Re: [OPSEC] additional documents needing a home...
"Bhatia, Manav \(Manav\)" <manav@alcatel-lucent.com> Wed, 01 October 2008 04:33 UTC
Return-Path: <opsec-bounces@ietf.org>
X-Original-To: opsec-archive@optimus.ietf.org
Delivered-To: ietfarch-opsec-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 793823A6822; Tue, 30 Sep 2008 21:33:58 -0700 (PDT)
X-Original-To: opsec@core3.amsl.com
Delivered-To: opsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C0F813A688B for <opsec@core3.amsl.com>; Tue, 30 Sep 2008 21:16:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1Cy6p9hlYDqc for <opsec@core3.amsl.com>; Tue, 30 Sep 2008 21:16:09 -0700 (PDT)
Received: from ihemail3.lucent.com (ihemail3.lucent.com [135.245.0.37]) by core3.amsl.com (Postfix) with ESMTP id 9E1093A6822 for <opsec@ietf.org>; Tue, 30 Sep 2008 21:16:09 -0700 (PDT)
Received: from ilexp01.ndc.lucent.com (h135-3-39-1.lucent.com [135.3.39.1]) by ihemail3.lucent.com (8.13.8/IER-o) with ESMTP id m9146B81006812 for <opsec@ietf.org>; Tue, 30 Sep 2008 23:16:29 -0500 (CDT)
Received: from inexp02.in.lucent.com ([135.254.223.66]) by ilexp01.ndc.lucent.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 30 Sep 2008 23:13:48 -0500
Received: from INEXC1U01.in.lucent.com ([135.254.223.26]) by inexp02.in.lucent.com with Microsoft SMTPSVC(6.0.3790.1830); Wed, 1 Oct 2008 09:43:43 +0530
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Date: Wed, 01 Oct 2008 09:43:40 +0530
Message-ID: <6D26D1FE43A66F439F8109CDD424196501ED2F61@INEXC1U01.in.lucent.com>
In-Reply-To: <77ead0ec0809302014p336614afp433ea8de040713c5@mail.gmail.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [OPSEC] additional documents needing a home...
Thread-Index: Ackjc9LWpHTX5MPASlCau095EasFlAACAIwg
References: <92c950310808250646t50c00ce0w8a778dc19c08188b@mail.gmail.com> <77ead0ec0809302014p336614afp433ea8de040713c5@mail.gmail.com>
From: "Bhatia, Manav (Manav)" <manav@alcatel-lucent.com>
To: opsec@ietf.org
X-OriginalArrivalTime: 01 Oct 2008 04:13:43.0670 (UTC) FILETIME=[17A9F160:01C9237C]
X-Scanned-By: MIMEDefang 2.57 on 135.245.2.37
X-Mailman-Approved-At: Tue, 30 Sep 2008 21:33:57 -0700
Subject: Re: [OPSEC] additional documents needing a home...
