IETF Logo Mail Archive

Re: [RPSEC] BGP Security Requirements v08

Curtis Villamizar <curtis@occnc.com> Tue, 17 July 2007 15:00 UTC

Return-path: <rpsec-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IAoXn-0002hy-Vf; Tue, 17 Jul 2007 11:00:55 -0400
Received: from rpsec by megatron.ietf.org with local (Exim 4.43) id 1IAoXm-0002bE-I1 for rpsec-confirm+ok@megatron.ietf.org; Tue, 17 Jul 2007 11:00:54 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IAoXm-0002Zq-76 for rpsec@ietf.org; Tue, 17 Jul 2007 11:00:54 -0400
Received: from 69.37.59.172.adsl.snet.net ([69.37.59.172] helo=harbor.brookfield.occnc.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IAoXj-0002ko-QA for rpsec@ietf.org; Tue, 17 Jul 2007 11:00:54 -0400
Received: from harbor.brookfield.occnc.com (harbor.brookfield.occnc.com [69.37.59.172]) by harbor.brookfield.occnc.com (8.13.6/8.13.6) with ESMTP id l6HF0iEx090863; Tue, 17 Jul 2007 11:00:44 -0400 (EDT) (envelope-from curtis@harbor.brookfield.occnc.com)
Message-Id: <200707171500.l6HF0iEx090863@harbor.brookfield.occnc.com>
To: "Michael H. Behringer" <mbehring@cisco.com>
From: Curtis Villamizar <curtis@occnc.com>
Subject: Re: [RPSEC] BGP Security Requirements v08
In-reply-to: Your message of "Mon, 16 Jul 2007 18:33:30 +0200." <XFE-AMS-332SA1XvpFV00000073@xfe-ams-332.cisco.com>
Date: Tue, 17 Jul 2007 11:00:43 -0400
X-Spam-Score: 0.1 (/)
X-Scan-Signature: 538aad3a3c4f01d8b6a6477ca4248793
Cc: rpsec@ietf.org, dward@cisco.com, Sandy Murphy <sandy@tislabs.com>, rcallon@juniper.net, psavola@funet.fi, Russ White <riw@cisco.com>
X-BeenThere: rpsec@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: curtis@occnc.com
List-Id: Routing Protocol Security Requirements <rpsec.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/rpsec>, <mailto:rpsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/rpsec>
List-Post: <mailto:rpsec@ietf.org>
List-Help: <mailto:rpsec-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/rpsec>, <mailto:rpsec-request@ietf.org?subject=subscribe>
Errors-To: rpsec-bounces@ietf.org

In message <XFE-AMS-332SA1XvpFV00000073@xfe-ams-332.cisco.com>
"Michael H. Behringer" writes:
>  
> [Just back from vacation today, so I missed the earlier discussion.]
>  
> Just as a reminder where I was coming from with my draft
> http://www.ietf.org/internet-drafts/draft-behringer-bgp-session-sec-req-01.txt:
> This was directly taken from a to-do-list from Russ, specifying that
> the WG needs to work on the point-to-point security requirements of
> BGP speakers:
>  
> At 15:37 06/01/2007, Russ White wrote:
> [...]
> >o P-2-P security requirements for BGP: This was to provide some cover
> >and thinking on the various TCP auth mechanisms to replace MD5 that are
> >currently being considered. We need, I believe, a volunteer to
> >author/edit this, and get it moving.
> [...]
>  
> I request (again) that my draft be accepted as a WG item, after all
> it's taken from the WG's to-do list ;-)


IMO this should be a WG item.


> The problem space of draft-behringer-bgp-session-sec-req-01 is
> significantly smaller than that of draft-ietf-rpsec-bgpsecrec-08; I
> can see this work remaining independent, but I can also see it merged
> with draft-ietf-rpsec-bgpsecrec-08. My current preference is to keep
> it standalone, since it's problem space is nicely small and
> well-defined. But I have no strong views either way. I guess we should
> discuss this in Chicago.


Since the requirements are those that the ISPs have been working from
for over a decade, it is likely that we will arrive at agreement on what
those requirements are within a reasonable amount of time.  Then
draft-ietf-rpsec-bgpsecrec can reference bgp-session-sec-req and we
can put to end any discussion on rpsec-bgpsecrec being incomplete due
to failure to acknowledge these requirements.


> BTW, I have received a number of emails with feedback which I have not
> yet incorporated into the draft, due to time constraints. Apologies
> for that. Will happen after the IETF.
>  
> See you all next week, 
> Michael


Curtis


_______________________________________________
RPSEC mailing list
RPSEC@ietf.org
https://www1.ietf.org/mailman/listinfo/rpsec

v2.8.7 | Report a Bug | By Email