Re: [OPSEC] [karp] please review draft-wei-karp-analysis-rp-sa-00.txt
wei.yinxing@zte.com.cn Mon, 12 July 2010 05:55 UTC
Return-Path: <wei.yinxing@zte.com.cn>
X-Original-To: opsec@core3.amsl.com
Delivered-To: opsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8D23B3A6A6E; Sun, 11 Jul 2010 22:55:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -97.26
X-Spam-Level:
X-Spam-Status: No, score=-97.26 tagged_above=-999 required=5 tests=[AWL=-2.825, BAYES_50=0.001, HTML_MESSAGE=0.001, J_CHICKENPOX_27=0.6, MIME_BASE64_TEXT=1.753, MIME_CHARSET_FARAWAY=2.45, RCVD_DOUBLE_IP_LOOSE=0.76, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qogIG4M2XsJf; Sun, 11 Jul 2010 22:55:39 -0700 (PDT)
Received: from mx5.zte.com.cn (mx5.zte.com.cn [63.217.80.70]) by core3.amsl.com (Postfix) with ESMTP id 6E68F3A6A3C; Sun, 11 Jul 2010 22:55:36 -0700 (PDT)
Received: from [10.30.17.99] by mx5.zte.com.cn with surfront esmtp id 552341792907044; Mon, 12 Jul 2010 13:54:24 +0800 (CST)
Received: from [10.30.3.19] by [192.168.168.15] with StormMail ESMTP id 83990.3625207539; Mon, 12 Jul 2010 13:55:15 +0800 (CST)
Received: from notes_smtp.zte.com.cn ([10.30.1.239]) by mse2.zte.com.cn with ESMTP id o6C5sTfT065071; Mon, 12 Jul 2010 13:54:36 +0800 (CST) (envelope-from wei.yinxing@zte.com.cn)
In-Reply-To: <AANLkTikBR6Ib4H1itIrVV0pxqLVZ5U_ngubFgkjNuRD-@mail.gmail.com>
To: Glen Kent <glen.kent@gmail.com>
MIME-Version: 1.0
X-Mailer: Lotus Notes Release 6.5.6 March 06, 2007
Message-ID: <OFFC80FE50.E56EEBC8-ON4825775E.0012B9AE-4825775E.00207204@zte.com.cn>
From: wei.yinxing@zte.com.cn
Date: Mon, 12 Jul 2010 13:54:20 +0800
X-MIMETrack: Serialize by Router on notes_smtp/zte_ltd(Release 6.5.4|March 27, 2005) at 2010-07-12 13:54:29, Serialize complete at 2010-07-12 13:54:29
Content-Type: multipart/alternative; boundary="=_alternative 002072024825775E_="
X-MAIL: mse2.zte.com.cn o6C5sTfT065071
X-Mailman-Approved-At: Mon, 12 Jul 2010 03:16:29 -0700
Cc: opsec wg mailing list <opsec@ietf.org>, karp@ietf.org
Subject: Re: [OPSEC] [karp] please review draft-wei-karp-analysis-rp-sa-00.txt
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/opsec>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Jul 2010 05:55:44 -0000
Hi Glen, Thanks for your comments! The darf we submitted is intended to make contribution to KARP WG. KARP is dedicated to secure the routing protocols' packets on the wire, and defines two main work phases for each routing protocol in its roadmap (please refer to http://datatracker.ietf.org/doc/draft-ietf-karp-design-guide/). In phase I, the work is to enhance the routing protocol's current authentication mechanism without KMP (Key Management Protocol), and includes characterizing RP (Routing Protocol) and gap analysis between current security state and the optimal state of RP. And in phase II, the work is to develop an automated keying framework, and includes KMP analysis and gap analysis between current security state and the optimal state. The work we done in our draft is to analyze the current security state of RP(Routing Protocol), and specifically, we analysis the SA (Security Association) of several RPs, i.e., RIPv2, OSPFv2, ISIS, BFD, and BGP, especially some fields including key identifier, cryptographic algorithm and key, lifetime, and sequence number. Here we call for attention to the diversity of SAs. This issue may play some impacts on the design of karp framework or KMP protocol. This draft may be also helpful for evaluating the vulnerabilities of current RP's security mechanisms. This work can be regarded as a gap analysis in phase I. We think this is the first step before we do the phase I and phase II work. We hope this draft will be helpful to future work in the KARP WG, and would like to hear comments from you all. Best Regards! Wei Glen Kent <glen.kent@gmail.com> 2010-07-11 08:25 收件人 wei.yinxing@zte.com.cn 抄送 opsec wg mailing list <opsec@ietf.org> 主题 Re: [karp] please review draft-wei-karp-analysis-rp-sa-00.txt 2010/7/10 Glen Kent <glen.kent@gmail.com>: > Hi Wei, > > I am not sure i understand the objective and the motivation behind > this draft. Would be really helpful if you could elaborate on that. > > Glen > > 2010/7/10 <wei.yinxing@zte.com.cn>: >> >> Hello, Folks: >> >> A new draft is availiable >> (http://tools.ietf.org/html/draft-wei-karp-analysis-rp-sa-00.txt), the >> abstract is as follows: >> This document analyzes the security associations used by current routing >> protocols, including RIPv2, OSPFv2, ISIS, BFD, and BGP. It also discusses >> the possible methods for the diversity issue of routing protocol security >> association (SA). >> >> Please review it and give us some comments. Your comments are highly >> appreciated. >> >> Best Regards! >> Wei >> >> -------------------------------------------------------- >> ZTE Information Security Notice: The information contained in this mail is solely property of the sender's organization. This mail communication is confidential. Recipients named above are obligated to maintain secrecy and are not permitted to disclose the contents of this communication to others. >> This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the originator of the message. Any views expressed in this message are those of the individual sender. >> This message has been scanned for viruses and Spam by ZTE Anti-Spam system. >> >> _______________________________________________ >> karp mailing list >> karp@ietf.org >> https://www.ietf.org/mailman/listinfo/karp >> >> > -------------------------------------------------------- ZTE Information Security Notice: The information contained in this mail is solely property of the sender's organization. This mail communication is confidential. Recipients named above are obligated to maintain secrecy and are not permitted to disclose the contents of this communication to others. This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the originator of the message. Any views expressed in this message are those of the individual sender. This message has been scanned for viruses and Spam by ZTE Anti-Spam system.