Re: slides from IETF idr meeting Mar 19, 2003
sandy@tislabs.com Mon, 31 March 2003 16:08 UTC
Received: from trapdoor.merit.edu (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA12559 for <idr-archive@ietf.org>; Mon, 31 Mar 2003 11:08:35 -0500 (EST)
Received: by trapdoor.merit.edu (Postfix) id 674D39127F; Mon, 31 Mar 2003 11:10:53 -0500 (EST)
Delivered-To: idr-outgoing@trapdoor.merit.edu
Received: by trapdoor.merit.edu (Postfix, from userid 56) id 30F4191280; Mon, 31 Mar 2003 11:10:53 -0500 (EST)
Delivered-To: idr@trapdoor.merit.edu
Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id 18AB29127F for <idr@trapdoor.merit.edu>; Mon, 31 Mar 2003 11:10:52 -0500 (EST)
Received: by segue.merit.edu (Postfix) id ECAEF5DD94; Mon, 31 Mar 2003 11:10:51 -0500 (EST)
Delivered-To: idr@merit.edu
Received: from sentry.gw.tislabs.com (sentry.gw.tislabs.com [192.94.214.100]) by segue.merit.edu (Postfix) with ESMTP id 793F35DD91 for <idr@merit.edu>; Mon, 31 Mar 2003 11:10:51 -0500 (EST)
Received: by sentry.gw.tislabs.com; id LAA23973; Mon, 31 Mar 2003 11:11:47 -0500 (EST)
Received: from raven.gw.tislabs.com(10.33.1.50) by sentry.gw.tislabs.com via smap (V5.5) id xma023963; Mon, 31 Mar 03 11:11:19 -0500
Received: (from sandy@localhost) by raven.gw.tislabs.com (8.11.6/8.11.6) id h2VGAMw11595; Mon, 31 Mar 2003 11:10:23 -0500 (EST)
Date: Mon, 31 Mar 2003 11:10:23 -0500
Message-Id: <200303311610.h2VGAMw11595@raven.gw.tislabs.com>
From: sandy@tislabs.com
To: idr@merit.edu, sandy@tislabs.com, shares@nexthop.com
Subject: Re: slides from IETF idr meeting Mar 19, 2003
Sender: owner-idr@merit.edu
Precedence: bulk
>Nov 02 discussion of security, but no presentation > (draft-murphy-bgp-protect-01.txt submitted, date change only) True enough, but more important for this discussion: (draft-murphy-bgp-vuln-01.txt submitted, date change only) --Sandy Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id LAA24957 for <idr-archive@nic.merit.edu>; Mon, 31 Mar 2003 11:11:14 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id 674D39127F; Mon, 31 Mar 2003 11:10:53 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id 30F4191280; Mon, 31 Mar 2003 11:10:53 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id 18AB29127F for <idr@trapdoor.merit.edu>; Mon, 31 Mar 2003 11:10:52 -0500 (EST) Received: by segue.merit.edu (Postfix) id ECAEF5DD94; Mon, 31 Mar 2003 11:10:51 -0500 (EST) Delivered-To: idr@merit.edu Received: from sentry.gw.tislabs.com (sentry.gw.tislabs.com [192.94.214.100]) by segue.merit.edu (Postfix) with ESMTP id 793F35DD91 for <idr@merit.edu>; Mon, 31 Mar 2003 11:10:51 -0500 (EST) Received: by sentry.gw.tislabs.com; id LAA23973; Mon, 31 Mar 2003 11:11:47 -0500 (EST) Received: from raven.gw.tislabs.com(10.33.1.50) by sentry.gw.tislabs.com via smap (V5.5) id xma023963; Mon, 31 Mar 03 11:11:19 -0500 Received: (from sandy@localhost) by raven.gw.tislabs.com (8.11.6/8.11.6) id h2VGAMw11595; Mon, 31 Mar 2003 11:10:23 -0500 (EST) Date: Mon, 31 Mar 2003 11:10:23 -0500 (EST) Message-Id: <200303311610.h2VGAMw11595@raven.gw.tislabs.com> From: sandy@tislabs.com To: idr@merit.edu, sandy@tislabs.com, shares@nexthop.com Subject: Re: slides from IETF idr meeting Mar 19, 2003 Sender: owner-idr@merit.edu Precedence: bulk >Nov 02 discussion of security, but no presentation > (draft-murphy-bgp-protect-01.txt submitted, date change only) True enough, but more important for this discussion: (draft-murphy-bgp-vuln-01.txt submitted, date change only) --Sandy Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id KAA24831 for <idr-archive@nic.merit.edu>; Mon, 31 Mar 2003 10:59:51 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id 95C1F91272; Mon, 31 Mar 2003 10:59:25 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id 6170F9127F; Mon, 31 Mar 2003 10:59:25 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id DBDE691272 for <idr@trapdoor.merit.edu>; Mon, 31 Mar 2003 10:59:23 -0500 (EST) Received: by segue.merit.edu (Postfix) id C83BB5DD93; Mon, 31 Mar 2003 10:59:23 -0500 (EST) Delivered-To: idr@merit.edu Received: from sith.maoz.com (sith.maoz.com [205.167.76.10]) by segue.merit.edu (Postfix) with ESMTP id 7E19D5DD8C for <idr@merit.edu>; Mon, 31 Mar 2003 10:59:23 -0500 (EST) Received: (from dmm@localhost) by sith.maoz.com (8.12.9/8.12.9) id h2VFxp71021972; Mon, 31 Mar 2003 07:59:51 -0800 Date: Mon, 31 Mar 2003 07:59:51 -0800 From: David Meyer <dmm@sprint.net> To: Yakov Rekhter <yakov@juniper.net> Cc: idr@merit.edu Subject: Re: BGP protocol analysis Message-ID: <20030331075951.H21849@sprint.net> References: <200303311527.h2VFRoS62831@merlot.juniper.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <200303311527.h2VFRoS62831@merlot.juniper.net>; from yakov@juniper.net on Mon, Mar 31, 2003 at 07:27:50AM -0800 Sender: owner-idr@merit.edu Precedence: bulk Yakov/All, Comments very welcome. There are quite a few updates to this one already. Thanks, Dave On Mon, Mar 31, 2003 at 07:27:50AM -0800, Yakov Rekhter wrote: >> Folks, >> >> Please review and comment on the BGP Protocol Analysis draft. >> >> Yakov. >> ------- Forwarded Message >> >> Date: Mon, 24 Mar 2003 07:25:25 -0500 >> From: Internet-Drafts@ietf.org >> To: IETF-Announce: ; >> cc: idr@merit.edu >> Subject: I-D ACTION:draft-ietf-idr-bgp-analysis-00.txt >> >> - --NextPart >> >> A New Internet-Draft is available from the on-line Internet-Drafts directories. >> This draft is a work item of the Inter-Domain Routing Working Group of the IETF >> . >> >> Title : BGP-4 Protocol Analysis >> Author(s) : D. Meyer, K. Patel >> Filename : draft-ietf-idr-bgp-analysis-00.txt >> Pages : 15 >> Date : 2003-3-20 >> >> The purpose of this report is to document how the requirements for >> advancing a routing protocol from Draft Standard to full Standard >> have been satisfied by Border Gateway Protocol version 4 (BGP-4). >> This report satisfies the requirement for'the second report', as >> described in Section 6.0 of RFC 1264 [RFC1264]. In order to fulfill >> the requirement, this report augments RFC 1774 [RFC1774] and >> summarizes the key features of BGP protocol, and analyzes the >> protocol with respect to scaling and performance. >> >> A URL for this Internet-Draft is: >> http://www.ietf.org/internet-drafts/draft-ietf-idr-bgp-analysis-00.txt >> >> To remove yourself from the IETF Announcement list, send a message to >> ietf-announce-request with the word unsubscribe in the body of the message. >> >> Internet-Drafts are also available by anonymous FTP. Login with the username >> "anonymous" and a password of your e-mail address. After logging in, >> type "cd internet-drafts" and then >> "get draft-ietf-idr-bgp-analysis-00.txt". >> >> A list of Internet-Drafts directories can be found in >> http://www.ietf.org/shadow.html >> or ftp://ftp.ietf.org/ietf/1shadow-sites.txt >> >> >> Internet-Drafts can also be obtained by e-mail. >> >> Send a message to: >> mailserv@ietf.org. >> In the body type: >> "FILE /internet-drafts/draft-ietf-idr-bgp-analysis-00.txt". >> >> NOTE: The mail server at ietf.org can return the document in >> MIME-encoded form by using the "mpack" utility. To use this >> feature, insert the command "ENCODING mime" before the "FILE" >> command. To decode the response(s), you will need "munpack" or >> a MIME-compliant mail reader. Different MIME-compliant mail readers >> exhibit different behavior, especially when dealing with >> "multipart" MIME messages (i.e. documents which have been split >> up into multiple messages), so check your local documentation on >> how to manipulate these messages. >> >> >> Below is the data which will enable a MIME compliant mail reader >> implementation to automatically retrieve the ASCII version of the >> Internet-Draft. >> >> - --NextPart >> Content-Type: Multipart/Alternative; Boundary="OtherAccess" >> >> - --OtherAccess >> Content-Type: Message/External-body; >> access-type="mail-server"; >> server="mailserv@ietf.org" >> >> Content-Type: text/plain >> Content-ID: <2003-3-21155030.I-D@ietf.org> >> >> ENCODING mime >> FILE /internet-drafts/draft-ietf-idr-bgp-analysis-00.txt >> >> - --OtherAccess >> Content-Type: Message/External-body; >> name="draft-ietf-idr-bgp-analysis-00.txt"; >> site="ftp.ietf.org"; >> access-type="anon-ftp"; >> directory="internet-drafts" >> >> Content-Type: text/plain >> Content-ID: <2003-3-21155030.I-D@ietf.org> >> >> - --OtherAccess-- >> >> - --NextPart-- >> >> >> >> ------- End of Forwarded Message Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id KAA24601 for <idr-archive@nic.merit.edu>; Mon, 31 Mar 2003 10:28:13 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id E4234912FC; Mon, 31 Mar 2003 10:27:53 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id 993A1912FF; Mon, 31 Mar 2003 10:27:53 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id 7FBCA912FC for <idr@trapdoor.merit.edu>; Mon, 31 Mar 2003 10:27:51 -0500 (EST) Received: by segue.merit.edu (Postfix) id 699005E238; Mon, 31 Mar 2003 10:27:51 -0500 (EST) Delivered-To: idr@merit.edu Received: from merlot.juniper.net (natint.juniper.net [207.17.136.129]) by segue.merit.edu (Postfix) with ESMTP id D3ACB5E260 for <idr@merit.edu>; Mon, 31 Mar 2003 10:27:50 -0500 (EST) Received: from juniper.net (garnet.juniper.net [172.17.28.17]) by merlot.juniper.net (8.11.3/8.11.3) with ESMTP id h2VFRoS62831 for <idr@merit.edu>; Mon, 31 Mar 2003 07:27:50 -0800 (PST) (envelope-from yakov@juniper.net) Message-Id: <200303311527.h2VFRoS62831@merlot.juniper.net> To: idr@merit.edu Subject: BGP protocol analysis MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <37255.1049124470.1@juniper.net> Date: Mon, 31 Mar 2003 07:27:50 -0800 From: Yakov Rekhter <yakov@juniper.net> Sender: owner-idr@merit.edu Precedence: bulk Folks, Please review and comment on the BGP Protocol Analysis draft. Yakov. ------- Forwarded Message Date: Mon, 24 Mar 2003 07:25:25 -0500 From: Internet-Drafts@ietf.org To: IETF-Announce: ; cc: idr@merit.edu Subject: I-D ACTION:draft-ietf-idr-bgp-analysis-00.txt - --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Inter-Domain Routing Working Group of the IETF . Title : BGP-4 Protocol Analysis Author(s) : D. Meyer, K. Patel Filename : draft-ietf-idr-bgp-analysis-00.txt Pages : 15 Date : 2003-3-20 The purpose of this report is to document how the requirements for advancing a routing protocol from Draft Standard to full Standard have been satisfied by Border Gateway Protocol version 4 (BGP-4). This report satisfies the requirement for'the second report', as described in Section 6.0 of RFC 1264 [RFC1264]. In order to fulfill the requirement, this report augments RFC 1774 [RFC1774] and summarizes the key features of BGP protocol, and analyzes the protocol with respect to scaling and performance. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-idr-bgp-analysis-00.txt To remove yourself from the IETF Announcement list, send a message to ietf-announce-request with the word unsubscribe in the body of the message. Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-idr-bgp-analysis-00.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-idr-bgp-analysis-00.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. - --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" - --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <2003-3-21155030.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-idr-bgp-analysis-00.txt - --OtherAccess Content-Type: Message/External-body; name="draft-ietf-idr-bgp-analysis-00.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <2003-3-21155030.I-D@ietf.org> - --OtherAccess-- - --NextPart-- ------- End of Forwarded Message Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id KAA24376 for <idr-archive@nic.merit.edu>; Mon, 31 Mar 2003 10:04:32 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id A91109127C; Mon, 31 Mar 2003 10:04:11 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id 80FCF9127E; Mon, 31 Mar 2003 10:04:11 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id CEE399127C for <idr@trapdoor.merit.edu>; Mon, 31 Mar 2003 10:02:44 -0500 (EST) Received: by segue.merit.edu (Postfix) id 8D6FB5E1D5; Mon, 31 Mar 2003 10:02:07 -0500 (EST) Delivered-To: idr@merit.edu Received: from workhorse.fictitious.org (workhorse.fictitious.org [209.150.1.230]) by segue.merit.edu (Postfix) with ESMTP id D75BB5E140 for <idr@merit.edu>; Mon, 31 Mar 2003 10:02:06 -0500 (EST) Received: from workhorse.fictitious.org (localhost.fictitious.org [127.0.0.1]) by workhorse.fictitious.org (8.9.3/8.9.3) with ESMTP id KAA53567; Mon, 31 Mar 2003 10:01:37 -0500 (EST) (envelope-from curtis@workhorse.fictitious.org) Message-Id: <200303311501.KAA53567@workhorse.fictitious.org> To: Yakov Rekhter <yakov@juniper.net> Cc: curtis@fictitious.org, "Susan Hares" <shares@nexthop.com>, "IDR WG (E-mail)" <idr@merit.edu> Reply-To: curtis@fictitious.org Subject: Re: Issue 19) Security Considerations In-reply-to: Your message of "Mon, 31 Mar 2003 06:17:04 PST." <200303311417.h2VEH4S58674@merlot.juniper.net> Date: Mon, 31 Mar 2003 10:01:37 -0500 From: Curtis Villamizar <curtis@fictitious.org> Sender: owner-idr@merit.edu Precedence: bulk In message <200303311417.h2VEH4S58674@merlot.juniper.net>, Yakov Rekhter writes : > Curtis, > > > > >, "Susan Hares" writes: > > > > > > > > Curtis: > > > > > > > > My understanding is that this is an addition > > > > to the security vulnerabilities document. > > > > > > > > Is this correct? > > > > > > > > Sue > > > > > > > > > We are talking about the security section of the BGP4 internet draft. > > > > > > Curtis > > > > > > Maybe I should clarify that. > > > > We all know that TCP in the clear has vulnerabilities. Use of MD5 > > increases the barrier to exploit these. If snooping is not possible, > > MD5 is completely effective in this role. > > > > There is a second set of vulnerabilities having to do with DoS. An > > attacker can send traffic faster than the authentication can be run to > > throw it away. Packet filtering techniques have been used to reduce > > the exposure and in some cases eliminate it. > > > > A short description (a bit more than these two paragraphs) may be > > needed in the BGP4 spec. If you want I'll write something (Monday). > > May I suggest that the proper place for this would be in the BGP > Vulnerabilities Analysis document. The base spec already has a > pointer to that document. > > Yakov. OK. I'll send something to Sandy and she can decide what to use or whether to use it. Curtis Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id JAA23930 for <idr-archive@nic.merit.edu>; Mon, 31 Mar 2003 09:19:43 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id 9A36B912BB; Mon, 31 Mar 2003 09:19:22 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id 67D889127E; Mon, 31 Mar 2003 09:19:22 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id C3FEE912BB for <idr@trapdoor.merit.edu>; Mon, 31 Mar 2003 09:17:58 -0500 (EST) Received: by segue.merit.edu (Postfix) id 106AF5E2BB; Mon, 31 Mar 2003 09:17:26 -0500 (EST) Delivered-To: idr@merit.edu Received: from merlot.juniper.net (natint.juniper.net [207.17.136.129]) by segue.merit.edu (Postfix) with ESMTP id AEEF95E2BA for <idr@merit.edu>; Mon, 31 Mar 2003 09:17:25 -0500 (EST) Received: from juniper.net (garnet.juniper.net [172.17.28.17]) by merlot.juniper.net (8.11.3/8.11.3) with ESMTP id h2VEH4S58674; Mon, 31 Mar 2003 06:17:12 -0800 (PST) (envelope-from yakov@juniper.net) Message-Id: <200303311417.h2VEH4S58674@merlot.juniper.net> To: curtis@fictitious.org Cc: "Susan Hares" <shares@nexthop.com>, "IDR WG (E-mail)" <idr@merit.edu> Subject: Re: Issue 19) Security Considerations In-Reply-To: Your message of "Sat, 29 Mar 2003 17:14:17 EST." <200303292214.RAA49861@workhorse.fictitious.org> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <21040.1049120224.1@juniper.net> Date: Mon, 31 Mar 2003 06:17:04 -0800 From: Yakov Rekhter <yakov@juniper.net> Sender: owner-idr@merit.edu Precedence: bulk Curtis, > > >, "Susan Hares" writes: > > > > > > Curtis: > > > > > > My understanding is that this is an addition > > > to the security vulnerabilities document. > > > > > > Is this correct? > > > > > > Sue > > > > > > We are talking about the security section of the BGP4 internet draft. > > > > Curtis > > > Maybe I should clarify that. > > We all know that TCP in the clear has vulnerabilities. Use of MD5 > increases the barrier to exploit these. If snooping is not possible, > MD5 is completely effective in this role. > > There is a second set of vulnerabilities having to do with DoS. An > attacker can send traffic faster than the authentication can be run to > throw it away. Packet filtering techniques have been used to reduce > the exposure and in some cases eliminate it. > > A short description (a bit more than these two paragraphs) may be > needed in the BGP4 spec. If you want I'll write something (Monday). May I suggest that the proper place for this would be in the BGP Vulnerabilities Analysis document. The base spec already has a pointer to that document. Yakov. Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id JAA23186 for <idr-archive@nic.merit.edu>; Mon, 31 Mar 2003 09:08:00 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id 6A14B912F9; Mon, 31 Mar 2003 09:07:41 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id 33771912FA; Mon, 31 Mar 2003 09:07:41 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id EF241912F9 for <idr@trapdoor.merit.edu>; Mon, 31 Mar 2003 09:07:39 -0500 (EST) Received: by segue.merit.edu (Postfix) id D32755E288; Mon, 31 Mar 2003 09:07:39 -0500 (EST) Delivered-To: idr@merit.edu Received: from merlot.juniper.net (natint.juniper.net [207.17.136.129]) by segue.merit.edu (Postfix) with ESMTP id 502725E286 for <idr@merit.edu>; Mon, 31 Mar 2003 09:07:39 -0500 (EST) Received: from juniper.net (garnet.juniper.net [172.17.28.17]) by merlot.juniper.net (8.11.3/8.11.3) with ESMTP id h2VE7WS58233; Mon, 31 Mar 2003 06:07:32 -0800 (PST) (envelope-from yakov@juniper.net) Message-Id: <200303311407.h2VE7WS58233@merlot.juniper.net> To: Jeffrey Haas <jhaas@nexthop.com> Cc: Alex Zinin <zinin@psg.com>, idr@merit.edu Subject: Re: Issue 19) Security Considerations In-Reply-To: Your message of "Mon, 24 Mar 2003 20:03:47 EST." <20030324200347.A23741@nexthop.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <18871.1049119652.1@juniper.net> Date: Mon, 31 Mar 2003 06:07:32 -0800 From: Yakov Rekhter <yakov@juniper.net> Sender: owner-idr@merit.edu Precedence: bulk Jeff, > On Mon, Mar 24, 2003 at 04:43:57PM -0800, Alex Zinin wrote: > > Maybe we should change the text to say > > > > "Implementations MUST support TCP MD5 [RFC2385] for authentication." > > And there would be much rejoicing (as Jeff shuts up). Done. Yakov. Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id RAA06497 for <idr-archive@nic.merit.edu>; Sat, 29 Mar 2003 17:15:34 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id 10F5F91232; Sat, 29 Mar 2003 17:15:04 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id 8556B91233; Sat, 29 Mar 2003 17:15:03 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id A9CF891232 for <idr@trapdoor.merit.edu>; Sat, 29 Mar 2003 17:15:00 -0500 (EST) Received: by segue.merit.edu (Postfix) id 810675DFB8; Sat, 29 Mar 2003 17:15:00 -0500 (EST) Delivered-To: idr@merit.edu Received: from workhorse.fictitious.org (workhorse.fictitious.org [209.150.1.230]) by segue.merit.edu (Postfix) with ESMTP id 393535DFB7 for <idr@merit.edu>; Sat, 29 Mar 2003 17:14:59 -0500 (EST) Received: from workhorse.fictitious.org (localhost.fictitious.org [127.0.0.1]) by workhorse.fictitious.org (8.9.3/8.9.3) with ESMTP id RAA49861; Sat, 29 Mar 2003 17:14:17 -0500 (EST) (envelope-from curtis@workhorse.fictitious.org) Message-Id: <200303292214.RAA49861@workhorse.fictitious.org> To: curtis@fictitious.org Cc: "Susan Hares" <shares@nexthop.com>, "Joris Dobbelsteen" <joris.dobbelsteen@mail.com>, "IDR WG (E-mail)" <idr@merit.edu> Reply-To: curtis@fictitious.org Subject: Re: Issue 19) Security Considerations In-reply-to: Your message of "Sat, 29 Mar 2003 15:56:16 EST." <200303292056.PAA49521@workhorse.fictitious.org> Date: Sat, 29 Mar 2003 17:14:17 -0500 From: Curtis Villamizar <curtis@fictitious.org> Sender: owner-idr@merit.edu Precedence: bulk In message <200303292056.PAA49521@workhorse.fictitious.org>, Curtis Villamizar writes: > > In message <BE36D687C8CBFA4AB76F5CD3E3C0FB4EA61A5C@aa-exchange1.corp.nexthop. > co > m>, "Susan Hares" writes: > > > > Curtis: > > > > My understanding is that this is an addition > > to the security vulnerabilities document. > > > > Is this correct? > > > > Sue > > > We are talking about the security section of the BGP4 internet draft. > > Curtis Maybe I should clarify that. We all know that TCP in the clear has vulnerabilities. Use of MD5 increases the barrier to exploit these. If snooping is not possible, MD5 is completely effective in this role. There is a second set of vulnerabilities having to do with DoS. An attacker can send traffic faster than the authentication can be run to throw it away. Packet filtering techniques have been used to reduce the exposure and in some cases eliminate it. A short description (a bit more than these two paragraphs) may be needed in the BGP4 spec. If you want I'll write something (Monday). Curtis > > -----Original Message----- > > From: Curtis Villamizar [mailto:curtis@fictitious.org] > > Sent: Thursday, March 27, 2003 12:52 PM > > To: Joris Dobbelsteen > > Cc: IDR WG (E-mail) > > Subject: Re: Issue 19) Security Considerations > > > > > > > > In message <000401c2f439$7cc69ee0$0d0ca8c0@joris2k.local>, "Joris Dobbelste > en > > " > > writes: > > > Indeed, for recommendation, TCP-MD5 would be at least a > > > sufficient minimum, because it is widely implemented. > > > > > > Still it should mention what vulnerabilities are kept open > > > even when using TCP-MD5, so they can be taken into account > > > in the future and in current deployments... > > > > > > - Joris > > > > > > That's fair. Name those vulnerabilities and how they apply to use of > > TCP MD5 for BGP where snooping is generally not possible and we'll put > > them in. > > > > It might also be worth mentioning the DoS issues, the use of filtering > > to solve these problems, and the inability to do that filtering with > > security protocols which hide the port numbers. > > > > If we decide to do this any of a number of people could supply the > > latter but I'd be willing to. > > > > Curtis > > > > > > > >-----Original Message----- > > > >From: owner-idr@merit.edu [mailto:owner-idr@merit.edu]On Behalf Of > > > >Curtis Villamizar > > > >Sent: Thursday, 27 March 2003 1:45 > > > >To: John Leslie > > > >Cc: Curtis Villamizar; Alex Zinin; idr@merit.edu > > > >Subject: Re: Issue 19) Security Considerations > > > > > > > > > > > > > > > >In message <20030325205614.A1596@verdi>, John Leslie writes: > > > >> > > > >> I'm not at all wedded to the words I proposed, but if we > > > >can't find > > > >> somewhere in this document to say that TCP-MD5 "should" be > > > >used, I think > > > >> we have no business saying it "must" be implemented. > > > > > > > >We don't need that in the protocol spec. Protocol specs are not > > > >supposed to dictate usage. This keeps them simpler. Usage > > > >recommendations and implementation experience is provided in separate > > > >documents, not in the protocol spec. > > > > > > > >> If, instead, we claim that it's entirely up to administrators > > > >> whether to use TCP-MD5, and we have no recommendation, I > > > >don't see how > > > >> we justify denying them access to implementations which don't include > > > >> TCP-MD5. > > > > > > > >Putting something into a spec doesn't deny access to anything. By > > > >mandating TCP MD5 in the security section we just indicate that > > > >implementations without it have a very severe deficiency with regard > > > >to meeting security requirements in a way that interoperates with the > > > >existing installed base. > > > > > > > >Curtis > > > Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id PAA03821 for <idr-archive@nic.merit.edu>; Sat, 29 Mar 2003 15:58:14 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id 0FDDA9122F; Sat, 29 Mar 2003 15:57:55 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id CBD7E91231; Sat, 29 Mar 2003 15:57:54 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id 643159122F for <idr@trapdoor.merit.edu>; Sat, 29 Mar 2003 15:57:53 -0500 (EST) Received: by segue.merit.edu (Postfix) id 45A4B5DFA9; Sat, 29 Mar 2003 15:57:53 -0500 (EST) Delivered-To: idr@merit.edu Received: from workhorse.fictitious.org (workhorse.fictitious.org [209.150.1.230]) by segue.merit.edu (Postfix) with ESMTP id 20B365DFA6 for <idr@merit.edu>; Sat, 29 Mar 2003 15:57:52 -0500 (EST) Received: from workhorse.fictitious.org (localhost.fictitious.org [127.0.0.1]) by workhorse.fictitious.org (8.9.3/8.9.3) with ESMTP id PAA49521; Sat, 29 Mar 2003 15:56:16 -0500 (EST) (envelope-from curtis@workhorse.fictitious.org) Message-Id: <200303292056.PAA49521@workhorse.fictitious.org> To: "Susan Hares" <shares@nexthop.com> Cc: curtis@fictitious.org, "Joris Dobbelsteen" <joris.dobbelsteen@mail.com>, "IDR WG (E-mail)" <idr@merit.edu> Reply-To: curtis@fictitious.org Subject: Re: Issue 19) Security Considerations In-reply-to: Your message of "Fri, 28 Mar 2003 08:42:49 EST." <BE36D687C8CBFA4AB76F5CD3E3C0FB4EA61A5C@aa-exchange1.corp.nexthop.com> Date: Sat, 29 Mar 2003 15:56:16 -0500 From: Curtis Villamizar <curtis@fictitious.org> Sender: owner-idr@merit.edu Precedence: bulk In message <BE36D687C8CBFA4AB76F5CD3E3C0FB4EA61A5C@aa-exchange1.corp.nexthop.co m>, "Susan Hares" writes: > > Curtis: > > My understanding is that this is an addition > to the security vulnerabilities document. > > Is this correct? > > Sue We are talking about the security section of the BGP4 internet draft. Curtis > -----Original Message----- > From: Curtis Villamizar [mailto:curtis@fictitious.org] > Sent: Thursday, March 27, 2003 12:52 PM > To: Joris Dobbelsteen > Cc: IDR WG (E-mail) > Subject: Re: Issue 19) Security Considerations > > > > In message <000401c2f439$7cc69ee0$0d0ca8c0@joris2k.local>, "Joris Dobbelsteen > " > writes: > > Indeed, for recommendation, TCP-MD5 would be at least a > > sufficient minimum, because it is widely implemented. > > > > Still it should mention what vulnerabilities are kept open > > even when using TCP-MD5, so they can be taken into account > > in the future and in current deployments... > > > > - Joris > > > That's fair. Name those vulnerabilities and how they apply to use of > TCP MD5 for BGP where snooping is generally not possible and we'll put > them in. > > It might also be worth mentioning the DoS issues, the use of filtering > to solve these problems, and the inability to do that filtering with > security protocols which hide the port numbers. > > If we decide to do this any of a number of people could supply the > latter but I'd be willing to. > > Curtis > > > > >-----Original Message----- > > >From: owner-idr@merit.edu [mailto:owner-idr@merit.edu]On Behalf Of > > >Curtis Villamizar > > >Sent: Thursday, 27 March 2003 1:45 > > >To: John Leslie > > >Cc: Curtis Villamizar; Alex Zinin; idr@merit.edu > > >Subject: Re: Issue 19) Security Considerations > > > > > > > > > > > >In message <20030325205614.A1596@verdi>, John Leslie writes: > > >> > > >> I'm not at all wedded to the words I proposed, but if we > > >can't find > > >> somewhere in this document to say that TCP-MD5 "should" be > > >used, I think > > >> we have no business saying it "must" be implemented. > > > > > >We don't need that in the protocol spec. Protocol specs are not > > >supposed to dictate usage. This keeps them simpler. Usage > > >recommendations and implementation experience is provided in separate > > >documents, not in the protocol spec. > > > > > >> If, instead, we claim that it's entirely up to administrators > > >> whether to use TCP-MD5, and we have no recommendation, I > > >don't see how > > >> we justify denying them access to implementations which don't include > > >> TCP-MD5. > > > > > >Putting something into a spec doesn't deny access to anything. By > > >mandating TCP MD5 in the security section we just indicate that > > >implementations without it have a very severe deficiency with regard > > >to meeting security requirements in a way that interoperates with the > > >existing installed base. > > > > > >Curtis > Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id JAA24975 for <idr-archive@nic.merit.edu>; Fri, 28 Mar 2003 09:30:11 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id 33ED7912C3; Fri, 28 Mar 2003 09:29:45 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id 05507912C4; Fri, 28 Mar 2003 09:29:44 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id 98813912C3 for <idr@trapdoor.merit.edu>; Fri, 28 Mar 2003 09:29:43 -0500 (EST) Received: by segue.merit.edu (Postfix) id 7D75D5DDB4; Fri, 28 Mar 2003 09:29:43 -0500 (EST) Delivered-To: idr@merit.edu Received: from presque.nexthop.com (dns.nexthop.com [64.211.218.216]) by segue.merit.edu (Postfix) with ESMTP id 312935DDB2 for <idr@merit.edu>; Fri, 28 Mar 2003 09:29:42 -0500 (EST) Received: (from root@localhost) by presque.nexthop.com (8.12.8/8.11.1) id h2SETfjO018578 for idr@merit.edu; Fri, 28 Mar 2003 09:29:41 -0500 (EST) (envelope-from shares@nexthop.com) Received: from mail.corp.nexthop.com ([64.211.218.233]) by presque.nexthop.com (8.12.8/8.12.8) with ESMTP id h2SETZ9c018541 for <idr@merit.edu>; Fri, 28 Mar 2003 09:29:35 -0500 (EST) (envelope-from shares@nexthop.com) content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0 Subject: RE: Issue 19) Security Considerations Date: Fri, 28 Mar 2003 09:29:30 -0500 Message-ID: <BE36D687C8CBFA4AB76F5CD3E3C0FB4EA6ABFE@aa-exchange1.corp.nexthop.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Issue 19) Security Considerations Thread-Index: AcL1LlZnu/CzmrVTS9is+UzmA3/Y7QAAG1PA From: "Susan Hares" <shares@nexthop.com> To: "Joris Dobbelsteen" <joris.dobbelsteen@mail.com>, "IDR WG (E-mail)" <idr@merit.edu> X-Virus-Scanned: by AMaViS perl-11 Sender: owner-idr@merit.edu Precedence: bulk Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by nic.merit.edu id JAA24975 Joris and Eric: I'll ping Sandy and the IETF editor to push the draft: http://www.ietf.org/internet-drafts/draft-murphy-bgp-vuln-02.txt into an IDR draft. As we mentioned at the IDR meeting, the securities considerations section is in this draft. Could I enlist you both in the review and refinement of this document? Sue -----Original Message----- From: Joris Dobbelsteen [mailto:joris.dobbelsteen@mail.com] Sent: Friday, March 28, 2003 8:30 AM To: 'IDR WG (E-mail)' Subject: RE: Issue 19) Security Considerations Eric, I would agree on it as it is, just a minor opinion: The BGP draft might at: Security Considerations The authentication mechanism that an implementation of BGP MUST support is specified in [RFC2385]. The authentication provided by this mechanism could be done on a per peer basis. emphasize this only provide minimal security. "In cases where a BGP implementation accepts connections from unconfigured hosts, the use of IPSEC AH would couter these threats as well as replay attacks and would permit key agreement and roll-over. If routing data confiden- tiality were desired, IPSEC ESP would provide that service." [draft-murphy-bgp-vuln-02.txt] VERY minor notice to the vuln-draft: IPSec ESP would effectively defeat packet filters, as this hides port numbers. - Joris >-----Original Message----- >From: Eric Gray [mailto:ewgray@GraIyMage.com] >Sent: Thursday, 27 March 2003 13:02 >To: Joris Dobbelsteen >Cc: IDR WG (E-mail) >Subject: Re: Issue 19) Security Considerations > > >Joris, > > Discussion of security vulnerabilities in routing >protocols is the subject >of another RFC-in-progress - > > "BGP Security Vulnerabilities Analysis", Sandra Murphy, 03/03 > http://www.ietf.org/internet-drafts/draft-murphy-bgp-vuln-02.txt > >This work is what the last reference in the "current" BGP >draft is meant >to refer to. > >(Susan - can you fix this reference either by getting Sandy's >draft posted >as an IDR working group draft, or by correcting it in the BGP draft?) > >The Security Considerations section - in turn - points to this >reference. >The possibility of explicit inclusion of this work in progress >in the draft >has been discussed to death previously. > >What more do we need to do? > >-- >Eric Gray > >Joris Dobbelsteen wrote: > >> Indeed, for recommendation, TCP-MD5 would be at least a >> sufficient minimum, because it is widely implemented. >> >> Still it should mention what vulnerabilities are kept open >> even when using TCP-MD5, so they can be taken into account >> in the future and in current deployments... >> >> - Joris >> >> >-----Original Message----- >> >From: owner-idr@merit.edu [mailto:owner-idr@merit.edu]On Behalf Of >> >Curtis Villamizar >> >Sent: Thursday, 27 March 2003 1:45 >> >To: John Leslie >> >Cc: Curtis Villamizar; Alex Zinin; idr@merit.edu >> >Subject: Re: Issue 19) Security Considerations >> > >> > >> > >> >In message <20030325205614.A1596@verdi>, John Leslie writes: >> >> >> >> I'm not at all wedded to the words I proposed, but if we >> >can't find >> >> somewhere in this document to say that TCP-MD5 "should" be >> >used, I think >> >> we have no business saying it "must" be implemented. >> > >> >We don't need that in the protocol spec. Protocol specs are not >> >supposed to dictate usage. This keeps them simpler. Usage >> >recommendations and implementation experience is provided >in separate >> >documents, not in the protocol spec. >> > >> >> If, instead, we claim that it's entirely up to administrators >> >> whether to use TCP-MD5, and we have no recommendation, I >> >don't see how >> >> we justify denying them access to implementations which >don't include >> >> TCP-MD5. >> > >> >Putting something into a spec doesn't deny access to anything. By >> >mandating TCP MD5 in the security section we just indicate that >> >implementations without it have a very severe deficiency with regard >> >to meeting security requirements in a way that >interoperates with the >> >existing installed base. >> > >> >Curtis >> > > > > Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id IAA23635 for <idr-archive@nic.merit.edu>; Fri, 28 Mar 2003 08:43:22 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id 0FC3A912C0; Fri, 28 Mar 2003 08:43:04 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id D342F912C1; Fri, 28 Mar 2003 08:43:03 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id 4BBBA912C0 for <idr@trapdoor.merit.edu>; Fri, 28 Mar 2003 08:43:02 -0500 (EST) Received: by segue.merit.edu (Postfix) id 2A01B5DDA2; Fri, 28 Mar 2003 08:43:02 -0500 (EST) Delivered-To: idr@merit.edu Received: from presque.nexthop.com (dns.nexthop.com [64.211.218.216]) by segue.merit.edu (Postfix) with ESMTP id 81CC55DD92 for <idr@merit.edu>; Fri, 28 Mar 2003 08:43:01 -0500 (EST) Received: (from root@localhost) by presque.nexthop.com (8.12.8/8.11.1) id h2SDh0s3017790 for idr@merit.edu; Fri, 28 Mar 2003 08:43:00 -0500 (EST) (envelope-from shares@nexthop.com) Received: from mail.corp.nexthop.com ([64.211.218.233]) by presque.nexthop.com (8.12.8/8.12.8) with ESMTP id h2SDgs9c017776 for <idr@merit.edu>; Fri, 28 Mar 2003 08:42:54 -0500 (EST) (envelope-from shares@nexthop.com) content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0 Subject: RE: Issue 19) Security Considerations Date: Fri, 28 Mar 2003 08:42:49 -0500 Message-ID: <BE36D687C8CBFA4AB76F5CD3E3C0FB4EA61A5C@aa-exchange1.corp.nexthop.