Re: [karp] 回复:Re: Fwd: New Version Notification fordraft-mahesh-bgp-ldp-msdp-analysis-00
"Bhatia, Manav (Manav)" <manav.bhatia@alcatel-lucent.com> Wed, 30 March 2011 12:23 UTC
Return-Path: <manav.bhatia@alcatel-lucent.com>
X-Original-To: karp@core3.amsl.com
Delivered-To: karp@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7621628C130 for <karp@core3.amsl.com>; Wed, 30 Mar 2011 05:23:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[AWL=-4.895, BAYES_00=-2.599, CHARSET_FARAWAY_HEADER=3.2, CN_BODY_35=0.339, MIME_8BIT_HEADER=0.3, MIME_BASE64_TEXT=1.753, MIME_CHARSET_FARAWAY=2.45, RCVD_IN_DNSWL_MED=-4, SARE_SUB_ENC_GB2312=1.345]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W+4wOZuUO6xi for <karp@core3.amsl.com>; Wed, 30 Mar 2011 05:23:30 -0700 (PDT)
Received: from ihemail1.lucent.com (ihemail1.lucent.com [135.245.0.33]) by core3.amsl.com (Postfix) with ESMTP id 976763A683E for <karp@ietf.org>; Wed, 30 Mar 2011 05:23:30 -0700 (PDT)
Received: from inbansmailrelay1.in.alcatel-lucent.com (h135-250-11-31.lucent.com [135.250.11.31]) by ihemail1.lucent.com (8.13.8/IER-o) with ESMTP id p2UCOvWp026001 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Wed, 30 Mar 2011 07:25:00 -0500 (CDT)
Received: from INBANSXCHHUB01.in.alcatel-lucent.com (inbansxchhub01.in.alcatel-lucent.com [135.250.12.32]) by inbansmailrelay1.in.alcatel-lucent.com (8.14.3/8.14.3/GMO) with ESMTP id p2UCOuEi001639 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NOT); Wed, 30 Mar 2011 17:54:56 +0530
Received: from INBANSXCHMBSA1.in.alcatel-lucent.com ([135.250.12.50]) by INBANSXCHHUB01.in.alcatel-lucent.com ([135.250.12.32]) with mapi; Wed, 30 Mar 2011 17:54:56 +0530
From: "Bhatia, Manav (Manav)" <manav.bhatia@alcatel-lucent.com>
To: zhenglianshu 50128 <verozheng@huawei.com>
Date: Wed, 30 Mar 2011 17:54:54 +0530
Thread-Topic: 回复:Re: [karp] Fwd: New Version Notification fordraft-mahesh-bgp-ldp-msdp-analysis-00
Thread-Index: Acvu1N88LS0WgZJKRH22gtnerTK5YQAAFfvw
Message-ID: <7C362EEF9C7896468B36C9B79200D8350CFCF66B04@INBANSXCHMBSA1.in.alcatel-lucent.com>
References: <4D6C6AD4.2070408@cisco.com> <7C362EEF9C7896468B36C9B79200D8350CFCF668BE@INBANSXCHMBSA1.in.alcatel-lucent.com> <4D9313F6.4040400@cisco.com> <fa30da664604.4604fa30da66@huawei.com>
In-Reply-To: <fa30da664604.4604fa30da66@huawei.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="gb2312"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.57 on 135.245.2.33
Cc: "Keyur Patel (keyupate)" <keyupate@cisco.com>, "mach.chen@huawei.com" <mach.chen@huawei.com>, "karp@ietf.org" <karp@ietf.org>
Subject: Re: [karp] 回复:Re: Fwd: New Version Notification fordraft-mahesh-bgp-ldp-msdp-analysis-00
X-BeenThere: karp@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion list for key management for routing and transport protocols <karp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/karp>, <mailto:karp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/karp>
List-Post: <mailto:karp@ietf.org>
List-Help: <mailto:karp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/karp>, <mailto:karp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Mar 2011 12:23:34 -0000
Vero, If you look at Section 4, then this particular statement about BGP, LDP being vulnerable to spoofing and MITM was made in context of TCP, and thus my comment. Cheers, Manav > -----Original Message----- > From: zhenglianshu 50128 [mailto:verozheng@huawei.com] > Sent: Wednesday, March 30, 2011 5.50 PM > To: Bhatia, Manav (Manav) > Cc: Mahesh Jethanandani; Keyur Patel (keyupate); > karp@ietf.org; mach.chen@huawei.com > Subject: 回复:Re: [karp] Fwd: New Version Notification > fordraft-mahesh-bgp-ldp-msdp-analysis-00 > > Further you say that BGP, LDP, etc are vulnerable to spoofing > and MITM attacks. Can you explain how this can happen when > these use TCP-AO? > > Vero-> Established LDP session could be tore down by spoofed > Hello, by specifying a smaller Hold Time or changing the > Transport Address. > > TCP-AO do not help since LDP Hello messages are sent using UDP. > > draft-zheng-mpls-ldp-hello-crypto-auth-01decribes