Re: [RPSEC] BGP Security Requirements v08
Curtis Villamizar <curtis@occnc.com> Fri, 20 July 2007 02:40 UTC
Return-path: <rpsec-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com)
by megatron.ietf.org with esmtp (Exim 4.43)
id 1IBiPx-0007vi-OC; Thu, 19 Jul 2007 22:40:33 -0400
Received: from rpsec by megatron.ietf.org with local (Exim 4.43)
id 1IBiPw-0007uE-Bb
for rpsec-confirm+ok@megatron.ietf.org; Thu, 19 Jul 2007 22:40:32 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org)
by megatron.ietf.org with esmtp (Exim 4.43) id 1IBiPv-0007tb-W0
for rpsec@ietf.org; Thu, 19 Jul 2007 22:40:31 -0400
Received: from 69.37.59.172.adsl.snet.net ([69.37.59.172]
helo=harbor.brookfield.occnc.com)
by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IBiPu-0002Jv-HS
for rpsec@ietf.org; Thu, 19 Jul 2007 22:40:31 -0400
Received: from harbor.brookfield.occnc.com (harbor.brookfield.occnc.com
[69.37.59.172])
by harbor.brookfield.occnc.com (8.13.6/8.13.6) with ESMTP id
l6K2f7w6055015; Thu, 19 Jul 2007 22:41:07 -0400 (EDT)
(envelope-from curtis@harbor.brookfield.occnc.com)
Message-Id: <200707200241.l6K2f7w6055015@harbor.brookfield.occnc.com>
To: Stephen Kent <kent@bbn.com>
From: Curtis Villamizar <curtis@occnc.com>
Subject: Re: [RPSEC] BGP Security Requirements v08
In-reply-to: Your message of "Thu, 19 Jul 2007 14:44:50 EDT."
<p06240504c2c52a6ee09d@[128.89.89.71]>
Date: Thu, 19 Jul 2007 22:41:07 -0400
X-Spam-Score: 1.7 (+)
X-Scan-Signature: 8b30eb7682a596edff707698f4a80f7d
Cc: rpsec@ietf.org, Russ White <riw@cisco.com>
X-BeenThere: rpsec@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: curtis@occnc.com
List-Id: Routing Protocol Security Requirements <rpsec.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/rpsec>,
<mailto:rpsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/rpsec>
List-Post: <mailto:rpsec@ietf.org>
List-Help: <mailto:rpsec-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/rpsec>,
<mailto:rpsec-request@ietf.org?subject=subscribe>
Errors-To: rpsec-bounces@ietf.org
In message <p06240504c2c52a6ee09d@[128.89.89.71]> Stephen Kent writes: > > A common theme in your comments is "practial [sic] and deployable." > There's nothing wrong with those goals, although I would add "secure" > as well :-). The problem, of course, is getting agreement on what > constitutes practical, deployable, and secure. > > Steve Practical and deployable should be goals if we want to see something deployed. Secure where there is no portion of the path containing non-participant AS should be a goal. Providing indication of better confidence with certain semi-trusted non-participant AS in the path should be a goal. Regarding Russ' comments: OOB is not excluded but any OOB solution must meet requirements regarding AS Path, not just origin AS. Do we have agreement? Curtis ps - If you are talking about general DDoS attacks, providers knew this was possible. They would rather see Bill Gates hung for providing the insecure OS that made DDoS bots so easy to implement. The point was that not much can be done from the provider's standpoint for DDoS to end sites. Now if the Feds confiscated PCs involved in attacks, spam, etc, sent the PCs back to the supplier to apply patches, returned the PCs, and sent the bill for the investigation to the OS vendor, we'd have the problems all solved. :-) Users of free or homegrown OS would have to apply patches themselved before bringing computers online again. [No chance of this happenning - just a dream.] _______________________________________________ RPSEC mailing list RPSEC@ietf.org https://www1.ietf.org/mailman/listinfo/rpsec
- [RPSEC] BGP Security Requirements v08 Tony Tauber
- Re: [RPSEC] BGP Security Requirements v08 Stephen Kent
- Re: [RPSEC] BGP Security Requirements v08 Tony Tauber
- Re: [RPSEC] BGP Security Requirements v08 Sandy Murphy