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Issue 19) Security Considerations Thread-Index: AcL0ihr/Vk+Lvqb4TiqAUs/h+u4sAgApYxPA From: "Susan Hares" <shares@nexthop.com> To: <curtis@fictitious.org>, "Joris Dobbelsteen" <joris.dobbelsteen@mail.com> Cc: "IDR WG (E-mail)" <idr@merit.edu> X-Virus-Scanned: by AMaViS perl-11 Sender: owner-idr@merit.edu Precedence: bulk Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by nic.merit.edu id IAA23635 Curtis: My understanding is that this is an addition to the security vulnerabilities document. Is this correct? Sue -----Original Message----- From: Curtis Villamizar [mailto:curtis@fictitious.org] Sent: Thursday, March 27, 2003 12:52 PM To: Joris Dobbelsteen Cc: IDR WG (E-mail) Subject: Re: Issue 19) Security Considerations In message <000401c2f439$7cc69ee0$0d0ca8c0@joris2k.local>, "Joris Dobbelsteen" writes: > Indeed, for recommendation, TCP-MD5 would be at least a > sufficient minimum, because it is widely implemented. > > Still it should mention what vulnerabilities are kept open > even when using TCP-MD5, so they can be taken into account > in the future and in current deployments... > > - Joris That's fair. Name those vulnerabilities and how they apply to use of TCP MD5 for BGP where snooping is generally not possible and we'll put them in. It might also be worth mentioning the DoS issues, the use of filtering to solve these problems, and the inability to do that filtering with security protocols which hide the port numbers. If we decide to do this any of a number of people could supply the latter but I'd be willing to. Curtis > >-----Original Message----- > >From: owner-idr@merit.edu [mailto:owner-idr@merit.edu]On Behalf Of > >Curtis Villamizar > >Sent: Thursday, 27 March 2003 1:45 > >To: John Leslie > >Cc: Curtis Villamizar; Alex Zinin; idr@merit.edu > >Subject: Re: Issue 19) Security Considerations > > > > > > > >In message <20030325205614.A1596@verdi>, John Leslie writes: > >> > >> I'm not at all wedded to the words I proposed, but if we > >can't find > >> somewhere in this document to say that TCP-MD5 "should" be > >used, I think > >> we have no business saying it "must" be implemented. > > > >We don't need that in the protocol spec. Protocol specs are not > >supposed to dictate usage. This keeps them simpler. Usage > >recommendations and implementation experience is provided in separate > >documents, not in the protocol spec. > > > >> If, instead, we claim that it's entirely up to administrators > >> whether to use TCP-MD5, and we have no recommendation, I > >don't see how > >> we justify denying them access to implementations which don't include > >> TCP-MD5. > > > >Putting something into a spec doesn't deny access to anything. By > >mandating TCP MD5 in the security section we just indicate that > >implementations without it have a very severe deficiency with regard > >to meeting security requirements in a way that interoperates with the > >existing installed base. > > > >Curtis Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id IAA23336 for <idr-archive@nic.merit.edu>; Fri, 28 Mar 2003 08:33:47 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id C4EF5912BF; Fri, 28 Mar 2003 08:33:29 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id 8C6D3912C0; Fri, 28 Mar 2003 08:33:29 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id 54172912BF for <idr@trapdoor.merit.edu>; Fri, 28 Mar 2003 08:32:40 -0500 (EST) Received: by segue.merit.edu (Postfix) id 323315DECF; Fri, 28 Mar 2003 08:32:40 -0500 (EST) Delivered-To: idr@merit.edu Received: from presque.nexthop.com (dns.nexthop.com [64.211.218.216]) by segue.merit.edu (Postfix) with ESMTP id A41FF5DE79 for <idr@merit.edu>; Fri, 28 Mar 2003 08:32:39 -0500 (EST) Received: (from root@localhost) by presque.nexthop.com (8.12.8/8.11.1) id h2SDWcQR017651 for idr@merit.edu; Fri, 28 Mar 2003 08:32:38 -0500 (EST) (envelope-from shares@nexthop.com) Received: from mail.corp.nexthop.com ([64.211.218.233]) by presque.nexthop.com (8.12.8/8.12.8) with ESMTP id h2SDWW9c017637 for <idr@merit.edu>; Fri, 28 Mar 2003 08:32:32 -0500 (EST) (envelope-from shares@nexthop.com) content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0 Subject: RE: Issue 19) Security Considerations Date: Fri, 28 Mar 2003 08:32:27 -0500 Message-ID: <BE36D687C8CBFA4AB76F5CD3E3C0FB4EA61A5B@aa-exchange1.corp.nexthop.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Issue 19) Security Considerations Thread-Index: AcL0OX3iFNpUnqcsTg+iPa7roG1GqgA9EFWw From: "Susan Hares" <shares@nexthop.com> To: "Joris Dobbelsteen" <joris.dobbelsteen@mail.com>, "IDR WG (E-mail)" <idr@merit.edu> X-Virus-Scanned: by AMaViS perl-11 Sender: owner-idr@merit.edu Precedence: bulk Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by nic.merit.edu id IAA23336 Joris: I'm glad you are interested in the BGP vulnerabilities. We can pick up this discussion on the BGP vulnerabilities draft by Sandy Murphy. Mechanisms are specified in the BGP draft, and we pulled the security section out to become a full draft. Could I enlist you as a review of that draft? Sue Hares -----Original Message----- From: Joris Dobbelsteen [mailto:joris.dobbelsteen@mail.com] Sent: Thursday, March 27, 2003 3:19 AM To: IDR WG (E-mail) Subject: RE: Issue 19) Security Considerations Indeed, for recommendation, TCP-MD5 would be at least a sufficient minimum, because it is widely implemented. Still it should mention what vulnerabilities are kept open even when using TCP-MD5, so they can be taken into account in the future and in current deployments... - Joris >-----Original Message----- >From: owner-idr@merit.edu [mailto:owner-idr@merit.edu]On Behalf Of >Curtis Villamizar >Sent: Thursday, 27 March 2003 1:45 >To: John Leslie >Cc: Curtis Villamizar; Alex Zinin; idr@merit.edu >Subject: Re: Issue 19) Security Considerations > > > >In message <20030325205614.A1596@verdi>, John Leslie writes: >> >> I'm not at all wedded to the words I proposed, but if we >can't find >> somewhere in this document to say that TCP-MD5 "should" be >used, I think >> we have no business saying it "must" be implemented. > >We don't need that in the protocol spec. Protocol specs are not >supposed to dictate usage. This keeps them simpler. Usage >recommendations and implementation experience is provided in separate >documents, not in the protocol spec. > >> If, instead, we claim that it's entirely up to administrators >> whether to use TCP-MD5, and we have no recommendation, I >don't see how >> we justify denying them access to implementations which don't include >> TCP-MD5. > >Putting something into a spec doesn't deny access to anything. By >mandating TCP MD5 in the security section we just indicate that >implementations without it have a very severe deficiency with regard >to meeting security requirements in a way that interoperates with the >existing installed base. > >Curtis > Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id IAA23275 for <idr-archive@nic.merit.edu>; Fri, 28 Mar 2003 08:31:41 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id D5EAC912BC; Fri, 28 Mar 2003 08:30:27 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id 9F0FB912BF; Fri, 28 Mar 2003 08:30:27 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id 40628912BC for <idr@trapdoor.merit.edu>; Fri, 28 Mar 2003 08:30:26 -0500 (EST) Received: by segue.merit.edu (Postfix) id 6CE3E5DEDF; Fri, 28 Mar 2003 08:30:25 -0500 (EST) Delivered-To: idr@merit.edu Received: from cmailENV1.svr.pol.co.uk (cmailENV1.svr.pol.co.uk [213.218.77.53]) by segue.merit.edu (Postfix) with ESMTP id B5D2B5DEDD for <idr@merit.edu>; Fri, 28 Mar 2003 08:30:23 -0500 (EST) Received: from [62.21.131.43] (helo=xtreme) by cmailENV1.svr.pol.co.uk with smtp (Exim 3.35 #1) id 18ytw5-0007q1-00 for idr@merit.edu; Fri, 28 Mar 2003 13:30:22 +0000 From: "Joris Dobbelsteen" <joris.dobbelsteen@mail.com> To: "'IDR WG (E-mail)'" <idr@merit.edu> Subject: RE: Issue 19) Security Considerations Date: Fri, 28 Mar 2003 14:30:05 +0100 Message-ID: <001b01c2f52e$48505480$0d0ca8c0@joris2k.local> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2911.0) Importance: Normal In-Reply-To: <3E82E822.46918941@GraIyMage.com> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Sender: owner-idr@merit.edu Precedence: bulk Eric, I would agree on it as it is, just a minor opinion: The BGP draft might at: Security Considerations The authentication mechanism that an implementation of BGP MUST support is specified in [RFC2385]. The authentication provided by this mechanism could be done on a per peer basis. emphasize this only provide minimal security. "In cases where a BGP implementation accepts connections from unconfigured hosts, the use of IPSEC AH would couter these threats as well as replay attacks and would permit key agreement and roll-over. If routing data confiden- tiality were desired, IPSEC ESP would provide that service." [draft-murphy-bgp-vuln-02.txt] VERY minor notice to the vuln-draft: IPSec ESP would effectively defeat packet filters, as this hides port numbers. - Joris >-----Original Message----- >From: Eric Gray [mailto:ewgray@GraIyMage.com] >Sent: Thursday, 27 March 2003 13:02 >To: Joris Dobbelsteen >Cc: IDR WG (E-mail) >Subject: Re: Issue 19) Security Considerations > > >Joris, > > Discussion of security vulnerabilities in routing >protocols is the subject >of another RFC-in-progress - > > "BGP Security Vulnerabilities Analysis", Sandra Murphy, 03/03 > http://www.ietf.org/internet-drafts/draft-murphy-bgp-vuln-02.txt > >This work is what the last reference in the "current" BGP >draft is meant >to refer to. > >(Susan - can you fix this reference either by getting Sandy's >draft posted >as an IDR working group draft, or by correcting it in the BGP draft?) > >The Security Considerations section - in turn - points to this >reference. >The possibility of explicit inclusion of this work in progress >in the draft >has been discussed to death previously. > >What more do we need to do? > >-- >Eric Gray > >Joris Dobbelsteen wrote: > >> Indeed, for recommendation, TCP-MD5 would be at least a >> sufficient minimum, because it is widely implemented. >> >> Still it should mention what vulnerabilities are kept open >> even when using TCP-MD5, so they can be taken into account >> in the future and in current deployments... >> >> - Joris >> >> >-----Original Message----- >> >From: owner-idr@merit.edu [mailto:owner-idr@merit.edu]On Behalf Of >> >Curtis Villamizar >> >Sent: Thursday, 27 March 2003 1:45 >> >To: John Leslie >> >Cc: Curtis Villamizar; Alex Zinin; idr@merit.edu >> >Subject: Re: Issue 19) Security Considerations >> > >> > >> > >> >In message <20030325205614.A1596@verdi>, John Leslie writes: >> >> >> >> I'm not at all wedded to the words I proposed, but if we >> >can't find >> >> somewhere in this document to say that TCP-MD5 "should" be >> >used, I think >> >> we have no business saying it "must" be implemented. >> > >> >We don't need that in the protocol spec. Protocol specs are not >> >supposed to dictate usage. This keeps them simpler. Usage >> >recommendations and implementation experience is provided >in separate >> >documents, not in the protocol spec. >> > >> >> If, instead, we claim that it's entirely up to administrators >> >> whether to use TCP-MD5, and we have no recommendation, I >> >don't see how >> >> we justify denying them access to implementations which >don't include >> >> TCP-MD5. >> > >> >Putting something into a spec doesn't deny access to anything. By >> >mandating TCP MD5 in the security section we just indicate that >> >implementations without it have a very severe deficiency with regard >> >to meeting security requirements in a way that >interoperates with the >> >existing installed base. >> > >> >Curtis >> > > > > Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id MAA13122 for <idr-archive@nic.merit.edu>; Thu, 27 Mar 2003 12:55:47 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id F35D991205; Thu, 27 Mar 2003 12:55:28 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id BCDB191206; Thu, 27 Mar 2003 12:55:27 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id 77CD491205 for <idr@trapdoor.merit.edu>; Thu, 27 Mar 2003 12:55:26 -0500 (EST) Received: by segue.merit.edu (Postfix) id 688005DDDB; Thu, 27 Mar 2003 12:54:35 -0500 (EST) Delivered-To: idr@merit.edu Received: from workhorse.fictitious.org (unknown [209.150.1.230]) by segue.merit.edu (Postfix) with ESMTP id 1AEDA5DD8E for <idr@merit.edu>; Thu, 27 Mar 2003 12:54:34 -0500 (EST) Received: from workhorse.fictitious.org (localhost.fictitious.org [127.0.0.1]) by workhorse.fictitious.org (8.9.3/8.9.3) with ESMTP id MAA37495; Thu, 27 Mar 2003 12:52:19 -0500 (EST) (envelope-from curtis@workhorse.fictitious.org) Message-Id: <200303271752.MAA37495@workhorse.fictitious.org> To: "Joris Dobbelsteen" <joris.dobbelsteen@mail.com> Cc: "IDR WG (E-mail)" <idr@merit.edu> Reply-To: curtis@fictitious.org Subject: Re: Issue 19) Security Considerations In-reply-to: Your message of "Thu, 27 Mar 2003 09:18:45 +0100." <000401c2f439$7cc69ee0$0d0ca8c0@joris2k.local> Date: Thu, 27 Mar 2003 12:52:19 -0500 From: Curtis Villamizar <curtis@fictitious.org> Sender: owner-idr@merit.edu Precedence: bulk In message <000401c2f439$7cc69ee0$0d0ca8c0@joris2k.local>, "Joris Dobbelsteen" writes: > Indeed, for recommendation, TCP-MD5 would be at least a > sufficient minimum, because it is widely implemented. > > Still it should mention what vulnerabilities are kept open > even when using TCP-MD5, so they can be taken into account > in the future and in current deployments... > > - Joris That's fair. Name those vulnerabilities and how they apply to use of TCP MD5 for BGP where snooping is generally not possible and we'll put them in. It might also be worth mentioning the DoS issues, the use of filtering to solve these problems, and the inability to do that filtering with security protocols which hide the port numbers. If we decide to do this any of a number of people could supply the latter but I'd be willing to. Curtis > >-----Original Message----- > >From: owner-idr@merit.edu [mailto:owner-idr@merit.edu]On Behalf Of > >Curtis Villamizar > >Sent: Thursday, 27 March 2003 1:45 > >To: John Leslie > >Cc: Curtis Villamizar; Alex Zinin; idr@merit.edu > >Subject: Re: Issue 19) Security Considerations > > > > > > > >In message <20030325205614.A1596@verdi>, John Leslie writes: > >> > >> I'm not at all wedded to the words I proposed, but if we > >can't find > >> somewhere in this document to say that TCP-MD5 "should" be > >used, I think > >> we have no business saying it "must" be implemented. > > > >We don't need that in the protocol spec. Protocol specs are not > >supposed to dictate usage. This keeps them simpler. Usage > >recommendations and implementation experience is provided in separate > >documents, not in the protocol spec. > > > >> If, instead, we claim that it's entirely up to administrators > >> whether to use TCP-MD5, and we have no recommendation, I > >don't see how > >> we justify denying them access to implementations which don't include > >> TCP-MD5. > > > >Putting something into a spec doesn't deny access to anything. By > >mandating TCP MD5 in the security section we just indicate that > >implementations without it have a very severe deficiency with regard > >to meeting security requirements in a way that interoperates with the > >existing installed base. > > > >Curtis Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id DAA23443 for <idr-archive@nic.merit.edu>; Thu, 27 Mar 2003 03:18:59 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id B6715912AE; Thu, 27 Mar 2003 03:18:22 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id 77D71912AF; Thu, 27 Mar 2003 03:18:22 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id B86C8912AE for <idr@trapdoor.merit.edu>; Thu, 27 Mar 2003 03:18:15 -0500 (EST) Received: by segue.merit.edu (Postfix) id 958175DDBD; Thu, 27 Mar 2003 03:18:15 -0500 (EST) Delivered-To: idr@merit.edu Received: from cmailENV1.svr.pol.co.uk (cmailENV1.svr.pol.co.uk [213.218.77.53]) by segue.merit.edu (Postfix) with ESMTP id 549DE5DDB0 for <idr@merit.edu>; Thu, 27 Mar 2003 03:18:15 -0500 (EST) Received: from [62.21.146.42] (helo=xtreme) by cmailENV1.svr.pol.co.uk with smtp (Exim 3.35 #1) id 18ySaR-0008NM-00 for idr@merit.edu; Thu, 27 Mar 2003 08:18:11 +0000 From: "Joris Dobbelsteen" <joris.dobbelsteen@mail.com> To: "IDR WG (E-mail)" <idr@merit.edu> Subject: RE: Issue 19) Security Considerations Date: Thu, 27 Mar 2003 09:18:45 +0100 Message-ID: <000401c2f439$7cc69ee0$0d0ca8c0@joris2k.local> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2911.0) Importance: Normal In-Reply-To: <200303270045.TAA34579@workhorse.fictitious.org> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Sender: owner-idr@merit.edu Precedence: bulk Indeed, for recommendation, TCP-MD5 would be at least a sufficient minimum, because it is widely implemented. Still it should mention what vulnerabilities are kept open even when using TCP-MD5, so they can be taken into account in the future and in current deployments... - Joris >-----Original Message----- >From: owner-idr@merit.edu [mailto:owner-idr@merit.edu]On Behalf Of >Curtis Villamizar >Sent: Thursday, 27 March 2003 1:45 >To: John Leslie >Cc: Curtis Villamizar; Alex Zinin; idr@merit.edu >Subject: Re: Issue 19) Security Considerations > > > >In message <20030325205614.A1596@verdi>, John Leslie writes: >> >> I'm not at all wedded to the words I proposed, but if we >can't find >> somewhere in this document to say that TCP-MD5 "should" be >used, I think >> we have no business saying it "must" be implemented. > >We don't need that in the protocol spec. Protocol specs are not >supposed to dictate usage. This keeps them simpler. Usage >recommendations and implementation experience is provided in separate >documents, not in the protocol spec. > >> If, instead, we claim that it's entirely up to administrators >> whether to use TCP-MD5, and we have no recommendation, I >don't see how >> we justify denying them access to implementations which don't include >> TCP-MD5. > >Putting something into a spec doesn't deny access to anything. By >mandating TCP MD5 in the security section we just indicate that >implementations without it have a very severe deficiency with regard >to meeting security requirements in a way that interoperates with the >existing installed base. > >Curtis > Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id TAA07512 for <idr-archive@nic.merit.edu>; Wed, 26 Mar 2003 19:45:11 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id 45E64912A9; Wed, 26 Mar 2003 19:44:44 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id 0F4C3912AB; Wed, 26 Mar 2003 19:44:43 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id BAB6D912A9 for <idr@trapdoor.merit.edu>; Wed, 26 Mar 2003 19:44:42 -0500 (EST) Received: by segue.merit.edu (Postfix) id 9880F5E267; Wed, 26 Mar 2003 19:44:42 -0500 (EST) Delivered-To: idr@merit.edu Received: from workhorse.fictitious.org (workhorse.fictitious.org [209.150.1.230]) by segue.merit.edu (Postfix) with ESMTP id BEE4B5DE87 for <idr@merit.edu>; Wed, 26 Mar 2003 19:44:41 -0500 (EST) Received: from workhorse.fictitious.org (localhost.fictitious.org [127.0.0.1]) by workhorse.fictitious.org (8.9.3/8.9.3) with ESMTP id TAA34579; Wed, 26 Mar 2003 19:45:16 -0500 (EST) (envelope-from curtis@workhorse.fictitious.org) Message-Id: <200303270045.TAA34579@workhorse.fictitious.org> To: John Leslie <john@jlc.net> Cc: Curtis Villamizar <curtis@fictitious.org>, Alex Zinin <zinin@psg.com>, idr@merit.edu Reply-To: curtis@fictitious.org Subject: Re: Issue 19) Security Considerations In-reply-to: Your message of "Tue, 25 Mar 2003 20:56:14 EST." <20030325205614.A1596@verdi> Date: Wed, 26 Mar 2003 19:45:16 -0500 From: Curtis Villamizar <curtis@fictitious.org> Sender: owner-idr@merit.edu Precedence: bulk In message <20030325205614.A1596@verdi>, John Leslie writes: > > I'm not at all wedded to the words I proposed, but if we can't find > somewhere in this document to say that TCP-MD5 "should" be used, I think > we have no business saying it "must" be implemented. We don't need that in the protocol spec. Protocol specs are not supposed to dictate usage. This keeps them simpler. Usage recommendations and implementation experience is provided in separate documents, not in the protocol spec. > If, instead, we claim that it's entirely up to administrators > whether to use TCP-MD5, and we have no recommendation, I don't see how > we justify denying them access to implementations which don't include > TCP-MD5. Putting something into a spec doesn't deny access to anything. By mandating TCP MD5 in the security section we just indicate that implementations without it have a very severe deficiency with regard to meeting security requirements in a way that interoperates with the existing installed base. Curtis Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id QAA01341 for <idr-archive@nic.merit.edu>; Wed, 26 Mar 2003 16:51:13 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id BCC59912A2; Wed, 26 Mar 2003 16:50:55 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id 9278A912A3; Wed, 26 Mar 2003 16:50:55 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id 5BE56912A2 for <idr@trapdoor.merit.edu>; Wed, 26 Mar 2003 16:50:54 -0500 (EST) Received: by segue.merit.edu (Postfix) id 479F65E084; Wed, 26 Mar 2003 16:50:54 -0500 (EST) Delivered-To: idr@merit.edu Received: from workhorse.fictitious.org (workhorse.fictitious.org [209.150.1.230]) by segue.merit.edu (Postfix) with ESMTP id 7CA465DDC8 for <idr@merit.edu>; Wed, 26 Mar 2003 16:50:53 -0500 (EST) Received: from workhorse.fictitious.org (localhost.fictitious.org [127.0.0.1]) by workhorse.fictitious.org (8.9.3/8.9.3) with ESMTP id QAA32228; Wed, 26 Mar 2003 16:51:30 -0500 (EST) (envelope-from curtis@workhorse.fictitious.org) Message-Id: <200303262151.QAA32228@workhorse.fictitious.org> To: "Joris Dobbelsteen" <joris.dobbelsteen@mail.com> Cc: "IDR WG (E-mail)" <idr@merit.edu> Reply-To: curtis@fictitious.org Subject: Re: Issue 19) Security Considerations In-reply-to: Your message of "Wed, 26 Mar 2003 14:37:25 +0100." <001c01c2f3a0$bedf0900$0d0ca8c0@joris2k.local> Date: Wed, 26 Mar 2003 16:51:30 -0500 From: Curtis Villamizar <curtis@fictitious.org> Sender: owner-idr@merit.edu Precedence: bulk In message <001c01c2f3a0$bedf0900$0d0ca8c0@joris2k.local>, "Joris Dobbelsteen" writes: > The discussion regards whether TCP-MD5 is mandatory. > There was a suggestion to open it up for other > authentication mechansims. > > Aren't there more methods for security beside > TCP-MD5. This discussion is regarding what to put in the BGP security section. BGP is going to DS so a single implemented and deployed security measure must be mandated. TCP MD5 is widely implemented and widely deployed. Therefore the only choice is TCP MD5. This particular discussion is not open to "would be nice" security ideas. Curtis Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id JAA14268 for <idr-archive@nic.merit.edu>; Wed, 26 Mar 2003 09:05:35 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id 2A2B69127E; Wed, 26 Mar 2003 09:05:07 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id D599E9127F; Wed, 26 Mar 2003 09:05:06 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id 7A6E89127E for <idr@trapdoor.merit.edu>; Wed, 26 Mar 2003 09:05:05 -0500 (EST) Received: by segue.merit.edu (Postfix) id F1A3F5E21D; Wed, 26 Mar 2003 09:05:05 -0500 (EST) Delivered-To: idr@merit.edu Received: from cmailENV2.svr.pol.co.uk (cmailENV2.svr.pol.co.uk [213.218.77.54]) by segue.merit.edu (Postfix) with ESMTP id 258855E238 for <idr@merit.edu>; Wed, 26 Mar 2003 09:05:00 -0500 (EST) Received: from [62.21.139.38] (helo=xtreme) by cmailENV2.svr.pol.co.uk with smtp (Exim 3.35 #1) id 18yBWS-0000OY-00 for idr@merit.edu; Wed, 26 Mar 2003 14:04:56 +0000 From: "Joris Dobbelsteen" <joris.dobbelsteen@mail.com> To: "IDR WG (E-mail)" <idr@merit.edu> Subject: RE: Issue 19) Security Considerations Date: Wed, 26 Mar 2003 14:37:25 +0100 Message-ID: <001c01c2f3a0$bedf0900$0d0ca8c0@joris2k.local> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2911.0) In-reply-to: <200303252031.PAA14559@workhorse.fictitious.org> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Importance: Normal Sender: owner-idr@merit.edu Precedence: bulk The discussion regards whether TCP-MD5 is mandatory. There was a suggestion to open it up for other authentication mechansims. Aren't there more methods for security beside TCP-MD5. IPSec was considered, but due to larger overhead it was assumed to be more vulnerable to certain DoS attacks. For authentication it is better, as IPSec is more likely to move the security needs. Next IPSec becomes more and more deployed, including intergraded hardware solutions for serveral network devices. I believe the security concern are regarding attacks from a foreign network, not from the inside. The attacks that are considered range from: Data insertion: IPSec provides high security against these kind of attacks, including replay prevention. TCP-MD5 protected data can be replayed with exactly the same data. The channel is considered 'physically secure', so the data cannot be obtained, only inserted. Replay will be impossible. A little notice is that TCP-MD5 doesn't secure against establishing a channel, only whether the data on it is valid. Connection hyjacking: IPSec provides security, against this, as the IPSec channel would be infeasable to hyjack. TCP-MD5 doesn't support rekeying, it is more vulnerable than IPSec. The danger is attacks on the key. The channel between two BGP routers is considered 'secure', so it is impossible to get traffic from it, only to insert it from remote. Key detection will be impossible. DoS (well I need a name): IPSec has higher overhead for processing, overloading a system much faster than with TCP-MD5. However, IPSec can benefit from hardware that is already deployed and widely supported. The channels where BGP runs over are concidered 'secure'. It is thus assumed that an adversery has no way to obtain traffic from the BGP channels, except insert traffic. The major thread is an adversery overloading the BGP routers in such a way that they are become unusable. Another treat is having an adversery publishing incorrect results to the BGP router. TCP-MD5 provides security, in a way that it does authentication and protects the open channel. It is a weak protocol not suitable for long-term or high security implementations. It might be better at with-standing DoS attacks, due to lower processing overhead. IPSec is really secure and is wider deployed than TCP-MD5. IPSec provides much finer security against attacks. I don't know of the performance of IPSec is really much worse than TCP-MD5. Using SSL or TLS is also an option, but it has quite a high overhead and still suffers the same issues (DoS attack). Kerberos authentication is quite complex and also has a lot of overhead. Also suffers from a DoS attack. Packet filters can prevent BGP routers from some DoS attacks from the foreign network, but leaves the vulnerability of attacks for the inside. Other protocols are a good choice, with TCP charactistics that aren't accesable from the outside are a good choice, because these are easily protected, especially against outside attacks. Next the option is to take another protocol besides TCP. This would be a suggestion. For example, HTTP can run over any protocol that is connection-oriented and provides in-order delivery of the data. This also counts for BGP, although the mainstream might choose to select TCP. A quick note to reliability. Considering the transmission of packets, I does not care if we select plain TCP, TCP with TCP-MD5 or TCP over IPSec, it all depends on the physical network and amount of data transmitted (congestion). TCP-MD5 and IPSec provide (resonable) security against attacks. IPSec is more serious regarding security from both external and internal treats. ***** My recommendation is that a implementation might support BGP over any protocol, but it MUST be connection-oriented and the data* received in order (*not the packets). It must also provide recovery of lost information. The implementation MUST support TCP, which MUST be configurable by the admin (on/off). I would mention security and urge to implement TCP-MD5 or IPSec as security mechanisms for BGP/TCP. My opinion is to leave security to the implementors of the protocol and not let it be part of the BGP specification, because there are numberous of ways to make BGP secure, with better methods than TCP-MD5 and IPSec. ***** Is relaxing the security requirements in the BGP spec well-advised? No, well.... another view is that you don't require insufficient or insecure methods that are actually outside the scope of the specication. It is regarding a routing protocol, it is NOT a security specification of any kind. It is, however, required to mention security is required to protect this protocol from treats like connection hijacking, DoS attacks and any more. You should advise about this, not require it to be implemented. The advise of the implemenation will usually promote wide implementation of a method, so advise is really useful for usability between different implementation, but it is not advisible to require something that is out of the scope of this specification. Well, I wasted my time writing this, at least you wasted yours as well reading it ;-) - Joris >-----Original Message----- >From: owner-idr@merit.edu [mailto:owner-idr@merit.edu]On Behalf Of >Curtis Villamizar >Sent: Tuesday, 25 March 2003 21:32 >To: Alex Zinin >Cc: John Leslie; idr@merit.edu >Subject: Re: Issue 19) Security Considerations > > > >In message <157122844160.20030325084808@psg.com>, Alex Zinin writes: >> John, >> >> Just so we are all on the same page, could please give your >> definition of "reliability" and explain how the MD5 option >> for TCP improves it? >> >> Alex > > >Just guessing, but maybe John means less pesky RSTs from the martians. > >Specifying TCP as the LCD is fine. Requiring that implementations >support TCP MD5 covers John's objection (IMHO). He can turn it on if >he wants to. We don't mandate fast retransmit, fast recovery, >new-reno, and a bunch of other TCP stuff (rfc2001) but we'd also like >to see those in the BGP TCP implementation. > >Curtis > > >> Tuesday, March 25, 2003, 5:13:08 AM, John Leslie wrote: >> > Alex Zinin <zinin@psg.com> wrote: >> >> >> >> John, >> >> >> >> I'm sorry, I think I'm lost here a little... Did you >really mean to >> >> say that plain TCP is not reliable enough as a transport protocol >> >> while IPSEC and the MD5 option for TCP are, and suggest >to deprecate >> >> BGP over plain TCP, or did I misread your message? >> >> > You certainly read it correctly. I do not believe plain TCP is >> > reliable enough as a transport protocol for BGP. We're >talking critical >> > network infrastructure here; and the minimum effect of >glitches that >> > reach BGP is route-flapping. >> >> > I regard TCP-MD5 as a level 4 protocol with vastly improved >> > reliability over plain TCP. Possibly others regard it as >something else >> > -- which certainly could lead to confusion... >> >> > As the draft stands, it substitutes "TCP [RFC793]" for >"a reliable >> > transport protocol". I regard that as a step backwards. >> >> > Further, I regard it as unwise to remove the language suggesting >> > that the "reliable transport protocol" use authentication >in addition >> > to anything specified here. (Sorry not to have mentioned >this sooner.) >> >> > -- >> > John Leslie <john@jlc.net> >> >> >> Monday, March 24, 2003, 6:07:13 PM, John Leslie wrote: >> >>> ... >> >>> May I remind everyone where we started. In RFC1771: >> >>> " >> >>> " BGP runs over a reliable transport protocol. This >eliminates the >> >>> " need to implement explicit update fragmentation, >retransmission, >> >>> " acknowledgement, and sequencing. Any authentication >scheme used by >> >>> " the transport protocol may be used in addition to BGP's own >> >>> " authentication mechanisms... >> >> >> >>> Our current draft: >> >>> " >> >> " BGP uses TCP [RFC793] as its transport protocol. This >eliminates the >> >>> " need to implement explicit update fragmentation, >retransmission, >> >>> " acknowledgment, and sequencing... >> >> >> >>> From the very first time I read my first BGP RFC (many >years ago), >> >>> I have thought that TCP simply wasn't "reliable" enough. >TCP-MD5 is >> >>> reliable enough (IMHO). IPSEC is reliable enough (IMHO). No doubt >> >>> there will be other contenders which will also be >reliable enough. >> >>> But I really cringe at the thought of saying Plain-Old-TCP is >> >>> reliable enough, provided the "implementation" allows for TCP-MD5 >> >>> (even though it may not work on the particular operating system). >> >> >> >>> If we agree there's a problem with Plain-Old-TCP, we >should say so. >> >>> Here, near the beginning: not stuffed away in >"implementation details" >> >>> where everyone has fallen asleep long ago. >> >> >> >>> Thus, if I may, I suggest: >> >>> " >> >>> " BGP was designed to run over a reliable transport >protocol, which >> >>> " eliminates the need to implement explicit update fragmentation, >> >>> " retransmission, acknowledgement, and sequencing. Although some >> >>> " current implementations use TCP [STD0007] without >authentication, >> >>> " this is deprecated. BGP SHOULD use TCP-MD5 [RFC2385] as its >> >>> " transport protocol, unless and until a better authenticated >> >>> " transport protocol becomes available. >> >> >> >>> -- >> >>> John Leslie <john@jlc.net> >> >> > Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id PAA08486 for <idr-archive@nic.merit.edu>; Tue, 25 Mar 2003 15:32:50 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id CD4F291271; Tue, 25 Mar 2003 15:32:00 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id 8CAEE91272; Tue, 25 Mar 2003 15:32:00 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id 7A37C91271 for <idr@trapdoor.merit.edu>; Tue, 25 Mar 2003 15:31:44 -0500 (EST) Received: by segue.merit.edu (Postfix) id 17BA45E155; Tue, 25 Mar 2003 15:31:43 -0500 (EST) Delivered-To: idr@merit.edu Received: from workhorse.fictitious.org (workhorse.fictitious.org [209.150.1.230]) by segue.merit.edu (Postfix) with ESMTP id 426395E13F for <idr@merit.edu>; Tue, 25 Mar 2003 15:31:37 -0500 (EST) Received: from workhorse.fictitious.org (localhost.fictitious.org [127.0.0.1]) by workhorse.fictitious.org (8.9.3/8.9.3) with ESMTP id PAA14559; Tue, 25 Mar 2003 15:31:49 -0500 (EST) (envelope-from curtis@workhorse.fictitious.org) Message-Id: <200303252031.PAA14559@workhorse.fictitious.org> To: Alex Zinin <zinin@psg.com> Cc: John Leslie <john@jlc.net>, idr@merit.edu Reply-To: curtis@fictitious.org Subject: Re: Issue 19) Security Considerations In-reply-to: Your message of "Tue, 25 Mar 2003 08:48:08 PST." <157122844160.20030325084808@psg.com> Date: Tue, 25 Mar 2003 15:31:49 -0500 From: Curtis Villamizar <curtis@fictitious.org> Sender: owner-idr@merit.edu Precedence: bulk In message <157122844160.20030325084808@psg.com>, Alex Zinin writes: > John, > > Just so we are all on the same page, could please give your > definition of "reliability" and explain how the MD5 option > for TCP improves it? > > Alex Just guessing, but maybe John means less pesky RSTs from the martians. Specifying TCP as the LCD is fine. Requiring that implementations support TCP MD5 covers John's objection (IMHO). He can turn it on if he wants to. We don't mandate fast retransmit, fast recovery, new-reno, and a bunch of other TCP stuff (rfc2001) but we'd also like to see those in the BGP TCP implementation. Curtis > Tuesday, March 25, 2003, 5:13:08 AM, John Leslie wrote: > > Alex Zinin <zinin@psg.com> wrote: > >> > >> John, > >> > >> I'm sorry, I think I'm lost here a little... Did you really mean to > >> say that plain TCP is not reliable enough as a transport protocol > >> while IPSEC and the MD5 option for TCP are, and suggest to deprecate > >> BGP over plain TCP, or did I misread your message? > > > You certainly read it correctly. I do not believe plain TCP is > > reliable enough as a transport protocol for BGP. We're talking critical > > network infrastructure here; and the minimum effect of glitches that > > reach BGP is route-flapping. > > > I regard TCP-MD5 as a level 4 protocol with vastly improved > > reliability over plain TCP. Possibly others regard it as something else > > -- which certainly could lead to confusion... > > > As the draft stands, it substitutes "TCP [RFC793]" for "a reliable > > transport protocol". I regard that as a step backwards. > > > Further, I regard it as unwise to remove the language suggesting > > that the "reliable transport protocol" use authentication in addition > > to anything specified here. (Sorry not to have mentioned this sooner.) > > > -- > > John Leslie <john@jlc.net> > > >> Monday, March 24, 2003, 6:07:13 PM, John Leslie wrote: > >>> ... > >>> May I remind everyone where we started. In RFC1771: > >>> " > >>> " BGP runs over a reliable transport protocol. This eliminates the > >>> " need to implement explicit update fragmentation, retransmission, > >>> " acknowledgement, and sequencing. Any authentication scheme used by > >>> " the transport protocol may be used in addition to BGP's own > >>> " authentication mechanisms... > >> > >>> Our current draft: > >>> " > >> " BGP uses TCP [RFC793] as its transport protocol. This eliminates the > >>> " need to implement explicit update fragmentation, retransmission, > >>> " acknowledgment, and sequencing... > >> > >>> From the very first time I read my first BGP RFC (many years ago), > >>> I have thought that TCP simply wasn't "reliable" enough. TCP-MD5 is > >>> reliable enough (IMHO). IPSEC is reliable enough (IMHO). No doubt > >>> there will be other contenders which will also be reliable enough. > >>> But I really cringe at the thought of saying Plain-Old-TCP is > >>> reliable enough, provided the "implementation" allows for TCP-MD5 > >>> (even though it may not work on the particular operating system). > >> > >>> If we agree there's a problem with Plain-Old-TCP, we should say so. > >>> Here, near the beginning: not stuffed away in "implementation details" > >>> where everyone has fallen asleep long ago. > >> > >>> Thus, if I may, I suggest: > >>> " > >>> " BGP was designed to run over a reliable transport protocol, which > >>> " eliminates the need to implement explicit update fragmentation, > >>> " retransmission, acknowledgement, and sequencing. Although some > >>> " current implementations use TCP [STD0007] without authentication, > >>> " this is deprecated. BGP SHOULD use TCP-MD5 [RFC2385] as its > >>> " transport protocol, unless and until a better authenticated > >>> " transport protocol becomes