IETF Logo Mail Archive

RE: [RPSEC] BGP Security Requirements v08

"Barry Greene \(bgreene\)" <bgreene@cisco.com> Fri, 13 July 2007 14:40 UTC

Return-path: <rpsec-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1I9MKJ-0006hA-Am; Fri, 13 Jul 2007 10:40:59 -0400
Received: from rpsec by megatron.ietf.org with local (Exim 4.43) id 1I9MKH-0006gz-DE for rpsec-confirm+ok@megatron.ietf.org; Fri, 13 Jul 2007 10:40:57 -0400
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1I9MKH-0006gr-1B for rpsec@ietf.org; Fri, 13 Jul 2007 10:40:57 -0400
Received: from sj-iport-1-in.cisco.com ([171.71.176.70] helo=sj-iport-1.cisco.com) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1I9MKG-0004CB-Mz for rpsec@ietf.org; Fri, 13 Jul 2007 10:40:56 -0400
Received: from sj-dkim-2.cisco.com ([171.71.179.186]) by sj-iport-1.cisco.com with ESMTP; 13 Jul 2007 07:40:47 -0700
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Ao8CAGMrl0arR7O6/2dsb2JhbAA
X-IronPort-AV: i="4.16,537,1175497200"; d="scan'208"; a="8414650:sNHT91231530"
Received: from sj-core-5.cisco.com (sj-core-5.cisco.com [171.71.177.238]) by sj-dkim-2.cisco.com (8.12.11/8.12.11) with ESMTP id l6DEel0s023530; Fri, 13 Jul 2007 07:40:47 -0700
Received: from xbh-sjc-211.amer.cisco.com (xbh-sjc-211.cisco.com [171.70.151.144]) by sj-core-5.cisco.com (8.12.10/8.12.6) with ESMTP id l6DEXul6025852; Fri, 13 Jul 2007 14:40:43 GMT
Received: from xmb-sjc-227.amer.cisco.com ([128.107.191.43]) by xbh-sjc-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Fri, 13 Jul 2007 07:40:08 -0700
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [RPSEC] BGP Security Requirements v08
Date: Fri, 13 Jul 2007 07:40:07 -0700
Message-ID: <C35ADD020AEBD04383C1F7F644227FDF04028C86@xmb-sjc-227.amer.cisco.com>
In-Reply-To: <4697224A.5050901@isi.edu>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [RPSEC] BGP Security Requirements v08
Thread-Index: AcfFG04vIBmkI8ciRqKHa4JTbLeX0AAPcLnA
References: <200707130405.l6D45ZQa081057@harbor.brookfield.occnc.com> <4697224A.5050901@isi.edu>
From: "Barry Greene \(bgreene\)" <bgreene@cisco.com>
To: "Joe Touch" <touch@ISI.EDU>, <curtis@occnc.com>
X-OriginalArrivalTime: 13 Jul 2007 14:40:08.0337 (UTC) FILETIME=[B5A28010:01C7C55B]
DKIM-Signature: v=0.5; a=rsa-sha256; q=dns/txt; l=1527; t=1184337647; x=1185201647; c=relaxed/simple; s=sjdkim2002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=bgreene@cisco.com; z=From:=20=22Barry=20Greene=20\(bgreene\)=22=20<bgreene@cisco.com> |Subject:=20RE=3A=20[RPSEC]=20BGP=20Security=20Requirements=20v08 |Sender:=20; bh=EJG2UGeF1kGj9W7Bc+xyHaWgRiqdF9WNVCsUNP6C5ho=; b=xir5uOSAyvmULeVtGb9UTMDvvODt71CdbrP/mleXTzp0YVKtxfAnYfPpK5bkQBG4VzkIe0Go v9FNhfqkFVqSoZAes0NsA131KHSeMCG7pa7xf5GWNrs3xIfGF675Fu6h;
Authentication-Results: sj-dkim-2; header.From=bgreene@cisco.com; dkim=pass ( sig from cisco.com/sjdkim2002 verified; );
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 0ddefe323dd869ab027dbfff7eff0465
Cc: rpsec@ietf.org, Tony Tauber <ttauber@1-4-5.net>
X-BeenThere: rpsec@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Routing Protocol Security Requirements <rpsec.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/rpsec>, <mailto:rpsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/rpsec>
List-Post: <mailto:rpsec@ietf.org>
List-Help: <mailto:rpsec-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/rpsec>, <mailto:rpsec-request@ietf.org?subject=subscribe>
Errors-To: rpsec-bounces@ietf.org

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In the last draft it was pretty clear.  

> -----Original Message-----
> From: Joe Touch [mailto:touch@ISI.EDU] 
> Sent: Thursday, July 12, 2007 11:57 PM
> To: curtis@occnc.com
> Cc: rpsec@ietf.org; Tony Tauber
> Subject: Re: [RPSEC] BGP Security Requirements v08
> 
> 
> 
> Curtis Villamizar wrote:
> ...
> > GTSM is very effective in protecting against certain high volume 
> > attacks that would cripple infrastructure protected by 
> cryptographic 
> > means alone.  From a practical standpoint GTSM used alone may be 
> > inadequate as a solution (though some ISPs might contest even
> > that)  but it is a required part of any solution in an ISP
> > environment.  
> > 
> > Curtis
> 
> I agree that DOS attacks benefit from protections that help 
> reduce the impact of attack traffic; GTSM falls into that 
> category - it's clearly a useful part of a DOS solution, but 
> DOS protection isn't cryptographic protection. The bulk of 
> the BGP security requirements document focuses on 
> cryptographic issues - not DOS protection. It's worth noting 
> the difference, but not lumping the solutions together.
> 
> Joe
> 
> --
> ----------------------------------------
> Joe Touch
> Sr. Network Engineer, USAF TSAT Space Segment
> 

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQA/AwUBRpeKdb/UEA/xivvmEQIL1ACfbKLE8p52y8WgllMN5PWSbQejFRAAniRu
8F1H0PBJEgFTMnAGx2cch1tg
=XqpD
-----END PGP SIGNATURE-----


_______________________________________________
RPSEC mailing list
RPSEC@ietf.org
https://www1.ietf.org/mailman/listinfo/rpsec

v2.8.7 | Report a Bug | By Email