this > problem and introduces a new Cryptographic Authentication > TLV. I will present it on Friday, comments are welcome. > > > > > > > > ----- 原邮件 ----- > 发件人: Mahesh Jethanandani <mahesh@cisco.com> > 日期: 星期三, 三月 30日, 2011 下午1:27 > 主题: Re: [karp] Fwd: New Version Notification > fordraft-mahesh-bgp-ldp-msdp-analysis-00 > 收件人: "Bhatia, Manav (Manav)" <manav.bhatia@alcatel-lucent.com> > 抄送: "Keyur Patel (keyupate)" <keyupate@cisco.com>, karp@ietf.org > > > Manav, > > > > Thanks for reading the draft and providing your feedback. > > > > On 3/29/11 5:45 AM, Bhatia, Manav (Manav) wrote: > > > > > > Hi Mahesh, > > > > > > I quickly looked at the document and couldn't find the gap > > analysis > > > that this document promises to provide in the Introduction. > > > > > > I was expecting some text saying that "while we have TCP-AO for > > BGP, > > > there still are the following issues that exist with BGP .. blah > > blah" > > > - I couldn't find any such text. In fact, I am not even sure I > > > understand the gaps that you want the WG to look at. > > > > > Our analysis found that from a protocol perspective LDP was the one > > that > > was vulnerable at the discovery time. For that there is a draft > > being > > presented at the meeting on Fri. And we will refer to it in our > > next > > version of the draft. > > > > > > > > > Further when doing gap analysis in sec 4 you state the following > > in > > > your document: > > > > > > "The session layer that runs on TCP needs to protect itself by > > running > > > TCP LISTEN only on interfaces on which its peers have been > > discovered > > > or that are configured to expect sessions on." > > > > > > I am a little confused with this - How would BGP know which > > interface > > > to expect a TCP packet from for its IBGP peer that's peering > > using the > > > loopback IP address? > > > > > That was written with eBGP in mind. Will update the draft. > > > > > > > > > Further you say that BGP, LDP, etc are vulnerable to spoofing and > > MITM > > > attacks. Can you explain how this can happen when these > use TCP-AO? > > > > > You are right in pointing out that the protocols will not be > > subject to > > these attacks if using TCP-AO. In that sense it is more a > > observation of > > the current implementations (that do not use TCP-AO) than on where > > the > > standards are. We can remove that. > > > > > > > > > ________________________________ > > > > > > From: karp-bounces@ietf.org [mailto:karp- > > bounces@ietf.org] On > > > Behalf Of Mahesh Jethanandani > > > Sent: Tuesday, March 01, 2011 9.11 AM > > > To: karp@ietf.org > > > Cc: Keyur Patel > > > Subject: [karp] Fwd: New Version Notification for > > > draft-mahesh-bgp-ldp-msdp-analysis-00 > > > > > > > > > The authors have submitted a draft that does a analysis > > of the > > > current state of the three routing protocols per the karp > > analysis > > > guide. Please review the draft and provide comments on it. > > > > > > Thanks. > > > > > > --mj > > > > > > -------- Original Message -------- > > > > > > > > > > > > > > > A new version of I-D, > > > draft-mahesh-bgp-ldp-msdp-analysis-00.txt has been successfully > > > submitted by Mahesh Jethanandani and posted to the IETF > repository. > > > > > > Filename: draft-mahesh-bgp-ldp-msdp-analysis > > > Revision: 00 > > > Title: Analysis of BGP, LDP and MSDP Security > > > According to KARP Design Guide > > > Creation_date: 2011-02-25 > > > WG ID: Independent Submission > > > Number_of_pages: 13 > > > > > > Abstract: > > > This document analyzes BGP, LDP and MSDP according to > > > guidelines set > > > forth in section 4.2 of [draft-ietf-karp-design-guide]. > > > > > > > > > > > > The IETF Secretariat. > > > > > > > > > > > > > > >
- [karp] Fwd: New Version Notification for draft-ma… Mahesh Jethanandani
- Re: [karp] Fwd: New Version Notification for draf… Bhatia, Manav (Manav)
- Re: [karp] Fwd: New Version Notification fordraft… Mahesh Jethanandani
- Re: [karp] 回复:Re: Fwd: New Version Notification f… Bhatia, Manav (Manav)