available. > >> > >>> -- > >>> John Leslie <john@jlc.net> > > Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id LAA00816 for <idr-archive@nic.merit.edu>; Tue, 25 Mar 2003 11:48:40 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id 91C8391262; Tue, 25 Mar 2003 11:48:26 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id 5D70491264; Tue, 25 Mar 2003 11:48:26 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id EE37191262 for <idr@trapdoor.merit.edu>; Tue, 25 Mar 2003 11:48:24 -0500 (EST) Received: by segue.merit.edu (Postfix) id D3D165E0C8; Tue, 25 Mar 2003 11:48:24 -0500 (EST) Delivered-To: idr@merit.edu Received: from psg.com (psg.com [147.28.0.62]) by segue.merit.edu (Postfix) with ESMTP id 9E6BA5DE7E for <idr@merit.edu>; Tue, 25 Mar 2003 11:48:24 -0500 (EST) Received: from psg.com ([147.28.0.62] helo=127.0.0.1) by psg.com with esmtp (Exim 3.36 #1) id 18xrb4-000HEe-00; Tue, 25 Mar 2003 08:48:23 -0800 Date: Tue, 25 Mar 2003 08:48:08 -0800 From: Alex Zinin <zinin@psg.com> X-Mailer: The Bat! (v1.62i) Personal Reply-To: Alex Zinin <zinin@psg.com> X-Priority: 3 (Normal) Message-ID: <157122844160.20030325084808@psg.com> To: John Leslie <john@jlc.net> Cc: idr@merit.edu Subject: Re: Issue 19) Security Considerations In-Reply-To: <20030325081308.B10808@verdi> References: <200303221454.JAA87932@workhorse.fictitious.org> <87isubnylj.wl@ipinfusion.com> <20030322165013.B18728@nexthop.com> <13348274424.20030324120518@psg.com> <20030324173603.A23457@nexthop.com> <3263297507.20030324161541@psg.com> <20030324192016.A23671@nexthop.com> <1464334007.20030324163258@psg.com> <20030324210713.I12711@verdi> <19890701101.20030324235225@psg.com> <20030325081308.B10808@verdi> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-idr@merit.edu Precedence: bulk John, Just so we are all on the same page, could please give your definition of "reliability" and explain how the MD5 option for TCP improves it? -- Alex Tuesday, March 25, 2003, 5:13:08 AM, John Leslie wrote: > Alex Zinin <zinin@psg.com> wrote: >> >> John, >> >> I'm sorry, I think I'm lost here a little... Did you really mean to >> say that plain TCP is not reliable enough as a transport protocol >> while IPSEC and the MD5 option for TCP are, and suggest to deprecate >> BGP over plain TCP, or did I misread your message? > You certainly read it correctly. I do not believe plain TCP is > reliable enough as a transport protocol for BGP. We're talking critical > network infrastructure here; and the minimum effect of glitches that > reach BGP is route-flapping. > I regard TCP-MD5 as a level 4 protocol with vastly improved > reliability over plain TCP. Possibly others regard it as something else > -- which certainly could lead to confusion... > As the draft stands, it substitutes "TCP [RFC793]" for "a reliable > transport protocol". I regard that as a step backwards. > Further, I regard it as unwise to remove the language suggesting > that the "reliable transport protocol" use authentication in addition > to anything specified here. (Sorry not to have mentioned this sooner.) > -- > John Leslie <john@jlc.net> >> Monday, March 24, 2003, 6:07:13 PM, John Leslie wrote: >>> ... >>> May I remind everyone where we started. In RFC1771: >>> " >>> " BGP runs over a reliable transport protocol. This eliminates the >>> " need to implement explicit update fragmentation, retransmission, >>> " acknowledgement, and sequencing. Any authentication scheme used by >>> " the transport protocol may be used in addition to BGP's own >>> " authentication mechanisms... >> >>> Our current draft: >>> " >> " BGP uses TCP [RFC793] as its transport protocol. This eliminates the >>> " need to implement explicit update fragmentation, retransmission, >>> " acknowledgment, and sequencing... >> >>> From the very first time I read my first BGP RFC (many years ago), >>> I have thought that TCP simply wasn't "reliable" enough. TCP-MD5 is >>> reliable enough (IMHO). IPSEC is reliable enough (IMHO). No doubt >>> there will be other contenders which will also be reliable enough. >>> But I really cringe at the thought of saying Plain-Old-TCP is >>> reliable enough, provided the "implementation" allows for TCP-MD5 >>> (even though it may not work on the particular operating system). >> >>> If we agree there's a problem with Plain-Old-TCP, we should say so. >>> Here, near the beginning: not stuffed away in "implementation details" >>> where everyone has fallen asleep long ago. >> >>> Thus, if I may, I suggest: >>> " >>> " BGP was designed to run over a reliable transport protocol, which >>> " eliminates the need to implement explicit update fragmentation, >>> " retransmission, acknowledgement, and sequencing. Although some >>> " current implementations use TCP [STD0007] without authentication, >>> " this is deprecated. BGP SHOULD use TCP-MD5 [RFC2385] as its >>> " transport protocol, unless and until a better authenticated >>> " transport protocol becomes available. >> >>> -- >>> John Leslie <john@jlc.net> Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id CAA12189 for <idr-archive@nic.merit.edu>; Tue, 25 Mar 2003 02:53:17 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id 2DE3191253; Tue, 25 Mar 2003 02:52:57 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id E997891254; Tue, 25 Mar 2003 02:52:56 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id 8238B91253 for <idr@trapdoor.merit.edu>; Tue, 25 Mar 2003 02:52:55 -0500 (EST) Received: by segue.merit.edu (Postfix) id 6001B5E05A; Tue, 25 Mar 2003 02:52:55 -0500 (EST) Delivered-To: idr@merit.edu Received: from psg.com (psg.com [147.28.0.62]) by segue.merit.edu (Postfix) with ESMTP id 394F15DF33 for <idr@merit.edu>; Tue, 25 Mar 2003 02:52:55 -0500 (EST) Received: from psg.com ([147.28.0.62] helo=127.0.0.1) by psg.com with esmtp (Exim 3.36 #1) id 18xjEg-000OWe-00; Mon, 24 Mar 2003 23:52:42 -0800 Date: Mon, 24 Mar 2003 23:52:25 -0800 From: Alex Zinin <zinin@psg.com> X-Mailer: The Bat! (v1.62i) Personal Reply-To: Alex Zinin <zinin@psg.com> X-Priority: 3 (Normal) Message-ID: <19890701101.20030324235225@psg.com> To: John Leslie <john@jlc.net> Cc: Jeffrey Haas <jhaas@nexthop.com>, idr@merit.edu Subject: Re: Issue 19) Security Considerations In-Reply-To: <20030324210713.I12711@verdi> References: <87d6kkhtf2.wl@ipinfusion.com> <200303221454.JAA87932@workhorse.fictitious.org> <87isubnylj.wl@ipinfusion.com> <20030322165013.B18728@nexthop.com> <13348274424.20030324120518@psg.com> <20030324173603.A23457@nexthop.com> <3263297507.20030324161541@psg.com> <20030324192016.A23671@nexthop.com> <1464334007.20030324163258@psg.com> <20030324210713.I12711@verdi> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-idr@merit.edu Precedence: bulk John, I'm sorry, I think I'm lost here a little... Did you really mean to say that plain TCP is not reliable enough as a transport protocol while IPSEC and the MD5 option for TCP are, and suggest to deprecate BGP over plain TCP, or did I misread your message? -- Alex Monday, March 24, 2003, 6:07:13 PM, John Leslie wrote: > Alex Zinin <zinin@psg.com> wrote: >> Jeffrey Haas <jhaas@nexthop.com> wrote: >>> Alex Zinin <zinin@psg.com> wrote: >>> Jeffrey Haas <jhaas@nexthop.com> wrote: >> >>>>> To be pedantic, "BGP uses TCP-MD5 [RFC2385] as its transport protocol." >>>> >>>> Is this your proposed text, or what you think the above reads as? >>> >>> My observation is that if TCP-MD5 is a MUST, then we should refer >>> to it that way throughout the document. >> >> Hmmm... there is a difference between having to support MD5 so the >> admin can turn this on, and always running over TCP-MD5. Your text >> seems to mean the latter. > May I remind everyone where we started. In RFC1771: > " > " BGP runs over a reliable transport protocol. This eliminates the > " need to implement explicit update fragmentation, retransmission, > " acknowledgement, and sequencing. Any authentication scheme used by > " the transport protocol may be used in addition to BGP's own > " authentication mechanisms... > Our current draft: > " > " BGP uses TCP [RFC793] as its transport protocol. This eliminates the > " need to implement explicit update fragmentation, retransmission, > " acknowledgment, and sequencing... > From the very first time I read my first BGP RFC (many years ago), > I have thought that TCP simply wasn't "reliable" enough. TCP-MD5 is > reliable enough (IMHO). IPSEC is reliable enough (IMHO). No doubt > there will be other contenders which will also be reliable enough. > But I really cringe at the thought of saying Plain-Old-TCP is > reliable enough, provided the "implementation" allows for TCP-MD5 > (even though it may not work on the particular operating system). > If we agree there's a problem with Plain-Old-TCP, we should say so. > Here, near the beginning: not stuffed away in "implementation details" > where everyone has fallen asleep long ago. > Thus, if I may, I suggest: > " > " BGP was designed to run over a reliable transport protocol, which > " eliminates the need to implement explicit update fragmentation, > " retransmission, acknowledgement, and sequencing. Although some > " current implementations use TCP [STD0007] without authentication, > " this is deprecated. BGP SHOULD use TCP-MD5 [RFC2385] as its > " transport protocol, unless and until a better authenticated > " transport protocol becomes available. > -- > John Leslie <john@jlc.net> Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id CAA11770 for <idr-archive@nic.merit.edu>; Tue, 25 Mar 2003 02:40:47 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id 4131191252; Tue, 25 Mar 2003 02:40:29 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id 0EE7D91253; Tue, 25 Mar 2003 02:40:28 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id 0241F91252 for <idr@trapdoor.merit.edu>; Tue, 25 Mar 2003 02:40:26 -0500 (EST) Received: by segue.merit.edu (Postfix) id D5BBB5E056; Tue, 25 Mar 2003 02:40:26 -0500 (EST) Delivered-To: idr@merit.edu Received: from psg.com (psg.com [147.28.0.62]) by segue.merit.edu (Postfix) with ESMTP id 79EE95E035 for <idr@merit.edu>; Tue, 25 Mar 2003 02:40:25 -0500 (EST) Received: from psg.com ([147.28.0.62] helo=127.0.0.1) by psg.com with esmtp (Exim 3.36 #1) id 18xj2S-000NHG-00; Mon, 24 Mar 2003 23:40:04 -0800 Date: Mon, 24 Mar 2003 23:39:31 -0800 From: Alex Zinin <zinin@psg.com> X-Mailer: The Bat! (v1.62i) Personal Reply-To: Alex Zinin <zinin@psg.com> X-Priority: 3 (Normal) Message-ID: <8589927639.20030324233931@psg.com> To: Kunihiro Ishiguro <kunihiro@zebra.org> Cc: Jeffrey Haas <jhaas@nexthop.com>, idr@merit.edu, "Steven M.Bellovin" <smb@research.att.com> Subject: Re: Issue 19) Security Considerations In-Reply-To: <873clcb5dv.wl@ipinfusion.com> References: <87d6kkhtf2.wl@ipinfusion.com> <200303221454.JAA87932@workhorse.fictitious.org> <87isubnylj.wl@ipinfusion.com> <20030322165013.B18728@nexthop.com> <13348274424.20030324120518@psg.com> <873clcb5dv.wl@ipinfusion.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-idr@merit.edu Precedence: bulk Ishi- >>The security considerations section needs to provide the security >>analysis of the protocol (which will be in a separate doc in our >>case), as well as a mandatory to implement authentication mechanism. >>Because BGP goes to DS, the authentication mechanisms (as well as all >>other features) must have actually been implemented and deployed. > IPv6 claim IPsec as MUST. OSPFv3 use IPsec for routing > authentication. Same as PIM-SM (it says MAY not MUST though). Now > BGP is going to claim TCP MD5 as only solution and not consider IPsec > at all. I think the suggestion to say "MUST support TCP-MD5 and SHOULD support IPSEC" was reasonable... > Shouldn't we have global view for routing protocol security? > I was expecting that RPSEC WG does it. Bringing everyone on the same page was one of the reasons RPSEC was created. We're still not there, though. > Just for TCP protection problem, having two standard is not a good > idea. Generally you're correct. In the particular case of BGP, removing MD5 from the spec and mandating IPSEC, I think, would be problematic for the reasons discussed in this thread before. Regards Alex Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id WAA02094 for <idr-archive@nic.merit.edu>; Mon, 24 Mar 2003 22:09:14 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id 1AC669124A; Mon, 24 Mar 2003 22:08:46 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id DC8AC9124B; Mon, 24 Mar 2003 22:08:45 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id A1DA79124A for <idr@trapdoor.merit.edu>; Mon, 24 Mar 2003 22:08:44 -0500 (EST) Received: by segue.merit.edu (Postfix) id 8E9995E005; Mon, 24 Mar 2003 22:08:44 -0500 (EST) Delivered-To: idr@merit.edu Received: from workhorse.fictitious.org (workhorse.fictitious.org [209.150.1.230]) by segue.merit.edu (Postfix) with ESMTP id B99FD5E032 for <idr@merit.edu>; Mon, 24 Mar 2003 22:08:43 -0500 (EST) Received: from workhorse.fictitious.org (localhost.fictitious.org [127.0.0.1]) by workhorse.fictitious.org (8.9.3/8.9.3) with ESMTP id WAA08797; Mon, 24 Mar 2003 22:09:12 -0500 (EST) (envelope-from curtis@workhorse.fictitious.org) Message-Id: <200303250309.WAA08797@workhorse.fictitious.org> To: Jeffrey Haas <jhaas@nexthop.com> Cc: Alex Zinin <zinin@psg.com>, idr@merit.edu Reply-To: curtis@fictitious.org Subject: Re: Issue 19) Security Considerations In-reply-to: Your message of "Mon, 24 Mar 2003 19:20:16 EST." <20030324192016.A23671@nexthop.com> Date: Mon, 24 Mar 2003 22:09:12 -0500 From: Curtis Villamizar <curtis@fictitious.org> Sender: owner-idr@merit.edu Precedence: bulk In message <20030324192016.A23671@nexthop.com>, Jeffrey Haas writes: > On Mon, Mar 24, 2003 at 04:15:41PM -0800, Alex Zinin wrote: > > Agreed. Though, I don't think you have to prove that your > > implementation supports MD5 on every possible OS before you can claim > > STD compliance. You just don't control those things. > > We have found the various testing organizations.... entertaining to > deal with on subjects like this. Were this not the case, I would > be silent on this issue. > > > > To be pedantic, "BGP uses TCP-MD5 [RFC2385] as its transport protocol." > > > > Is this your proposed text, or what you think the above reads as? > > My observation is that if TCP-MD5 is a MUST, then we should refer > to it that way throughout the document. > > > Alex > > -- > Jeff Haas > NextHop Technologies There is no requirement that the security considerations have to repeated throughout the document. Curtis Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id UAA28719 for <idr-archive@nic.merit.edu>; Mon, 24 Mar 2003 20:31:36 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id B062A91249; Mon, 24 Mar 2003 20:31:17 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id 8828B9124A; Mon, 24 Mar 2003 20:31:17 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id 24AB091249 for <idr@trapdoor.merit.edu>; Mon, 24 Mar 2003 20:31:12 -0500 (EST) Received: by segue.merit.edu (Postfix) id C057C5E00A; Mon, 24 Mar 2003 20:31:00 -0500 (EST) Delivered-To: idr@merit.edu Received: from localhost.localdomain (mail.ipinfusion.com [65.223.109.2]) by segue.merit.edu (Postfix) with ESMTP id 49DAA5DF54 for <idr@merit.edu>; Mon, 24 Mar 2003 20:31:00 -0500 (EST) Received: from localhost.localdomain (vprmatrix [127.0.0.1]) by localhost.localdomain (8.12.5/8.12.5) with ESMTP id h2P1TWVI003744; Tue, 25 Mar 2003 10:29:32 +0900 Date: Mon, 24 Mar 2003 17:29:32 -0800 Message-ID: <873clcb5dv.wl@ipinfusion.com> From: Kunihiro Ishiguro <kunihiro@zebra.org> To: Alex Zinin <zinin@psg.com> Cc: Jeffrey Haas <jhaas@nexthop.com>, idr@merit.edu, "Steven M.Bellovin" <smb@research.att.com> Subject: Re: Issue 19) Security Considerations In-Reply-To: <13348274424.20030324120518@psg.com> References: <87d6kkhtf2.wl@ipinfusion.com> <200303221454.JAA87932@workhorse.fictitious.org> <87isubnylj.wl@ipinfusion.com> <20030322165013.B18728@nexthop.com> <13348274424.20030324120518@psg.com> User-Agent: Wanderlust/2.10.0 (Venus) SEMI/1.14.3 (Ushinoya) FLIM/1.14.2 (Yagi-Nishiguchi) APEL/10.3 Emacs/21.2.92 (i686-pc-linux-gnu) MULE/5.0 (SAKAKI) MIME-Version: 1.0 (generated by SEMI 1.14.3 - "Ushinoya") Content-Type: text/plain; charset=US-ASCII Sender: owner-idr@merit.edu Precedence: bulk >The security considerations section needs to provide the security >analysis of the protocol (which will be in a separate doc in our >case), as well as a mandatory to implement authentication mechanism. >Because BGP goes to DS, the authentication mechanisms (as well as all >other features) must have actually been implemented and deployed. IPv6 claim IPsec as MUST. OSPFv3 use IPsec for routing authentication. Same as PIM-SM (it says MAY not MUST though). Now BGP is going to claim TCP MD5 as only solution and not consider IPsec at all. Shouldn't we have global view for routing protocol security? I was expecting that RPSEC WG does it. Just for TCP protection problem, having two standard is not a good idea. -- Kunihiro Ishiguro Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id UAA27768 for <idr-archive@nic.merit.edu>; Mon, 24 Mar 2003 20:04:21 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id ED14091246; Mon, 24 Mar 2003 20:03:59 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id B8B4391247; Mon, 24 Mar 2003 20:03:59 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id AEB3791246 for <idr@trapdoor.merit.edu>; Mon, 24 Mar 2003 20:03:58 -0500 (EST) Received: by segue.merit.edu (Postfix) id 8BBFC5E01B; Mon, 24 Mar 2003 20:03:58 -0500 (EST) Delivered-To: idr@merit.edu Received: from presque.nexthop.com (dns.nexthop.com [64.211.218.216]) by segue.merit.edu (Postfix) with ESMTP id 0BDA15DFF2 for <idr@merit.edu>; Mon, 24 Mar 2003 20:03:58 -0500 (EST) Received: (from root@localhost) by presque.nexthop.com (8.12.8/8.11.1) id h2P13uMo034922; Mon, 24 Mar 2003 20:03:56 -0500 (EST) (envelope-from jhaas@jhaas.nexthop.com) Received: from jhaas.nexthop.com (jhaas.nexthop.com [64.211.218.31]) by presque.nexthop.com (8.12.8/8.12.8) with ESMTP id h2P13qwu033967; Mon, 24 Mar 2003 20:03:52 -0500 (EST) (envelope-from jhaas@jhaas.nexthop.com) Received: (from jhaas@localhost) by jhaas.nexthop.com (8.11.3nb1/8.11.3) id h2P13lU23775; Mon, 24 Mar 2003 20:03:47 -0500 (EST) Date: Mon, 24 Mar 2003 20:03:47 -0500 From: Jeffrey Haas <jhaas@nexthop.com> To: Alex Zinin <zinin@psg.com> Cc: idr@merit.edu Subject: Re: Issue 19) Security Considerations Message-ID: <20030324200347.A23741@nexthop.com> References: <200303221454.JAA87932@workhorse.fictitious.org> <87isubnylj.wl@ipinfusion.com> <20030322165013.B18728@nexthop.com> <13348274424.20030324120518@psg.com> <20030324173603.A23457@nexthop.com> <3263297507.20030324161541@psg.com> <20030324192016.A23671@nexthop.com> <1464334007.20030324163258@psg.com> <20030324193742.A23707@nexthop.com> <10164993495.20030324164357@psg.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <10164993495.20030324164357@psg.com>; from zinin@psg.com on Mon, Mar 24, 2003 at 04:43:57PM -0800 X-Virus-Scanned: by AMaViS perl-11 Sender: owner-idr@merit.edu Precedence: bulk On Mon, Mar 24, 2003 at 04:43:57PM -0800, Alex Zinin wrote: > Maybe we should change the text to say > > "Implementations MUST support TCP MD5 [RFC2385] for authentication." And there would be much rejoicing (as Jeff shuts up). > Alex -- Jeff Haas NextHop Technologies Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id TAA27197 for <idr-archive@nic.merit.edu>; Mon, 24 Mar 2003 19:47:30 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id 9B5D391245; Mon, 24 Mar 2003 19:47:19 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id 66FDE91246; Mon, 24 Mar 2003 19:47:19 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id B8BEA91245 for <idr@trapdoor.merit.edu>; Mon, 24 Mar 2003 19:47:09 -0500 (EST) Received: by segue.merit.edu (Postfix) id 964935E01B; Mon, 24 Mar 2003 19:47:09 -0500 (EST) Delivered-To: idr@merit.edu Received: from psg.com (psg.com [147.28.0.62]) by segue.merit.edu (Postfix) with ESMTP id 6784B5DFFB for <idr@merit.edu>; Mon, 24 Mar 2003 19:47:09 -0500 (EST) Received: from psg.com ([147.28.0.62] helo=127.0.0.1) by psg.com with esmtp (Exim 3.36 #1) id 18xcak-000Gpw-00; Mon, 24 Mar 2003 16:47:02 -0800 Date: Mon, 24 Mar 2003 16:45:04 -0800 From: Alex Zinin <zinin@psg.com> X-Mailer: The Bat! (v1.62i) Personal Reply-To: Alex Zinin <zinin@psg.com> X-Priority: 3 (Normal) Message-ID: <11465060271.20030324164504@psg.com> To: David Meyer <dmm@sprint.net> Cc: Jeffrey Haas <jhaas@nexthop.com>, idr@merit.edu Subject: Re: Issue 19) Security Considerations In-Reply-To: <20030324163927.A8072@sprint.net> References: <87d6kkhtf2.wl@ipinfusion.com> <200303221454.JAA87932@workhorse.fictitious.org> <87isubnylj.wl@ipinfusion.com> <20030322165013.B18728@nexthop.com> <13348274424.20030324120518@psg.com> <20030324173603.A23457@nexthop.com> <3263297507.20030324161541@psg.com> <20030324192016.A23671@nexthop.com> <1464334007.20030324163258@psg.com> <20030324163927.A8072@sprint.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-idr@merit.edu Precedence: bulk David, Stop reading my mind! :) -- Alex Monday, March 24, 2003, 4:39:27 PM, David Meyer wrote: >>> > My observation is that if TCP-MD5 is a MUST, then we should refer >>> > to it that way throughout the document. >>> >>> Hmmm... there is a difference between having to support MD5 so the >>> admin can turn this on, and always running over TCP-MD5. Your text >>> seems to mean the latter. > Wouldn't the latter be an operational consideration, and if it were, > shouldn't the text should specify the former? At the very least > it (requiring TCP-MD5 on) does not reflect reality in the field. > Dave Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id TAA27156 for <idr-archive@nic.merit.edu>; Mon, 24 Mar 2003 19:46:36 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id DAA1A91248; Mon, 24 Mar 2003 19:46:17 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id 4047291247; Mon, 24 Mar 2003 19:46:16 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id 049EA91246 for <idr@trapdoor.merit.edu>; Mon, 24 Mar 2003 19:46:11 -0500 (EST) Received: by segue.merit.edu (Postfix) id 990D95E01E; Mon, 24 Mar 2003 19:46:01 -0500 (EST) Delivered-To: idr@merit.edu Received: from psg.com (psg.com [147.28.0.62]) by segue.merit.edu (Postfix) with ESMTP id 6935A5E01B for <idr@merit.edu>; Mon, 24 Mar 2003 19:46:01 -0500 (EST) Received: from psg.com ([147.28.0.62] helo=127.0.0.1) by psg.com with esmtp (Exim 3.36 #1) id 18xcZe-000GjJ-00; Mon, 24 Mar 2003 16:45:55 -0800 Date: Mon, 24 Mar 2003 16:43:57 -0800 From: Alex Zinin <zinin@psg.com> X-Mailer: The Bat! (v1.62i) Personal Reply-To: Alex Zinin <zinin@psg.com> X-Priority: 3 (Normal) Message-ID: <10164993495.20030324164357@psg.com> To: Jeffrey Haas <jhaas@nexthop.com> Cc: idr@merit.edu Subject: Re: Issue 19) Security Considerations In-Reply-To: <20030324193742.A23707@nexthop.com> References: <87d6kkhtf2.wl@ipinfusion.com> <200303221454.JAA87932@workhorse.fictitious.org> <87isubnylj.wl@ipinfusion.com> <20030322165013.B18728@nexthop.com> <13348274424.20030324120518@psg.com> <20030324173603.A23457@nexthop.com> <3263297507.20030324161541@psg.com> <20030324192016.A23671@nexthop.com> <1464334007.20030324163258@psg.com> <20030324193742.A23707@nexthop.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-idr@merit.edu Precedence: bulk Jeff- >> Hmmm... there is a difference between having to support MD5 so the >> admin can turn this on, and always running over TCP-MD5. Your text >> seems to mean the latter. > This seems clear to me: > : Use of TCP MD5 [RFC2385] for authentication is mandatory. > To me, this says "Thou shalt turn this on." We shouldn't try to mandate operational practices in the spec, I think, and saying something like "don't accept TCP connections without MD5" would not fly, as this is not what implementations do in reality. Maybe we should change the text to say "Implementations MUST support TCP MD5 [RFC2385] for authentication." Alex Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id TAA26933 for <idr-archive@nic.merit.edu>; Mon, 24 Mar 2003 19:39:14 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id 11B5091244; Mon, 24 Mar 2003 19:39:00 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id C54B391245; Mon, 24 Mar 2003 19:38:59 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id 5DE7F91244 for <idr@trapdoor.merit.edu>; Mon, 24 Mar 2003 19:38:58 -0500 (EST) Received: by segue.merit.edu (Postfix) id 4A4E95E01E; Mon, 24 Mar 2003 19:38:58 -0500 (EST) Delivered-To: idr@merit.edu Received: from sith.maoz.com (sith.maoz.com [205.167.76.10]) by segue.merit.edu (Postfix) with ESMTP id BDEC05E01B for <idr@merit.edu>; Mon, 24 Mar 2003 19:38:57 -0500 (EST) Received: (from dmm@localhost) by sith.maoz.com (8.12.8/8.12.8) id h2P0dRPD008085; Mon, 24 Mar 2003 16:39:27 -0800 Date: Mon, 24 Mar 2003 16:39:27 -0800 From: David Meyer <dmm@sprint.net> To: Alex Zinin <zinin@psg.com> Cc: Jeffrey Haas <jhaas@nexthop.com>, idr@merit.edu Subject: Re: Issue 19) Security Considerations Message-ID: <20030324163927.A8072@sprint.net> References: <87d6kkhtf2.wl@ipinfusion.com> <200303221454.JAA87932@workhorse.fictitious.org> <87isubnylj.wl@ipinfusion.com> <20030322165013.B18728@nexthop.com> <13348274424.20030324120518@psg.com> <20030324173603.A23457@nexthop.com> <3263297507.20030324161541@psg.com> <20030324192016.A23671@nexthop.com> <1464334007.20030324163258@psg.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <1464334007.20030324163258@psg.com>; from zinin@psg.com on Mon, Mar 24, 2003 at 04:32:58PM -0800 Sender: owner-idr@merit.edu Precedence: bulk >> > My observation is that if TCP-MD5 is a MUST, then we should refer >> > to it that way throughout the document. >> >> Hmmm... there is a difference between having to support MD5 so the >> admin can turn this on, and always running over TCP-MD5. Your text >> seems to mean the latter. Wouldn't the latter be an operational consideration, and if it were, shouldn't the text should specify the former? At the very least it (requiring TCP-MD5 on) does not reflect reality in the field. Dave Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id TAA26856 for <idr-archive@nic.merit.edu>; Mon, 24 Mar 2003 19:38:23 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id E129D91243; Mon, 24 Mar 2003 19:37:56 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id ACC2691244; Mon, 24 Mar 2003 19:37:56 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id A8DE891243 for <idr@trapdoor.merit.edu>; Mon, 24 Mar 2003 19:37:55 -0500 (EST) Received: by segue.merit.edu (Postfix) id 8DEE45DFF2; Mon, 24 Mar 2003 19:37:55 -0500 (EST) Delivered-To: idr@merit.edu Received: from presque.nexthop.com (dns.nexthop.com [64.211.218.216]) by segue.merit.edu (Postfix) with ESMTP id 153FC5DFB3 for <idr@merit.edu>; Mon, 24 Mar 2003 19:37:55 -0500 (EST) Received: (from root@localhost) by presque.nexthop.com (8.12.8/8.11.1) id h2P0brn1013802; Mon, 24 Mar 2003 19:37:53 -0500 (EST) (envelope-from jhaas@jhaas.nexthop.com) Received: from jhaas.nexthop.com (jhaas.nexthop.com [64.211.218.31]) by presque.nexthop.com (8.12.8/8.12.8) with ESMTP id h2P0blwu012953; Mon, 24 Mar 2003 19:37:47 -0500 (EST) (envelope-from jhaas@jhaas.nexthop.com) Received: (from jhaas@localhost) by jhaas.nexthop.com (8.11.3nb1/8.11.3) id h2P0bgM23715; Mon, 24 Mar 2003 19:37:42 -0500 (EST) Date: Mon, 24 Mar 2003 19:37:42 -0500 From: Jeffrey Haas <jhaas@nexthop.com> To: Alex Zinin <zinin@psg.com> Cc: idr@merit.edu Subject: Re: Issue 19) Security Considerations Message-ID: <20030324193742.A23707@nexthop.com> References: <87d6kkhtf2.wl@ipinfusion.com> <200303221454.JAA87932@workhorse.fictitious.org> <87isubnylj.wl@ipinfusion.com> <20030322165013.B18728@nexthop.com> <13348274424.20030324120518@psg.com> <20030324173603.A23457@nexthop.com> <3263297507.20030324161541@psg.com> <20030324192016.A23671@nexthop.com> <1464334007.20030324163258@psg.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <1464334007.20030324163258@psg.com>; from zinin@psg.com on Mon, Mar 24, 2003 at 04:32:58PM -0800 X-Virus-Scanned: by AMaViS perl-11 Sender: owner-idr@merit.edu Precedence: bulk On Mon, Mar 24, 2003 at 04:32:58PM -0800, Alex Zinin wrote: > Hmmm... there is a difference between having to support MD5 so the > admin can turn this on, and always running over TCP-MD5. Your text > seems to mean the latter. This seems clear to me: : Use of TCP MD5 [RFC2385] for authentication is mandatory. To me, this says "Thou shalt turn this on." > Alex -- Jeff Haas NextHop Technologies Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id TAA26764 for <idr-archive@nic.merit.edu>; Mon, 24 Mar 2003 19:35:26 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id A4DC891241; Mon, 24 Mar 2003 19:35:00 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id 707CF91243; Mon, 24 Mar 2003 19:35:00 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id 31B7391241 for <idr@trapdoor.merit.edu>; Mon, 24 Mar 2003 19:34:59 -0500 (EST) Received: by segue.merit.edu (Postfix) id 0EFCF5E01E; Mon, 24 Mar 2003 19:34:59 -0500 (EST) Delivered-To: idr@merit.edu Received: from psg.com (psg.com [147.28.0.62]) by segue.merit.edu (Postfix) with ESMTP id D893C5DFF2 for <idr@merit.edu>; Mon, 24 Mar 2003 19:34:58 -0500 (EST) Received: from psg.com ([147.28.0.62] helo=127.0.0.1) by psg.com with esmtp (Exim 3.36 #1) id 18xcOy-000FaY-00; Mon, 24 Mar 2003 16:34:52 -0800 Date: Mon, 24 Mar 2003 16:32:58 -0800 From: Alex Zinin <zinin@psg.com> X-Mailer: The Bat! (v1.62i) Personal Reply-To: Alex Zinin <zinin@psg.com> X-Priority: 3 (Normal) Message-ID: <1464334007.20030324163258@psg.com> To: Jeffrey Haas <jhaas@nexthop.com> Cc: idr@merit.edu Subject: Re: Issue 19) Security Considerations In-Reply-To: <20030324192016.A23671@nexthop.com> References: <87d6kkhtf2.wl@ipinfusion.com> <200303221454.JAA87932@workhorse.fictitious.org> <87isubnylj.wl@ipinfusion.com> <20030322165013.B18728@nexthop.com> <13348274424.20030324120518@psg.com> <20030324173603.A23457@nexthop.com> <3263297507.20030324161541@psg.com> <20030324192016.A23671@nexthop.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-idr@merit.edu Precedence: bulk Jeff- > We have found the various testing organizations.... entertaining to > deal with on subjects like this. Were this not the case, I would > be silent on this issue. I'm not sure how much we can do about this... >> > To be pedantic, "BGP uses TCP-MD5 [RFC2385] as its transport protocol." >> >> Is this your proposed text, or what you think the above reads as? > My observation is that if TCP-MD5 is a MUST, then we should refer > to it that way throughout the document. Hmmm... there is a difference between having to support MD5 so the admin can turn this on, and always running over TCP-MD5. Your text seems to mean the latter. Alex Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id TAA26267 for <idr-archive@nic.merit.edu>; Mon, 24 Mar 2003 19:20:50 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id 2076A91240; Mon, 24 Mar 2003 19:20:30 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id DC33B91241; Mon, 24 Mar 2003 19:20:29 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id D229F91240 for <idr@trapdoor.merit.edu>; Mon, 24 Mar 2003 19:20:28 -0500 (EST) Received: by segue.merit.edu (Postfix) id ADEA45E019; Mon, 24 Mar 2003 19:20:28 -0500 (EST) Delivered-To: idr@merit.edu Received: from presque.nexthop.com (dns.nexthop.com [64.211.218.216]) by segue.merit.edu (Postfix) with ESMTP id 24E025DF11 for <idr@merit.edu>; Mon, 24 Mar 2003 19:20:28 -0500 (EST) Received: (from root@localhost) by presque.nexthop.com (8.12.8/8.11.1) id h2P0KQsF032673; Mon, 24 Mar 2003 19:20:26 -0500 (EST) (envelope-from jhaas@jhaas.nexthop.com) Received: from jhaas.nexthop.com (jhaas.nexthop.com [64.211.218.31]) by presque.nexthop.com (8.12.8/8.12.8) with ESMTP id h2P0KLwu032112; Mon, 24 Mar 2003 19:20:21 -0500 (EST) (envelope-from jhaas@jhaas.nexthop.com) Received: (from jhaas@localhost) by jhaas.nexthop.com (8.11.3nb1/8.11.3) id h2P0KGa23686; Mon, 24 Mar 2003 19:20:16 -0500 (EST) Date: Mon, 24 Mar 2003 19:20:16 -0500 From: Jeffrey Haas <jhaas@nexthop.com> To: Alex Zinin <zinin@psg.com> Cc: idr@merit.edu Subject: Re: Issue 19) Security Considerations Message-ID: <20030324192016.A23671@nexthop.com> References: <87d6kkhtf2.wl@ipinfusion.com> <200303221454.JAA87932@workhorse.fictitious.org> <87isubnylj.wl@ipinfusion.com> <20030322165013.B18728@nexthop.com> <13348274424.20030324120518@psg.com> <20030324173603.A23457@nexthop.com> <3263297507.20030324161541@psg.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <3263297507.20030324161541@psg.com>; from zinin@psg.com on Mon, Mar 24, 2003 at 04:15:41PM -0800 X-Virus-Scanned: by AMaViS perl-11 Sender: owner-idr@merit.edu Precedence: bulk On Mon, Mar 24, 2003 at 04:15:41PM -0800, Alex Zinin wrote: > Agreed. Though, I don't think you have to prove that your > implementation supports MD5 on every possible OS before you can claim > STD compliance. You just don't control those things. We have found the various testing organizations.... entertaining to deal with on subjects like this. Were this not the case, I would be silent on this issue. > > To be pedantic, "BGP uses TCP-MD5 [RFC2385] as its transport protocol." > > Is this your proposed text, or what you think the above reads as? My observation is that if TCP-MD5 is a MUST, then we should refer to it that way throughout the document. > Alex -- Jeff Haas NextHop Technologies Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id TAA26173 for <idr-archive@nic.merit.edu>; Mon, 24 Mar 2003 19:17:52 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id 7D91E9123E; Mon, 24 Mar 2003 19:17:39 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id 5186C91240; Mon, 24 Mar 2003 19:17:39 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id 169679123E for <idr@trapdoor.merit.edu>; Mon, 24 Mar 2003 19:17:38 -0500 (EST) Received: by segue.merit.edu (Postfix) id E8A8D5E018; Mon, 24 Mar 2003 19:17:37 -0500 (EST) Delivered-To: idr@merit.edu Received: from psg.com (psg.com [147.28.0.62]) by segue.merit.edu (Postfix) with ESMTP id C35265DF11 for <idr@merit.edu>; Mon, 24 Mar 2003 19:17:37 -0500 (EST) Received: from psg.com ([147.28.0.62] helo=127.0.0.1) by psg.com with esmtp (Exim 3.36 #1) id 18xc8B-000E8m-00; Mon, 24 Mar 2003 16:17:31 -0800 Date: Mon, 24 Mar 2003 16:15:41 -0800 From: Alex Zinin <zinin@psg.com> X-Mailer: The Bat! (v1.62i) Personal Reply-To: Alex Zinin <zinin@psg.com> X-Priority: 3 (Normal) Message-ID: <3263297507.20030324161541@psg.com> To: Jeffrey Haas <jhaas@nexthop.com> Cc: idr@merit.edu Subject: Re: Issue 19) Security Considerations In-Reply-To: <20030324173603.A23457@nexthop.com> References: <87d6kkhtf2.wl@ipinfusion.com> <200303221454.JAA87932@workhorse.fictitious.org> <87isubnylj.wl@ipinfusion.com> <20030322165013.B18728@nexthop.com> <13348274424.20030324120518@psg.com> <20030324173603.A23457@nexthop.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-idr@merit.edu Precedence: bulk Jeff- >> In fact, one would have the same situation with >> IPSec too... > Note however that IPSec is pretty pervasive at the workstation level > whereas TCP-MD5 is not. Agreed. Though, I don't think you have to prove that your implementation supports MD5 on every possible OS before you can claim STD compliance. You just don't control those things. >> > In the bgp draft, we state: >> > : BGP uses TCP [RFC793] as its transport protocol. This eliminates the >> > : need to implement explicit update fragmentation, retransmission, >> > : acknowledgment, and sequencing. BGP listens on TCP port 179. The >> > : error notification mechanism used in BGP assumes that TCP supports a >> > : "graceful" close, i.e., that all outstanding data will be delivered >> > : before the connection is closed. >> >> > If we're going to mandate TCP-MD5, *here* is the place we must do it. >> > Otherwise, the stricture that: >> > : Use of TCP MD5 [RFC2385] for authentication is mandatory. >> >> > conflicts with the simple TCP statement above. >> >> Sorry, could you explain what conflict you see? > To be pedantic, "BGP uses TCP-MD5 [RFC2385] as its transport protocol." Is this your proposed text, or what you think the above reads as? Alex Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id RAA23433 for <idr-archive@nic.merit.edu>; Mon, 24 Mar 2003 17:36:47 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id 2533A9123D; Mon, 24 Mar 2003 17:36:20 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id ED3BC9123E; Mon, 24 Mar 2003 17:36:19 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id D31F39123D for <idr@trapdoor.merit.edu>; Mon, 24 Mar 2003 17:36:18 -0500 (EST) Received: by segue.merit.edu (Postfix) id B434B5DFFE; Mon, 24 Mar 2003 17:36:18 -0500 (EST) Delivered-To: idr@merit.edu Received: from presque.nexthop.com (dns.nexthop.com [64.211.218.216]) by segue.merit.edu (Postfix) with ESMTP id 67BE55DF34 for <idr@merit.edu>; Mon, 24 Mar 2003 17:36:18 -0500 (EST) Received: (from root@localhost) by presque.nexthop.com (8.12.8/8.11.1) id h2OMaH3h053842; Mon, 24 Mar 2003 17:36:17 -0500 (EST) (envelope-from jhaas@jhaas.nexthop.com) Received: from jhaas.nexthop.com (jhaas.nexthop.com [64.211.218.31]) by presque.nexthop.com (8.12.8/8.12.8) with ESMTP id h2OMa8wu053570; Mon, 24 Mar 2003 17:36:08 -0500 (EST) (envelope-from jhaas@jhaas.nexthop.com) Received: (from jhaas@localhost) by jhaas.nexthop.com (8.11.3nb1/8.11.3) id h2OMa3F23473; Mon, 24 Mar 2003 17:36:03 -0500 (EST) Date: Mon, 24 Mar 2003 17:36:03 -0500 From: Jeffrey Haas <jhaas@nexthop.com> To: Alex Zinin <zinin@psg.com> Cc: idr@merit.edu Subject: Re: Issue 19) Security Considerations Message-ID: <20030324173603.A23457@nexthop.com> References: <87d6kkhtf2.wl@ipinfusion.com> <200303221454.JAA87932@workhorse.fictitious.org> <87isubnylj.wl@ipinfusion.com> <20030322165013.B18728@nexthop.com> <13348274424.20030324120518@psg.