Re: [OPSEC] additional documents needing a home...
"Vishwas Manral" <vishwas.ietf@gmail.com> Wed, 01 October 2008 03:13 UTC
Return-Path: <opsec-bounces@ietf.org>
X-Original-To: opsec-archive@optimus.ietf.org
Delivered-To: ietfarch-opsec-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9D43B3A67B6; Tue, 30 Sep 2008 20:13:44 -0700 (PDT)
X-Original-To: opsec@core3.amsl.com
Delivered-To: opsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6FDEB3A67B6 for <opsec@core3.amsl.com>; Tue, 30 Sep 2008 20:13:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.399
X-Spam-Level:
X-Spam-Status: No, score=-2.399 tagged_above=-999 required=5 tests=[AWL=0.200, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z6aIoDbHVT-m for <opsec@core3.amsl.com>; Tue, 30 Sep 2008 20:13:42 -0700 (PDT)
Received: from fg-out-1718.google.com (fg-out-1718.google.com [72.14.220.152]) by core3.amsl.com (Postfix) with ESMTP id BE0E03A68BF for <opsec@ietf.org>; Tue, 30 Sep 2008 20:13:41 -0700 (PDT)
Received: by fg-out-1718.google.com with SMTP id d23so244280fga.41 for <opsec@ietf.org>; Tue, 30 Sep 2008 20:14:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:cc:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=iAS+ijMv6Ae+xa43KAJNSS+30aCZukhaylkPUiDoK4c=; b=I85UaJ2QKqQcICYFmpivb/fEPwXJTTvv01a+CWVLsKsLAAvh4GWW4gDLqaQtuQVJ2z cp2/DVIFVaB9RE8smSLKJ6IbHeVvHOaFihTx1z+qs64pTepIpRTesMmbwjum/yLb7xym Hv2n8Di6n+GbCJHPenk87fjOg1P4S8BaJtYTk=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=BrBJBNVu3sNdSpr4NrAOiTQHaFdSVEwaacgRk5yXFXKULsbSFGiEJ/RX/Dmjo7wzOv 3100uEKo78bZC3Ubkns/TWaRH7IW682JIUsLtZsLQ2ofI5lprBUrpuvtObGu0t9ZhCVR aYGqRaLfFB/Fi7bMHBzVVjPiH8FpYAmaSzXFQ=
Received: by 10.181.16.6 with SMTP id t6mr3615953bki.81.1222830842057; Tue, 30 Sep 2008 20:14:02 -0700 (PDT)
Received: by 10.180.226.2 with HTTP; Tue, 30 Sep 2008 20:14:01 -0700 (PDT)
Message-ID: <77ead0ec0809302014p336614afp433ea8de040713c5@mail.gmail.com>
Date: Wed, 01 Oct 2008 08:44:02 +0530
From: Vishwas Manral <vishwas.ietf@gmail.com>
To: Glen Kent <glen.kent@gmail.com>
In-Reply-To: <92c950310808250646t50c00ce0w8a778dc19c08188b@mail.gmail.com>
MIME-Version: 1.0
Content-Disposition: inline
References: <92c950310808250646t50c00ce0w8a778dc19c08188b@mail.gmail.com>
Cc: opsec@ietf.org
Subject: Re: [OPSEC] additional documents needing a home...
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/opsec>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: opsec-bounces@ietf.org
Errors-To: opsec-bounces@ietf.org
Hi Joel, I wanted to know your opinion of the consensus, and it was for allowing the work in the OPSEC WG? Thanks, Vishwas On 8/25/08, Glen Kent <glen.kent@gmail.com> wrote: > I strongly believe that drafts draft-ietf-rpsec-bgp-session-sec-req > and draft-manral-rpsec-existing-crypto-05 very much belong here in > OPSEC. > > Glen > > ---------- Forwarded message ---------- > From: Joel Jaeggli <joelja@bogus.com> > Date: Thu, Aug 21, 2008 at 6:43 AM > Subject: [OPSEC] additional documents needing a home... > To: opsec wg mailing list <opsec@ietf.org> > > > Folks, > > Dave Ward has proposed adding: > > Michael Behringer's rpsec draft > > http://tools.ietf.org/html/draft-ietf-rpsec-bgp-session-sec-req-01 > > Abstract > > The document "BGP security requirements" (draft-ietf-rpsec-bgpsecrec) > specifies general security requirements for BGP. However, specific > security requirements for single BGP sessions, i.e., the connection > between two BGP peers, are only touched on briefly in the section > "transport layer protection". This document expands on this > particular aspect of BGP security, defining the security requirements > between two BGP peers. > > which as was presented in opsec in ireland > > and > > > http://tools.ietf.org/html/draft-manral-rpsec-existing-crypto-05 > > Abstract > > Routing protocols are designed to use cryptographic mechanisms to > authenticate data being received from a neighboring router to ensure > that it has not been modified in transit, and actually originated > from the neighboring router purporting to have originating the data. > Most of the cryptographic mechanisms defined to date rely on hash > algorithms applied to the data in the routing protocol packet, which > means the data is transported, in the clear, along with a signature > based on the data itself. These mechanisms rely on the manual > configuration of the keys used to seed, or build, these hash based > signatures. This document outlines some of the problems with manual > keying of these cryptographic algorithms. > > > http://tools.ietf.org/html/draft-bhatia-manral-igp-crypto-requirements-00 > > Abstract > > The interior gateway routing protocols OSPFv2 [RFC2328], IS-IS [ISO] > [RFC1195] and RIP [RFC2453] currently define clear text and MD5 > [RFC1321] algorithms for authenticating their protocol packets. There > have recently been documents adding support of the SHA family of hash > algorithms for authenticating routing protocol packets for RIP, IS-IS > and OSPF. > > To ensure interoperability between disparate implementations, it is > imperative that we specify a set of mandatory-to-implement algorithms > thereby ensuring that there is at least one algorithm that all > implementations will have available. > > > > which were not... > > As these document existing practice or problems with existing protocols > I think it is conceivable that this work would fall within our proposed > and soon to be official charter. > > I would like to hear some opinions on the subject. there was some > discussion of the first document during the opsec wg meeting and I > believe that the record shows some support for and against housing it in > opsec. > > thanks > joelja > _______________________________________________ > OPSEC mailing list > OPSEC@ietf.org > https://www.ietf.org/mailman/listinfo/opsec > _______________________________________________ OPSEC mailing list OPSEC@ietf.org https://www.ietf.org/mailman/listinfo/opsec
- [OPSEC] additional documents needing a home... Joel Jaeggli
- Re: [OPSEC] additional documents needing a home... Glen Kent
- Re: [OPSEC] additional documents needing a home... Vishwas Manral
- Re: [OPSEC] additional documents needing a home... Bhatia, Manav (Manav)
- Re: [OPSEC] additional documents needing a home... Bhatia, Manav (Manav)
- Re: [OPSEC] additional documents needing a home... Joel Jaeggli
- Re: [OPSEC] additional documents needing a home... Vishwas Manral
- Re: [OPSEC] additional documents needing a home... Steinthor Bjarnason (sbjarnas)
- [OPSEC] draft-bhatia-manral-igp-crypto-requiremen… Bhatia, Manav (Manav)