 08:29:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -99.055
X-Spam-Level:
X-Spam-Status: No, score=-99.055 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DOS_OUTLOOK_TO_MX=2.845, USER_IN_WHITELIST=-100] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TZjp-vlalyAj for <idr@ietfa.amsl.com>; Sun, 5 Jul 2015 08:29:45 -0700 (PDT)
Received: from hickoryhill-consulting.com (hhc-web3.hickoryhill-consulting.com [64.9.205.143]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4D9A71A908D for <idr@ietf.org>; Sun, 5 Jul 2015 08:29:45 -0700 (PDT)
X-Default-Received-SPF: pass (skip=forwardok (res=PASS)) x-ip-name=174.124.203.226;
From: Susan Hares <shares@ndzh.com>
To: "'Sriram, Kotikalapudi'" <kotikalapudi.sriram@nist.gov>, idr@ietf.org
References: <20150705122638.1407.91341.idtracker@ietfa.amsl.com> <CY1PR09MB079341C1DC3BB2C35C4F6A0584940@CY1PR09MB0793.namprd09.prod.outlook.com>
In-Reply-To: <CY1PR09MB079341C1DC3BB2C35C4F6A0584940@CY1PR09MB0793.namprd09.prod.outlook.com>
Date: Sun, 05 Jul 2015 11:29:39 -0400
Message-ID: <001b01d0b737$687f1e70$397d5b50$@ndzh.com>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----=_NextPart_000_001C_01D0B715.E16F0510"
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQJkIFeXttsDiKru3LvVQKWhTGjkLgG9G8iwnJhEsNA=
Content-Language: en-us
X-Authenticated-User: skh@ndzh.com
Archived-At: <http://mailarchive.ietf.org/arch/msg/idr/RRWmLZ7Q42togYzelfd4pH-U8FI>
Subject: Re: [Idr] Fw: New Version Notification for draft-sriram-idr-route-leak-detection-mitigation-01
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 05 Jul 2015 15:29:47 -0000
Sriram: Here's an ASPath ORF draft that Keyur and I think might help the non-BGPSEC version of the route leaks. The ORF filters the ASPATH. It's not secure like the BGPSEC - but perhaps it will help. Sue -----Original Message----- From: Idr [mailto:idr-bounces@ietf.org] On Behalf Of Sriram, Kotikalapudi Sent: Sunday, July 05, 2015 9:39 AM To: idr@ietf.org wg Cc: Susan Hares Subject: [Idr] Fw: New Version Notification for draft-sriram-idr-route-leak-detection-mitigation-01 We (the authors) have just submitted an updated -01 version: https://www.ietf.org/internet-drafts/draft-sriram-idr-route-leak-detection-m itigation-01.txt Sue had posted a WG adoption call request (with -00 version): http://www.ietf.org/mail-archive/web/idr/current/msg14550.html Please take a look at the updated version. The diff can be viewed at: https://www.ietf.org/rfcdiff?url2=draft-sriram-idr-route-leak-detection-miti gation-01 Key changes (in -01 version relative to -00): * Section 2 - Related Prior Work - has been newly added * There is substantial new material in Section 5: Design Rationale and Discussion. * Many useful changes have been made to improve the presentation and clarity. * Brian Dickson has been added as a co-author. This work was presented in Dallas, and again an updated version was presented in the IDR interim meeting on June 29. The slides of the presentation are at: http://www.ietf.org/proceedings/interim/2015/06/29/idr/slides/slides-interim -2015-idr-7-0.pdf Comments/questions would be very much appreciated. Sriram ________________________________________ From: internet-drafts@ietf.org <internet-drafts@ietf.org> Sent: Sunday, July 5, 2015 8:26 AM A new version of I-D, draft-sriram-idr-route-leak-detection-mitigation-01.txt has been successfully submitted by Kotikalapudi Sriram and posted to the IETF repository. Name: draft-sriram-idr-route-leak-detection-mitigation Revision: 01 Title: Methods for Detection and Mitigation of BGP Route Leaks Document date: 2015-07-05 Group: idr Pages: 17 URL: https://www.ietf.org/internet-drafts/draft-sriram-idr-route-leak-detection-m itigation-01.txt Status: https://datatracker.ietf.org/doc/draft-sriram-idr-route-leak-detection-mitig ation/ Htmlized: https://tools.ietf.org/html/draft-sriram-idr-route-leak-detection-mitigation -01 Diff: https://www.ietf.org/rfcdiff?url2=draft-sriram-idr-route-leak-detection-miti gation-01 Abstract: In [I-D.ietf-grow-route-leak-problem-definition], the authors have provided a definition of the route leak problem, and also enumerated several types of route leaks. In this document, we first examine which of those route-leak types are detected and mitigated by the existing origin validation (OV) [RFC 6811] and BGPSEC path validation [I-D.ietf-sidr-bgpsec-protocol]. Where the current OV and BGPSEC protocols don't offer a solution, this document suggests an enhancement that would extend the route-leak detection and mitigation capability of BGPSEC. The solution can be implemented in BGP without necessarily tying it to BGPSEC. Incorporating the solution in BGPSEC is one way of implementing it in a secure way. We do not claim to have provided a solution for all possible types of route leaks, but the solution covers several, especially considering some significant route-leak attacks or occurrences that have been observed in recent years. The document also includes a stopgap method for detection and mitigation of route leaks for the phase when BGPSEC (path validation) is not yet deployed but only origin validation is deployed. _______________________________________________ Idr mailing list Idr@ietf.org https://www.ietf.org/mailman/listinfo/idr
- [Idr] Fw: New Version Notification for draft-srir… Sriram, Kotikalapudi
- Re: [Idr] Fw: New Version Notification for draft-… Susan Hares
- Re: [Idr] Fw: New Version Notification for draft-… Sriram, Kotikalapudi
- Re: [Idr] Fw: New Version Notification for draft-… Susan Hares