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <13348274424.20030324120518@psg.com>; from zinin@psg.com on Mon, Mar 24, 2003 at 12:05:18PM -0800 X-Virus-Scanned: by AMaViS perl-11 Sender: owner-idr@merit.edu Precedence: bulk Alex, On Mon, Mar 24, 2003 at 12:05:18PM -0800, Alex Zinin wrote: > If such commands and API > are supported, I would say that this implementation is as compliant as > it can possibly be... As, for example, GateD is. We have the API for it, you just supply the relevant hooks into your OS of choice. > In fact, one would have the same situation with > IPSec too... Note however that IPSec is pretty pervasive at the workstation level whereas TCP-MD5 is not. > > > In the bgp draft, we state: > > : BGP uses TCP [RFC793] as its transport protocol. This eliminates the > > : need to implement explicit update fragmentation, retransmission, > > : acknowledgment, and sequencing. BGP listens on TCP port 179. The > > : error notification mechanism used in BGP assumes that TCP supports a > > : "graceful" close, i.e., that all outstanding data will be delivered > > : before the connection is closed. > > > If we're going to mandate TCP-MD5, *here* is the place we must do it. > > Otherwise, the stricture that: > > : Use of TCP MD5 [RFC2385] for authentication is mandatory. > > > conflicts with the simple TCP statement above. > > Sorry, could you explain what conflict you see? To be pedantic, "BGP uses TCP-MD5 [RFC2385] as its transport protocol." > The security considerations section needs to provide the security > analysis of the protocol (which will be in a separate doc in our > case), as well as a mandatory to implement authentication mechanism. This was the piece I needed to see. Thanks. -- Jeff Haas NextHop Technologies Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id PAA21674 for <idr-archive@nic.merit.edu>; Mon, 24 Mar 2003 15:07:00 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id C5ED091239; Mon, 24 Mar 2003 15:06:21 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id 93BC19123B; Mon, 24 Mar 2003 15:06:21 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id 52C7691239 for <idr@trapdoor.merit.edu>; Mon, 24 Mar 2003 15:06:20 -0500 (EST) Received: by segue.merit.edu (Postfix) id 3A2C65DFE4; Mon, 24 Mar 2003 15:06:20 -0500 (EST) Delivered-To: idr@merit.edu Received: from psg.com (psg.com [147.28.0.62]) by segue.merit.edu (Postfix) with ESMTP id AF99D5DF85 for <idr@merit.edu>; Mon, 24 Mar 2003 15:06:18 -0500 (EST) Received: from psg.com ([147.28.0.62] helo=127.0.0.1) by psg.com with esmtp (Exim 3.36 #1) id 18xYCv-000Icm-00; Mon, 24 Mar 2003 12:06:09 -0800 Date: Mon, 24 Mar 2003 12:05:18 -0800 From: Alex Zinin <zinin@psg.com> X-Mailer: The Bat! (v1.62i) Personal Reply-To: Alex Zinin <zinin@psg.com> X-Priority: 3 (Normal) Message-ID: <13348274424.20030324120518@psg.com> To: Jeffrey Haas <jhaas@nexthop.com> Cc: idr@merit.edu, "Steven M.Bellovin" <smb@research.att.com> Subject: Re: Issue 19) Security Considerations In-Reply-To: <20030322165013.B18728@nexthop.com> References: <87d6kkhtf2.wl@ipinfusion.com> <200303221454.JAA87932@workhorse.fictitious.org> <87isubnylj.wl@ipinfusion.com> <20030322165013.B18728@nexthop.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-idr@merit.edu Precedence: bulk Jeff- [...] > A concern that Kunihiro has, being the implementor of a software-based > BGP implmentation, is that by mandating TCP-MD5, we have made any > software implementation of BGP that runs on an operating system without > TCP-MD5 in the TCP/IP implementation a non-compliant BGP implementation. > To restate this for our AD's, we are tying the compliance of a BGP > implementation to a protocol that is not BGP-related. It is getting somewhat implementation-specific, but still... Because of the development model, platform-independent implementations of BGP can't include the TCP-MD5 mechanism in their distribution at all. Instead, maximum they can do is support appropriate configuration commands and socket API that would interface with the kernel. This seems to be as far as it can get in general. If such commands and API are supported, I would say that this implementation is as compliant as it can possibly be... In fact, one would have the same situation with IPSec too... > In the bgp draft, we state: > : BGP uses TCP [RFC793] as its transport protocol. This eliminates the > : need to implement explicit update fragmentation, retransmission, > : acknowledgment, and sequencing. BGP listens on TCP port 179. The > : error notification mechanism used in BGP assumes that TCP supports a > : "graceful" close, i.e., that all outstanding data will be delivered > : before the connection is closed. > If we're going to mandate TCP-MD5, *here* is the place we must do it. > Otherwise, the stricture that: > : Use of TCP MD5 [RFC2385] for authentication is mandatory. > conflicts with the simple TCP statement above. Sorry, could you explain what conflict you see? > An implementation that uses IPSEC is at least, if not more secure than > TCP-MD5, but is non-compliant if it doesn't have support for TCP-MD5. > I'll ask this question of our AD's: > What is the exact requirements that we need out of our security considerations > section for BGP? [I'm cc;ing Steve Bellovin so he can correct me if I'm wrong somewhere.] The security considerations section needs to provide the security analysis of the protocol (which will be in a separate doc in our case), as well as a mandatory to implement authentication mechanism. Because BGP goes to DS, the authentication mechanisms (as well as all other features) must have actually been implemented and deployed. >From RFC1264: > 5.0 Requirements for Draft Standard ... > 4) There must be evidence that all features of the protocol have > been tested, running between at least two implementations. This > must include that all of the security features have been > demonstrated to operate, and that the mechanisms defined in the > protocol actually provide the intended protection. -- Alex Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id LAA19294 for <idr-archive@nic.merit.edu>; Mon, 24 Mar 2003 11:24:45 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id DEB0191234; Mon, 24 Mar 2003 11:24:27 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id B09D391235; Mon, 24 Mar 2003 11:24:27 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id 921B191234 for <idr@trapdoor.merit.edu>; Mon, 24 Mar 2003 11:24:26 -0500 (EST) Received: by segue.merit.edu (Postfix) id 78B715DFC7; Mon, 24 Mar 2003 11:24:26 -0500 (EST) Delivered-To: idr@merit.edu Received: from sentry.gw.tislabs.com (sentry.gw.tislabs.com [192.94.214.100]) by segue.merit.edu (Postfix) with ESMTP id 0A24A5DFC5 for <idr@merit.edu>; Mon, 24 Mar 2003 11:24:26 -0500 (EST) Received: by sentry.gw.tislabs.com; id LAA01906; Mon, 24 Mar 2003 11:25:19 -0500 (EST) Received: from raven.gw.tislabs.com(10.33.1.50) by sentry.gw.tislabs.com via smap (V5.5) id xma001874; Mon, 24 Mar 03 11:24:36 -0500 Received: (from sandy@localhost) by raven.gw.tislabs.com (8.11.6/8.11.6) id h2OGNfK11170; Mon, 24 Mar 2003 11:23:41 -0500 (EST) Date: Mon, 24 Mar 2003 11:23:41 -0500 (EST) Message-Id: <200303241623.h2OGNfK11170@raven.gw.tislabs.com> From: sandy@tislabs.com To: curtis@fictitious.org, kunihiro@zebra.org Subject: Re: Issue 19) Security Considerations Cc: danny@tcb.net, idr@merit.edu Sender: owner-idr@merit.edu Precedence: bulk >This may be a leap of faith because we would be assuming that the >outcome of RPSEC is that IPSEC is the right solution for BGP. I don't believe that the RPSEC charter speaks to establishing solutions. Just so people don't get the wrong idea. The charter does speak to "Possible Future Work" that would include evaluating, documenting or recommending security mechanisms. But that's later. --Sandy Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id JAA17314 for <idr-archive@nic.merit.edu>; Mon, 24 Mar 2003 09:24:16 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id C789491230; Mon, 24 Mar 2003 09:23:49 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id 9358491231; Mon, 24 Mar 2003 09:23:49 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id 76E7691230 for <idr@trapdoor.merit.edu>; Mon, 24 Mar 2003 09:23:48 -0500 (EST) Received: by segue.merit.edu (Postfix) id 642625DFB1; Mon, 24 Mar 2003 09:23:48 -0500 (EST) Delivered-To: idr@merit.edu Received: from merlot.juniper.net (natint.juniper.net [207.17.136.129]) by segue.merit.edu (Postfix) with ESMTP id 10DE75DE15 for <idr@merit.edu>; Mon, 24 Mar 2003 09:23:48 -0500 (EST) Received: from juniper.net (garnet.juniper.net [172.17.28.17]) by merlot.juniper.net (8.11.3/8.11.3) with ESMTP id h2OENgS00114; Mon, 24 Mar 2003 06:23:42 -0800 (PST) (envelope-from yakov@juniper.net) Message-Id: <200303241423.h2OENgS00114@merlot.juniper.net> To: Kunihiro Ishiguro <kunihiro@zebra.org> Cc: idr@merit.edu Subject: Re: Issue 19) Security Considerations In-Reply-To: Your message of "Sat, 22 Mar 2003 20:47:03 PST." <877kaqofjs.wl@ipinfusion.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <54803.1048515822.1@juniper.net> Date: Mon, 24 Mar 2003 06:23:42 -0800 From: Yakov Rekhter <yakov@juniper.net> Sender: owner-idr@merit.edu Precedence: bulk Kunihiro, > >TCP connection hijack has always been general security problem because > >if you could snoop, you could break into a connection and inject > >traffic. The obvious solution was to encrypt the payload. This still > >left the TCP RST problem, but for most services the DoS was not such a > >severe issue. > > > >BGP is a somewhat different problem because an attacker couldn't snoop > >on a provider's network interior, but could inject traffic in. Router > >addresses were always well known and one port number was 179 only one > >port number had to be guessed. It took too few packets to sucessfully > >send an RST just sweeping the port range. TCP MD5 prevented this. > > > >More recently the problem of sending more traffic than the MD5 check > >can handle has emerged as a problem. IPSEC doesn't help. Since the > >IPSEC decryptions are more difficult computations IPSEC actaully makes > >the problem worse. > > Hmm. This is interesting. If MD5 is better than IPsec for DoS attack > threat and we can extend it as a generic solution not only for BGP but > also other TCP based protocols such as LDP, I'm ok with it. LDP supports TCP MD5 today. > I was told that IPsec is a generic solution for TCP/IP authentication. > If TCP MD5 is the way to go for TCP authentication and there is a wide > consensus for it, I can live with it. > > I'm really wondering why we put ennormous effort to IPsec > specification and it's deployment. That is a valid question, but perhaps the IDR WG may not be the right place to answer it. Yakov. Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id HAA16148 for <idr-archive@nic.merit.edu>; Mon, 24 Mar 2003 07:28:10 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id DAA3C9122B; Mon, 24 Mar 2003 07:27:48 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id 4937A9122F; Mon, 24 Mar 2003 07:27:47 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id 995419122B for <idr@trapdoor.merit.edu>; Mon, 24 Mar 2003 07:27:45 -0500 (EST) Received: by segue.merit.edu (Postfix) id 718675DE6A; Mon, 24 Mar 2003 07:27:45 -0500 (EST) Delivered-To: idr@merit.edu Received: from ietf.org (odin.ietf.org [132.151.1.176]) by segue.merit.edu (Postfix) with ESMTP id EBC1B5DE56 for <idr@merit.edu>; Mon, 24 Mar 2003 07:27:44 -0500 (EST) Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA12100; Mon, 24 Mar 2003 07:25:25 -0500 (EST) Message-Id: <200303241225.HAA12100@ietf.org> Mime-Version: 1.0 Content-Type: Multipart/Mixed; Boundary="NextPart" To: IETF-Announce: ; Cc: idr@merit.edu From: Internet-Drafts@ietf.org Reply-To: Internet-Drafts@ietf.org Subject: I-D ACTION:draft-ietf-idr-bgp-analysis-00.txt Date: Mon, 24 Mar 2003 07:25:25 -0500 Sender: owner-idr@merit.edu Precedence: bulk --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Inter-Domain Routing Working Group of the IETF. Title : BGP-4 Protocol Analysis Author(s) : D. Meyer, K. Patel Filename : draft-ietf-idr-bgp-analysis-00.txt Pages : 15 Date : 2003-3-20 The purpose of this report is to document how the requirements for advancing a routing protocol from Draft Standard to full Standard have been satisfied by Border Gateway Protocol version 4 (BGP-4). This report satisfies the requirement for'the second report', as described in Section 6.0 of RFC 1264 [RFC1264]. In order to fulfill the requirement, this report augments RFC 1774 [RFC1774] and summarizes the key features of BGP protocol, and analyzes the protocol with respect to scaling and performance. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-idr-bgp-analysis-00.txt To remove yourself from the IETF Announcement list, send a message to ietf-announce-request with the word unsubscribe in the body of the message. Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-idr-bgp-analysis-00.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-idr-bgp-analysis-00.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <2003-3-21155030.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-idr-bgp-analysis-00.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-idr-bgp-analysis-00.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <2003-3-21155030.I-D@ietf.org> --OtherAccess-- --NextPart-- Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id OAA14861 for <idr-archive@nic.merit.edu>; Sun, 23 Mar 2003 14:12:23 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id 69E7891227; Sun, 23 Mar 2003 14:11:58 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id 3BCCD91228; Sun, 23 Mar 2003 14:11:58 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id 5625691227 for <idr@trapdoor.merit.edu>; Sun, 23 Mar 2003 14:11:57 -0500 (EST) Received: by segue.merit.edu (Postfix) id 3E9A45DF06; Sun, 23 Mar 2003 14:11:57 -0500 (EST) Delivered-To: idr@merit.edu Received: from rip.psg.com (rip.psg.com [147.28.0.39]) by segue.merit.edu (Postfix) with ESMTP id 137475DF04 for <idr@merit.edu>; Sun, 23 Mar 2003 14:11:57 -0500 (EST) Received: from localhost ([127.0.0.1] helo=rip.psg.com) by rip.psg.com with esmtp (Exim 4.12) id 18xAss-000Mzf-00; Sun, 23 Mar 2003 11:11:54 -0800 From: Randy Bush <randy@psg.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Date: Sun, 23 Mar 2003 11:11:54 -0800 To: Curtis Villamizar <curtis@fictitious.org> Cc: IDR WG <idr@merit.edu> Subject: Re: Issue 19) Security Considerations References: <E18xAka-000HK0-00@rip.psg.com> <200303231910.OAA93640@workhorse.fictitious.org> Message-Id: <E18xAss-000Mzf-00@rip.psg.com> Sender: owner-idr@merit.edu Precedence: bulk >>> We must have a security section that meets approval of the IESG. If >>> the IESG doesn't insist that we have a MUST in the security section, >>> then changing to SHOULD would be OK. >> in this day and age of net attacks, and considering the vulnerability, >> would such relaxation be well-advised? > No. then i suggest we not waste more time discussing it Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id OAA14762 for <idr-archive@nic.merit.edu>; Sun, 23 Mar 2003 14:09:29 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id 236BA91226; Sun, 23 Mar 2003 14:09:08 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id E775591227; Sun, 23 Mar 2003 14:09:07 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id A672691226 for <idr@trapdoor.merit.edu>; Sun, 23 Mar 2003 14:09:06 -0500 (EST) Received: by segue.merit.edu (Postfix) id 7FB225DF04; Sun, 23 Mar 2003 14:09:06 -0500 (EST) Delivered-To: idr@merit.edu Received: from workhorse.fictitious.org (workhorse.fictitious.org [209.150.1.230]) by segue.merit.edu (Postfix) with ESMTP id B920D5DED1 for <idr@merit.edu>; Sun, 23 Mar 2003 14:09:05 -0500 (EST) Received: from workhorse.fictitious.org (localhost.fictitious.org [127.0.0.1]) by workhorse.fictitious.org (8.9.3/8.9.3) with ESMTP id OAA93640; Sun, 23 Mar 2003 14:10:02 -0500 (EST) (envelope-from curtis@workhorse.fictitious.org) Message-Id: <200303231910.OAA93640@workhorse.fictitious.org> To: Randy Bush <randy@psg.com> Cc: Curtis Villamizar <curtis@fictitious.org>, IDR WG <idr@merit.edu> Reply-To: curtis@fictitious.org Subject: Re: Issue 19) Security Considerations In-reply-to: Your message of "Sun, 23 Mar 2003 11:03:19 PST." <E18xAka-000HK0-00@rip.psg.com> Date: Sun, 23 Mar 2003 14:10:01 -0500 From: Curtis Villamizar <curtis@fictitious.org> Sender: owner-idr@merit.edu Precedence: bulk In message <E18xAka-000HK0-00@rip.psg.com>, Randy Bush writes: > > We must have a security section that meets approval of the IESG. If > > the IESG doesn't insist that we have a MUST in the security section, > > then changing to SHOULD would be OK. > > in this day and age of net attacks, and considering the vulnerability, > would such relaxation be well-advised? > > randy No. But the ISPs are not going to stop using TCP MD5 because we recorded a SHOULD in the RFC rather than a MUST. Curtis Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id OAA14582 for <idr-archive@nic.merit.edu>; Sun, 23 Mar 2003 14:03:42 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id 9FD2B91225; Sun, 23 Mar 2003 14:03:22 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id 6791391226; Sun, 23 Mar 2003 14:03:22 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id 79D1391225 for <idr@trapdoor.merit.edu>; Sun, 23 Mar 2003 14:03:21 -0500 (EST) Received: by segue.merit.edu (Postfix) id 4FC345DF0C; Sun, 23 Mar 2003 14:03:21 -0500 (EST) Delivered-To: idr@merit.edu Received: from rip.psg.com (rip.psg.com [147.28.0.39]) by segue.merit.edu (Postfix) with ESMTP id 1EC8F5DF04 for <idr@merit.edu>; Sun, 23 Mar 2003 14:03:21 -0500 (EST) Received: from localhost ([127.0.0.1] helo=rip.psg.com) by rip.psg.com with esmtp (Exim 4.12) id 18xAka-000HK0-00; Sun, 23 Mar 2003 11:03:20 -0800 From: Randy Bush <randy@psg.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Date: Sun, 23 Mar 2003 11:03:19 -0800 To: Curtis Villamizar <curtis@fictitious.org> Cc: IDR WG <idr@merit.edu> Subject: Re: Issue 19) Security Considerations References: <000101c2f169$9c65c2d0$0d0ca8c0@joris2k.local> <200303231856.NAA93317@workhorse.fictitious.org> Message-Id: <E18xAka-000HK0-00@rip.psg.com> Sender: owner-idr@merit.edu Precedence: bulk > We must have a security section that meets approval of the IESG. If > the IESG doesn't insist that we have a MUST in the security section, > then changing to SHOULD would be OK. in this day and age of net attacks, and considering the vulnerability, would such relaxation be well-advised? randy Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id NAA14292 for <idr-archive@nic.merit.edu>; Sun, 23 Mar 2003 13:56:03 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id 405C091224; Sun, 23 Mar 2003 13:55:36 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id 0C29791225; Sun, 23 Mar 2003 13:55:35 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id 9CD1291224 for <idr@trapdoor.merit.edu>; Sun, 23 Mar 2003 13:55:34 -0500 (EST) Received: by segue.merit.edu (Postfix) id 7F3315DF08; Sun, 23 Mar 2003 13:55:34 -0500 (EST) Delivered-To: idr@merit.edu Received: from workhorse.fictitious.org (workhorse.fictitious.org [209.150.1.230]) by segue.merit.edu (Postfix) with ESMTP id ECE235DF00 for <idr@merit.edu>; Sun, 23 Mar 2003 13:55:32 -0500 (EST) Received: from workhorse.fictitious.org (localhost.fictitious.org [127.0.0.1]) by workhorse.fictitious.org (8.9.3/8.9.3) with ESMTP id NAA93317; Sun, 23 Mar 2003 13:56:49 -0500 (EST) (envelope-from curtis@workhorse.fictitious.org) Message-Id: <200303231856.NAA93317@workhorse.fictitious.org> To: "Joris Dobbelsteen" <joris.dobbelsteen@mail.com> Cc: curtis@fictitious.org, "IDR WG (E-mail)" <idr@merit.edu> Reply-To: curtis@fictitious.org Subject: Re: Issue 19) Security Considerations In-reply-to: Your message of "Sun, 23 Mar 2003 19:21:49 +0100." <000101c2f169$9c65c2d0$0d0ca8c0@joris2k.local> Date: Sun, 23 Mar 2003 13:56:48 -0500 From: Curtis Villamizar <curtis@fictitious.org> Sender: owner-idr@merit.edu Precedence: bulk In message <000101c2f169$9c65c2d0$0d0ca8c0@joris2k.local>, "Joris Dobbelsteen" writes: > As it seems TCP MD5 and IPSec protect BGP sufficiently, > except for DoS attack where the server is overloaded. > It looks like filtering could solve this problem. This > filtering can be done on the network border and/or at > the BGP host. IPSec is quite nasty to filter for, if > traffic is encrypted, TCP MD5 doesn't have this problem. > > But perhaps that moving BGP to a secondary protocol, not > related to IP in any way and allow only local hosts to > send packets in this protocol (block it on the network > borders) provides superiour protection against such attacks. > This can also be done by a specific protocol inplemented on > IP in the same way at the one above (block this protocol at > the network border). The great disadvantage is you have to > do what TCP (and IP) already do for you. > One could use IPX/SPX for example. It has the features TCP > has (sequenced in-order transmission) and there is still > some support for (I believe). > > I would really recommend that BGP transmissions should be > independent of the protocol being used. This might be TCP, > IPX/SPX, anything else as long as it supports why the > choice for TCP was made. > > I would urge to have people pay attention to the security, > but not by requirements. There might be better methods, only > if someone implemented them. > In case I would state one SHOULD implemented TCP MD5 to > promote interoperability between other BGP implementations. > > - Joris You make a good point regarding IPSEC and the inclusion of port numbers in the encryption. The port numbers would have to be excluded from the encryption to make IPSEC viable for BGP in an ISP environment where DoS attampts need to be tossed out at line rate. Inventing or specifying new transport protocols for BGP is clearly outside the scope of the update to BGP4. BGP runs over TCP. That is the only current practice and we have strong consensus that it should remain so at least for this iteration of BGP. We must have a security section that meets approval of the IESG. If the IESG doesn't insist that we have a MUST in the security section, then changing to SHOULD would be OK. Curtis > >-----Original Message----- > >From: owner-idr@merit.edu On Behalf Of Curtis Villamizar > >Sent: Sunday, 23 March 2003 6:10 > >Subject: Re: Issue 19) Security Considerations > > > >In message <877kaqofjs.wl@ipinfusion.com>, Kunihiro Ishiguro writes: > >> >TCP connection hijack has always been general security > >problem because > >> >if you could snoop, you could break into a connection and inject > >> >traffic. The obvious solution was to encrypt the payload. > >This still > >> >left the TCP RST problem, but for most services the DoS was > >not such a > >> >severe issue. > >> > > >> >BGP is a somewhat different problem because an attacker > >couldn't snoop > >> >on a provider's network interior, but could inject traffic > >in. Router > >> >addresses were always well known and one port number was > >179 only one > >> >port number had to be guessed. It took too few packets to > >sucessfully > >> >send an RST just sweeping the port range. TCP MD5 prevented this. > >> > > >> >More recently the problem of sending more traffic than the MD5 check > >> >can handle has emerged as a problem. IPSEC doesn't help. Since the > >> >IPSEC decryptions are more difficult computations IPSEC > >actaully makes > >> >the problem worse. > >> > >> Hmm. This is interesting. If MD5 is better than IPsec for > >DoS attack > >> threat and we can extend it as a generic solution not only > >for BGP but > >> also other TCP based protocols such as LDP, I'm ok with it. > >> > >> I was told that IPsec is a generic solution for TCP/IP > >authentication. > >> If TCP MD5 is the way to go for TCP authentication and there > >is a wide > >> consensus for it, I can live with it. > > > >Both are vulnerable. Therefore there has been no incentive to change. > > > >> I'm really wondering why we put ennormous effort to IPsec > >> specification and it's deployment. > >> -- > >> Kunihiro Ishiguro > > > >The situation where the better part of a gB of traffic is sent to a > >router with addresses and ports spoofed is not considered the major > >threat to such things as protecting a corporate intellectual property > >or assets. For generic security IPSEC is a good solution. > > > >For the very specialized requirements IPSEC is also just fine for > >solving 1/2 the problem. For the other half of the problem, neither > >TCP MD5 or IPSEC is a solution. > > > >If someone could snoop BGP traffic, then IPSEC would be a better > >solution. That is not the case for ISPs. > > > >We are not here to argue whether IPSEC is a better solution than TCP > >MD5 but rather what a BGP implementation needs to be plug into a > >network and to be useful right now. From the ISP perspective, it > >needs TCP MD5 *regardless of what the IDR WG decides*. As a WG we > >need to recognize that. > > > >Therefore I agree with the course the WG was taking. TCP MD5 should > >be stated as a requirement (MUST) and IPSEC which may be in some ways > >technically superior (ability to change keys and better encryption) in > >ways that are almost irrelevant to the problem should at most be > >stated as desireable (SHOULD). > > > >Later *if* IPSEC becomes very widely deployed as the means to protect > >BGP, then we can reverse that. > > > >If anything this may point to a need to include DoS potentials and > >their remedies in the BGP4 security section. > > > >Curtis > > > Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id NAA13282 for <idr-archive@nic.merit.edu>; Sun, 23 Mar 2003 13:25:47 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id 100A89120C; Sun, 23 Mar 2003 13:25:27 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id BEF4A91224; Sun, 23 Mar 2003 13:25:26 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id 8A2059120C for <idr@trapdoor.merit.edu>; Sun, 23 Mar 2003 13:25:25 -0500 (EST) Received: by segue.merit.edu (Postfix) id 6A25D5DF08; Sun, 23 Mar 2003 13:25:25 -0500 (EST) Delivered-To: idr@merit.edu Received: from cmailENV2.svr.pol.co.uk (cmailENV2.svr.pol.co.uk [213.218.77.54]) by segue.merit.edu (Postfix) with ESMTP id 37D7E5DF06 for <idr@merit.edu>; Sun, 23 Mar 2003 13:25:25 -0500 (EST) Received: from [62.21.130.27] (helo=xtreme) by cmailENV2.svr.pol.co.uk with smtp (Exim 3.35 #1) id 18xA9e-00079j-00; Sun, 23 Mar 2003 18:25:10 +0000 From: "Joris Dobbelsteen" <joris.dobbelsteen@mail.com> To: <curtis@fictitious.org>, "IDR WG (E-mail)" <idr@merit.edu> Subject: RE: Issue 19) Security Considerations Date: Sun, 23 Mar 2003 19:21:49 +0100 Message-ID: <000101c2f169$9c65c2d0$0d0ca8c0@joris2k.local> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2911.0) Importance: Normal In-Reply-To: <200303230509.AAA90831@workhorse.fictitious.org> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Sender: owner-idr@merit.edu Precedence: bulk As it seems TCP MD5 and IPSec protect BGP sufficiently, except for DoS attack where the server is overloaded. It looks like filtering could solve this problem. This filtering can be done on the network border and/or at the BGP host. IPSec is quite nasty to filter for, if traffic is encrypted, TCP MD5 doesn't have this problem. But perhaps that moving BGP to a secondary protocol, not related to IP in any way and allow only local hosts to send packets in this protocol (block it on the network borders) provides superiour protection against such attacks. This can also be done by a specific protocol inplemented on IP in the same way at the one above (block this protocol at the network border). The great disadvantage is you have to do what TCP (and IP) already do for you. One could use IPX/SPX for example. It has the features TCP has (sequenced in-order transmission) and there is still some support for (I believe). I would really recommend that BGP transmissions should be independent of the protocol being used. This might be TCP, IPX/SPX, anything else as long as it supports why the choice for TCP was made. I would urge to have people pay attention to the security, but not by requirements. There might be better methods, only if someone implemented them. In case I would state one SHOULD implemented TCP MD5 to promote interoperability between other BGP implementations. - Joris >-----Original Message----- >From: owner-idr@merit.edu On Behalf Of Curtis Villamizar >Sent: Sunday, 23 March 2003 6:10 >Subject: Re: Issue 19) Security Considerations > >In message <877kaqofjs.wl@ipinfusion.com>, Kunihiro Ishiguro writes: >> >TCP connection hijack has always been general security >problem because >> >if you could snoop, you could break into a connection and inject >> >traffic. The obvious solution was to encrypt the payload. >This still >> >left the TCP RST problem, but for most services the DoS was >not such a >> >severe issue. >> > >> >BGP is a somewhat different problem because an attacker >couldn't snoop >> >on a provider's network interior, but could inject traffic >in. Router >> >addresses were always well known and one port number was >179 only one >> >port number had to be guessed. It took too few packets to >sucessfully >> >send an RST just sweeping the port range. TCP MD5 prevented this. >> > >> >More recently the problem of sending more traffic than the MD5 check >> >can handle has emerged as a problem. IPSEC doesn't help. Since the >> >IPSEC decryptions are more difficult computations IPSEC >actaully makes >> >the problem worse. >> >> Hmm. This is interesting. If MD5 is better than IPsec for >DoS attack >> threat and we can extend it as a generic solution not only >for BGP but >> also other TCP based protocols such as LDP, I'm ok with it. >> >> I was told that IPsec is a generic solution for TCP/IP >authentication. >> If TCP MD5 is the way to go for TCP authentication and there >is a wide >> consensus for it, I can live with it. > >Both are vulnerable. Therefore there has been no incentive to change. > >> I'm really wondering why we put ennormous effort to IPsec >> specification and it's deployment. >> -- >> Kunihiro Ishiguro > >The situation where the better part of a gB of traffic is sent to a >router with addresses and ports spoofed is not considered the major >threat to such things as protecting a corporate intellectual property >or assets. For generic security IPSEC is a good solution. > >For the very specialized requirements IPSEC is also just fine for >solving 1/2 the problem. For the other half of the problem, neither >TCP MD5 or IPSEC is a solution. > >If someone could snoop BGP traffic, then IPSEC would be a better >solution. That is not the case for ISPs. > >We are not here to argue whether IPSEC is a better solution than TCP >MD5 but rather what a BGP implementation needs to be plug into a >network and to be useful right now. From the ISP perspective, it >needs TCP MD5 *regardless of what the IDR WG decides*. As a WG we >need to recognize that. > >Therefore I agree with the course the WG was taking. TCP MD5 should >be stated as a requirement (MUST) and IPSEC which may be in some ways >technically superior (ability to change keys and better encryption) in >ways that are almost irrelevant to the problem should at most be >stated as desireable (SHOULD). > >Later *if* IPSEC becomes very widely deployed as the means to protect >BGP, then we can reverse that. > >If anything this may point to a need to include DoS potentials and >their remedies in the BGP4 security section. > >Curtis > Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id AAA15050 for <idr-archive@nic.merit.edu>; Sun, 23 Mar 2003 00:08:40 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id BADBB91222; Sun, 23 Mar 2003 00:08:18 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id 8AC0491224; Sun, 23 Mar 2003 00:08:18 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id 2BC6391222 for <idr@trapdoor.merit.edu>; Sun, 23 Mar 2003 00:08:17 -0500 (EST) Received: by segue.merit.edu (Postfix) id ED7B65DE8B; Sun, 23 Mar 2003 00:08:16 -0500 (EST) Delivered-To: idr@merit.edu Received: from workhorse.fictitious.org (workhorse.fictitious.org [209.150.1.230]) by segue.merit.edu (Postfix) with ESMTP id C839B5DDA0 for <idr@merit.edu>; Sun, 23 Mar 2003 00:08:15 -0500 (EST) Received: from workhorse.fictitious.org (localhost.fictitious.org [127.0.0.1]) by workhorse.fictitious.org (8.9.3/8.9.3) with ESMTP id AAA90831; Sun, 23 Mar 2003 00:09:37 -0500 (EST) (envelope-from curtis@workhorse.fictitious.org) Message-Id: <200303230509.AAA90831@workhorse.fictitious.org> To: Kunihiro Ishiguro <kunihiro@zebra.org> Cc: curtis@fictitious.org, Randy Bush <randy@psg.com>, danny@tcb.net, idr@merit.edu Reply-To: curtis@fictitious.org Subject: Re: Issue 19) Security Considerations In-reply-to: Your message of "Sat, 22 Mar 2003 20:47:03 PST." <877kaqofjs.wl@ipinfusion.com> Date: Sun, 23 Mar 2003 00:09:37 -0500 From: Curtis Villamizar <curtis@fictitious.org> Sender: owner-idr@merit.edu Precedence: bulk In message <877kaqofjs.wl@ipinfusion.com>, Kunihiro Ishiguro writes: > >TCP connection hijack has always been general security problem because > >if you could snoop, you could break into a connection and inject > >traffic. The obvious solution was to encrypt the payload. This still > >left the TCP RST problem, but for most services the DoS was not such a > >severe issue. > > > >BGP is a somewhat different problem because an attacker couldn't snoop > >on a provider's network interior, but could inject traffic in. Router > >addresses were always well known and one port number was 179 only one > >port number had to be guessed. It took too few packets to sucessfully > >send an RST just sweeping the port range. TCP MD5 prevented this. > > > >More recently the problem of sending more traffic than the MD5 check > >can handle has emerged as a problem. IPSEC doesn't help. Since the > >IPSEC decryptions are more difficult computations IPSEC actaully makes > >the problem worse. > > Hmm. This is interesting. If MD5 is better than IPsec for DoS attack > threat and we can extend it as a generic solution not only for BGP but > also other TCP based protocols such as LDP, I'm ok with it. > > I was told that IPsec is a generic solution for TCP/IP authentication. > If TCP MD5 is the way to go for TCP authentication and there is a wide > consensus for it, I can live with it. Both are vulnerable. Therefore there has been no incentive to change. > I'm really wondering why we put ennormous effort to IPsec > specification and it's deployment. > -- > Kunihiro Ishiguro The situation where the better part of a gB of traffic is sent to a router with addresses and ports spoofed is not considered the major threat to such things as protecting a corporate intellectual property or assets. For generic security IPSEC is a good solution. For the very specialized requirements IPSEC is also just fine for solving 1/2 the problem. For the other half of the problem, neither TCP MD5 or IPSEC is a solution. If someone could snoop BGP traffic, then IPSEC would be a better solution. That is not the case for ISPs. We are not here to argue whether IPSEC is a better solution than TCP MD5 but rather what a BGP implementation needs to be plug into a network and to be useful right now. From the ISP perspective, it needs TCP MD5 *regardless of what the IDR WG decides*. As a WG we need to recognize that. Therefore I agree with the course the WG was taking. TCP MD5 should be stated as a requirement (MUST) and IPSEC which may be in some ways technically superior (ability to change keys and better encryption) in ways that are almost irrelevant to the problem should at most be stated as desireable (SHOULD). Later *if* IPSEC becomes very widely deployed as the means to protect BGP, then we can reverse that. If anything this may point to a need to include DoS potentials and their remedies in the BGP4 security section. Curtis Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id XAA14444 for <idr-archive@nic.merit.edu>; Sat, 22 Mar 2003 23:52:55 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id 3D67191221; Sat, 22 Mar 2003 23:52:34 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id 0D4C591222; Sat, 22 Mar 2003 23:52:33 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id CB1FE91221 for <idr@trapdoor.merit.edu>; Sat, 22 Mar 2003 23:52:31 -0500 (EST) Received: by segue.merit.edu (Postfix) id A1FC55DE88; Sat, 22 Mar 2003 23:52:31 -0500 (EST) Delivered-To: idr@merit.edu Received: from localhost.localdomain (ip-64-139-11-202.dsl.sca.megapath.net [64.139.11.202]) by segue.merit.edu (Postfix) with ESMTP id E76CF5DE42 for <idr@merit.edu>; Sat, 22 Mar 2003 23:52:30 -0500 (EST) Received: from localhost.localdomain (vprmatrix [127.0.0.1]) by localhost.localdomain (8.12.5/8.12.5) with ESMTP id h2N4p588011331; Sun, 23 Mar 2003 13:51:05 +0900 Date: Sat, 22 Mar 2003 20:51:05 -0800 Message-ID: <8765qaofd2.wl@ipinfusion.com> From: Kunihiro Ishiguro <kunihiro@zebra.org> To: Jeffrey Haas <jhaas@nexthop.com> Cc: idr@merit.edu Subject: Re: Issue 19) Security Considerations In-Reply-To: <20030322165013.B18728@nexthop.com> References: <87d6kkhtf2.wl@ipinfusion.com> <200303221454.JAA87932@workhorse.fictitious.org> <87isubnylj.wl@ipinfusion.com> User-Agent: Wanderlust/2.10.0 (Venus) SEMI/1.14.3 (Ushinoya) FLIM/1.14.2 (Yagi-Nishiguchi) APEL/10.3 Emacs/21.2.92 (i686-pc-linux-gnu) MULE/5.0 (SAKAKI) MIME-Version: 1.0 (generated by SEMI 1.14.3 - "Ushinoya") Content-Type: text/plain; charset=US-ASCII Sender: owner-idr@merit.edu Precedence: bulk >To restate this for our AD's, we are tying the compliance of a BGP >implementation to a protocol that is not BGP-related. > >In the bgp draft, we state: >: BGP uses TCP [RFC793] as its transport protocol. This eliminates the >: need to implement explicit update fragmentation, retransmission, >: acknowledgment, and sequencing. BGP listens on TCP port 179. The >: error notification mechanism used in BGP assumes that TCP supports a >: "graceful" close, i.e., that all outstanding data will be delivered >: before the connection is closed. > >If we're going to mandate TCP-MD5, *here* is the place we must do it. >Otherwise, the stricture that: >: Use of TCP MD5 [RFC2385] for authentication is mandatory. > >conflicts with the simple TCP statement above. > >An implementation that uses IPSEC is at least, if not more secure than >TCP-MD5, but is non-compliant if it doesn't have support for TCP-MD5. > >I'll ask this question of our AD's: >What is the exact requirements that we need out of our security considerations >section for BGP? Thanks Jeffrey. You completely pointed out the issue. Here I should stop discussing and let AD to decide what to do. I'll follow the decision. -- Kunihiro Ishiguro Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id XAA14306 for <idr-archive@nic.merit.edu>; Sat, 22 Mar 2003 23:48:52 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id D9FAF9121F; Sat, 22 Mar 2003 23:48:35 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id 9DAA891221; Sat, 22 Mar 2003 23:48:35 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id 875069121F for <idr@trapdoor.merit.edu>; Sat, 22 Mar 2003 23:48:34 -0500 (EST) Received: by segue.merit.edu (Postfix) id 60BBC5DE88; Sat, 22 Mar 2003 23:48:34 -0500 (EST) Delivered-To: idr@merit.edu Received: from localhost.localdomain (ip-64-139-11-202.dsl.sca.megapath.net [64.139.11.202]) by segue.merit.edu (Postfix) with ESMTP id A64D05DE72 for <idr@merit.edu>; Sat, 22 Mar 2003 23:48:33 -0500 (EST) Received: from localhost.localdomain (vprmatrix [127.0.0.1]) by localhost.localdomain (8.12.5/8.12.5) with ESMTP id h2N4l388011328; Sun, 23 Mar 2003 13:47:04 +0900 Date: Sat, 22 Mar 2003 20:47:03 -0800 Message-ID: <877kaqofjs.wl@ipinfusion.com> From: Kunihiro Ishiguro <kunihiro@zebra.org> To: curtis@fictitious.org Cc: Randy Bush <randy@psg.com>, danny@tcb.net, idr@merit.edu Subject: Re: Issue 19) Security Considerations In-Reply-To: <200303230413.XAA90235@workhorse.fictitious.org> References: <87y9379l47.wl@ipinfusion.com> <200303230413.XAA90235@workhorse.fictitious.org> User-Agent: Wanderlust/2.10.0 (Venus) SEMI/1.14.3 (Ushinoya) FLIM/1.14.2 (Yagi-Nishiguchi) APEL/10.3 Emacs/21.2.92 (i686-pc-linux-gnu) MULE/5.0 (SAKAKI) MIME-Version: 1.0 (generated by SEMI 1.14.3 - "Ushinoya") Content-Type: text/plain; charset=US-ASCII Sender: owner-idr@merit.edu Precedence: bulk >TCP connection hijack has always been general security problem because >if you could snoop, you could break into a connection and inject >traffic. The obvious solution was to encrypt the payload. This still >left the TCP RST problem, but for most services the DoS was not such a >severe issue. > >BGP is a somewhat different problem because an attacker couldn't snoop >on a provider's network interior, but could inject traffic in. Router >addresses were always well known and one port number was 179 only one >port number had to be guessed. It took too few packets to sucessfully >send an RST just sweeping the port range. TCP MD5 prevented this. > >More recently the problem of sending more traffic than the MD5 check >can handle has emerged as a problem. IPSEC doesn't help. Since the >IPSEC decryptions are more difficult computations IPSEC actaully makes >the problem worse. Hmm. This is interesting. If MD5 is better than IPsec for DoS attack threat and we can extend it as a generic solution not only for BGP but also other TCP based protocols such as LDP, I'm ok with it. I was told that IPsec is a generic solution for TCP/IP authentication. If TCP MD5 is the way to go for TCP authentication and there is a wide consensus for it, I can live with it. I'm really wondering why we put ennormous effort to IPsec specification and it's deployment. -- Kunihiro Ishiguro Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id XAA13245 for <idr-archive@nic.merit.edu>; Sat, 22 Mar 2003 23:17:56 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id D5D279121C; Sat, 22 Mar 2003 23:17:37 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id A3A039121F; Sat, 22 Mar 2003 23:17:37 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id 443CB9121C for <idr@trapdoor.merit.edu>; Sat, 22 Mar 2003 23:17:36 -0500 (EST) Received: by segue.merit.edu (Postfix) id 1E9F45DE8F; Sat, 22 Mar 2003 23:17:36 -0500 (EST) Delivered-To: idr@merit.edu Received: from workhorse.fictitious.org (workhorse.fictitious.org [209.150.1.230]) by segue.merit.edu (Postfix) with ESMTP id E47D95DE89 for <idr@merit.edu>; Sat, 22 Mar 2003 23:17:34 -0500 (EST) Received: from workhorse.fictitious.org (localhost.fictitious.org [127.0.0.1]) by workhorse.fictitious.org (8.9.3/8.9.3) with ESMTP id XAA90235; Sat, 22 Mar 2003 23:13:19 -0500 (EST) (envelope-from curtis@workhorse.fictitious.org) Message-Id: <200303230413.XAA90235@workhorse.fictitious.org> To: Kunihiro Ishiguro <kunihiro@ipinfusion.com> Cc: Randy Bush <randy@psg.com>, danny@tcb.net, idr@merit.edu Reply-To: curtis@fictitious.org Subject: Re: Issue 19) Security Considerations In-reply-to: Your message of "Sat, 22 Mar 2003 12:55:52 PST." <87y9379l47.wl@ipinfusion.com> Date: Sat, 22 Mar 2003 23:13:19 -0500 From: Curtis Villamizar <curtis@fictitious.org> Sender: owner-idr@merit.edu Precedence: bulk In message <87y9379l47.wl@ipinfusion.com>, Kunihiro Ishiguro writes: > >> You may believe it or not, there are many BGP speakers which does not > >> support TCP MD5. > > > >i believe this should be fixed. bgp security is a very very scary > >issue. > > Yes it is very important issue. IMHO, TCP MD5 does not solve BGP > security issue. It does not have any key exchange framework nor > choice of algorithm. It is just a simple MD5 signature in TCP option. > > Almost implementation just accept static password for it and operators > don't change it frequently. It is scary. Actually TCP MD5 option is > not support some OS due to it does not provide good security. > > I agree with that TCP MD5 is better than nothing. But making it as > only MUST item in BGP sepecification is wrong message for routing > protocol security. > -- > Kunihiro Ishiguro TCP connection hijack has always been general security problem because if you could snoop, you could break into a connection and inject traffic. The obvious solution was to encrypt the payload. This still left the TCP RST problem, but for most services the DoS was not such a severe issue. BGP is a somewhat different problem because an attacker couldn't snoop on a provider's network interior, but could inject traffic in. Router addresses were always well known and one port number was 179 only one port number had to be guessed. It took too few packets to sucessfully send an RST just sweeping the port range. TCP MD5 prevented this. More recently the problem of sending more traffic than the MD5 check can handle has emerged as a problem. IPSEC doesn't help. Since the IPSEC decryptions are more difficult computations IPSEC actaully makes the problem worse. The operators preference seems to still be to keep TCP MD5 in place and take steps to prevent the newer problems from occuring. These have been filtering techniques including BTSH. Incidentally if the filtering goes into place (already in place for IBGP) TCP MD5 could in principle be disabled, but it never hurts to have a backup defense. Any claim that BGP is secure because it has MD5 *or* IPSEC is false. The DoS threat is equal for both and if anything is greater for IPSEC. A high traffic attack directed against the decryption will take either one down. If you knew what the real world problems were as opposed to the security community imagined ones you'd have a better idea what was scary and what was not a serious threat. IPSEC is a fine solution for some things but in this case its a solution looking for a problem and it hasn't found a good match. Personally I don't *care* which one gets used, but I *recognize* that TCP MD5 is what is being used and understand the real problems facing ISPs well enough to know that IPSEC doesn't address them. Since we are reviewing BGP for FS, we need to document the protocol as it stands know, not as a subset of the WG think it should be. Curtis ps - dropping TCP MD5 into a BSD or Linux stack would not be a hard thing to do and plenty of people have done it. It might make a nice addition to the ports collection if there is objections to putting support in the base OS. But that is irrelevant to the IDR discussion. Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id WAA10742 for <idr-archive@nic.merit.edu>; Sat, 22 Mar 2003 22:08:46 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id A8C599121B; Sat, 22 Mar 2003 22:08:24 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id 749399121C; Sat, 22 Mar 2003 22:08:24 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id 276999121B for <idr@trapdoor.merit.edu>; Sat, 22 Mar 2003 22:08:23 -0500 (EST) Received: by segue.merit.edu (Postfix) id 04EED5DE11; Sat, 22 Mar 2003 22:08:23 -0500 (EST) Delivered-To: idr@merit.edu Received: from workhorse.fictitious.org (workhorse.fictitious.org [209.150.1.230]) by segue.merit.edu (Postfix) with ESMTP id 4DC3A5DE0D for <idr@merit.edu>; Sat, 22 Mar 2003 22:08:22 -0500 (EST) Received: from workhorse.fictitious.org (localhost.fictitious.org [127.0.0.1]) by workhorse.fictitious.org (8.9.3/8.9.3) with ESMTP id WAA89816; Sat, 22 Mar 2003 22:04:07 -0500 (EST) (envelope-from curtis@workhorse.fictitious.org) Message-Id: <200303230304.WAA89816@workhorse.fictitious.org> To: andrewl@xix-w.bengi.exodus.net Cc: Kunihiro Ishiguro <kunihiro@ipinfusion.com>, curtis@fictitious.org, danny@tcb.net, idr@merit.edu Reply-To: curtis@fictitious.org Subject: Re: Issue 19) Security Considerations In-reply-to: Your message of "Sat, 22 Mar 2003 13:51:19 PST." <20030322135119.E25773@demiurge.exodus.net> Date: Sat, 22 Mar 2003 22:04:07 -0500 From: Curtis Villamizar <curtis@fictitious.org> Sender: owner-idr@merit.edu Precedence: bulk In message <20030322135119.E25773@demiurge.exodus.net>, andrewl@xix-w.bengi.exo dus.net writes: > > >>We can change this to MUST either implement TCP MD5 or support host to > > >>host IPSEC and SHOULD implement both. > > >> > > >>This may be a leap of faith because we would be assuming that the > > >>outcome of RPSEC is that IPSEC is the right solution for BGP. > > >> > > >>Comments from others on this? > > > > > >TCP MD5 does not provide enough security framework to meet today's > > >security requirement. It only provide MD5 signature. It is scary. > > >If the the box has IPsec, there should not be need of less secure TCP > > >MD5 option support. > > > > I forgot to say my proposal. "BGP protocol MUST support TCP MD5 or > > IPsec". When the box has IPsec, there is no need of encourage to > > support less secure TCP MD5. > > I would disagree. All boxes must support at least the minimum security > standard for interoperability. If you want to connect a box that only > supports MD5 and one that only supports IPSEC, you could not bring up > an authenticated session between them. I would be fine with something > along the lines of: > > An implementation MUST support TCP MD5, and SHOULD support IPSEC. > > Andrew This is better than what I suggested. It encourages transition but recognizes that no transition has begun. Curtis Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id VAA10336 for <idr-archive@nic.merit.edu>; Sat, 22 Mar 2003 21:57:29 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id 3E1569121A; Sat, 22 Mar 2003 21:57:07 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id 161119121B; Sat, 22 Mar 2003 21:57:07 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id DB8169121A for <idr@trapdoor.merit.edu>; Sat, 22 Mar 2003 21:57:05 -0500 (EST) Received: by segue.merit.edu (Postfix) id BC3D55DE88; Sat, 22 Mar 2003 21:57:05 -0500 (EST) Delivered-To: idr@merit.edu Received: from merlot.juniper.net (natint.juniper.net [207.17.136.129]) by segue.merit.edu (Postfix) with ESMTP id 3C4095DE87 for <idr@merit.edu>; Sat, 22 Mar 2003 21:57:05 -0500 (EST) Received: from juniper.net (garnet.juniper.net [172.17.28.17]) by merlot.juniper.net (8.11.3/8.11.3) with ESMTP id h2N2tgS18520; Sat, 22 Mar 2003 18:55:42 -0800 (PST) (envelope-from yakov@juniper.net) Message-Id: <200303230255.h2N2tgS18520@merlot.juniper.net> To: Randy Bush <randy@psg.com> Cc: Kunihiro Ishiguro <kunihiro@ipinfusion.com>, idr@merit.edu Subject: Re: Issue 19) Security Considerations In-Reply-To: Your message of "Sat, 22 Mar 2003 14:50:24 PST." <E18wron-000Mhi-00@rip.psg.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <84217.1048388142.1@juniper.net> Date: Sat, 22 Mar 2003 18:55:42 -0800 From: Yakov Rekhter <yakov@juniper.net> Sender: owner-idr@merit.edu Precedence: bulk Randy, > > TCP MD5 does not provide enough security framework to meet today's > > security requirement. It only provide MD5 signature. It is scary. > > If the the box has IPsec, there should not be need of less secure TCP > > MD5 option support. > > security folk who have done actual analyses, e.g., steve bellovin, > agress that, for protecting bgp, the only advantage ipsec has over > md5 is rekeying. and rekeying is not our big problem, it's any > keying at all. Just to add, making TCP MD5 mandatory (MUST) have been discussed on the mailing list before, and there was a consensus to make it mandatory. Yakov. Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id RAA01882 for <idr-archive@nic.merit.edu>; Sat, 22 Mar 2003 17:50:53 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id 6BCD491218; Sat, 22 Mar 2003 17:50:27 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id 41C5D9121A; Sat, 22 Mar 2003 17:50:27 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id 5405191218 for <idr@trapdoor.merit.edu>; Sat, 22 Mar 2003 17:50:26 -0500 (EST) Received: by segue.merit.edu (Postfix) id 32F1F5DE2C; Sat, 22 Mar 2003 17:50:26 -0500 (EST) Delivered-To: idr@merit.edu Received: from rip.psg.com (rip.psg.com [147.28.0.39]) by segue.merit.edu (Postfix) with ESMTP id 102FA5DD97 for <idr@merit.edu>; Sat, 22 Mar 2003 17:50:26 -0500 (EST) Received: from localhost ([127.0.0.1] helo=rip.psg.com) by rip.psg.com with esmtp (Exim 4.12) id 18wron-000Mhi-00; Sat, 22 Mar 2003 14:50:25 -0800 From: Randy Bush <randy@psg.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Date: Sat, 22 Mar 2003 14:50:24 -0800 To: Kunihiro Ishiguro <kunihiro@ipinfusion.com> Cc: idr@merit.edu Subject: Re: Issue 19) Security Considerations References: <87fzpfnxz4.wl@ipinfusion.com> <200303221737.MAA88528@workhorse.fictitious.org> <871y0zb0b1.wl@ipinfusion.com> Message-Id: <E18wron-000Mhi-00@rip.psg.com> Sender: owner-idr@merit.edu Precedence: bulk > TCP MD5 does not provide enough security framework to meet today's > security requirement. It only provide MD5 signature. It is scary. > If the the box has IPsec, there should not be need of less secure TCP > MD5 option support. security folk who have done actual analyses, e.g., steve bellovin, agress that, for protecting bgp, the only advantage ipsec has over md5 is rekeying. and rekeying is not our big problem, it's any keying at all. randy Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id QAA29781 for <idr-archive@nic.merit.edu>; Sat, 22 Mar 2003 16:54:54 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id 196A391217; Sat, 22 Mar 2003 16:54:34 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id DF72F91218; Sat, 22 Mar 2003 16:54:33 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id E991691217 for <idr@trapdoor.merit.edu>; Sat, 22 Mar 2003 16:54:32 -0500 (EST) Received: by segue.merit.edu (Postfix) id C9BB35DE69; Sat, 22 Mar 2003 16:54:32 -0500 (EST) Delivered-To: idr@merit.edu Received: from demiurge.exodus.net (demiurge.exodus.net [216.32.171.82]) by segue.merit.edu (Postfix) with ESMTP id 7225F5DD97 for <idr@merit.edu>; Sat, 22 Mar 2003 16:54:32 -0500 (EST) Received: (from andrewl@localhost) by demiurge.exodus.net (8.9.3+Sun/8.9.3) id NAA23716; Sat, 22 Mar 2003 13:51:19 -0800 (PST) Date: Sat, 22 Mar 2003 13:51:19 -0800 From: andrewl@xix-w.bengi.exodus.net To: Kunihiro Ishiguro <kunihiro@ipinfusion.com> Cc: curtis@fictitious.org, danny@tcb.net, idr@merit.edu Subject: Re: Issue 19) Security Considerations Message-ID: <20030322135119.E25773@demiurge.exodus.net> References: <87fzpfnxz4.wl@ipinfusion.com> <200303221737.MAA88528@workhorse.fictitious.org> <871y0zb0b1.wl@ipinfusion.com> <87wuir9jxs.wl@ipinfusion.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <87wuir9jxs.wl@ipinfusion.com>; from kunihiro@ipinfusion.com on Sat, Mar 22, 2003 at 01:21:19PM -0800 Sender: owner-idr@merit.edu Precedence: bulk > >>We can change this to MUST either implement TCP MD5 or support host to > >>host IPSEC and SHOULD implement both. > >> > >>This may be a leap of faith because we would be assuming that the > >>outcome of RPSEC is that IPSEC is the right solution for BGP. > >> > >>Comments from others on this? > > > >TCP MD5 does not provide enough security framework to meet today's > >security requirement. It only provide MD5 signature. It is scary. > >If the the box has IPsec, there should not be need of less secure TCP > >MD5 option support. > > I forgot to say my proposal. "BGP protocol MUST support TCP MD5 or > IPsec". When the box has IPsec, there is no need of encourage to > support less secure TCP MD5. I would disagree. All boxes must support at least the minimum security standard for interoperability. If you want to connect a box that only supports MD5 and one that only supports IPSEC, you could not bring up an authenticated session between them. I would be fine with something along the lines of: An implementation MUST support TCP MD5, and SHOULD support IPSEC. Andrew Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id QAA29655 for <idr-archive@nic.merit.edu>; Sat, 22 Mar 2003 16:51:01 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id 6A42F91216; Sat, 22 Mar 2003 16:50:25 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id 3602491217; Sat, 22 Mar 2003 16:50:25 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id 199DB91216 for <idr@trapdoor.merit.edu>; Sat, 22 Mar 2003 16:50:24 -0500 (EST) Received: by segue.merit.edu (Postfix) id 01A895DE49; Sat, 22 Mar 2003 16:50:24 -0500 (EST) Delivered-To: idr@merit.edu Received: from presque.nexthop.com (dns.nexthop.com [64.211.218.216]) by segue.merit.edu (Postfix) with ESMTP id 757355DD97 for <idr@merit.edu>; Sat, 22 Mar 2003 16:50:23 -0500 (EST) Received: (from root@localhost) by presque.nexthop.com (8.12.8/8.11.1) id h2MLoMrN054484; Sat, 22 Mar 2003 16:50:22 -0500 (EST) (envelope-from jhaas@jhaas.nexthop.com) Received: from jhaas.nexthop.com (jhaas.nexthop.com [64.211.218.31]) by presque.nexthop.com (8.12.8/8.12.8) with ESMTP id h2MLoINp054477 for <idr@merit.edu>; Sat, 22 Mar 2003 16:50:18 -0500 (EST) (envelope-from jhaas@jhaas.nexthop.com) Received: (from jhaas@localhost) by jhaas.nexthop.com (8.11.3nb1/8.11.3) id h2MLoDY18760 for idr@merit.edu; Sat, 22 Mar 2003 16:50:13 -0500 (EST) Date: Sat, 22 Mar 2003 16:50:13 -0500 From: Jeffrey Haas <jhaas@nexthop.com> To: idr@merit.edu Subject: Re: Issue 19) Security Considerations Message-ID: <20030322165013.B18728@nexthop.com> References: <87d6kkhtf2.wl@ipinfusion.com> <200303221454.JAA87932@workhorse.fictitious.org> <87isubnylj.wl@ipinfusion.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <87isubnylj.wl@ipinfusion.com>; from kunihiro@ipinfusion.com on Sat, Mar 22, 2003 at 08:40:56AM -0800 X-Virus-Scanned: by AMaViS perl-11 Sender: owner-idr@merit.edu Precedence: bulk I would like to attempt to refocus Kunihiro's concern. On Sat, Mar 22, 2003 at 08:40:56AM -0800, Kunihiro Ishiguro wrote: > Anyway, my concern is putting TCP MD5 as only one MUST item in BGP > security consideration section. I want to hear technical opinin at > here. Our security conern is that there are several vulnerabilities on attacking BGP-4 via the transport mechanism - in this case TCP. The lowest common denominator in hardware-based implementations of BGP (routers) is TCP-MD5. It serves the purpose of providing a much more secure transport session. Any mechanism at least as strong as TCP-MD5 should be sufficient. A concern that Kunihiro has, being the implementor of a software-based BGP implmentation, is that by mandating TCP-MD5, we have made any software implementation of BGP that runs on an operating system without TCP-MD5 in the TCP/IP implementation a non-compliant BGP implementation. To restate this for our AD's, we are tying the compliance of a BGP implementation to a protocol that is not BGP-related. In the bgp draft, we state: : BGP uses TCP [RFC793] as its transport protocol. This eliminates the : need to implement explicit update fragmentation, retransmission, : acknowledgment, and sequencing. BGP listens on TCP port 179. The : error notification mechanism used in BGP assumes that TCP supports a : "graceful" close, i.e., that all outstanding data will be delivered : before the connection is closed. If we're going to mandate TCP-MD5, *here* is the place we must do it. Otherwise, the stricture that: : Use of TCP MD5 [RFC2385] for authentication is mandatory. conflicts with the simple TCP statement above. An implementation that uses IPSEC is at least, if not more secure than TCP-MD5, but is non-compliant if it doesn't have support for TCP-MD5. I'll ask this question of our AD's: What is the exact requirements that we need out of our security considerations section for BGP? -- Jeff Haas NextHop Technologies Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id QAA28689 for <idr-archive@nic.merit.edu>; Sat, 22 Mar 2003 16:23:15 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id 461D691214; Sat, 22 Mar 2003 16:22:49 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id 15F3191216; Sat, 22 Mar 2003 16:22:49 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id E824A91214 for <idr@trapdoor.merit.edu>; Sat, 22 Mar 2003 16:22:46 -0500 (EST) Received: by segue.merit.edu (Postfix) id BD9D35DE63; Sat, 22 Mar 2003 16:22:46 -0500 (EST) Delivered-To: idr@merit.edu Received: from localhost.localdomain (ip-64-139-11-202.dsl.sca.megapath.net [64.139.11.202]) by segue.merit.edu (Postfix) with ESMTP id 1578D5DE62 for <idr@merit.edu>; Sat, 22 Mar 2003 16:22:46 -0500 (EST) Received: from localhost.localdomain (vprmatrix [127.0.0.1]) by localhost.localdomain (8.12.5/8.12.5) with ESMTP id h2MLLJ88001147; Sun, 23 Mar 2003 06:21:19 +0900 Date: Sat, 22 Mar 2003 13:21:19 -0800 Message-ID: <87wuir9jxs.wl@ipinfusion.com> From: Kunihiro Ishiguro <kunihiro@ipinfusion.com> To: curtis@fictitious.org Cc: danny@tcb.net, idr@merit.edu Subject: Re: Issue 19) Security Considerations In-Reply-To: <871y0zb0b1.wl@ipinfusion.com> References: <87fzpfnxz4.wl@ipinfusion.com> <200303221737.MAA88528@workhorse.fictitious.org> <871y0zb0b1.wl@ipinfusion.com> User-Agent: Wanderlust/2.10.0 (Venus) SEMI/1.14.3 (Ushinoya) FLIM/1.14.2 (Yagi-Nishiguchi) APEL/10.3 Emacs/21.2.92 (i686-pc-linux-gnu) MULE/5.0 (SAKAKI) MIME-Version: 1.0 (generated by SEMI 1.14.3 - "Ushinoya") Content-Type: text/plain; charset=US-ASCII Sender: owner-idr@merit.edu Precedence: bulk >>We can change this to MUST either implement TCP MD5 or support host to >>host IPSEC and SHOULD implement both. >> >>This may be a leap of faith because we would be assuming that the >>outcome of RPSEC is that IPSEC is the right solution for BGP. >> >>Comments from others on this? > >TCP MD5 does not provide enough security framework to meet today's >security requirement. It only provide MD5 signature. It is scary. >If the the box has IPsec, there should not be need of less secure TCP >MD5 option support. I forgot to say my proposal. "BGP protocol MUST support TCP MD5 or IPsec". When the box has IPsec, there is no need of encourage to support less secure TCP MD5. -- Kunihiro Ishiguro Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id QAA28398 for <idr-archive@nic.merit.edu>; Sat, 22 Mar 2003 16:14:14 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id 9972C91209; Sat, 22 Mar 2003 16:13:53 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id 6539091214; Sat, 22 Mar 2003 16:13:53 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id 2A5EC91209 for <idr@trapdoor.merit.edu>; Sat, 22 Mar 2003 16:13:52 -0500 (EST) Received: by segue.merit.edu (Postfix) id 1A7065DE62; Sat, 22 Mar 2003 16:13:52 -0500 (EST) Delivered-To: idr@merit.edu Received: from hotmail.com (bay1-f110.bay1.hotmail.com [65.54.245.110]) by segue.merit.edu (Postfix) with ESMTP id CD0135DE5F for <idr@merit.edu>; Sat, 22 Mar 2003 16:13:51 -0500 (EST) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Sat, 22 Mar 2003 13:13:51 -0800 Received: from 65.194.140.2 by by1fd.bay1.hotmail.msn.com with HTTP; Sat, 22 Mar 2003 21:13:50 GMT X-Originating-IP: [65.194.140.2] X-Originating-Email: [bwarijsman@hotmail.com] From: "Bruno Rijsman" <bwarijsman@hotmail.com> To: jhaas@nexthop.com Cc: idr@merit.edu Subject: Re: questions about the index of the bgpM2PeerTable Date: Sat, 22 Mar 2003 16:13:50 -0500 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: <BAY1-F110QvnbEG10Ga00000206@hotmail.com> X-OriginalArrivalTime: 22 Mar 2003 21:13:51.0256 (UTC) FILETIME=[EFCB6180:01C2F0B7] Sender: owner-idr@merit.edu Precedence: bulk JH> My own thought is that in the case where the source address is not JH> known ahead of time that a value of 0.0.0.0 (or all zeros for a JH> given addrtype) would mean that its an unspecified address on JH> configuration. JH> It may be ok to leave this in the established state as well to JH> make the tables queryable. The implementations I have worked with JH> tend to require you to specify the local end of the connection JH> via configuration in some cases and when this is done, the value can JH> be placed here. Yes, I like your proposal: bgpM2PeerLocalAddr is the configured (administrative) local address and 0.0.0.0 means no local address has been configured. We might want to add an additional object which is not part of the index to retrieve the actual (operational) local address when the peer is established. ( At least I think we need a separate object for that, but I'm not really an SNMP expert, so feel free to correct me if I am wrong. ) And if we are really adventurous we might generalize this and say that a bgpM2PeerRemoteAddr of 0.0.0.0 means that no remote address has been configured (e.g. a promiscuous passive peer) and add an object for the operational remote address. -- Bruno _________________________________________________________________ MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*. http://join.msn.com/?page=features/virus Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id PAA27813 for <idr-archive@nic.merit.edu>; Sat, 22 Mar 2003 15:57:43 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id BA0AB91212; Sat, 22 Mar 2003 15:57:17 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id 85D8E91214; Sat, 22 Mar 2003 15:57:17 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id 5108591212 for <idr@trapdoor.merit.edu>; Sat, 22 Mar 2003 15:57:16 -0500 (EST) Received: by segue.merit.edu (Postfix) id 3C6745DE5D; Sat, 22 Mar 2003 15:57:16 -0500 (EST) Delivered-To: idr@merit.edu Received: from localhost.localdomain (ip-64-139-11-202.dsl.sca.megapath.net [64.139.11.202]) by segue.merit.edu (Postfix) with ESMTP id 6FDC25DE54 for <idr@merit.edu>; Sat, 22 Mar 2003 15:57:15 -0500 (EST) Received: from localhost.localdomain (vprmatrix [127.0.0.1]) by localhost.localdomain (8.12.5/8.12.5) with ESMTP id h2MKtq88001101; Sun, 23 Mar 2003 05:55:52 +0900 Date: Sat, 22 Mar 2003 12:55:52 -0800 Message-ID: <87y9379l47.wl@ipinfusion.com> From: Kunihiro Ishiguro <kunihiro@ipinfusion.com> To: Randy Bush <randy@psg.com> Cc: danny@tcb.net, idr@merit.edu Subject: Re: Issue 19) Security Considerations In-Reply-To: <E18wnao-000OwF-00@rip.psg.com> References: <20030321021402.2F55C55FD4@nomad.tcb.net> <87fzpfnxz4.wl@ipinfusion.com> <E18wnao-000OwF-00@rip.psg.com> User-Agent: Wanderlust/2.10.0 (Venus) SEMI/1.14.3 (Ushinoya) FLIM/1.14.2 (Yagi-Nishiguchi) APEL/10.3 Emacs/21.2.92 (i686-pc-linux-gnu) MULE/5.0 (SAKAKI) MIME-Version: 1.0 (generated by SEMI 1.14.3 - "Ushinoya") Content-Type: text/plain; charset=US-ASCII Sender: owner-idr@merit.edu Precedence: bulk >> You may believe it or not, there are many BGP speakers which does not >> support TCP MD5. > >i believe this should be fixed. bgp security is a very very scary >issue. Yes it is very important issue. IMHO, TCP MD5 does not solve BGP security issue. It does not have any key exchange framework nor choice of algorithm. It is just a simple MD5 signature in TCP option. Almost implementation just accept static password for it and operators don't change it frequently. It is scary. Actually TCP MD5 option is not support some OS due to it does not provide good security. I agree with that TCP MD5 is better than nothing. But making it as only MUST item in BGP sepecification is wrong message for routing protocol security. -- Kunihiro Ishiguro Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id PAA27342 for <idr-archive@nic.merit.edu>; Sat, 22 Mar 2003 15:44:22 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id A946791211; Sat, 22 Mar 2003 15:43:56 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id 7514891212; Sat, 22 Mar 2003 15:43:56 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id 0D85B91211 for <idr@trapdoor.merit.edu>; Sat, 22 Mar 2003 15:43:55 -0500 (EST) Received: by segue.merit.edu (Postfix) id E67645DE5D; Sat, 22 Mar 2003 15:43:54 -0500 (EST) Delivered-To: idr@merit.edu Received: from localhost.localdomain (ip-64-139-11-202.dsl.sca.megapath.net [64.139.11.202]) by segue.merit.edu (Postfix) with ESMTP id 3C9525DE5A for <idr@merit.edu>; Sat, 22 Mar 2003 15:43:54 -0500 (EST) Received: from localhost.localdomain (vprmatrix [127.0.0.1]) by localhost.localdomain (8.12.5/8.12.5) with ESMTP id h2MKgQ88001077; Sun, 23 Mar 2003 05:42:27 +0900 Date: Sat, 22 Mar 2003 12:42:26 -0800 Message-ID: <871y0zb0b1.wl@ipinfusion.com> From: Kunihiro Ishiguro <kunihiro@ipinfusion.com> To: curtis@fictitious.org Cc: danny@tcb.net, idr@merit.edu Subject: Re: Issue 19) Security Considerations In-Reply-To: <200303221737.MAA88528@workhorse.fictitious.org> References: <87fzpfnxz4.wl@ipinfusion.com> <200303221737.MAA88528@workhorse.fictitious.org> User-Agent: Wanderlust/2.10.0 (Venus) SEMI/1.14.3 (Ushinoya) FLIM/1.14.2 (Yagi-Nishiguchi) APEL/10.3 Emacs/21.2.92 (i686-pc-linux-gnu) MULE/5.0 (SAKAKI) MIME-Version: 1.0 (generated by SEMI 1.14.3 - "Ushinoya") Content-Type: text/plain; charset=US-ASCII Sender: owner-idr@merit.edu Precedence: bulk >I suggest that a compromise is in order. > >We can change this to MUST either implement TCP MD5 or support host to >host IPSEC and SHOULD implement both. > >This may be a leap of faith because we would be assuming that the >outcome of RPSEC is that IPSEC is the right solution for BGP. > >Comments from others on this? TCP MD5 does not provide enough security framework to meet today's security requirement. It only provide MD5 signature. It is scary. If the the box has IPsec, there should not be need of less secure TCP MD5 option support. -- Kunihiro Ishiguro Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id NAA22551 for <idr-archive@nic.merit.edu>; Sat, 22 Mar 2003 13:28:31 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id EEEE59120A; Sat, 22 Mar 2003 13:28:06 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id BEC429120D; Sat, 22 Mar 2003 13:28:05 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id C2D379120A for <idr@trapdoor.merit.edu>; Sat, 22 Mar 2003 13:28:04 -0500 (EST) Received: by segue.merit.edu (Postfix) id A162F5DE42; Sat, 22 Mar 2003 13:28:04 -0500 (EST) Delivered-To: idr@merit.edu Received: from nomad.tcb.net (vdsl-151-118-3-177.dnvr.uswest.net [151.118.3.177]) by segue.merit.edu (Postfix) with ESMTP id 7B0BC5DE41 for <idr@merit.edu>; Sat, 22 Mar 2003 13:28:04 -0500 (EST) Received: by nomad.tcb.net (Postfix, from userid 500) id 029CF55F62; Sat, 22 Mar 2003 11:27:21 -0700 (MST) Received: from nomad.tcb.net (localhost [127.0.0.1]) by nomad.tcb.net (Postfix) with ESMTP id F398F3E83 for <idr@merit.edu>; Sat, 22 Mar 2003 11:27:21 -0700 (MST) X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4 To: idr@merit.edu From: Danny McPherson <danny@tcb.net> Reply-To: danny@tcb.net Subject: Re: Issue 19) Security Considerations Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Sat, 22 Mar 2003 11:27:16 -0700 Message-Id: <20030322182721.029CF55F62@nomad.tcb.net> Sender: owner-idr@merit.edu Precedence: bulk > We can change this to MUST either implement TCP MD5 or support host to > host IPSEC and SHOULD implement both. I can deal with this. > This may be a leap of faith because we would be assuming that the > outcome of RPSEC is that IPSEC is the right solution for BGP. It'll _never happen... -danny Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id NAA22239 for <idr-archive@nic.merit.edu>; Sat, 22 Mar 2003 13:20:11 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id 5C9D791208; Sat, 22 Mar 2003 13:19:45 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id 2C7289120A; Sat, 22 Mar 2003 13:19:45 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id 44D0A91208 for <idr@trapdoor.merit.edu>; Sat, 22 Mar 2003 13:19:44 -0500 (EST) Received: by segue.merit.edu (Postfix) id 1DFD85DE3B; Sat, 22 Mar 2003 13:19:44 -0500 (EST) Delivered-To: idr@merit.edu Received: from rip.psg.com (rip.psg.com [147.28.0.39]) by segue.merit.edu (Postfix) with ESMTP id EB5525DDC8 for <idr@merit.edu>; Sat, 22 Mar 2003 13:19:43 -0500 (EST) Received: from localhost ([127.0.0.1] helo=rip.psg.com) by rip.psg.com with esmtp (Exim 4.12) id 18wnao-000OwF-00; Sat, 22 Mar 2003 10:19:42 -0800 From: Randy Bush <randy@psg.