- Re: [RPSEC] BGP Security Requirements v08 Stephen Kent
- Re: [RPSEC] BGP Security Requirements v08 Stephen Kent
- Re: [RPSEC] BGP Security Requirements v08 Russ White
- Re: [RPSEC] BGP Security Requirements v08 Russ White
- Re: [RPSEC] BGP Security Requirements v08 Joe Touch
- RE: [RPSEC] BGP Security Requirements v08 Barry Greene (bgreene)
- Re: [RPSEC] BGP Security Requirements v08 Tony Tauber
- Re: [RPSEC] BGP Security Requirements v08 Joe Touch
- Re: [RPSEC] BGP Security Requirements v08 Sandy Murphy
- Re: [RPSEC] BGP Security Requirements v08 Russ White
- Re: [RPSEC] BGP Security Requirements v08 Sandy Murphy
- Re: [RPSEC] BGP Security Requirements v08 Stephen Kent
- Re: [RPSEC] BGP Security Requirements v08 Stephen Kent
- Re: [RPSEC] BGP Security Requirements v08 Curtis Villamizar
- Re: [RPSEC] BGP Security Requirements v08 Joe Touch
- RE: [RPSEC] BGP Security Requirements v08 Barry Greene (bgreene)
- Re: [RPSEC] BGP Security Requirements v08 Joe Touch
- Re: [RPSEC] BGP Security Requirements v08 Curtis Villamizar
- Re: [RPSEC] BGP Security Requirements v08 Joe Touch
- Re: [RPSEC] BGP Security Requirements v08 Curtis Villamizar
- Re: [RPSEC] BGP Security Requirements v08 Sandy Murphy
- Re: [RPSEC] BGP Security Requirements v08 Sandy Murphy
- Re: [RPSEC] BGP Security Requirements v08 Russ White
- Re: [RPSEC] BGP Security Requirements v08 Sandy Murphy
- Re: [RPSEC] BGP Security Requirements v08 Russ White
- Re: [RPSEC] BGP Security Requirements v08 Curtis Villamizar
- Re: [RPSEC] BGP Security Requirements v08 Michael H. Behringer
- Re: [RPSEC] BGP Security Requirements v08 Stephen Kent
- Re: [RPSEC] BGP Security Requirements v08 Robert Loomans
- Re: [RPSEC] BGP Security Requirements v08 Stephen Kent
- Re: [RPSEC] BGP Security Requirements v08 Curtis Villamizar
- Re: [RPSEC] BGP Security Requirements v08 Curtis Villamizar
- Re: [RPSEC] BGP Security Requirements v08 Stephen Kent
- RE: [RPSEC] BGP Security Requirements v08 James Ko
- Re: [RPSEC] BGP Security Requirements v08 Sandy Murphy
- Re: [RPSEC] BGP Security Requirements v08 Stephen Kent
- Re: [RPSEC] BGP Security Requirements v08 Tony Tauber
- Re: [RPSEC] BGP Security Requirements v08 Sandy Murphy
- Re: [RPSEC] BGP Security Requirements v08 Russ White
- Re: [RPSEC] BGP Security Requirements v08 Curtis Villamizar
- Re: [RPSEC] BGP Security Requirements v08 Curtis Villamizar
- Re: [RPSEC] BGP Security Requirements v08 Curtis Villamizar
- Re: [RPSEC] BGP Security Requirements v08 Curtis Villamizar
- Re: [RPSEC] BGP Security Requirements v08 Russ White
- Re: [RPSEC] BGP Security Requirements v08 Curtis Villamizar
- Re: [RPSEC] BGP Security Requirements v08 Stephen Kent
- Re: [RPSEC] BGP Security Requirements v08 Stephen Kent
- Re: [RPSEC] BGP Security Requirements v08 Stephen Kent
- Re: [RPSEC] BGP Security Requirements v08 Curtis Villamizar
- Re: [RPSEC] BGP Security Requirements v08 Russ White
- Re: [RPSEC] BGP Security Requirements v08 Curtis Villamizar
- Re: [RPSEC] BGP Security Requirements v08 Sandy Murphy
- Re: [RPSEC] BGP Security Requirements v08 Curtis Villamizar
- Re: [RPSEC] BGP Security Requirements v08 Curtis Villamizar
- Re: [RPSEC] BGP Security Requirements v08 Russ White
- Re: [RPSEC] BGP Security Requirements v08 Curtis Villamizar
- Re: [RPSEC] BGP Security Requirements v08 Russ White
- Re: [RPSEC] BGP Security Requirements v08 tom.petch
- Re: [RPSEC] BGP Security Requirements v08 Stephen Kent
- Re: [RPSEC] BGP Security Requirements v08 Stephen Kent
- Re: [RPSEC] BGP Security Requirements v08 Stephen Kent
- Re: [RPSEC] BGP Security Requirements v08 Stephen Kent
- Re: [RPSEC] BGP Security Requirements v08 Curtis Villamizar
- Re: [RPSEC] BGP Security Requirements v08 Curtis Villamizar
- Re: [RPSEC] BGP Security Requirements v08 Stephen Kent
- Re: [RPSEC] BGP Security Requirements v08 Stephen Kent