Re: [karp] Fwd: New Version Notification fordraft-mahesh-bgp-ldp-msdp-analysis-00

[Mahesh Jethanandani <mahesh@cisco.com>]

Manav,

Thanks for reading the draft and providing your feedback.

On 3/29/11 5:45 AM, Bhatia, Manav (Manav) wrote:
>
> Hi Mahesh,
>
> I quickly looked at the document and couldn't find the gap analysis 
> that this document promises to provide in the Introduction.
>
> I was expecting some text saying that "while we have TCP-AO for BGP, 
> there still are the following issues that exist with BGP .. blah blah" 
> - I couldn't find any such text. In fact, I am not even sure I 
> understand the gaps that you want the WG to look at.
>
Our analysis found that from a protocol perspective LDP was the one that 
was vulnerable at the discovery time. For that there is a draft being 
presented at the meeting on Fri. And we will refer to it in our next 
version of the draft.
>
>
> Further when doing gap analysis in sec 4 you state the following in 
> your document:
>
> "The session layer that runs on TCP needs to protect itself by running 
> TCP LISTEN only on interfaces on which its peers have been discovered 
> or that are configured to expect sessions on."
>
> I am a little confused with this - How would BGP know which interface 
> to expect a TCP packet from for its IBGP peer that's peering using the 
> loopback IP address?
>
That was written with eBGP in mind. Will update the draft.
>
>
> Further you say that BGP, LDP, etc are vulnerable to spoofing and MITM 
> attacks. Can you explain how this can happen when these use TCP-AO?
>
You are right in pointing out that the protocols will not be subject to 
these attacks if using TCP-AO. In that sense it is more a observation of 
the current implementations (that do not use TCP-AO) than on where the 
standards are. We can remove that.
>
>
> ________________________________
>
>         From: karp-bounces@ietf.org [mailto:karp-bounces@ietf.org] On 
> Behalf Of Mahesh Jethanandani
>         Sent: Tuesday, March 01, 2011 9.11 AM
>         To: karp@ietf.org
>         Cc: Keyur Patel
>         Subject: [karp] Fwd: New Version Notification for 
> draft-mahesh-bgp-ldp-msdp-analysis-00
>
>
>         The authors have submitted a draft that does a analysis of the 
> current state of the three routing protocols per the karp analysis 
> guide. Please review the draft and provide comments on it.
>
>         Thanks.
>
>         --mj
>
>         -------- Original Message --------
>
>
>
>
>         A new version of I-D, 
> draft-mahesh-bgp-ldp-msdp-analysis-00.txt has been successfully 
> submitted by Mahesh Jethanandani and posted to the IETF repository.
>
>         Filename:        draft-mahesh-bgp-ldp-msdp-analysis
>         Revision:        00
>         Title:           Analysis of BGP, LDP and MSDP Security 
> According to KARP Design Guide
>         Creation_date:   2011-02-25
>         WG ID:           Independent Submission
>         Number_of_pages: 13
>
>         Abstract:
>         This document analyzes BGP, LDP and MSDP according to 
> guidelines set
>         forth in section 4.2 of [draft-ietf-karp-design-guide].
>
>
>
>         The IETF Secretariat.
>
>
>
>