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Date: Sat, 22 Mar 2003 10:19:42 -0800 To: Kunihiro Ishiguro <kunihiro@zebra.org> Cc: danny@tcb.net, idr@merit.edu Subject: Re: Issue 19) Security Considerations References: <20030321021402.2F55C55FD4@nomad.tcb.net> <87fzpfnxz4.wl@ipinfusion.com> Message-Id: <E18wnao-000OwF-00@rip.psg.com> Sender: owner-idr@merit.edu Precedence: bulk > You may believe it or not, there are many BGP speakers which does not > support TCP MD5. i believe this should be fixed. bgp security is a very very scary issue. randy Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id MAA20919 for <idr-archive@nic.merit.edu>; Sat, 22 Mar 2003 12:40:52 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id EA5BD91207; Sat, 22 Mar 2003 12:40:30 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id B215E91208; Sat, 22 Mar 2003 12:40:29 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id 6F19991207 for <idr@trapdoor.merit.edu>; Sat, 22 Mar 2003 12:40:28 -0500 (EST) Received: by segue.merit.edu (Postfix) id 586A55DE31; Sat, 22 Mar 2003 12:40:28 -0500 (EST) Delivered-To: idr@merit.edu Received: from workhorse.fictitious.org (workhorse.fictitious.org [209.150.1.230]) by segue.merit.edu (Postfix) with ESMTP id 722945DE30 for <idr@merit.edu>; Sat, 22 Mar 2003 12:40:27 -0500 (EST) Received: from workhorse.fictitious.org (localhost.fictitious.org [127.0.0.1]) by workhorse.fictitious.org (8.9.3/8.9.3) with ESMTP id MAA88528; Sat, 22 Mar 2003 12:37:37 -0500 (EST) (envelope-from curtis@workhorse.fictitious.org) Message-Id: <200303221737.MAA88528@workhorse.fictitious.org> To: Kunihiro Ishiguro <kunihiro@zebra.org> Cc: danny@tcb.net, idr@merit.edu Reply-To: curtis@fictitious.org Subject: Re: Issue 19) Security Considerations In-reply-to: Your message of "Sat, 22 Mar 2003 08:54:23 PST." <87fzpfnxz4.wl@ipinfusion.com> Date: Sat, 22 Mar 2003 12:37:37 -0500 From: Curtis Villamizar <curtis@fictitious.org> Sender: owner-idr@merit.edu Precedence: bulk In message <87fzpfnxz4.wl@ipinfusion.com>, Kunihiro Ishiguro writes: > >This issue with the MUST is that we MUST address security in order > >to progress the base BGP document and as Andrew says, TCP MD5 is the > >lowest common denominator. > > You may believe it or not, there are many BGP speakers which does not > support TCP MD5. All toys. None of them suitable for ISP use. Some are explicitly designed for measurement purposes only (MRT). > Please think about some guy implement BGP after that. Is that a right > way to enforce the guy to implement TCP MD5? TCP MD5 is not BGP > protocol at all. You said common denominator, but from TCP/IP stack > deployment TCP MD5 very minor extension. > -- > Kunihiro Ishiguro I suggest that a compromise is in order. We can change this to MUST either implement TCP MD5 or support host to host IPSEC and SHOULD implement both. This may be a leap of faith because we would be assuming that the outcome of RPSEC is that IPSEC is the right solution for BGP. Comments from others on this? Curtis Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id LAA19396 for <idr-archive@nic.merit.edu>; Sat, 22 Mar 2003 11:56:24 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id B38F191203; Sat, 22 Mar 2003 11:55:48 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id 8155A91205; Sat, 22 Mar 2003 11:55:48 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id 6F1B291203 for <idr@trapdoor.merit.edu>; Sat, 22 Mar 2003 11:55:47 -0500 (EST) Received: by segue.merit.edu (Postfix) id 541365DE22; Sat, 22 Mar 2003 11:55:47 -0500 (EST) Delivered-To: idr@merit.edu Received: from localhost.localdomain (ip-64-139-11-202.dsl.sca.megapath.net [64.139.11.202]) by segue.merit.edu (Postfix) with ESMTP id A288D5DDFA for <idr@merit.edu>; Sat, 22 Mar 2003 11:55:46 -0500 (EST) Received: from localhost.localdomain (vprmatrix [127.0.0.1]) by localhost.localdomain (8.12.5/8.12.5) with ESMTP id h2MGsNti001125; Sun, 23 Mar 2003 01:54:23 +0900 Date: Sat, 22 Mar 2003 08:54:23 -0800 Message-ID: <87fzpfnxz4.wl@ipinfusion.com> From: Kunihiro Ishiguro <kunihiro@zebra.org> To: danny@tcb.net Cc: idr@merit.edu Subject: Re: Issue 19) Security Considerations In-Reply-To: <20030321021402.2F55C55FD4@nomad.tcb.net> References: <20030321021402.2F55C55FD4@nomad.tcb.net> User-Agent: Wanderlust/2.10.0 (Venus) SEMI/1.14.3 (Ushinoya) FLIM/1.14.2 (Yagi-Nishiguchi) APEL/10.3 Emacs/21.2.92 (i686-pc-linux-gnu) MULE/5.0 (SAKAKI) MIME-Version: 1.0 (generated by SEMI 1.14.3 - "Ushinoya") Content-Type: text/plain; charset=US-ASCII Sender: owner-idr@merit.edu Precedence: bulk >This issue with the MUST is that we MUST address security in order >to progress the base BGP document and as Andrew says, TCP MD5 is the >lowest common denominator. You may believe it or not, there are many BGP speakers which does not support TCP MD5. Please think about some guy implement BGP after that. Is that a right way to enforce the guy to implement TCP MD5? TCP MD5 is not BGP protocol at all. You said common denominator, but from TCP/IP stack deployment TCP MD5 very minor extension. -- Kunihiro Ishiguro Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id LAA18927 for <idr-archive@nic.merit.edu>; Sat, 22 Mar 2003 11:42:53 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id 6BA5691201; Sat, 22 Mar 2003 11:42:31 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id 3564291203; Sat, 22 Mar 2003 11:42:31 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id E074A91201 for <idr@trapdoor.merit.edu>; Sat, 22 Mar 2003 11:42:29 -0500 (EST) Received: by segue.merit.edu (Postfix) id CA0835DE29; Sat, 22 Mar 2003 11:42:29 -0500 (EST) Delivered-To: idr@merit.edu Received: from localhost.localdomain (ip-64-139-11-202.dsl.sca.megapath.net [64.139.11.202]) by segue.merit.edu (Postfix) with ESMTP id 0E6D25DDFA for <idr@merit.edu>; Sat, 22 Mar 2003 11:42:29 -0500 (EST) Received: from localhost.localdomain (vprmatrix [127.0.0.1]) by localhost.localdomain (8.12.5/8.12.5) with ESMTP id h2MGeuti001119; Sun, 23 Mar 2003 01:40:57 +0900 Date: Sat, 22 Mar 2003 08:40:56 -0800 Message-ID: <87isubnylj.wl@ipinfusion.com> From: Kunihiro Ishiguro <kunihiro@ipinfusion.com> To: curtis@fictitious.org Cc: andrewl@xix-w.bengi.exodus.net, "Naidu, Venkata" <Venkata.Naidu@Marconi.com>, idr@merit.edu Subject: Re: Issue 19) Security Considerations In-Reply-To: <200303221454.JAA87932@workhorse.fictitious.org> References: <87d6kkhtf2.wl@ipinfusion.com> <200303221454.JAA87932@workhorse.fictitious.org> User-Agent: Wanderlust/2.10.0 (Venus) SEMI/1.14.3 (Ushinoya) FLIM/1.14.2 (Yagi-Nishiguchi) APEL/10.3 Emacs/21.2.92 (i686-pc-linux-gnu) MULE/5.0 (SAKAKI) MIME-Version: 1.0 (generated by SEMI 1.14.3 - "Ushinoya") Content-Type: text/plain; charset=US-ASCII Sender: owner-idr@merit.edu Precedence: bulk >We are not defining a new spec and moving it to PS. We are reviewing >and correcting an old spec and moving it to FS. In doing so we must >consider current implementations and current implementation >experience. Pretty good new ideas that are sparsely implemented and >have near zero deployment have to be documented in other documents and >can *later* be moved into the base spec after they are widely >implemented and widely deployed. Curtis, You should look at real world, it is not made by only tier-1 network. It is year 2003 not year 1993. How can you say that there are 'near zero deployment' ? If we only consider Cisco and Juniper implementation, actually there is no need of discussing at here. Just vendor's check is needed, isn't it? I'm so sad that hearing such kind of depressing opinon from excellent engineer like you. Anyway, my concern is putting TCP MD5 as only one MUST item in BGP security consideration section. I want to hear technical opinin at here. -- Kunihiro Ishiguro Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id JAA14581 for <idr-archive@nic.merit.edu>; Sat, 22 Mar 2003 09:57:37 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id 628B49120F; Sat, 22 Mar 2003 09:57:01 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id 39C9B91209; Sat, 22 Mar 2003 09:57:00 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id 24B1D91209 for <idr@trapdoor.merit.edu>; Sat, 22 Mar 2003 09:56:59 -0500 (EST) Received: by segue.merit.edu (Postfix) id 0DB445DE1A; Sat, 22 Mar 2003 09:56:59 -0500 (EST) Delivered-To: idr@merit.edu Received: from workhorse.fictitious.org (workhorse.fictitious.org [209.150.1.230]) by segue.merit.edu (Postfix) with ESMTP id 56D905DD96 for <idr@merit.edu>; Sat, 22 Mar 2003 09:56:58 -0500 (EST) Received: from workhorse.fictitious.org (localhost.fictitious.org [127.0.0.1]) by workhorse.fictitious.org (8.9.3/8.9.3) with ESMTP id JAA87932; Sat, 22 Mar 2003 09:54:06 -0500 (EST) (envelope-from curtis@workhorse.fictitious.org) Message-Id: <200303221454.JAA87932@workhorse.fictitious.org> To: Kunihiro Ishiguro <kunihiro@zebra.org> Cc: andrewl@xix-w.bengi.exodus.net, "Naidu, Venkata" <Venkata.Naidu@Marconi.com>, "'curtis@fictitious.org'" <curtis@fictitious.org>, idr@merit.edu Reply-To: curtis@fictitious.org Subject: Re: Issue 19) Security Considerations In-reply-to: Your message of "Fri, 21 Mar 2003 21:17:05 PST." <87d6kkhtf2.wl@ipinfusion.com> Date: Sat, 22 Mar 2003 09:54:06 -0500 From: Curtis Villamizar <curtis@fictitious.org> Sender: owner-idr@merit.edu Precedence: bulk In message <87d6kkhtf2.wl@ipinfusion.com>, Kunihiro Ishiguro writes: > >Sitting on this until RPSEC develops requirements, and then solutions is not > >an option. Nor is moving the specification of a security mechanism out > >of the draft. In order to advance we must have a security mechanism > >specified. MD5 is the winner by default. It is widely deployed and > >understood. > > I want to say again we should be careful to specify BGP security > consideration. So far discussion is not technical other than Sandy's > comment. > > MUST is really must. It enforce people to do it. Just only for BGP, > we should not enforce people to do TCP MD5. There are many other (and > better) way to do TCP authentication. > > Again, specification is not only for endorsing big vendor's > implementation. We should be technical at here. > -- > Kunihiro Ishiguro We are not defining a new spec and moving it to PS. We are reviewing and correcting an old spec and moving it to FS. In doing so we must consider current implementations and current implementation experience. Pretty good new ideas that are sparsely implemented and have near zero deployment have to be documented in other documents and can *later* be moved into the base spec after they are widely implemented and widely deployed. Curtis Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id CAA28975 for <idr-archive@nic.merit.edu>; Sat, 22 Mar 2003 02:20:29 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id 6CB6F9122B; Sat, 22 Mar 2003 02:20:05 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id 1155E91226; Sat, 22 Mar 2003 02:20:04 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id B764C91228 for <idr@trapdoor.merit.edu>; Sat, 22 Mar 2003 02:20:02 -0500 (EST) Received: by segue.merit.edu (Postfix) id A2FDD5DDAB; Sat, 22 Mar 2003 02:20:02 -0500 (EST) Delivered-To: idr@merit.edu Received: from nomad.tcb.net (vdsl-151-118-3-177.dnvr.uswest.net [151.118.3.177]) by segue.merit.edu (Postfix) with ESMTP id 793FE5DD97 for <idr@merit.edu>; Sat, 22 Mar 2003 02:20:02 -0500 (EST) Received: by nomad.tcb.net (Postfix, from userid 500) id 2F55C55FD4; Thu, 20 Mar 2003 19:14:02 -0700 (MST) Received: from nomad.tcb.net (localhost [127.0.0.1]) by nomad.tcb.net (Postfix) with ESMTP id 2C75F3E83 for <idr@merit.edu>; Thu, 20 Mar 2003 19:14:02 -0700 (MST) X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4 To: idr@merit.edu From: Danny McPherson <danny@tcb.net> Reply-To: danny@tcb.net Subject: Re: Issue 19) Security Considerations Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Thu, 20 Mar 2003 19:13:57 -0700 Message-Id: <20030321021402.2F55C55FD4@nomad.tcb.net> Sender: owner-idr@merit.edu Precedence: bulk > I want to say again we should be careful to specify BGP security > consideration. This issue with the MUST is that we MUST address security in order to progress the base BGP document and as Andrew says, TCP MD5 is the lowest common denominator. > So far discussion is not technical other than Sandy's > comment. > > MUST is really must. It enforce people to do it. Just only for BGP, > we should not enforce people to do TCP MD5. There are many other (and > better) way to do TCP authentication. With the exception of a small amount of IPSEC, no other mechanism is deployed. And RFCs don't "force" people to do things.. All of the implementations that support TCP MD5 for BGP provide a mechanism to disable it, so if you're concerned with interworking you can either implement it or have it disabled on the peer. If you're worried about RFCNNNN rubber stamping your implementation, well, I don't think the larger WG is. > Again, specification is not only for endorsing big vendor's > implementation. We should be technical at here. If we do anything beyond TCP MD5 right now then we'll the IDR WG will be spinning our wheels for another 18 months, at a minimum. As for RPSEC, we'll be quite a while generating a requirements list, especially given the vast array of participants from purists & academics to realistics & operators, defining protocols that answer the requirements and are either "bolted on" to BGP and other existing protocols, or incorporated into new protocols, is a long, long, long time away. -danny Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id AAA24613 for <idr-archive@nic.merit.edu>; Sat, 22 Mar 2003 00:19:29 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id 974D0912C9; Sat, 22 Mar 2003 00:19:09 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id 346B8912C7; Sat, 22 Mar 2003 00:19:07 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id 9B627912CB for <idr@trapdoor.merit.edu>; Sat, 22 Mar 2003 00:18:53 -0500 (EST) Received: by segue.merit.edu (Postfix) id 6EDAC5DDA0; Sat, 22 Mar 2003 00:18:53 -0500 (EST) Delivered-To: idr@merit.edu Received: from localhost.localdomain (ip-64-139-11-202.dsl.sca.megapath.net [64.139.11.202]) by segue.merit.edu (Postfix) with ESMTP id B49C65DD9D for <idr@merit.edu>; Sat, 22 Mar 2003 00:18:52 -0500 (EST) Received: from localhost.localdomain (vprmatrix [127.0.0.1]) by localhost.localdomain (8.12.5/8.12.5) with ESMTP id h2M5H5Wr001107; Sat, 22 Mar 2003 14:17:05 +0900 Date: Fri, 21 Mar 2003 21:17:05 -0800 Message-ID: <87d6kkhtf2.wl@ipinfusion.com> From: Kunihiro Ishiguro <kunihiro@zebra.org> To: andrewl@xix-w.bengi.exodus.net Cc: "Naidu, Venkata" <Venkata.Naidu@Marconi.com>, "'curtis@fictitious.org'" <curtis@fictitious.org>, idr@merit.edu Subject: Re: Issue 19) Security Considerations In-Reply-To: <20030321150237.D25773@demiurge.exodus.net> References: <39469E08BD83D411A3D900204840EC55763553@vie-msgusr-01.dc.fore.com> <87u1dwpczh.wl@ipinfusion.com> User-Agent: Wanderlust/2.10.0 (Venus) SEMI/1.14.3 (Ushinoya) FLIM/1.14.2 (Yagi-Nishiguchi) APEL/10.3 Emacs/21.2.92 (i686-pc-linux-gnu) MULE/5.0 (SAKAKI) MIME-Version: 1.0 (generated by SEMI 1.14.3 - "Ushinoya") Content-Type: text/plain; charset=US-ASCII Sender: owner-idr@merit.edu Precedence: bulk >Sitting on this until RPSEC develops requirements, and then solutions is not >an option. Nor is moving the specification of a security mechanism out >of the draft. In order to advance we must have a security mechanism >specified. MD5 is the winner by default. It is widely deployed and >understood. I want to say again we should be careful to specify BGP security consideration. So far discussion is not technical other than Sandy's comment. MUST is really must. It enforce people to do it. Just only for BGP, we should not enforce people to do TCP MD5. There are many other (and better) way to do TCP authentication. Again, specification is not only for endorsing big vendor's implementation. We should be technical at here. -- Kunihiro Ishiguro Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id SAA11732 for <idr-archive@nic.merit.edu>; Fri, 21 Mar 2003 18:06:12 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id 24BEE912BA; Fri, 21 Mar 2003 18:05:52 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id E987E912B9; Fri, 21 Mar 2003 18:05:51 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id EC792912BA for <idr@trapdoor.merit.edu>; Fri, 21 Mar 2003 18:05:48 -0500 (EST) Received: by segue.merit.edu (Postfix) id BE1AF5E1C7; Fri, 21 Mar 2003 18:05:48 -0500 (EST) Delivered-To: idr@merit.edu Received: from demiurge.exodus.net (demiurge.exodus.net [216.32.171.82]) by segue.merit.edu (Postfix) with ESMTP id 671165DD9C for <idr@merit.edu>; Fri, 21 Mar 2003 18:05:48 -0500 (EST) Received: (from andrewl@localhost) by demiurge.exodus.net (8.9.3+Sun/8.9.3) id PAA07349; Fri, 21 Mar 2003 15:02:37 -0800 (PST) Date: Fri, 21 Mar 2003 15:02:37 -0800 From: andrewl@xix-w.bengi.exodus.net To: Kunihiro Ishiguro <kunihiro@zebra.org> Cc: "Naidu, Venkata" <Venkata.Naidu@Marconi.com>, "'curtis@fictitious.org'" <curtis@fictitious.org>, idr@merit.edu Subject: Re: Issue 19) Security Considerations Message-ID: <20030321150237.D25773@demiurge.exodus.net> References: <39469E08BD83D411A3D900204840EC55763553@vie-msgusr-01.dc.fore.com> <87u1dwpczh.wl@ipinfusion.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <87u1dwpczh.wl@ipinfusion.com>; from kunihiro@zebra.org on Fri, Mar 21, 2003 at 02:32:34PM -0800 Sender: owner-idr@merit.edu Precedence: bulk Sitting on this until RPSEC develops requirements, and then solutions is not an option. Nor is moving the specification of a security mechanism out of the draft. In order to advance we must have a security mechanism specified. MD5 is the winner by default. It is widely deployed and understood. If we want to later change things and issue a "Best Practices in BGP Security" RFC we can, and should do that. Andrew On Fri, Mar 21, 2003 at 02:32:34PM -0800, Kunihiro Ishiguro wrote: > Date: Fri, 21 Mar 2003 14:32:34 -0800 > From: Kunihiro Ishiguro <kunihiro@zebra.org> > To: "Naidu, Venkata" <Venkata.Naidu@Marconi.com> > Cc: "'curtis@fictitious.org'" <curtis@fictitious.org>, > andrewl@xix-w.bengi.exodus.net, idr@merit.edu > Subject: Re: Issue 19) Security Considerations > In-Reply-To: <39469E08BD83D411A3D900204840EC55763553@vie-msgusr-01.dc.fore.com> > User-Agent: Wanderlust/2.10.0 (Venus) SEMI/1.14.3 (Ushinoya) FLIM/1.14.2 (Yagi-Nishiguchi) APEL/10.3 Emacs/21.2.92 (i686-pc-linux-gnu) MULE/5.0 (SAKAKI) > > > We could mandate (using MUST) in the forthcoming BGP4 > > spec, but, I suspect that, these MUSTs are going to > > confuse people when RPSEC comes out with different > > requirements in very near future. > > I agree with it. There must be a global picture for routing protocol > security. > -- > Kunihiro Ishiguro Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id RAA10687 for <idr-archive@nic.merit.edu>; Fri, 21 Mar 2003 17:35:21 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id 9BE81912B4; Fri, 21 Mar 2003 17:34:43 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id 60D19912B0; Fri, 21 Mar 2003 17:34:43 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id 5CF7B912B8 for <idr@trapdoor.merit.edu>; Fri, 21 Mar 2003 17:34:03 -0500 (EST) Received: by segue.merit.edu (Postfix) id 437415E1C3; Fri, 21 Mar 2003 17:34:03 -0500 (EST) Delivered-To: idr@merit.edu Received: from localhost.localdomain (mail.ipinfusion.com [65.223.109.2]) by segue.merit.edu (Postfix) with ESMTP id C220C5E1BC for <idr@merit.edu>; Fri, 21 Mar 2003 17:34:02 -0500 (EST) Received: from localhost.localdomain (vprmatrix [127.0.0.1]) by localhost.localdomain (8.12.5/8.12.5) with ESMTP id h2LMWYG0002622; Sat, 22 Mar 2003 07:32:35 +0900 Date: Fri, 21 Mar 2003 14:32:34 -0800 Message-ID: <87u1dwpczh.wl@ipinfusion.com> From: Kunihiro Ishiguro <kunihiro@zebra.org> To: "Naidu, Venkata" <Venkata.Naidu@Marconi.com> Cc: "'curtis@fictitious.org'" <curtis@fictitious.org>, andrewl@xix-w.bengi.exodus.net, idr@merit.edu Subject: Re: Issue 19) Security Considerations In-Reply-To: <39469E08BD83D411A3D900204840EC55763553@vie-msgusr-01.dc.fore.com> References: <39469E08BD83D411A3D900204840EC55763553@vie-msgusr-01.dc.fore.com> User-Agent: Wanderlust/2.10.0 (Venus) SEMI/1.14.3 (Ushinoya) FLIM/1.14.2 (Yagi-Nishiguchi) APEL/10.3 Emacs/21.2.92 (i686-pc-linux-gnu) MULE/5.0 (SAKAKI) MIME-Version: 1.0 (generated by SEMI 1.14.3 - "Ushinoya") Content-Type: text/plain; charset=US-ASCII Sender: owner-idr@merit.edu Precedence: bulk > We could mandate (using MUST) in the forthcoming BGP4 > spec, but, I suspect that, these MUSTs are going to > confuse people when RPSEC comes out with different > requirements in very near future. I agree with it. There must be a global picture for routing protocol security. -- Kunihiro Ishiguro Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id RAA10212 for <idr-archive@nic.merit.edu>; Fri, 21 Mar 2003 17:25:33 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id 6AA02912B3; Fri, 21 Mar 2003 17:25:08 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id 3423E912B0; Fri, 21 Mar 2003 17:25:08 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id AEF5F912B3 for <idr@trapdoor.merit.edu>; Fri, 21 Mar 2003 17:25:06 -0500 (EST) Received: by segue.merit.edu (Postfix) id 94B5B5E1AF; Fri, 21 Mar 2003 17:25:06 -0500 (EST) Delivered-To: idr@merit.edu Received: from localhost.localdomain (mail.ipinfusion.com [65.223.109.2]) by segue.merit.edu (Postfix) with ESMTP id 1DCAD5DDB1 for <idr@merit.edu>; Fri, 21 Mar 2003 17:25:06 -0500 (EST) Received: from localhost.localdomain (vprmatrix [127.0.0.1]) by localhost.localdomain (8.12.5/8.12.5) with ESMTP id h2LMNgG0002583; Sat, 22 Mar 2003 07:23:42 +0900 Date: Fri, 21 Mar 2003 14:23:42 -0800 Message-ID: <87vfycpde9.wl@ipinfusion.com> From: Kunihiro Ishiguro <kunihiro@ipinfusion.com> To: curtis@fictitious.org Cc: andrewl@xix-w.bengi.exodus.net, idr@merit.edu Subject: Re: Issue 19) Security Considerations In-Reply-To: <200303212138.QAA79016@workhorse.fictitious.org> References: <87y938pgqm.wl@ipinfusion.com> <200303212138.QAA79016@workhorse.fictitious.org> User-Agent: Wanderlust/2.10.0 (Venus) SEMI/1.14.3 (Ushinoya) FLIM/1.14.2 (Yagi-Nishiguchi) APEL/10.3 Emacs/21.2.92 (i686-pc-linux-gnu) MULE/5.0 (SAKAKI) MIME-Version: 1.0 (generated by SEMI 1.14.3 - "Ushinoya") Content-Type: text/plain; charset=US-ASCII Sender: owner-idr@merit.edu Precedence: bulk >It is a legitimate question whether current tier-1 deployments should >entirely drive the spec in this area. If the answer is "no" then >perhaps the requirement for TCP MD5 could be loosenned a little. I believe BGP protocol is not only for tier-1 deployments. BGP is used from very small network to large network in various kind of situation today. For example countless RFC2547bis CE client connect to PE using BGP for VPN services. Again BGP is not only for tier-1 network based upon Cisco and Juniper today. There are so many other situations. BGP security consideration is very important issue. Just making TCP MD5 MUST does not solve the problem. I still suggest to separate this issue from base BGP spec. -- Kunihiro Ishiguro Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id RAA09971 for <idr-archive@nic.merit.edu>; Fri, 21 Mar 2003 17:19:17 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id F341A91360; Fri, 21 Mar 2003 17:12:17 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id B6DB99134E; Fri, 21 Mar 2003 17:12:11 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id 4D90191328 for <idr@trapdoor.merit.edu>; Fri, 21 Mar 2003 17:06:24 -0500 (EST) Received: by segue.merit.edu (Postfix) id 370815E1AF; Fri, 21 Mar 2003 17:06:24 -0500 (EST) Delivered-To: idr@merit.edu Received: from mailgate.pit.comms.marconi.com (mailgate.pit.comms.marconi.com [169.144.68.6]) by segue.merit.edu (Postfix) with ESMTP id B7E535E1BA for <idr@merit.edu>; Fri, 21 Mar 2003 17:06:23 -0500 (EST) Received: from mailman.pit.comms.marconi.com (mailman.pit.comms.marconi.com [169.144.2.12]) by mailgate.pit.comms.marconi.com (8.9.3/8.9.3) with ESMTP id RAA15013; Fri, 21 Mar 2003 17:06:20 -0500 (EST) Received: from uspitsmsgrtr01.pit.comms.marconi.com (uspitsmsgrtr01.pit.comms.marconi.com [169.144.2.221]) by mailman.pit.comms.marconi.com (8.9.3/8.9.3) with ESMTP id RAA24892; Fri, 21 Mar 2003 17:06:22 -0500 (EST) Received: by uspitsmsgrtr01.pit.comms.marconi.com with Internet Mail Service (5.5.2653.19) id <HMVY0QTH>; Fri, 21 Mar 2003 17:06:22 -0500 Message-ID: <39469E08BD83D411A3D900204840EC55763553@vie-msgusr-01.dc.fore.com> From: "Naidu, Venkata" <Venkata.Naidu@Marconi.com> To: "'curtis@fictitious.org'" <curtis@fictitious.org>, Kunihiro Ishiguro <kunihiro@zebra.org> Cc: andrewl@xix-w.bengi.exodus.net, idr@merit.edu Subject: RE: Issue 19) Security Considerations Date: Fri, 21 Mar 2003 17:06:21 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-idr@merit.edu Precedence: bulk Curtis, -> There is currently no evidence that I can see of a -> transition from TCP MD5 to IPSEC. Let us not mandate anything specific to routing security. RPSEC WG is specifically formed to clear all these confusions to make a common ground for all the routing protocols (esp router-to-router, not host-to- router). RPSEC charter reads: . . . The lack of a common set of security requirements and methods for routing protocols has resulted in a wide variety of security mechanisms for individual routing protocols. . . . Evaluate and document existing and proposed routing security mechanisms with respect to established RPSEC requirements . . . Recommend mechanism(s) . . . We could mandate (using MUST) in the forthcoming BGP4 spec, but, I suspect that, these MUSTs are going to confuse people when RPSEC comes out with different requirements in very near future. Venkata. Received: from trapdoor.merit.edu (trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id RAA09899 for <idr-archive@nic.merit.edu>; Fri, 21 Mar 2003 17:17:05 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id 69E849137F; Fri, 21 Mar 2003 17:12:11 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id 0824A912F5; Fri, 21 Mar 2003 17:12:08 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id AA7C791362 for <idr@trapdoor.merit.edu>; Fri, 21 Mar 2003 17:09:00 -0500 (EST) Received: by segue.merit.edu (Postfix) id 8D51C5E1AF; Fri, 21 Mar 2003 17:09:00 -0500 (EST) Delivered-To: idr@merit.edu Received: from demiurge.exodus.net (demiurge.exodus.net [216.32.171.82]) by segue.merit.edu (Postfix) with ESMTP id 03E725E1BA for <idr@merit.edu>; Fri, 21 Mar 2003 17:09:00 -0500 (EST) Received: (from andrewl@localhost) by demiurge.exodus.net (8.9.3+Sun/8.9.3) id OAA06663; Fri, 21 Mar 2003 14:05:59 -0800 (PST) Date: Fri, 21 Mar 2003 14:05:59 -0800 From: andrewl@xix-w.bengi.exodus.net To: Kunihiro Ishiguro <kunihiro@zebra.org> Cc: curtis@fictitious.org, idr@merit.edu Subject: Re: Issue 19) Security Considerations Message-ID: <20030321140559.C25773@demiurge.exodus.net> References: <8765qcqxei.wl@ipinfusion.com> <200303212056.PAA77561@workhorse.fictitious.org> <87y938pgqm.wl@ipinfusion.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <87y938pgqm.wl@ipinfusion.com>; from kunihiro@zebra.org on Fri, Mar 21, 2003 at 01:11:29PM -0800 Sender: owner-idr@merit.edu Precedence: bulk I would suggest we leave the MUST simply from an interoperabilty standpoint. We want to have a lowest common authentication denominator that all implementations do, so, at a minimum they will interopreate. If the implementation wants to implement IPSEC too, then great. But since MD5 is currently widely deployed, it makes more sense as the lowest common denominator. Andrew On Fri, Mar 21, 2003 at 01:11:29PM -0800, Kunihiro Ishiguro wrote: > Date: Fri, 21 Mar 2003 13:11:29 -0800 > From: Kunihiro Ishiguro <kunihiro@zebra.org> > To: curtis@fictitious.org > Cc: andrewl@xix-w.bengi.exodus.net, idr@merit.edu > Subject: Re: Issue 19) Security Considerations > In-Reply-To: <200303212056.PAA77561@workhorse.fictitious.org> > User-Agent: Wanderlust/2.10.0 (Venus) SEMI/1.14.3 (Ushinoya) FLIM/1.14.2 (Yagi-Nishiguchi) APEL/10.3 Emacs/21.2.92 (i686-pc-linux-gnu) MULE/5.0 (SAKAKI) > > >I suggest that we leave the MUST in there because it reflects current > >implementation and deployments and is not considered optional by any > >of the ISPs. The word MUST sends exactly the message it was intended > >to send. > > Actually there are so many box which does not support TCP MD5. I know > it becuase I believe I'm one of BGP protocol implementator ;-). > > When BGP base specificatoin claim that TCP MD5 is MUST item, > implementors has to implement TCP MD5 only for BGP. Even there are > alternative way to achieve security. > > I understand we are working on current best practice but at the same > time it has strong influence to future development. I think we should > be careful to put TCP MD5 as MUST in base specification. In the long > run it could be wrong message. > -- > Kunihiro Ishiguro Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id QAA08887 for <idr-archive@nic.merit.edu>; Fri, 21 Mar 2003 16:49:59 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id 462AC912D2; Fri, 21 Mar 2003 16:45:05 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id B55A7912B4; Fri, 21 Mar 2003 16:45:03 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id 7B32A912D2 for <idr@trapdoor.merit.edu>; Fri, 21 Mar 2003 16:41:12 -0500 (EST) Received: by segue.merit.edu (Postfix) id 273705E1AF; Fri, 21 Mar 2003 16:41:12 -0500 (EST) Delivered-To: idr@merit.edu Received: from workhorse.fictitious.org (workhorse.fictitious.org [209.150.1.230]) by segue.merit.edu (Postfix) with ESMTP id 5B2CA5DFD4 for <idr@merit.edu>; Fri, 21 Mar 2003 16:41:11 -0500 (EST) Received: from workhorse.fictitious.org (localhost.fictitious.org [127.0.0.1]) by workhorse.fictitious.org (8.9.3/8.9.3) with ESMTP id QAA79016; Fri, 21 Mar 2003 16:38:31 -0500 (EST) (envelope-from curtis@workhorse.fictitious.org) Message-Id: <200303212138.QAA79016@workhorse.fictitious.org> To: Kunihiro Ishiguro <kunihiro@zebra.org> Cc: curtis@fictitious.org, andrewl@xix-w.bengi.exodus.net, idr@merit.edu Reply-To: curtis@fictitious.org Subject: Re: Issue 19) Security Considerations In-reply-to: Your message of "Fri, 21 Mar 2003 13:11:29 PST." <87y938pgqm.wl@ipinfusion.com> Date: Fri, 21 Mar 2003 16:38:31 -0500 From: Curtis Villamizar <curtis@fictitious.org> Sender: owner-idr@merit.edu Precedence: bulk In message <87y938pgqm.wl@ipinfusion.com>, Kunihiro Ishiguro writes: > >I suggest that we leave the MUST in there because it reflects current > >implementation and deployments and is not considered optional by any > >of the ISPs. The word MUST sends exactly the message it was intended > >to send. > > Actually there are so many box which does not support TCP MD5. I know > it becuase I believe I'm one of BGP protocol implementator ;-). I'm familiar with zebra. It is not deployed except as a toy on some unix boxes and some wannabe routers. That may not be a reflection on the quality of the work, however zebra does not reflect the requirements of fitting into current tier-1 ISP deployments. It is a legitimate question whether current tier-1 deployments should entirely drive the spec in this area. If the answer is "no" then perhaps the requirement for TCP MD5 could be loosenned a little. > When BGP base specificatoin claim that TCP MD5 is MUST item, > implementors has to implement TCP MD5 only for BGP. Even there are > alternative way to achieve security. > > I understand we are working on current best practice but at the same > time it has strong influence to future development. I think we should > be careful to put TCP MD5 as MUST in base specification. In the long > run it could be wrong message. > -- > Kunihiro Ishiguro TCP MD5 is currently considered by ISPs to be an operation requirement. There is currently no evidence that I can see of a transition from TCP MD5 to IPSEC. At the most we can change the wording to indicate that for security reasons as a practical matter TCP MD5 currently MUST be implemented however IPSEC represents a technical alternative in the future that has so far seen little or no deployment as protection for BGP. Curtis Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id QAA07613 for <idr-archive@nic.merit.edu>; Fri, 21 Mar 2003 16:13:26 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id 13080912AC; Fri, 21 Mar 2003 16:13:06 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id D4A89912AB; Fri, 21 Mar 2003 16:13:05 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id A237C912AC for <idr@trapdoor.merit.edu>; Fri, 21 Mar 2003 16:13:04 -0500 (EST) Received: by segue.merit.edu (Postfix) id 894845E1A7; Fri, 21 Mar 2003 16:13:04 -0500 (EST) Delivered-To: idr@merit.edu Received: from localhost.localdomain (mail.ipinfusion.com [65.223.109.2]) by segue.merit.edu (Postfix) with ESMTP id 14BF95E1A2 for <idr@merit.edu>; Fri, 21 Mar 2003 16:13:04 -0500 (EST) Received: from localhost.localdomain (vprmatrix [127.0.0.1]) by localhost.localdomain (8.12.5/8.12.5) with ESMTP id h2LLBTG0002302; Sat, 22 Mar 2003 06:11:29 +0900 Date: Fri, 21 Mar 2003 13:11:29 -0800 Message-ID: <87y938pgqm.wl@ipinfusion.com> From: Kunihiro Ishiguro <kunihiro@zebra.org> To: curtis@fictitious.org Cc: andrewl@xix-w.bengi.exodus.net, idr@merit.edu Subject: Re: Issue 19) Security Considerations In-Reply-To: <200303212056.PAA77561@workhorse.fictitious.org> References: <8765qcqxei.wl@ipinfusion.com> <200303212056.PAA77561@workhorse.fictitious.org> User-Agent: Wanderlust/2.10.0 (Venus) SEMI/1.14.3 (Ushinoya) FLIM/1.14.2 (Yagi-Nishiguchi) APEL/10.3 Emacs/21.2.92 (i686-pc-linux-gnu) MULE/5.0 (SAKAKI) MIME-Version: 1.0 (generated by SEMI 1.14.3 - "Ushinoya") Content-Type: text/plain; charset=US-ASCII Sender: owner-idr@merit.edu Precedence: bulk >I suggest that we leave the MUST in there because it reflects current >implementation and deployments and is not considered optional by any >of the ISPs. The word MUST sends exactly the message it was intended >to send. Actually there are so many box which does not support TCP MD5. I know it becuase I believe I'm one of BGP protocol implementator ;-). When BGP base specificatoin claim that TCP MD5 is MUST item, implementors has to implement TCP MD5 only for BGP. Even there are alternative way to achieve security. I understand we are working on current best practice but at the same time it has strong influence to future development. I think we should be careful to put TCP MD5 as MUST in base specification. In the long run it could be wrong message. -- Kunihiro Ishiguro Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id PAA07110 for <idr-archive@nic.merit.edu>; Fri, 21 Mar 2003 15:59:33 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id 03D69912A9; Fri, 21 Mar 2003 15:59:06 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id B64A0912AC; Fri, 21 Mar 2003 15:59:05 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id 50072912A9 for <idr@trapdoor.merit.edu>; Fri, 21 Mar 2003 15:59:04 -0500 (EST) Received: by segue.merit.edu (Postfix) id 3F40A5DFB7; Fri, 21 Mar 2003 15:59:04 -0500 (EST) Delivered-To: idr@merit.edu Received: from workhorse.fictitious.org (workhorse.fictitious.org [209.150.1.230]) by segue.merit.edu (Postfix) with ESMTP id 60FB45DEC8 for <idr@merit.edu>; Fri, 21 Mar 2003 15:59:03 -0500 (EST) Received: from workhorse.fictitious.org (localhost.fictitious.org [127.0.0.1]) by workhorse.fictitious.org (8.9.3/8.9.3) with ESMTP id PAA77561; Fri, 21 Mar 2003 15:56:24 -0500 (EST) (envelope-from curtis@workhorse.fictitious.org) Message-Id: <200303212056.PAA77561@workhorse.fictitious.org> To: Kunihiro Ishiguro <kunihiro@zebra.org> Cc: andrewl@xix-w.bengi.exodus.net, idr@merit.edu Reply-To: curtis@fictitious.org Subject: Re: Issue 19) Security Considerations In-reply-to: Your message of "Fri, 21 Mar 2003 12:26:13 PST." <8765qcqxei.wl@ipinfusion.com> Date: Fri, 21 Mar 2003 15:56:24 -0500 From: Curtis Villamizar <curtis@fictitious.org> Sender: owner-idr@merit.edu Precedence: bulk In message <8765qcqxei.wl@ipinfusion.com>, Kunihiro Ishiguro writes: > >Since there is no standard specifying BGP over IPSEC, we should leave this > >out of the base draft. I know there has been work in this area, I believe > >Dave Ward has/had a draft. I can only find the withdrawn id info now, thoug > h. > > > >I would suggest that we leave this out of the base draft, and if we > >later specify IPSEC, then we should add it in that draft. > > Thanks for comment. I think we shold take the security concern out of > the base draft and specify it separately. > > You know MUST item in specification has strong power. Before we put > TCP MD5 as only one MUST item in security concern section in BGP we > need to think about it. It seems we have a plan to refer other draft > as detailed security considerations right? Then I'd like to put > security concern into the draft. > -- > Kunihiro Ishiguro I suggest that we leave the MUST in there because it reflects current implementation and deployments and is not considered optional by any of the ISPs. The word MUST sends exactly the message it was intended to send. Curtis Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id PAA06047 for <idr-archive@nic.merit.edu>; Fri, 21 Mar 2003 15:27:55 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id 4A0E3912AA; Fri, 21 Mar 2003 15:27:36 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id 1D2C4912AD; Fri, 21 Mar 2003 15:27:35 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id A024B912AA for <idr@trapdoor.merit.edu>; Fri, 21 Mar 2003 15:27:34 -0500 (EST) Received: by segue.merit.edu (Postfix) id 9023A5E047; Fri, 21 Mar 2003 15:27:34 -0500 (EST) Delivered-To: idr@merit.edu Received: from localhost.localdomain (mail.ipinfusion.com [65.223.109.2]) by segue.merit.edu (Postfix) with ESMTP id 1A0395DEA9 for <idr@merit.edu>; Fri, 21 Mar 2003 15:27:34 -0500 (EST) Received: from localhost.localdomain (vprmatrix [127.0.0.1]) by localhost.localdomain (8.12.5/8.12.5) with ESMTP id h2LKQDG0002117; Sat, 22 Mar 2003 05:26:13 +0900 Date: Fri, 21 Mar 2003 12:26:13 -0800 Message-ID: <8765qcqxei.wl@ipinfusion.com> From: Kunihiro Ishiguro <kunihiro@zebra.org> To: andrewl@xix-w.bengi.exodus.net Cc: idr@merit.edu Subject: Re: Issue 19) Security Considerations In-Reply-To: <20030320211725.A23601@demiurge.exodus.net> References: <87ptoljosr.wl@ipinfusion.com> User-Agent: Wanderlust/2.10.0 (Venus) SEMI/1.14.3 (Ushinoya) FLIM/1.14.2 (Yagi-Nishiguchi) APEL/10.3 Emacs/21.2.92 (i686-pc-linux-gnu) MULE/5.0 (SAKAKI) MIME-Version: 1.0 (generated by SEMI 1.14.3 - "Ushinoya") Content-Type: text/plain; charset=US-ASCII Sender: owner-idr@merit.edu Precedence: bulk >Since there is no standard specifying BGP over IPSEC, we should leave this >out of the base draft. I know there has been work in this area, I believe >Dave Ward has/had a draft. I can only find the withdrawn id info now, though. > >I would suggest that we leave this out of the base draft, and if we >later specify IPSEC, then we should add it in that draft. Thanks for comment. I think we shold take the security