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/opsec>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: opsec-bounces@ietf.org
Errors-To: opsec-bounces@ietf.org
I support draft-manral-rpsec-existing-crypto-05 and I think OPSEC is the right home for this draft. Cheers, Manav > -----Original Message----- > From: opsec-bounces@ietf.org [mailto:opsec-bounces@ietf.org] > On Behalf Of Vishwas Manral > Sent: Wednesday, October 01, 2008 8.44 AM > To: Glen Kent > Cc: opsec@ietf.org > Subject: Re: [OPSEC] additional documents needing a home... > > Hi Joel, > > I wanted to know your opinion of the consensus, and it was for > allowing the work in the OPSEC WG? > > Thanks, > Vishwas > > On 8/25/08, Glen Kent <glen.kent@gmail.com> wrote: > > I strongly believe that drafts draft-ietf-rpsec-bgp-session-sec-req > > and draft-manral-rpsec-existing-crypto-05 very much belong here in > > OPSEC. > > > > Glen > > > > ---------- Forwarded message ---------- > > From: Joel Jaeggli <joelja@bogus.com> > > Date: Thu, Aug 21, 2008 at 6:43 AM > > Subject: [OPSEC] additional documents needing a home... > > To: opsec wg mailing list <opsec@ietf.org> > > > > > > Folks, > > > > Dave Ward has proposed adding: > > > > Michael Behringer's rpsec draft > > > > http://tools.ietf.org/html/draft-ietf-rpsec-bgp-session-sec-req-01 > > > > Abstract > > > > The document "BGP security requirements" > (draft-ietf-rpsec-bgpsecrec) > > specifies general security requirements for BGP. > However, specific > > security requirements for single BGP sessions, i.e., the > connection > > between two BGP peers, are only touched on briefly in the section > > "transport layer protection". This document expands on this > > particular aspect of BGP security, defining the security > requirements > > between two BGP peers. > > > > which as was presented in opsec in ireland > > > > and > > > > > > http://tools.ietf.org/html/draft-manral-rpsec-existing-crypto-05 > > > > Abstract > > > > Routing protocols are designed to use cryptographic mechanisms to > > authenticate data being received from a neighboring > router to ensure > > that it has not been modified in transit, and actually originated > > from the neighboring router purporting to have > originating the data. > > Most of the cryptographic mechanisms defined to date rely on hash > > algorithms applied to the data in the routing protocol > packet, which > > means the data is transported, in the clear, along with a > signature > > based on the data itself. These mechanisms rely on the manual > > configuration of the keys used to seed, or build, these hash based > > signatures. This document outlines some of the problems > with manual > > keying of these cryptographic algorithms. > > > > > > > http://tools.ietf.org/html/draft-bhatia-manral-igp-crypto-requ > irements-00 > > > > Abstract > > > > The interior gateway routing protocols OSPFv2 [RFC2328], > IS-IS [ISO] > > [RFC1195] and RIP [RFC2453] currently define clear text and MD5 > > [RFC1321] algorithms for authenticating their protocol > packets. There > > have recently been documents adding support of the SHA > family of hash > > algorithms for authenticating routing protocol packets > for RIP, IS-IS > > and OSPF. > > > > To ensure interoperability between disparate > implementations, it is > > imperative that we specify a set of > mandatory-to-implement algorithms > > thereby ensuring that there is at least one algorithm that all > > implementations will have available. > > > > > > > > which were not... > > > > As these document existing practice or problems with > existing protocols > > I think it is conceivable that this work would fall within > our proposed > > and soon to be official charter. > > > > I would like to hear some opinions on the subject. there was some > > discussion of the first document during the opsec wg meeting and I > > believe that the record shows some support for and against > housing it in > > opsec. > > > > thanks > > joelja > > _______________________________________________ > > OPSEC mailing list > > OPSEC@ietf.org > > https://www.ietf.org/mailman/listinfo/opsec > > > _______________________________________________ > OPSEC mailing list > OPSEC@ietf.org > https://www.ietf.org/mailman/listinfo/opsec > _______________________________________________ OPSEC mailing list OPSEC@ietf.org https://www.ietf.org/mailman/listinfo/opsec
- [OPSEC] additional documents needing a home... Joel Jaeggli
- Re: [OPSEC] additional documents needing a home... Glen Kent
- Re: [OPSEC] additional documents needing a home... Vishwas Manral
- Re: [OPSEC] additional documents needing a home... Bhatia, Manav (Manav)
- Re: [OPSEC] additional documents needing a home... Bhatia, Manav (Manav)
- Re: [OPSEC] additional documents needing a home... Joel Jaeggli
- Re: [OPSEC] additional documents needing a home... Vishwas Manral
- Re: [OPSEC] additional documents needing a home... Steinthor Bjarnason (sbjarnas)
- [OPSEC] draft-bhatia-manral-igp-crypto-requiremen… Bhatia, Manav (Manav)