[OPSEC] additional documents needing a home...
Joel Jaeggli <joelja@bogus.com> Thu, 21 August 2008 01:13 UTC
Return-Path: <opsec-bounces@ietf.org>
X-Original-To: opsec-archive@optimus.ietf.org
Delivered-To: ietfarch-opsec-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 16D7C3A6908; Wed, 20 Aug 2008 18:13:30 -0700 (PDT)
X-Original-To: opsec@core3.amsl.com
Delivered-To: opsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 73E9A3A692D for <opsec@core3.amsl.com>; Wed, 20 Aug 2008 18:13:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aU7X4aRnYKFm for <opsec@core3.amsl.com>; Wed, 20 Aug 2008 18:13:27 -0700 (PDT)
Received: from nagasaki.bogus.com (nagasaki.bogus.com [IPv6:2001:418:1::81]) by core3.amsl.com (Postfix) with ESMTP id 66D403A6452 for <opsec@ietf.org>; Wed, 20 Aug 2008 18:13:27 -0700 (PDT)
Received: from [192.103.16.227] ([192.103.16.227]) (authenticated bits=0) by nagasaki.bogus.com (8.14.2/8.14.2) with ESMTP id m7L1DXkw077855 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for <opsec@ietf.org>; Thu, 21 Aug 2008 01:13:34 GMT (envelope-from joelja@bogus.com)
Message-ID: <48ACC127.2040507@bogus.com>
Date: Wed, 20 Aug 2008 18:13:11 -0700
From: Joel Jaeggli <joelja@bogus.com>
User-Agent: Thunderbird 2.0.0.16 (X11/20080723)
MIME-Version: 1.0
To: opsec wg mailing list <opsec@ietf.org>
X-Enigmail-Version: 0.95.7
X-Virus-Scanned: ClamAV 0.93.1/8061/Thu Aug 21 00:00:17 2008 on nagasaki.bogus.com
X-Virus-Status: Clean
Subject: [OPSEC] additional documents needing a home...
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/opsec>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: opsec-bounces@ietf.org
Errors-To: opsec-bounces@ietf.org
Folks, Dave Ward has proposed adding: Michael Behringer's rpsec draft http://tools.ietf.org/html/draft-ietf-rpsec-bgp-session-sec-req-01 Abstract The document "BGP security requirements" (draft-ietf-rpsec-bgpsecrec) specifies general security requirements for BGP. However, specific security requirements for single BGP sessions, i.e., the connection between two BGP peers, are only touched on briefly in the section "transport layer protection". This document expands on this particular aspect of BGP security, defining the security requirements between two BGP peers. which as was presented in opsec in ireland and http://tools.ietf.org/html/draft-manral-rpsec-existing-crypto-05 Abstract Routing protocols are designed to use cryptographic mechanisms to authenticate data being received from a neighboring router to ensure that it has not been modified in transit, and actually originated from the neighboring router purporting to have originating the data. Most of the cryptographic mechanisms defined to date rely on hash algorithms applied to the data in the routing protocol packet, which means the data is transported, in the clear, along with a signature based on the data itself. These mechanisms rely on the manual configuration of the keys used to seed, or build, these hash based signatures. This document outlines some of the problems with manual keying of these cryptographic algorithms. http://tools.ietf.org/html/draft-bhatia-manral-igp-crypto-requirements-00 Abstract The interior gateway routing protocols OSPFv2 [RFC2328], IS-IS [ISO] [RFC1195] and RIP [RFC2453] currently define clear text and MD5 [RFC1321] algorithms for authenticating their protocol packets. There have recently been documents adding support of the SHA family of hash algorithms for authenticating routing protocol packets for RIP, IS-IS and OSPF. To ensure interoperability between disparate implementations, it is imperative that we specify a set of mandatory-to-implement algorithms thereby ensuring that there is at least one algorithm that all implementations will have available. which were not... As these document existing practice or problems with existing protocols I think it is conceivable that this work would fall within our proposed and soon to be official charter. I would like to hear some opinions on the subject. there was some discussion of the first document during the opsec wg meeting and I believe that the record shows some support for and against housing it in opsec. thanks joelja _______________________________________________ OPSEC mailing list OPSEC@ietf.org https://www.ietf.org/mailman/listinfo/opsec
- [OPSEC] additional documents needing a home... Joel Jaeggli
- Re: [OPSEC] additional documents needing a home... Glen Kent
- Re: [OPSEC] additional documents needing a home... Vishwas Manral
- Re: [OPSEC] additional documents needing a home... Bhatia, Manav (Manav)
- Re: [OPSEC] additional documents needing a home... Bhatia, Manav (Manav)
- Re: [OPSEC] additional documents needing a home... Joel Jaeggli
- Re: [OPSEC] additional documents needing a home... Vishwas Manral
- Re: [OPSEC] additional documents needing a home... Steinthor Bjarnason (sbjarnas)
- [OPSEC] draft-bhatia-manral-igp-crypto-requiremen… Bhatia, Manav (Manav)