concern out of the base draft and specify it separately. You know MUST item in specification has strong power. Before we put TCP MD5 as only one MUST item in security concern section in BGP we need to think about it. It seems we have a plan to refer other draft as detailed security considerations right? Then I'd like to put security concern into the draft. -- Kunihiro Ishiguro Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id OAA03602 for <idr-archive@nic.merit.edu>; Fri, 21 Mar 2003 14:19:19 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id 1800B912A2; Fri, 21 Mar 2003 14:18:49 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id DFC79912A9; Fri, 21 Mar 2003 14:18:48 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id ED01F912A2 for <idr@trapdoor.merit.edu>; Fri, 21 Mar 2003 14:18:46 -0500 (EST) Received: by segue.merit.edu (Postfix) id D13875DE79; Fri, 21 Mar 2003 14:18:46 -0500 (EST) Delivered-To: idr@merit.edu Received: from workhorse.fictitious.org (workhorse.fictitious.org [209.150.1.230]) by segue.merit.edu (Postfix) with ESMTP id 91D425E08E for <idr@merit.edu>; Fri, 21 Mar 2003 14:18:45 -0500 (EST) Received: from workhorse.fictitious.org (localhost.fictitious.org [127.0.0.1]) by workhorse.fictitious.org (8.9.3/8.9.3) with ESMTP id OAA75924; Fri, 21 Mar 2003 14:16:06 -0500 (EST) (envelope-from curtis@workhorse.fictitious.org) Message-Id: <200303211916.OAA75924@workhorse.fictitious.org> To: andrewl@xix-w.bengi.exodus.net Cc: Curtis Villamizar <curtis@fictitious.org>, sandy@tislabs.com, idr@merit.edu, kunihiro@zebra.org Reply-To: curtis@fictitious.org Subject: Re: Issue 19) Security Considerations In-reply-to: Your message of "Fri, 21 Mar 2003 11:04:33 PST." <20030321110433.B25773@demiurge.exodus.net> Date: Fri, 21 Mar 2003 14:16:06 -0500 From: Curtis Villamizar <curtis@fictitious.org> Sender: owner-idr@merit.edu Precedence: bulk Off topic a little, but worth mentioning. The *real* problems that ISPs find themselves facing cannot be solved by the better encryption of IPSEC. IPSEC does nothing to improve the DoS threat that is real, but does address what is considered by most ISPs to be currently a complete non-problem due to filtering techniques that have been in place for years. Please see <http://www.nanog.org/mtg-0302/hack.html>, <http://www.nanog.org/mtg-0302/gill.html>, and draft-gill-btsh-01.txt. Its best to understand the problems before proposing the solutions. Curtis In message <20030321110433.B25773@demiurge.exodus.net>, andrewl@xix-w.bengi.exo dus.net writes: > I think Curits has nailed it down nicely. I used the "standardize" statement > a bit more loosely than I should have, perhaps. As a practical matter, if > we want people to make IPSec a consistantly implemented and deployed option > we, as a community, will need to bless it by publishing some sort of document > . > > Andrew > > On Fri, Mar 21, 2003 at 11:41:05AM -0500, Curtis Villamizar wrote: > > Delivered-To: idr-outgoing@trapdoor.merit.edu > > Delivered-To: idr@trapdoor.merit.edu > > Delivered-To: idr@merit.edu > > To: sandy@tislabs.com > > Cc: curtis@fictitious.org, andrewl@xix-w.bengi.exodus.net, idr@merit.edu, > > kunihiro@zebra.org > > Reply-To: curtis@fictitious.org > > Subject: Re: Issue 19) Security Considerations > > In-reply-to: Your message of "Fri, 21 Mar 2003 11:31:32 EST." > > <200303211631.h2LGVWX12902@raven.gw.tislabs.com> > > Date: Fri, 21 Mar 2003 11:41:05 -0500 > > From: Curtis Villamizar <curtis@fictitious.org> > > Precedence: bulk > > X-Spam-Status: No, hits=-0.8 required=5 > > X-Scanned-By: MIMEDefang 2.30 (www . roaringpenguin . com / mimedefang) > > X-OriginalArrivalTime: 21 Mar 2003 16:43:53.0710 (UTC) FILETIME=[0EE440E0:0 > 1C2EFC9] > > > > > > In message <200303211631.h2LGVWX12902@raven.gw.tislabs.com>, sandy@tislabs. > com > > writes: > > > >You are missing that the BGP4 spec must reflect current practice and > > > >may point out better than current practice if such a thing is > > > >currently defined. BGP over IPSEC is not currently defined, therefore > > > >the BGP4 spec neither advocates it or prevents it. > > > > > > Oh, yes. I know the guidelines for including things in the current > > > spec. I was just trying to understand Andrew's comment and why he > > > thought there would have to be a standard for running BGP over IPSEC > > > before it could be included in the base spec. I thought there was an > > > implication that there would be issues to work out in doing that > > > (especially since he referred to an old work that defined how to do it). > > > Same implication in your comment "BGP over IPSEC is not currently defined > " > > > - what's to define? > > > > > > With the current focus on documenting current practice, if current > > > practice does not include running BGP over IPSEC, then we cannot put > > > it in the draft, whether it needed defining or standardization or not. > > > So my question is academic or for future reference. > > > > > > --Sandy > > > > > > No technical issue, just can't refer to a spec that doesn't yet exist > > when trying to go for FS (or PS for that matter). > > > > Add to that the IDR WG is not supposed to work on anything new (or > > more correctly take on WG items or try to advance anything new) until > > the base BGP4 spec gets updated. > > > > As soon as BGP4-(N->infinity) is at least out of WG last call advanced > > to the IESG this is one of the internet-drafts that could (should IMO) > > be considered by the WG. > > > > Curtis > Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id OAA03274 for <idr-archive@nic.merit.edu>; Fri, 21 Mar 2003 14:08:40 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id 64C51912A8; Fri, 21 Mar 2003 14:08:03 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id 2C205912A9; Fri, 21 Mar 2003 14:08:02 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id D3AB7912A7 for <idr@trapdoor.merit.edu>; Fri, 21 Mar 2003 14:08:00 -0500 (EST) Received: by segue.merit.edu (Postfix) id B3DC95E18A; Fri, 21 Mar 2003 14:08:00 -0500 (EST) Delivered-To: idr@merit.edu Received: from demiurge.exodus.net (demiurge.exodus.net [216.32.171.82]) by segue.merit.edu (Postfix) with ESMTP id 5CF6B5E186 for <idr@merit.edu>; Fri, 21 Mar 2003 14:08:00 -0500 (EST) Received: (from andrewl@localhost) by demiurge.exodus.net (8.9.3+Sun/8.9.3) id LAA04488; Fri, 21 Mar 2003 11:04:33 -0800 (PST) Date: Fri, 21 Mar 2003 11:04:33 -0800 From: andrewl@xix-w.bengi.exodus.net To: Curtis Villamizar <curtis@fictitious.org> Cc: sandy@tislabs.com, idr@merit.edu, kunihiro@zebra.org Subject: Re: Issue 19) Security Considerations Message-ID: <20030321110433.B25773@demiurge.exodus.net> References: <200303211631.h2LGVWX12902@raven.gw.tislabs.com> <200303211641.LAA74009@workhorse.fictitious.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200303211641.LAA74009@workhorse.fictitious.org>; from curtis@fictitious.org on Fri, Mar 21, 2003 at 11:41:05AM -0500 Sender: owner-idr@merit.edu Precedence: bulk I think Curits has nailed it down nicely. I used the "standardize" statement a bit more loosely than I should have, perhaps. As a practical matter, if we want people to make IPSec a consistantly implemented and deployed option we, as a community, will need to bless it by publishing some sort of document. Andrew On Fri, Mar 21, 2003 at 11:41:05AM -0500, Curtis Villamizar wrote: > Delivered-To: idr-outgoing@trapdoor.merit.edu > Delivered-To: idr@trapdoor.merit.edu > Delivered-To: idr@merit.edu > To: sandy@tislabs.com > Cc: curtis@fictitious.org, andrewl@xix-w.bengi.exodus.net, idr@merit.edu, > kunihiro@zebra.org > Reply-To: curtis@fictitious.org > Subject: Re: Issue 19) Security Considerations > In-reply-to: Your message of "Fri, 21 Mar 2003 11:31:32 EST." > <200303211631.h2LGVWX12902@raven.gw.tislabs.com> > Date: Fri, 21 Mar 2003 11:41:05 -0500 > From: Curtis Villamizar <curtis@fictitious.org> > Precedence: bulk > X-Spam-Status: No, hits=-0.8 required=5 > X-Scanned-By: MIMEDefang 2.30 (www . roaringpenguin . com / mimedefang) > X-OriginalArrivalTime: 21 Mar 2003 16:43:53.0710 (UTC) FILETIME=[0EE440E0:01C2EFC9] > > > In message <200303211631.h2LGVWX12902@raven.gw.tislabs.com>, sandy@tislabs.com > writes: > > >You are missing that the BGP4 spec must reflect current practice and > > >may point out better than current practice if such a thing is > > >currently defined. BGP over IPSEC is not currently defined, therefore > > >the BGP4 spec neither advocates it or prevents it. > > > > Oh, yes. I know the guidelines for including things in the current > > spec. I was just trying to understand Andrew's comment and why he > > thought there would have to be a standard for running BGP over IPSEC > > before it could be included in the base spec. I thought there was an > > implication that there would be issues to work out in doing that > > (especially since he referred to an old work that defined how to do it). > > Same implication in your comment "BGP over IPSEC is not currently defined" > > - what's to define? > > > > With the current focus on documenting current practice, if current > > practice does not include running BGP over IPSEC, then we cannot put > > it in the draft, whether it needed defining or standardization or not. > > So my question is academic or for future reference. > > > > --Sandy > > > No technical issue, just can't refer to a spec that doesn't yet exist > when trying to go for FS (or PS for that matter). > > Add to that the IDR WG is not supposed to work on anything new (or > more correctly take on WG items or try to advance anything new) until > the base BGP4 spec gets updated. > > As soon as BGP4-(N->infinity) is at least out of WG last call advanced > to the IESG this is one of the internet-drafts that could (should IMO) > be considered by the WG. > > Curtis Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id LAA27803 for <idr-archive@nic.merit.edu>; Fri, 21 Mar 2003 11:44:06 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id 9FB6291294; Fri, 21 Mar 2003 11:43:44 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id 672359129E; Fri, 21 Mar 2003 11:43:44 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id 2679091294 for <idr@trapdoor.merit.edu>; Fri, 21 Mar 2003 11:43:43 -0500 (EST) Received: by segue.merit.edu (Postfix) id 0B9EA5E058; Fri, 21 Mar 2003 11:43:43 -0500 (EST) Delivered-To: idr@merit.edu Received: from workhorse.fictitious.org (workhorse.fictitious.org [209.150.1.230]) by segue.merit.edu (Postfix) with ESMTP id 4A2FE5DF64 for <idr@merit.edu>; Fri, 21 Mar 2003 11:43:42 -0500 (EST) Received: from workhorse.fictitious.org (localhost.fictitious.org [127.0.0.1]) by workhorse.fictitious.org (8.9.3/8.9.3) with ESMTP id LAA74009; Fri, 21 Mar 2003 11:41:06 -0500 (EST) (envelope-from curtis@workhorse.fictitious.org) Message-Id: <200303211641.LAA74009@workhorse.fictitious.org> To: sandy@tislabs.com Cc: curtis@fictitious.org, andrewl@xix-w.bengi.exodus.net, idr@merit.edu, kunihiro@zebra.org Reply-To: curtis@fictitious.org Subject: Re: Issue 19) Security Considerations In-reply-to: Your message of "Fri, 21 Mar 2003 11:31:32 EST." <200303211631.h2LGVWX12902@raven.gw.tislabs.com> Date: Fri, 21 Mar 2003 11:41:05 -0500 From: Curtis Villamizar <curtis@fictitious.org> Sender: owner-idr@merit.edu Precedence: bulk In message <200303211631.h2LGVWX12902@raven.gw.tislabs.com>, sandy@tislabs.com writes: > >You are missing that the BGP4 spec must reflect current practice and > >may point out better than current practice if such a thing is > >currently defined. BGP over IPSEC is not currently defined, therefore > >the BGP4 spec neither advocates it or prevents it. > > Oh, yes. I know the guidelines for including things in the current > spec. I was just trying to understand Andrew's comment and why he > thought there would have to be a standard for running BGP over IPSEC > before it could be included in the base spec. I thought there was an > implication that there would be issues to work out in doing that > (especially since he referred to an old work that defined how to do it). > Same implication in your comment "BGP over IPSEC is not currently defined" > - what's to define? > > With the current focus on documenting current practice, if current > practice does not include running BGP over IPSEC, then we cannot put > it in the draft, whether it needed defining or standardization or not. > So my question is academic or for future reference. > > --Sandy No technical issue, just can't refer to a spec that doesn't yet exist when trying to go for FS (or PS for that matter). Add to that the IDR WG is not supposed to work on anything new (or more correctly take on WG items or try to advance anything new) until the base BGP4 spec gets updated. As soon as BGP4-(N->infinity) is at least out of WG last call advanced to the IESG this is one of the internet-drafts that could (should IMO) be considered by the WG. Curtis Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id LAA27431 for <idr-archive@nic.merit.edu>; Fri, 21 Mar 2003 11:33:47 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id 05B1E9129B; Fri, 21 Mar 2003 11:33:23 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id 8470A9129D; Fri, 21 Mar 2003 11:33:22 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id EF62A9129B for <idr@trapdoor.merit.edu>; Fri, 21 Mar 2003 11:32:05 -0500 (EST) Received: by segue.merit.edu (Postfix) id C85FA5DF64; Fri, 21 Mar 2003 11:32:05 -0500 (EST) Delivered-To: idr@merit.edu Received: from sentry.gw.tislabs.com (sentry.gw.tislabs.com [192.94.214.100]) by segue.merit.edu (Postfix) with ESMTP id 5552C5E06C for <idr@merit.edu>; Fri, 21 Mar 2003 11:32:05 -0500 (EST) Received: by sentry.gw.tislabs.com; id LAA20010; Fri, 21 Mar 2003 11:32:59 -0500 (EST) Received: from raven.gw.tislabs.com(10.33.1.50) by sentry.gw.tislabs.com via smap (V5.5) id xma019997; Fri, 21 Mar 03 11:32:28 -0500 Received: (from sandy@localhost) by raven.gw.tislabs.com (8.11.6/8.11.6) id h2LGVWX12902; Fri, 21 Mar 2003 11:31:32 -0500 (EST) Date: Fri, 21 Mar 2003 11:31:32 -0500 (EST) Message-Id: <200303211631.h2LGVWX12902@raven.gw.tislabs.com> From: sandy@tislabs.com To: curtis@fictitious.org, sandy@tislabs.com Subject: Re: Issue 19) Security Considerations Cc: andrewl@xix-w.bengi.exodus.net, idr@merit.edu, kunihiro@zebra.org Sender: owner-idr@merit.edu Precedence: bulk >You are missing that the BGP4 spec must reflect current practice and >may point out better than current practice if such a thing is >currently defined. BGP over IPSEC is not currently defined, therefore >the BGP4 spec neither advocates it or prevents it. Oh, yes. I know the guidelines for including things in the current spec. I was just trying to understand Andrew's comment and why he thought there would have to be a standard for running BGP over IPSEC before it could be included in the base spec. I thought there was an implication that there would be issues to work out in doing that (especially since he referred to an old work that defined how to do it). Same implication in your comment "BGP over IPSEC is not currently defined" - what's to define? With the current focus on documenting current practice, if current practice does not include running BGP over IPSEC, then we cannot put it in the draft, whether it needed defining or standardization or not. So my question is academic or for future reference. --Sandy Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id LAA26741 for <idr-archive@nic.merit.edu>; Fri, 21 Mar 2003 11:12:38 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id D4DBC9120D; Fri, 21 Mar 2003 11:12:20 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id A0A9B91294; Fri, 21 Mar 2003 11:12:20 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id 63BBE9120D for <idr@trapdoor.merit.edu>; Fri, 21 Mar 2003 11:12:19 -0500 (EST) Received: by segue.merit.edu (Postfix) id 4FD8E5E074; Fri, 21 Mar 2003 11:12:19 -0500 (EST) Delivered-To: idr@merit.edu Received: from workhorse.fictitious.org (workhorse.fictitious.org [209.150.1.230]) by segue.merit.edu (Postfix) with ESMTP id 70B2C5E060 for <idr@merit.edu>; Fri, 21 Mar 2003 11:12:18 -0500 (EST) Received: from workhorse.fictitious.org (localhost.fictitious.org [127.0.0.1]) by workhorse.fictitious.org (8.9.3/8.9.3) with ESMTP id LAA73593; Fri, 21 Mar 2003 11:09:18 -0500 (EST) (envelope-from curtis@workhorse.fictitious.org) Message-Id: <200303211609.LAA73593@workhorse.fictitious.org> To: sandy@tislabs.com Cc: andrewl@xix-w.bengi.exodus.net, kunihiro@zebra.org, idr@merit.edu Reply-To: curtis@fictitious.org Subject: Re: Issue 19) Security Considerations In-reply-to: Your message of "Fri, 21 Mar 2003 08:19:39 EST." <200303211319.h2LDJdb02987@raven.gw.tislabs.com> Date: Fri, 21 Mar 2003 11:09:18 -0500 From: Curtis Villamizar <curtis@fictitious.org> Sender: owner-idr@merit.edu Precedence: bulk In message <200303211319.h2LDJdb02987@raven.gw.tislabs.com>, sandy@tislabs.com writes: > >Since there is no standard specifying BGP over IPSEC, > > I'm not sure I understand this comment. Could you explain? > > The spec for using TCP MD5 is entitled "Protection of BGP Sessions > via the TCP MD5 Signature (sic) Option" but the mechanism described really > has no relationship to BGP. It's just a mechanism for doing authentication > at the TCP level. You could use the same draft to protect any other > TCP application (but please don't - TLS or IPSEC would be better). > > The BGP draft says "go do that". > > The BGP draft could just as easily say "go do IPSEC" - I don't see that > there would be anything left to standardize that would require a BGP over > IPSEC document. > > Am I missing something? > > --Sandy You are missing that the BGP4 spec must reflect current practice and may point out better than current practice if such a thing is currently defined. BGP over IPSEC is not currently defined, therefore the BGP4 spec neither advocates it or prevents it. Curtis Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id IAA19138 for <idr-archive@nic.merit.edu>; Fri, 21 Mar 2003 08:20:51 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id 86EE391298; Fri, 21 Mar 2003 08:20:28 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id 6090C91294; Fri, 21 Mar 2003 08:20:28 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id 85AA29120D for <idr@trapdoor.merit.edu>; Fri, 21 Mar 2003 08:20:26 -0500 (EST) Received: by segue.merit.edu (Postfix) id 69B275E101; Fri, 21 Mar 2003 08:20:26 -0500 (EST) Delivered-To: idr@merit.edu Received: from sentry.gw.tislabs.com (sentry.gw.tislabs.com [192.94.214.100]) by segue.merit.edu (Postfix) with ESMTP id ED4FE5E0EB for <idr@merit.edu>; Fri, 21 Mar 2003 08:20:25 -0500 (EST) Received: by sentry.gw.tislabs.com; id IAA15219; Fri, 21 Mar 2003 08:21:19 -0500 (EST) Received: from raven.gw.tislabs.com(10.33.1.50) by sentry.gw.tislabs.com via smap (V5.5) id xma015201; Fri, 21 Mar 03 08:20:34 -0500 Received: (from sandy@localhost) by raven.gw.tislabs.com (8.11.6/8.11.6) id h2LDJdb02987; Fri, 21 Mar 2003 08:19:39 -0500 (EST) Date: Fri, 21 Mar 2003 08:19:39 -0500 (EST) Message-Id: <200303211319.h2LDJdb02987@raven.gw.tislabs.com> From: sandy@tislabs.com To: andrewl@xix-w.bengi.exodus.net, kunihiro@zebra.org Subject: Re: Issue 19) Security Considerations Cc: idr@merit.edu Sender: owner-idr@merit.edu Precedence: bulk >Since there is no standard specifying BGP over IPSEC, I'm not sure I understand this comment. Could you explain? The spec for using TCP MD5 is entitled "Protection of BGP Sessions via the TCP MD5 Signature (sic) Option" but the mechanism described really has no relationship to BGP. It's just a mechanism for doing authentication at the TCP level. You could use the same draft to protect any other TCP application (but please don't - TLS or IPSEC would be better). The BGP draft says "go do that". The BGP draft could just as easily say "go do IPSEC" - I don't see that there would be anything left to standardize that would require a BGP over IPSEC document. Am I missing something? --Sandy Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id AAA02782 for <idr-archive@nic.merit.edu>; Fri, 21 Mar 2003 00:20:48 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id 077449128F; Fri, 21 Mar 2003 00:20:26 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id C920191291; Fri, 21 Mar 2003 00:20:25 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id CFB639128F for <idr@trapdoor.merit.edu>; Fri, 21 Mar 2003 00:20:24 -0500 (EST) Received: by segue.merit.edu (Postfix) id B16A65DEBA; Fri, 21 Mar 2003 00:20:24 -0500 (EST) Delivered-To: idr@merit.edu Received: from demiurge.exodus.net (demiurge.exodus.net [216.32.171.82]) by segue.merit.edu (Postfix) with ESMTP id 5B9685DE81 for <idr@merit.edu>; Fri, 21 Mar 2003 00:20:24 -0500 (EST) Received: (from andrewl@localhost) by demiurge.exodus.net (8.9.3+Sun/8.9.3) id VAA24542; Thu, 20 Mar 2003 21:17:25 -0800 (PST) Date: Thu, 20 Mar 2003 21:17:25 -0800 From: andrewl@xix-w.bengi.exodus.net To: Kunihiro Ishiguro <kunihiro@zebra.org> Cc: idr@merit.edu Subject: Re: Issue 19) Security Considerations Message-ID: <20030320211725.A23601@demiurge.exodus.net> References: <87ptoljosr.wl@ipinfusion.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <87ptoljosr.wl@ipinfusion.com>; from kunihiro@zebra.org on Thu, Mar 20, 2003 at 09:01:40PM -0800 Sender: owner-idr@merit.edu Precedence: bulk Since there is no standard specifying BGP over IPSEC, we should leave this out of the base draft. I know there has been work in this area, I believe Dave Ward has/had a draft. I can only find the withdrawn id info now, though. I would suggest that we leave this out of the base draft, and if we later specify IPSEC, then we should add it in that draft. Andrew On Thu, Mar 20, 2003 at 09:01:40PM -0800, Kunihiro Ishiguro wrote: > Delivered-To: idr-outgoing@trapdoor.merit.edu > Delivered-To: idr@trapdoor.merit.edu > Delivered-To: idr@merit.edu > Date: Thu, 20 Mar 2003 21:01:40 -0800 > From: Kunihiro Ishiguro <kunihiro@zebra.org> > To: idr@merit.edu > Subject: Issue 19) Security Considerations > User-Agent: Wanderlust/2.10.0 (Venus) SEMI/1.14.3 (Ushinoya) FLIM/1.14.2 (Yagi-Nishiguchi) APEL/10.3 Emacs/21.2.92 (i686-pc-linux-gnu) MULE/5.0 (SAKAKI) > Precedence: bulk > X-Spam-Status: No, hits=-0.8 required=5 > X-Scanned-By: MIMEDefang 2.30 (www . roaringpenguin . com / mimedefang) > X-OriginalArrivalTime: 21 Mar 2003 05:05:49.0351 (UTC) FILETIME=[89DE4370:01C2EF67] > > > Use of TCP MD5 [RFC2385] for authentication is mandatory. > > Sorry for late comment. When router has IPsec, the box can do TCP > authentication (IMHO IPsec is better than TCP MD5). I'd like to > suggest to add a choice of IPsec not only TCP MD5. > -- > Kunihiro Ishiguro Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id AAA02271 for <idr-archive@nic.merit.edu>; Fri, 21 Mar 2003 00:06:02 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id 7F51091296; Fri, 21 Mar 2003 00:05:36 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id 3882F91292; Fri, 21 Mar 2003 00:05:34 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id 38E1491293 for <idr@trapdoor.merit.edu>; Fri, 21 Mar 2003 00:03:05 -0500 (EST) Received: by segue.merit.edu (Postfix) id 1D79D5DEAC; Fri, 21 Mar 2003 00:03:05 -0500 (EST) Delivered-To: idr@merit.edu Received: from localhost.localdomain (ip-64-139-11-202.dsl.sca.megapath.net [64.139.11.202]) by segue.merit.edu (Postfix) with ESMTP id 3AED85DDC9 for <idr@merit.edu>; Fri, 21 Mar 2003 00:03:04 -0500 (EST) Received: from localhost.localdomain (vprmatrix [127.0.0.1]) by localhost.localdomain (8.12.5/8.12.5) with ESMTP id h2L51eIK001185 for <idr@merit.edu>; Fri, 21 Mar 2003 14:01:43 +0900 Date: Thu, 20 Mar 2003 21:01:40 -0800 Message-ID: <87ptoljosr.wl@ipinfusion.com> From: Kunihiro Ishiguro <kunihiro@zebra.org> To: idr@merit.edu Subject: Issue 19) Security Considerations User-Agent: Wanderlust/2.10.0 (Venus) SEMI/1.14.3 (Ushinoya) FLIM/1.14.2 (Yagi-Nishiguchi) APEL/10.3 Emacs/21.2.92 (i686-pc-linux-gnu) MULE/5.0 (SAKAKI) MIME-Version: 1.0 (generated by SEMI 1.14.3 - "Ushinoya") Content-Type: text/plain; charset=US-ASCII Sender: owner-idr@merit.edu Precedence: bulk > Use of TCP MD5 [RFC2385] for authentication is mandatory. Sorry for late comment. When router has IPsec, the box can do TCP authentication (IMHO IPsec is better than TCP MD5). I'd like to suggest to add a choice of IPsec not only TCP MD5. -- Kunihiro Ishiguro Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id SAA20536 for <idr-archive@nic.merit.edu>; Thu, 20 Mar 2003 18:34:44 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id 23DE191295; Thu, 20 Mar 2003 18:34:13 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id 8DCD091290; Thu, 20 Mar 2003 18:34:12 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id 057A191295 for <idr@trapdoor.merit.edu>; Thu, 20 Mar 2003 18:34:08 -0500 (EST) Received: by segue.merit.edu (Postfix) id 10D315E1B1; Thu, 20 Mar 2003 18:34:08 -0500 (EST) Delivered-To: idr@merit.edu Received: from presque.nexthop.com (dns.nexthop.com [64.211.218.216]) by segue.merit.edu (Postfix) with ESMTP id AD3135E1AD for <idr@merit.edu>; Thu, 20 Mar 2003 18:34:07 -0500 (EST) Received: (from root@localhost) by presque.nexthop.com (8.12.8/8.11.1) id h2KNY2iC001339; Thu, 20 Mar 2003 18:34:02 -0500 (EST) (envelope-from jhaas@jhaas.nexthop.com) Received: from jhaas.nexthop.com (jhaas.nexthop.com [64.211.218.31]) by presque.nexthop.com (8.12.8/8.12.8) with ESMTP id h2KNXxNp001332; Thu, 20 Mar 2003 18:33:59 -0500 (EST) (envelope-from jhaas@jhaas.nexthop.com) Received: (from jhaas@localhost) by jhaas.nexthop.com (8.11.3nb1/8.11.3) id h2KNXsK23429; Thu, 20 Mar 2003 18:33:54 -0500 (EST) Date: Thu, 20 Mar 2003 18:33:54 -0500 From: Jeffrey Haas <jhaas@nexthop.com> To: Bruno Rijsman <bwarijsman@hotmail.com> Cc: idr@merit.edu Subject: Re: questions about the index of the bgpM2PeerTable Message-ID: <20030320183354.A23410@nexthop.com> References: <BAY1-F159jtQUGUzLhG00005fb4@hotmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <BAY1-F159jtQUGUzLhG00005fb4@hotmail.com>; from bwarijsman@hotmail.com on Thu, Mar 20, 2003 at 10:34:07AM -0500 X-Virus-Scanned: by AMaViS perl-11 Sender: owner-idr@merit.edu Precedence: bulk Bruno, On Thu, Mar 20, 2003 at 10:34:07AM -0500, Bruno Rijsman wrote: > I have some questions about the index of the bgpM2PeerTable in > draft-ietf-idr-bgp4-mibv2-03.txt: > > >bgpM2PeerEntry OBJECT-TYPE > > ... > > INDEX { > > bgpM2PeerLocalAddrType, > > bgpM2PeerLocalAddr, > > bgpM2PeerRemoteAddrType, > > bgpM2PeerRemoteAddr > > } > [out of order] > Also, as far as I know, existing implementations do not allow you > to configure two BGP sessions to the same remote address with > different local addresses. Where the lack of existing implementations that do this is true, I don't believe the specification precludes this. Please note the connection collsion text in 6.8, first paragraph. This paragraph doesn't explicitly declare this as a feature, but the comparison implies that it could happen. A potentially valid example is maintaining two peering sessions across different interfaces to the same host. [...] > The local address of a BGP session may not be known until the > session comes up (and as a side-effect, if the session bounces > it may end up with a different local address the second the the > session comes up). This might happen, for example, if the session > is an IBGP session or a multihop EBGP session without a configured > update-source address. This is a good example of where this might be an issue. Do you have any suggested workarounds? My own thought is that in the case where the source address is not known ahead of time that a value of 0.0.0.0 (or all zeros for a given addrtype) would mean that its an unspecified address on configuration. It may be ok to leave this in the established state as well to make the tables queryable. The implementations I have worked with tend to require you to specify the local end of the connection via configuration in some cases and when this is done, the value can be placed here. > In RFC 2547 style VPNs, there may be several peers with the > same remote (and local) address because each VRF has its own address > space. Should we say that this table does not contain entries for > PE-CE sessions? Or, alternatively, should we add some identification > of the VRF in the index? This is a valid concern and worthy of some thought. Consider bgpM2NlriIndex which does something similar for the path attributes table. > >bgpM2PeerIndex OBJECT-TYPE > >... > >Values in the > >bgpM2PeerTable and other tables utilizing bgpM2PeerIndex > >are expected to remain in existence for an arbitrary > >time after the unconfigured peer has been deleted > >in order to allow management applications to extract > >useful management information for those peers. > > Does this mean that if we create 1,000 peers and then remove > those 1,000 peers, the bgpM2PeerTable has to continue to contain > rows for those 1,000 removed peers for ever? This is up to the implementation. > Even across reloads? This is also up to the implmentation. :-) > That seems a very harsh requirement on the BGP implementation to > keep all this information around about peers that used to exist > in some distant past... Would it be possible to remove that > requirement? Since the bgpM2PeerIndex is referred to by other tables, the idea is that you want to be able to get data that may otherwise disapear out from under it. Requiring it forever is unreasonable. -- Jeff Haas NextHop Technologies Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id KAA03839 for <idr-archive@nic.merit.edu>; Thu, 20 Mar 2003 10:34:35 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id D022A9127D; Thu, 20 Mar 2003 10:34:11 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id 737A29121C; Thu, 20 Mar 2003 10:34:11 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id 607A69127C for <idr@trapdoor.merit.edu>; Thu, 20 Mar 2003 10:34:09 -0500 (EST) Received: by segue.merit.edu (Postfix) id 42FA25E114; Thu, 20 Mar 2003 10:34:09 -0500 (EST) Delivered-To: idr@merit.edu Received: from hotmail.com (bay1-f159.bay1.hotmail.com [65.54.245.159]) by segue.merit.edu (Postfix) with ESMTP id 814585E0FF for <idr@merit.edu>; Thu, 20 Mar 2003 10:34:07 -0500 (EST) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Thu, 20 Mar 2003 07:34:07 -0800 Received: from 65.194.140.2 by by1fd.bay1.hotmail.msn.com with HTTP; Thu, 20 Mar 2003 15:34:07 GMT X-Originating-IP: [65.194.140.2] X-Originating-Email: [bwarijsman@hotmail.com] From: "Bruno Rijsman" <bwarijsman@hotmail.com> To: idr@merit.edu Subject: questions about the index of the bgpM2PeerTable Date: Thu, 20 Mar 2003 10:34:07 -0500 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: <BAY1-F159jtQUGUzLhG00005fb4@hotmail.com> X-OriginalArrivalTime: 20 Mar 2003 15:34:07.0979 (UTC) FILETIME=[2596A3B0:01C2EEF6] Sender: owner-idr@merit.edu Precedence: bulk I have some questions about the index of the bgpM2PeerTable in draft-ietf-idr-bgp4-mibv2-03.txt: >bgpM2PeerEntry OBJECT-TYPE > ... > INDEX { > bgpM2PeerLocalAddrType, > bgpM2PeerLocalAddr, > bgpM2PeerRemoteAddrType, > bgpM2PeerRemoteAddr > } The local address of a BGP session may not be known until the session comes up (and as a side-effect, if the session bounces it may end up with a different local address the second the the session comes up). This might happen, for example, if the session is an IBGP session or a multihop EBGP session without a configured update-source address. Also, as far as I know, existing implementations do not allow you to configure two BGP sessions to the same remote address with different local addresses. Given that, would it make sense to remove the local address from the index? In RFC 2547 style VPNs, there may be several peers with the same remote (and local) address because each VRF has its own address space. Should we say that this table does not contain entries for PE-CE sessions? Or, alternatively, should we add some identification of the VRF in the index? >bgpM2PeerIndex OBJECT-TYPE >... >Values in the >bgpM2PeerTable and other tables utilizing bgpM2PeerIndex >are expected to remain in existence for an arbitrary >time after the unconfigured peer has been deleted >in order to allow management applications to extract >useful management information for those peers. Does this mean that if we create 1,000 peers and then remove those 1,000 peers, the bgpM2PeerTable has to continue to contain rows for those 1,000 removed peers for ever? Even across reloads? That seems a very harsh requirement on the BGP implementation to keep all this information around about peers that used to exist in some distant past... Would it be possible to remove that requirement? _________________________________________________________________ Help STOP SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id RAA13815 for <idr-archive@nic.merit.edu>; Mon, 17 Mar 2003 17:53:28 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id 9FD5991218; Mon, 17 Mar 2003 17:53:10 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id 639279121F; Mon, 17 Mar 2003 17:53:10 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id 98CC191218 for <idr@trapdoor.merit.edu>; Mon, 17 Mar 2003 17:53:08 -0500 (EST) Received: by segue.merit.edu (Postfix) id 855345DF22; Mon, 17 Mar 2003 17:53:08 -0500 (EST) Delivered-To: idr@merit.edu Received: from hotmail.com (bay1-f157.bay1.hotmail.com [65.54.245.157]) by segue.merit.edu (Postfix) with ESMTP id 40E955DE2B for <idr@merit.edu>; Mon, 17 Mar 2003 17:53:08 -0500 (EST) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Mon, 17 Mar 2003 14:53:07 -0800 Received: from 65.194.140.2 by by1fd.bay1.hotmail.msn.com with HTTP; Mon, 17 Mar 2003 22:53:07 GMT X-Originating-IP: [65.194.140.2] From: "Bruno Rijsman" <bwarijsman@hotmail.com> To: idr@merit.edu Cc: jhaas@nexthop.com Subject: bgpM2CfgConfederationRouter in BGP4-V2-MIB Date: Mon, 17 Mar 2003 17:53:07 -0500 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: <BAY1-F157SaVkpCCuc5000085f8@hotmail.com> X-OriginalArrivalTime: 17 Mar 2003 22:53:07.0757 (UTC) FILETIME=[FA148DD0:01C2ECD7] Sender: owner-idr@merit.edu Precedence: bulk Do we really need the read-write object bgpM2CfgConfederationRouter in BGP4-V2-MIB? Setting this object to false to "make the implementation not support confederations" doesn't seem to make much sense. Note that "the implementation does not support confederations" is something different from "the BGP speaker is not a confederation router" which does make sense and which is achieved by setting bgpM2CfgConfederationId to zero. Relevant snippet from BGP4-V2-MIB: bgpM2CfgConfederationRouter OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This value is set to true if this implementation will be supporting BGP AS Confederations." REFERENCE "RFC 3065 - Autonomous System Confederations for BGP" ::= { bgpM2CfgBaseScalarASConfedExts 1 } bgpM2CfgConfederationId OBJECT-TYPE SYNTAX InetAutonomousSystemNumber MAX-ACCESS read-write STATUS current DESCRIPTION "The local Confederation Identification Number. This value will be zero (0) if this BGP Speaker is not a confederation router." REFERENCE "RFC 3065 - Autonomous System Confederations for BGP" ::= { bgpM2CfgBaseScalarASConfedExts 2 } _________________________________________________________________ Tired of spam? Get advanced junk mail protection with MSN 8. http://join.msn.com/?page=features/junkmail Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id NAA05587 for <idr-archive@nic.merit.edu>; Mon, 17 Mar 2003 13:41:17 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id A02E991236; Mon, 17 Mar 2003 13:40:55 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id 6C0AC91237; Mon, 17 Mar 2003 13:40:55 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id 5BB1B91236 for <idr@trapdoor.merit.edu>; Mon, 17 Mar 2003 13:40:54 -0500 (EST) Received: by segue.merit.edu (Postfix) id 4220F5DE7F; Mon, 17 Mar 2003 13:40:54 -0500 (EST) Delivered-To: idr@merit.edu Received: from presque.nexthop.com (dns.nexthop.com [64.211.218.216]) by segue.merit.edu (Postfix) with ESMTP id E36845DE56 for <idr@merit.edu>; Mon, 17 Mar 2003 13:40:53 -0500 (EST) Received: (from root@localhost) by presque.nexthop.com (8.12.8/8.11.1) id h2HIennB098456; Mon, 17 Mar 2003 13:40:49 -0500 (EST) (envelope-from jhaas@jhaas.nexthop.com) Received: from jhaas.nexthop.com (jhaas.nexthop.com [64.211.218.31]) by presque.nexthop.com (8.12.8/8.12.8) with ESMTP id h2HIeiNp098441; Mon, 17 Mar 2003 13:40:44 -0500 (EST) (envelope-from jhaas@jhaas.nexthop.com) Received: (from jhaas@localhost) by jhaas.nexthop.com (8.11.3nb1/8.11.3) id h2HIedq29162; Mon, 17 Mar 2003 13:40:39 -0500 (EST) Date: Mon, 17 Mar 2003 13:40:38 -0500 From: Jeffrey Haas <jhaas@nexthop.com> To: Tom Petch <nwnetworks@dial.pipex.com> Cc: idr@merit.edu, Yakov Rekhter <yakov@juniper.net> Subject: Re: draft-ietf-idr-bgp4-mib-10.txt to PS Message-ID: <20030317134038.A29133@nexthop.com> References: <000401c2ecaf$bb46b380$0301a8c0@tom3> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <000401c2ecaf$bb46b380$0301a8c0@tom3>; from nwnetworks@dial.pipex.com on Mon, Mar 17, 2003 at 12:20:47PM -0000 X-Virus-Scanned: by AMaViS perl-11 Sender: owner-idr@merit.edu Precedence: bulk Tom, On Mon, Mar 17, 2003 at 12:20:47PM -0000, Tom Petch wrote: > I think that this draft needs some revision before advancement. Thanks for the many suggestions. Others have made similar suggestions, specifically Bert to fix all of the boilerplate, off-list. > IpAddress is frowned upon, I don't believe we can utilize InetAddress. Do you have a better suggestion? > the e-mail is no longer merit.net; etc etc. And there > are a raft of SMI issues where this SMI would not be allowed if this > were a new MIB module but may be here since this is really a converted > SMIv1 module (issues which keep changing and which I always have to > research most carefully). The whole point is to document what *is* deployed without making serious changes to the MIB - we can't do that. The v2MIB is intended to let us get the protocol as deployed properly documnted. > More debatably, I would prefer the base bgp document to have a > relatively clean last call before delving too deep into this. If there are particular points that are reflected in the current v1MIB that you believe are going to be contentious, please point them out. I think we're pretty close to being "cooked" on the base draft and the portions relevant to the v1MIB are very unlikely to change. Then again, thats what last call is for! > We did > remove MIB information from the base document which means this > probably now needs more adding to it eg on start event (now more than > one), error codes and such like. Right, but much of that was relevant to the v2mib. Can you point out specific items in the v1MIB that are of concern? Thanks for your input. > Tom Petch > nwnetworks@dial.pipex.com -- Jeff Haas NextHop Technologies Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id NAA04508 for <idr-archive@nic.merit.edu>; Mon, 17 Mar 2003 13:08:16 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id 540DC9123D; Mon, 17 Mar 2003 13:07:56 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id F2E5291236; Mon, 17 Mar 2003 13:07:55 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id 5DCE791237 for <idr@trapdoor.merit.edu>; Mon, 17 Mar 2003 13:07:52 -0500 (EST) Received: by segue.merit.edu (Postfix) id E32515DE6D; Mon, 17 Mar 2003 13:07:52 -0500 (EST) Delivered-To: idr@merit.edu Received: from shockwave.systems.pipex.net (shockwave.systems.pipex.net [62.241.160.9]) by segue.merit.edu (Postfix) with ESMTP id B0FC75DD8D for <idr@merit.edu>; Mon, 17 Mar 2003 13:07:52 -0500 (EST) Received: from tom3 (1Cust213.tnt9.lnd4.gbr.da.uu.net [62.188.138.213]) by shockwave.systems.pipex.net (Postfix) with SMTP id 75AC21600038D; Mon, 17 Mar 2003 18:07:50 +0000 (GMT) Message-ID: <000401c2ecaf$bb46b380$0301a8c0@tom3> Reply-To: "Tom Petch" <nwnetworks@dial.pipex.com> From: "Tom Petch" <nwnetworks@dial.pipex.com> To: <idr@merit.edu>, "Yakov Rekhter" <yakov@juniper.net> Subject: Re: draft-ietf-idr-bgp4-mib-10.txt to PS Date: Mon, 17 Mar 2003 12:20:47 -0000 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.2106.4 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.2106.4 Sender: owner-idr@merit.edu Precedence: bulk I think that this draft needs some revision before advancement. The SNMP (and other) red tape has moved on. There is a new boiler plate for section 5, the SNMP 257x RFC have been superseded by 34xx, the references need splitting into normative and not, IpAddress is frowned upon, the e-mail is no longer merit.net; etc etc. And there are a raft of SMI issues where this SMI would not be allowed if this were a new MIB module but may be here since this is really a converted SMIv1 module (issues which keep changing and which I always have to research most carefully). More debatably, I would prefer the base bgp document to have a relatively clean last call before delving too deep into this. We did remove MIB information from the base document which means this probably now needs more adding to it eg on start event (now more than one), error codes and such like. Tom Petch nwnetworks@dial.pipex.com -----Original Message----- From: Yakov Rekhter <yakov@juniper.net> To: idr@merit.edu <idr@merit.edu> Date: 10 March 2003 16:38 Subject: draft-ietf-idr-bgp4-mib-10.txt to PS >Folks, > >This is to start the WG Last Call on advancing draft-ietf-idr-bgp4-mib-10.txt >to a Proposed Standard. The Last Call ends March 24. > >Yakov. Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id RAA25571 for <idr-archive@nic.merit.edu>; Fri, 14 Mar 2003 17:42:26 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id 705AA91205; Fri, 14 Mar 2003 17:41:59 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id 4A6D491213; Fri, 14 Mar 2003 17:41:59 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id 1BA3E91205 for <idr@trapdoor.merit.edu>; Fri, 14 Mar 2003 17:41:58 -0500 (EST) Received: by segue.merit.edu (Postfix) id 0A6875DF13; Fri, 14 Mar 2003 17:41:58 -0500 (EST) Delivered-To: idr@merit.edu Received: from hotmail.com (bay1-f76.bay1.hotmail.com [65.54.245.76]) by segue.merit.edu (Postfix) with ESMTP id AF2015DF0C for <idr@merit.edu>; Fri, 14 Mar 2003 17:41:57 -0500 (EST) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Fri, 14 Mar 2003 14:41:57 -0800 Received: from 65.194.140.2 by by1fd.bay1.hotmail.msn.com with HTTP; Fri, 14 Mar 2003 22:41:57 GMT X-Originating-IP: [65.194.140.2] From: "Bruno Rijsman" <bwarijsman@hotmail.com> To: idr@merit.edu Cc: jhaas@nexthop.com Date: Fri, 14 Mar 2003 17:41:57 -0500 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: <BAY1-F76oeMxew44bUu0003a6a5@hotmail.com> X-OriginalArrivalTime: 14 Mar 2003 22:41:57.0261 (UTC) FILETIME=[EB31BBD0:01C2EA7A] Sender: owner-idr@merit.edu Precedence: bulk >In draft-ietf-idr-bgp4-mibv2-03 what is the difference between >bgpM2RouteReflector and bgpM2CfgRouteReflector (and also between >bgpM2ClusterId and bgpM2CfgClusterId)? Just to clarify this question: if we have a read-write bgpM2CfgRouteReflector why do we also need a read-only bgpM2RouteReflector? _________________________________________________________________ The new MSN 8: advanced junk mail protection and 2 months FREE* http://join.msn.com/?page=features/junkmail Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id RAA25425 for <idr-archive@nic.merit.edu>; Fri, 14 Mar 2003 17:37:33 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id CF27491201; Fri, 14 Mar 2003 17:37:09 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id 98FC891205; Fri, 14 Mar 2003 17:37:09 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id 6622F91201 for <idr@trapdoor.merit.edu>; Fri, 14 Mar 2003 17:37:08 -0500 (EST) Received: by segue.merit.edu (Postfix) id 531195DEC0; Fri, 14 Mar 2003 17:37:08 -0500 (EST) Delivered-To: idr@merit.edu Received: from hotmail.com (bay1-f173.bay1.hotmail.com [65.54.245.173]) by segue.merit.edu (Postfix) with ESMTP id F28CD5DEB2 for <idr@merit.edu>; Fri, 14 Mar 2003 17:37:07 -0500 (EST) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Fri, 14 Mar 2003 14:37:07 -0800 Received: from 65.194.140.2 by by1fd.bay1.hotmail.msn.com with HTTP; Fri, 14 Mar 2003 22:37:07 GMT X-Originating-IP: [65.194.140.2] From: "Bruno Rijsman" <bwarijsman@hotmail.com> To: idr@merit.edu Cc: jhaas@nexthop.com Subject: bgpM2RouteReflector vs bgpM2CfgRouteReflector Date: Fri, 14 Mar 2003 17:37:07 -0500 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: <BAY1-F173mWYEHxTQiS0003a2f0@hotmail.com> X-OriginalArrivalTime: 14 Mar 2003 22:37:07.0494 (UTC) FILETIME=[3E7ACC60:01C2EA7A] Sender: owner-idr@merit.edu Precedence: bulk In draft-ietf-idr-bgp4-mibv2-03 what is the difference between bgpM2RouteReflector and bgpM2CfgRouteReflector (and also between bgpM2ClusterId and bgpM2CfgClusterId)? _________________________________________________________________ MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*. http://join.msn.com/?page=features/virus Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id PAA09267 for <idr-archive@nic.merit.edu>; Thu, 13 Mar 2003 15:06:07 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id EEA5F91381; Thu, 13 Mar 2003 15:05:43 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id 9093291384; Thu, 13 Mar 2003 15:05:42 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id 46F9491381 for <idr@trapdoor.merit.edu>; Thu, 13 Mar 2003 15:05:40 -0500 (EST) Received: by segue.merit.edu (Postfix) id 2AA0C5DFE7; Thu, 13 Mar 2003 15:05:40 -0500 (EST) Delivered-To: idr@merit.edu Received: from hotmail.com (bay1-f60.bay1.hotmail.com [65.54.245.60]) by segue.merit.edu (Postfix) with ESMTP id D62265DDA2 for <idr@merit.edu>; Thu, 13 Mar 2003 15:05:39 -0500 (EST) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Thu, 13 Mar 2003 12:05:39 -0800 Received: from 65.194.140.2 by by1fd.bay1.hotmail.msn.com with HTTP; Thu, 13 Mar 2003 20:05:39 GMT X-Originating-IP: [65.194.140.2] From: "Bruno Rijsman" <bwarijsman@hotmail.com> To: jhaas@nexthop.com Cc: idr@merit.edu Subject: Re: Some comments on draft-ietf-idr-bgp4-mibv2-03.txt Date: Thu, 13 Mar 2003 15:05:39 -0500 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: <BAY1-F601W2ufyWOxbC000383e7@hotmail.com> X-OriginalArrivalTime: 13 Mar 2003 20:05:39.0383 (UTC) FILETIME=[EB215C70:01C2E99B] Sender: owner-idr@merit.edu Precedence: bulk Two observations on using the RFC number as the OID: (a) What happens if an RFC is obsoleted by a newer RFC? (b) It seems that this model is not followed consistently (e.g. the OIDs for capability negotiation are not based on the RFC number) >From: Jeffrey Haas <jhaas@nexthop.com> >To: Bruno Rijsman <bwarijsman@hotmail.com> >CC: idr@merit.edu >Subject: Re: Some comments on draft-ietf-idr-bgp4-mibv2-03.txt >Date: Thu, 13 Mar 2003 14:34:14 -0500 > >Bruno, > >The general idea was that the extension OID would be based on the RFC >number. > >This is, of course, open to reconsideration. However, this also keeps >us from sticking things in the bgp mib extensions that aren't at least >supported by some RFC. > >On Thu, Mar 13, 2003 at 02:26:19PM -0500, Bruno Rijsman wrote: > > (2) A value still needs to be allocated for XXX in > > > > bgpM2PathAttrExtCommTable OBJECT-TYPE > > [...] > > DESCRIPTION > > [...] > > XXX JMH - can not assign the OID until an RFC is published." > > ::= { bgpM2PathAttrNonCapExts XXX } > > > > PS - In this case it is not quite clear to me why that has to wait > > until the RFC is published. > >-- >Jeff Haas >NextHop Technologies _________________________________________________________________ Add photos to your messages with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id OAA08916 for <idr-archive@nic.merit.edu>; Thu, 13 Mar 2003 14:36:26 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id 10E109137F; Thu, 13 Mar 2003 14:35:52 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id D228B91272; Thu, 13 Mar 2003 14:35:51 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id A35F49137F for <idr@trapdoor.merit.edu>; Thu, 13 Mar 2003 14:35:49 -0500 (EST) Received: by segue.merit.edu (Postfix) id 727D75E162; Thu, 13 Mar 2003 14:35:09 -0500 (EST) Delivered-To: idr@merit.edu Received: from presque.nexthop.com (dns.nexthop.com [64.211.218.216]) by segue.merit.edu (Postfix) with ESMTP id D7D4C5E151 for <idr@merit.edu>; Thu, 13 Mar 2003 14:35:08 -0500 (EST) Received: (from root@localhost) by presque.nexthop.com (8.12.8/8.11.1) id h2DJYovY086457; Thu, 13 Mar 2003 14:34:50 -0500 (EST) (envelope-from jhaas@jhaas.nexthop.com) Received: from jhaas.nexthop.com (jhaas.nexthop.com [64.211.218.31]) by presque.nexthop.com (8.12.8/8.12.8) with ESMTP id h2DJYJNp086324; Thu, 13 Mar 2003 14:34:20 -0500 (EST) (envelope-from jhaas@jhaas.nexthop.com) Received: (from jhaas@localhost) by jhaas.nexthop.com (8.11.3nb1/8.11.3) id h2DJYEf25276; Thu, 13 Mar 2003 14:34:14 -0500 (EST) Date: Thu, 13 Mar 2003 14:34:14 -0500 From: Jeffrey Haas <jhaas@nexthop.com> To: Bruno Rijsman <bwarijsman@hotmail.com> Cc: idr@merit.edu Subject: Re: Some comments on draft-ietf-idr-bgp4-mibv2-03.txt Message-ID: <20030313143414.B25160@nexthop.com> References: <BAY1-F117VqKwRPQIWD00038167@hotmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <BAY1-F117VqKwRPQIWD00038167@hotmail.com>; from bwarijsman@hotmail.com on Thu, Mar 13, 2003 at 02:26:19PM -0500 X-Virus-Scanned: by AMaViS perl-11 Sender: owner-idr@merit.edu Precedence: bulk Bruno, The general idea was that the extension OID would be based on the RFC number. This is, of course, open to reconsideration. However, this also keeps us from sticking things in the bgp mib extensions that aren't at least supported by some RFC. On Thu, Mar 13, 2003 at 02:26:19PM -0500, Bruno Rijsman wrote: > (2) A value still needs to be allocated for XXX in > > bgpM2PathAttrExtCommTable OBJECT-TYPE > [...] > DESCRIPTION > [...] > XXX JMH - can not assign the OID until an RFC is published." > ::= { bgpM2PathAttrNonCapExts XXX } > > PS - In this case it is not quite clear to me why that has to wait > until the RFC is published. -- Jeff Haas NextHop Technologies Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id OAA08816 for <idr-archive@nic.merit.edu>; Thu, 13 Mar 2003 14:26:41 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id D894191279; Thu, 13 Mar 2003 14:26:22 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id 981C891272; Thu, 13 Mar 2003 14:26:22 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id 2241091279 for <idr@trapdoor.merit.edu>; Thu, 13 Mar 2003 14:26:21 -0500 (EST) Received: by segue.merit.edu (Postfix) id F0B5C5E11B; Thu, 13 Mar 2003 14:26:20 -0500 (EST) Delivered-To: idr@merit.edu Received: from hotmail.com (bay1-f117.bay1.hotmail.com [65.54.245.117]) by segue.merit.edu (Postfix) with ESMTP id AA2A55E0FA for <idr@merit.edu>; Thu, 13 Mar 2003 14:26:20 -0500 (EST) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Thu, 13 Mar 2003 11:26:20 -0800 Received: from 65.194.140.2 by by1fd.bay1.hotmail.msn.com with HTTP; Thu, 13 Mar 2003 19:26:19 GMT X-Originating-IP: [65.194.140.2] From: "Bruno Rijsman" <bwarijsman@hotmail.com> To: jhaas@nexthop.com Cc: idr@merit.edu Subject: Some comments on draft-ietf-idr-bgp4-mibv2-03.txt Date: Thu, 13 Mar 2003 14:26:19 -0500 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: <BAY1-F117VqKwRPQIWD00038167@hotmail.com> X-OriginalArrivalTime: 13 Mar 2003 19:26:20.0152 (UTC) FILETIME=[6CEB4780:01C2E996] Sender: owner-idr@merit.edu Precedence: bulk (1) Type TimeTicks should be imported from SNMPv2-SMI (2) A value still needs to be allocated for XXX in bgpM2PathAttrExtCommTable OBJECT-TYPE [...] DESCRIPTION [...] XXX JMH - can not assign the OID until an RFC is published." ::= { bgpM2PathAttrNonCapExts XXX } PS - In this case it is not quite clear to me why that has to wait until the RFC is published. _________________________________________________________________ MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*. http://join.msn.com/?page=features/virus Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id OAA08640 for <idr-archive@nic.merit.edu>; Thu, 13 Mar 2003 14:08:17 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id EFABD91271; Thu, 13 Mar 2003 14:07:59 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id B94BD91272; Thu, 13 Mar 2003 14:07:58 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id 725B291271 for <idr@trapdoor.merit.edu>; Thu, 13 Mar 2003 14:07:57 -0500 (EST) Received: by segue.merit.edu (Postfix) id 575535E151; Thu, 13 Mar 2003 14:07:57 -0500 (EST) Delivered-To: idr@merit.edu Received: from hotmail.com (bay1-f163.bay1.hotmail.com [65.54.245.163]) by segue.merit.edu (Postfix) with ESMTP id 0D01D5E0FA for <idr@merit.edu>; Thu, 13 Mar 2003 14:07:57 -0500 (EST) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Thu, 13 Mar 2003 11:07:56 -0800 Received: from 65.194.140.2 by by1fd.bay1.hotmail.msn.com with HTTP; Thu, 13 Mar 2003 19:07:56 GMT X-Originating-IP: [65.194.140.2] From: "Bruno Rijsman" <bwarijsman@hotmail.com> To: jhaas@nexthop.com Cc: idr@merit.edu Subject: Re: bgpM2 module identity in draft-ietf-idr-bgp4-mibv2-03.txt? Date: Thu, 13 Mar 2003 14:07:56 -0500 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: <BAY1-F163YVGRsq1bgI00037fc2@hotmail.com> X-OriginalArrivalTime: 13 Mar 2003 19:07:56.0653 (UTC) FILETIME=[DB2EB1D0:01C2E993] Sender: owner-idr@merit.edu Precedence: bulk Okay, thanks Jeffrey. Meanwhile, I found one very minor issue in the -03 version of the draft: BGP4-V2-MIB DEFINITIONS ::= BEGIN IMPORTS [...] -- Note that the following reference to INET-ADDRESS-MIB -- refers to the version as published in the RFC 2851 -- update internet draft. InetAddressType, InetAddress, InetPortNumber, InetAutonomousSystemNumber, InetAddressPrefixLength FROM INET-ADDRESS-MIB The reference to RFC 2851 should be replaced by a reference to RFC 3291 because InetPortNumber is only defined in RFC 3291. >From: Jeffrey Haas <jhaas@nexthop.com> >To: Bruno Rijsman <bwarijsman@hotmail.com> >CC: idr@merit.edu >Subject: Re: bgpM2 module identity in draft-ietf-idr-bgp4-mibv2-03.txt? >Date: Thu, 13 Mar 2003 14:02:46 -0500 > >Bruno, > >We will be pursuing getting a MIB-II OID as part of the next version of >the draft. I had been waiting on two things to occur: >o Further discussion on the contents of this MIB >o The BGP FSM text to become finalized so that it can be properly > incorporated into the MIB. > >This process will probably be started after the upcoming IETF. >In the meanwhile, please be on the lookup for a new issue of the MIBv2 >draft. All comments are appreciated. > > >On Thu, Mar 13, 2003 at 01:25:32PM -0500, Bruno Rijsman wrote: > > Has a value for XXX already been allocated for the bgpM2 module identity >of > > BGP4-V2-MIB (in draft-ietf-idr-bgp4-mibv2-03.txt)? If not, when is this > > expected to happen? > > > > BGP4-V2-MIB DEFINITIONS ::= BEGIN > > [...] > > bgpM2 MODULE-IDENTITY > > [...] > > ::= { mib-2 XXX } <=== HERE > >-- >Jeff Haas >NextHop Technologies _________________________________________________________________ The new MSN 8: smart spam protection and 2 months FREE* http://join.msn.com/?page=features/junkmail Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id OAA08627 for <idr-archive@nic.merit.edu>; Thu, 13 Mar 2003 14:05:35 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id D9A839126E; Thu, 13 Mar 2003 14:04:13 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id AF03491271; Thu, 13 Mar 2003 14:04:11 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id B7ACF9126E for <idr@trapdoor.merit.edu>; Thu, 13 Mar 2003 14:03:40 -0500 (EST) Received: by segue.merit.edu (Postfix) id 678E35E180; Thu, 13 Mar 2003 14:02:58 -0500 (EST) Delivered-To: idr@merit.edu Received: from presque.nexthop.com (dns.nexthop.com [64.211.218.216]) by segue.merit.edu (Postfix) with ESMTP id D7E035E17F for <idr@merit.edu>; Thu, 13 Mar 2003 14:02:57 -0500 (EST) Received: (from root@localhost) by presque.nexthop.com (8.12.8/8.11.1) id h2DJ2s3B084600; Thu, 13 Mar 2003 14:02:54 -0500 (EST) (envelope-from jhaas@jhaas.nexthop.com) Received: from jhaas.nexthop.com (jhaas.nexthop.com [64.211.218.31]) by presque.nexthop.com (8.12.8/8.12.8) with ESMTP id h2DJ2pNp084593; Thu, 13 Mar 2003 14:02:51 -0500 (EST) (envelope-from jhaas@jhaas.nexthop.com) Received: (from jhaas@localhost) by jhaas.nexthop.com (8.11.3nb1/8.11.3) id h2DJ2kD25218; Thu, 13 Mar 2003 14:02:46 -0500 (EST) Date: Thu, 13 Mar 2003 14:02:46 -0500 From: Jeffrey Haas <jhaas@nexthop.com> To: Bruno Rijsman <bwarijsman@hotmail.com> Cc: idr@merit.edu Subject: Re: bgpM2 module identity in draft-ietf-idr-bgp4-mibv2-03.txt? Message-ID: <20030313140245.A25160@nexthop.com> References: <BAY1-F192H3b98KtdhQ00038032@hotmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <BAY1-F192H3b98KtdhQ00038032@hotmail.com>; from bwarijsman@hotmail.com on Thu, Mar 13, 2003 at 01:25:32PM -0500 X-Virus-Scanned: by AMaViS perl-11 Sender: owner-idr@merit.edu Precedence: bulk Bruno, We will be pursuing getting a MIB-II OID as part of the next version of the draft. I had been waiting on two things to occur: o Further discussion on the contents of this MIB o The BGP FSM text to become finalized so that it can be properly incorporated into the MIB. This process will probably be started after the upcoming IETF. In the meanwhile, please be on the lookup for a new issue of the MIBv2 draft. All comments are appreciated. On Thu, Mar 13, 2003 at 01:25:32PM -0500, Bruno Rijsman wrote: > Has a value for XXX already been allocated for the bgpM2 module identity of > BGP4-V2-MIB (in draft-ietf-idr-bgp4-mibv2-03.txt)? If not, when is this > expected to happen? > > BGP4-V2-MIB DEFINITIONS ::= BEGIN > [...] > bgpM2 MODULE-IDENTITY > [...] > ::= { mib-2 XXX } <=== HERE -- Jeff Haas NextHop Technologies Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id NAA08123 for <idr-archive@nic.merit.edu>; Thu, 13 Mar 2003 13:25:55 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id CDAB99126B; Thu, 13 Mar 2003 13:25:35 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id 9F69F9126A; Thu, 13 Mar 2003 13:25:35 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id 054059126B for <idr@trapdoor.merit.edu>; Thu, 13 Mar 2003 13:25:33 -0500 (EST) Received: by segue.merit.edu (Postfix) id DC91A5DE10; Thu, 13 Mar 2003 13:25:33 -0500 (EST) Delivered-To: idr@merit.edu Received: from hotmail.com (bay1-f19.bay1.hotmail.com [65.54.245.19]) by segue.merit.edu (Postfix) with ESMTP id 8AE655DD9A for <idr@merit.edu>; Thu, 13 Mar 2003 13:25:33 -0500 (EST) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Thu, 13 Mar 2003 10:25:33 -0800 Received: from 65.194.140.2 by by1fd.bay1.hotmail.msn.com with HTTP; Thu, 13 Mar 2003 18:25:32 GMT X-Originating-IP: [65.194.140.2] From: "Bruno Rijsman" <bwarijsman@hotmail.com> To: idr@merit.edu Subject: bgpM2 module identity in draft-ietf-idr-bgp4-mibv2-03.txt? Date: Thu, 13 Mar 2003 13:25:32 -0500 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: <BAY1-F192H3b98KtdhQ00038032@hotmail.com> X-OriginalArrivalTime: 13 Mar 2003 18:25:33.0055 (UTC) FILETIME=[EF1470F0:01C2E98D] Sender: owner-idr@merit.edu Precedence: bulk Has a value for XXX already been allocated for the bgpM2 module identity of BGP4-V2-MIB (in draft-ietf-idr-bgp4-mibv2-03.txt)? If not, when is this expected to happen? BGP4-V2-MIB DEFINITIONS ::= BEGIN [...] bgpM2 MODULE-IDENTITY [...] ::= { mib-2 XXX } <=== HERE _________________________________________________________________ MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*. http://join.msn.com/?page=features/virus Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id LAA08133 for <idr-archive@nic.merit.edu>; Mon, 10 Mar 2003 11:38:17 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id 443B0912B5; Mon, 10 Mar 2003 11:38:00 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id 15E6C912B6; Mon, 10 Mar 2003 11:38:00 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id C97F6912B5 for <idr@trapdoor.merit.edu>; Mon, 10 Mar 2003 11:37:58 -0500 (EST) Received: by segue.merit.edu (Postfix) id B76D25E2D1; Mon, 10 Mar 2003 11:37:58 -0500 (EST) Delivered-To: idr@merit.edu Received: from merlot.juniper.net (natint.juniper.net [207.17.136.129]) by segue.merit.edu (Postfix) with ESMTP id 2DA8F5E2C7 for <idr@merit.edu>; Mon, 10 Mar 2003 11:37:58 -0500 (EST) Received: from juniper.net (garnet.juniper.net [172.17.28.17]) by merlot.juniper.net (8.11.3/8.11.3) with ESMTP id h2AGbvS72648 for <idr@merit.edu>; Mon, 10 Mar 2003 08:37:57 -0800 (PST) (envelope-from yakov@juniper.net) Message-Id: <200303101637.h2AGbvS72648@merlot.juniper.net> To: idr@merit.edu Subject: draft-ietf-idr-bgp4-mib-10.txt to PS MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <93626.1047314277.1@juniper.net> Date: Mon, 10 Mar 2003 08:37:57 -0800 From: Yakov Rekhter <yakov@juniper.net> Sender: owner-idr@merit.edu Precedence: bulk Folks, This is to start the WG Last Call on advancing draft-ietf-idr-bgp4-mib-10.txt to a Proposed Standard. The Last Call ends March 24. Yakov. Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id KAA07484 for <idr-archive@nic.merit.edu>; Mon, 10 Mar 2003 10:28:31 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id CCAFC912A8; Mon, 10 Mar 2003 10:28:10 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id 95F29912AB; Mon, 10 Mar 2003 10:28:10 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id 57802912A8 for <idr@trapdoor.merit.edu>; Mon, 10 Mar 2003 10:28:09 -0500 (EST) Received: by segue.merit.edu (Postfix) id 43DDA5E2B6; Mon, 10 Mar 2003 10:28:09 -0500 (EST) Delivered-To: idr@merit.edu Received: from merlot.juniper.net (natint.juniper.net [207.17.136.129]) by segue.merit.edu (Postfix) with ESMTP id B1AE15E2B4 for <idr@merit.edu>; Mon, 10 Mar 2003 10:28:08 -0500 (EST) Received: from juniper.net (garnet.juniper.net [172.17.28.17]) by merlot.juniper.net (8.11.3/8.11.3) with ESMTP id h2AFS8S67476; Mon, 10 Mar 2003 07:28:08 -0800 (PST) (envelope-from yakov@juniper.net) Message-Id: <200303101528.h2AFS8S67476@merlot.juniper.net> To: idr@merit.edu, agenda@ietf.org Subject: BGP WG meeting - final agenda MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <69921.1047310088.1@juniper.net> Date: Mon, 10 Mar 2003 07:28:08 -0800 From: Yakov Rekhter <yakov@juniper.net> Sender: owner-idr@merit.edu Precedence: bulk Inter-Domain Routing (IDR) Wednesday, March 19 1530-1730 ============================= Chairs: Sue Hares (skh@nexthop.com), Yakov Rekhter (yakov@juniper.net) Agenda: 1530-1545 Administrivia Yakov Rekhter Agenda Bashing Minutes Blue Sheets WG Document Status 15:45-16:10 Flexible BGP Communities Andrew Lange http://www.ietf.org/internet-drafts/draft-lange-flexible-bgp-communities-00.txt 16:10-16:25 BGP Security Vulnerabilities Analysis Sandy Murphy http://www.ietf.org/internet-drafts/draft-murphy-bgp-vuln-02.txt 16:25-16:35 Wrap Up Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id KAA15171 for <idr-archive@nic.merit.edu>; Thu, 6 Mar 2003 10:47:47 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id 8CEA29120C; Thu, 6 Mar 2003 10:47:14 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id 50A109120A; Thu, 6 Mar 2003 10:47:14 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id 768F69120C for <idr@trapdoor.merit.edu>; Thu, 6 Mar 2003 10:46:43 -0500 (EST) Received: by segue.merit.edu (Postfix) id B77A85E0D2; Thu, 6 Mar 2003 10:46:13 -0500 (EST) Delivered-To: idr@merit.edu Received: from ietf.org (odin.ietf.org [132.151.1.176]) by segue.merit.edu (Postfix) with ESMTP id 308B15E0D1 for <idr@merit.edu>; Thu, 6 Mar 2003 10:46:13 -0500 (EST) Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA21281; Thu, 6 Mar 2003 10:44:08 -0500 (EST) Message-Id: <200303061544.KAA21281@ietf.org> Mime-Version: 1.0 Content-Type: Multipart/Mixed; Boundary="NextPart" To: IETF-Announce: ; Cc: idr@merit.edu From: Internet-Drafts@ietf.org Reply-To: Internet-Drafts@ietf.org Subject: I-D ACTION:draft-ietf-idr-bgp4-19.txt Date: Thu, 06 Mar 2003 10:44:08 -0500 Sender: owner-idr@merit.edu Precedence: bulk --NextPart A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Inter-Domain Routing Working Group of the IETF. Title : A Border Gateway Protocol 4 (BGP-4) Author(s) : Y. Rekhter, T. Li, S. Hares Filename : draft-ietf-idr-bgp4-19.txt Pages : 86 Date : 2003-3-5 The Border Gateway Protocol (BGP) is an inter-Autonomous System routing protocol. The primary function of a BGP speaking system is to exchange network reachability information with other BGP systems. This network reacha- bility information includes information on the list of Autonomous Systems (ASs) that reachability information traverses. This informa- tion is sufficient to construct a graph of AS connectivity from which routing loops may be pruned and some policy decisions at the AS level may be enforced. BGP-4 provides a set of mechanisms for supporting Classless Inter- Domain Routing (CIDR) [RFC1518, RFC1519]. These mechanisms include support for advertising a set of destinations as an IP prefix and eliminating the concept of network 'class' within BGP. BGP-4 also introduces mechanisms which allow aggregation of routes, including aggregation of AS paths. Routing information exchanged via BGP supports only the destination- based forwarding paradigm, which assumes that a router forwards a packet based solely on the destination address carried in the IP header of the packet. This, in turn, reflects the set of policy deci- sions that can (and can not) be enforced using BGP. BGP can support only the policies conforming to the destination-based forwarding paradigm. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-idr-bgp4-19.txt To remove yourself from the IETF Announcement list, send a message to ietf-announce-request with the word unsubscribe in the body of the message. Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-idr-bgp4-19.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-ietf-idr-bgp4-19.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ietf.org" Content-Type: text/plain Content-ID: <2003-3-5181046.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-idr-bgp4-19.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-idr-bgp4-19.txt"; site="ftp.ietf.org"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <2003-3-5181046.I-D@ietf.org> --OtherAccess-- --NextPart-- Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id LAA12965 for <idr-archive@nic.merit.edu>; Tue, 4 Mar 2003 11:52:14 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id 330D991255; Tue, 4 Mar 2003 11:51:53 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id F2CA291258; Tue, 4 Mar 2003 11:51:52 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id C03A991255 for <idr@trapdoor.merit.edu>; Tue, 4 Mar 2003 11:51:51 -0500 (EST) Received: by segue.merit.edu (Postfix) id A07B85DEBC; Tue, 4 Mar 2003 11:51:51 -0500 (EST) Delivered-To: idr@merit.edu Received: from merlot.juniper.net (natint.juniper.net [207.17.136.129]) by segue.merit.edu (Postfix) with ESMTP id 0DCE65DEBA for <idr@merit.edu>; Tue, 4 Mar 2003 11:51:51 -0500 (EST) Received: from juniper.net (garnet.juniper.net [172.17.28.17]) by merlot.juniper.net (8.11.3/8.11.3) with ESMTP id h24GpnS74619; Tue, 4 Mar 2003 08:51:49 -0800 (PST) (envelope-from yakov@juniper.net) Message-Id: <200303041651.h24GpnS74619@merlot.juniper.net> To: "Susan Hares" <shares@nexthop.com> Cc: idr@merit.edu Subject: Re: Draft-19 - posted privately In-Reply-To: Your message of "Tue, 04 Mar 2003 11:43:33 EST." <BE36D687C8CBFA4AB76F5CD3E3C0FB4EA6ABC6@aa-exchange1.corp.nexthop.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <37465.1046796709.1@juniper.net> Date: Tue, 04 Mar 2003 08:51:49 -0800 From: Yakov Rekhter <yakov@juniper.net> Sender: owner-idr@merit.edu Precedence: bulk Sue, > idr group: > > Due to my error, draft-19 did not make the ietf posting. > Draft-19 is posted on my web site at: > > http://ndzh.com/ietf/draft-ietf-idr-bgp4-19.txt > > My apologies for any inconvience this may cause. Just to add, (a) the draft will be submitted to the IETF secretariat right after the IETF, and (b) the draft reflects all the comments on Andrew's list. Yakov. Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id LAA12696 for <idr-archive@nic.merit.edu>; Tue, 4 Mar 2003 11:44:11 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id 44C1C91252; Tue, 4 Mar 2003 11:43:45 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id 1670D91255; Tue, 4 Mar 2003 11:43:45 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id B786D91252 for <idr@trapdoor.merit.edu>; Tue, 4 Mar 2003 11:43:43 -0500 (EST) Received: by segue.merit.edu (Postfix) id 9C9775DEB7; Tue, 4 Mar 2003 11:43:43 -0500 (EST) Delivered-To: idr@merit.edu Received: from presque.nexthop.com (dns.nexthop.com [64.211.218.216]) by segue.merit.edu (Postfix) with ESMTP id 07CD55DEB6 for <idr@merit.edu>; Tue, 4 Mar 2003 11:43:43 -0500 (EST) Received: (from root@localhost) by presque.nexthop.com (8.11.3/8.11.1) id h24Ghfs94535 for idr@merit.edu; Tue, 4 Mar 2003 11:43:41 -0500 (EST) (envelope-from shares@nexthop.com) Received: from mail.corp.nexthop.com ([64.211.218.233]) by presque.nexthop.com (8.11.3/8.11.1) with ESMTP id h24GhXv94516 for <idr@merit.edu>; Tue, 4 Mar 2003 11:43:33 -0500 (EST) (envelope-from shares@nexthop.com) content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Subject: Draft-19 - posted privately X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0 Date: Tue, 4 Mar 2003 11:43:33 -0500 Message-ID: <BE36D687C8CBFA4AB76F5CD3E3C0FB4EA6ABC6@aa-exchange1.corp.nexthop.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Draft-19 - posted privately Thread-Index: AcLibTF6Ua8mgvfvSUqfmnbZfXNoNQ== From: "Susan Hares" <shares@nexthop.com> To: <idr@merit.edu> Cc: <yakov@juniper.net> X-Virus-Scanned: by AMaViS perl-11 Sender: owner-idr@merit.edu Precedence: bulk Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by nic.merit.edu id LAA12696 idr group: Due to my error, draft-19 did not make the ietf posting. Draft-19 is posted on my web site at: http://ndzh.com/ietf/draft-ietf-idr-bgp4-19.txt My apologies for any inconvience this may cause. Sue Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id PAA06233 for <idr-archive@nic.merit.edu>; Mon, 3 Mar 2003 15:49:21 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id 64DB191216; Mon, 3 Mar 2003 15:49:05 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id 185889128A; Mon, 3 Mar 2003 15:49:04 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id 641B39124D for <idr@trapdoor.merit.edu>; Mon, 3 Mar 2003 15:48:03 -0500 (EST) Received: by segue.merit.edu (Postfix) id 43B2D5DDBF; Mon, 3 Mar 2003 15:48:03 -0500 (EST) Delivered-To: idr@merit.edu Received: from merlot.juniper.net (natint.juniper.net [207.17.136.129]) by segue.merit.edu (Postfix) with ESMTP id A41815DD98 for <idr@merit.edu>; Mon, 3 Mar 2003 15:48:02 -0500 (EST) Received: from juniper.net (garnet.juniper.net [172.17.28.17]) by merlot.juniper.net (8.11.3/8.11.3) with ESMTP id h23Km1S12179; Mon, 3 Mar 2003 12:48:01 -0800 (PST) (envelope-from yakov@juniper.net) Message-Id: <200303032048.h23Km1S12179@merlot.juniper.net> To: idr@merit.edu Cc: skh@nexthop.com Subject: IDR WG meeting draft agenda MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <15549.1046724481.1@juniper.net> Date: Mon, 03 Mar 2003 12:48:01 -0800 From: Yakov Rekhter <yakov@juniper.net> Sender: owner-idr@merit.edu Precedence: bulk Folks, Let Sue and myself know asap if you have any corrections, comments or other... Yakov ------------------------------------------------------------------- Inter-Domain Routing (IDR) Wednesday, March 19 1530-1730 ============================= Chairs: Sue Hares (skh@nexthop.com), Yakov Rekhter (yakov@juniper.net) Agenda: 1530-1545 Administrivia Yakov Rekhter Agenda Bashing Minutes Blue Sheets WG Document Status 15:45-16:10 Flexible BGP Communities Andrew Lange http://www.ietf.org/internet-drafts/draft-lange-flexible-bgp-communities-00.txt 16:10-16:20 Wrap Up Received: from trapdoor.merit.edu (postfix@trapdoor.merit.edu [198.108.1.26]) by nic.merit.edu (8.9.3/8.9.1) with ESMTP id CAA02885 for <idr-archive@nic.merit.edu>; Sat, 1 Mar 2003 02:26:38 -0500 (EST) Received: by trapdoor.merit.edu (Postfix) id F1F229120C; Sat, 1 Mar 2003 02:26:17 -0500 (EST) Delivered-To: idr-outgoing@trapdoor.merit.edu Received: by trapdoor.merit.edu (Postfix, from userid 56) id B9A8D91210; Sat, 1 Mar 2003 02:26:16 -0500 (EST) Delivered-To: idr@trapdoor.merit.edu Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id A96FD9120C for <idr@trapdoor.merit.edu>; Sat, 1 Mar 2003 02:26:15 -0500 (EST) Received: by segue.merit.edu (Postfix) id 840FD5DF14; Sat, 1 Mar 2003 02:26:15 -0500 (EST) Delivered-To: idr@merit.edu Received: from nomad.tcb.net (vdsl-151-118-3-177.dnvr.uswest.net [151.118.3.177]) by segue.merit.edu (Postfix) with ESMTP id 581CD5DECD for <idr@merit.edu>; Sat, 1 Mar 2003 02:26:15 -0500 (EST) Received: by nomad.tcb.net (Postfix, from userid 500) id 16C7055F62; Sat, 1 Mar 2003 00:26:10 -0700 (MST) Received: from nomad.tcb.net (localhost [127.0.0.1]) by nomad.tcb.net (Postfix) with ESMTP id 140DB3E83 for <idr@merit.edu>; Sat, 1 Mar 2003 00:26:10 -0700 (MST) X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4 To: idr@merit.edu From: Danny McPherson <danny@tcb.net> Reply-To: danny@tcb.net Subject: Re: Regarding BGP Router ID Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Sat, 01 Mar 2003 00:26:04 -0700 Message-Id: <20030301072610.16C7055F62@nomad.tcb.net> Sender: owner-idr@merit.edu Precedence: bulk > The IBGP peering is between Y & Z. For the VRFs y is attached to, all the > prefixes get advertised to Z with nexthop of Y. Now the point that i am > raising is in the OPEN messages to x and Z, y sends Y which turns out to be > the next hop for the VPNIPv4 prefixes. Hence i said that there is a potential > for security issues in the case of VPNs where we want the prefixes as well > as the nexthops protected. Not sure what your definition of "protected" is, but anyways, there's NO reason the BGP Identifier MUST be associated with any NEXT_HOP (i.e., in your example above there's no requirement that y set the value of the NEXT_HOP to Y when advertising prefixes to x or Z, or even that Y be the BGP Identifier for Y). The draft Enke cited takes this one step further and allows near arbitrary selection of the value, and requires uniqueness only within an AS (or AS Confederation). -danny