Re: [RPSEC] Last Call For draft-ietf-rpsec-bgpsecrec-10.txt
Joe Touch <touch@ISI.EDU> Wed, 19 November 2008 20:21 UTC
Return-Path: <rpsec-bounces@ietf.org>
X-Original-To: rpsec-archive@megatron.ietf.org
Delivered-To: ietfarch-rpsec-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id EA7CF3A6BB8; Wed, 19 Nov 2008 12:21:15 -0800 (PST)
X-Original-To: rpsec@core3.amsl.com
Delivered-To: rpsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B3BEF3A694C for <rpsec@core3.amsl.com>; Wed, 19 Nov 2008 12:21:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.449
X-Spam-Level:
X-Spam-Status: No, score=-2.449 tagged_above=-999 required=5 tests=[AWL=0.150, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1NTaqOcoFeAG for <rpsec@core3.amsl.com>; Wed, 19 Nov 2008 12:21:14 -0800 (PST)
Received: from vapor.isi.edu (vapor.isi.edu [128.9.64.64]) by core3.amsl.com (Postfix) with ESMTP id 37D4128C236 for <rpsec@ietf.org>; Wed, 19 Nov 2008 12:21:07 -0800 (PST)
Received: from [130.129.94.243] ([130.129.94.243]) by vapor.isi.edu (8.13.8/8.13.8) with ESMTP id mAJKKs2o009858 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Wed, 19 Nov 2008 12:20:57 -0800 (PST)
Message-ID: <49247526.1030500@isi.edu>
Date: Wed, 19 Nov 2008 12:20:54 -0800
From: Joe Touch <touch@ISI.EDU>
User-Agent: Thunderbird 2.0.0.17 (Windows/20080914)
MIME-Version: 1.0
To: rpsec@ietf.org
References: <20081103183001.907703A6BB4@core3.amsl.com> <20081117035407.GB28269@1-4-5.net> <492426CE.3070805@cisco.com>
In-Reply-To: <492426CE.3070805@cisco.com>
X-Enigmail-Version: 0.95.7
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Subject: Re: [RPSEC] Last Call For draft-ietf-rpsec-bgpsecrec-10.txt
X-BeenThere: rpsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Routing Protocol Security Requirements <rpsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/rpsec>, <mailto:rpsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/rpsec>
List-Post: <mailto:rpsec@ietf.org>
List-Help: <mailto:rpsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rpsec>, <mailto:rpsec-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: rpsec-bounces@ietf.org
Errors-To: rpsec-bounces@ietf.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Russ White wrote: > Folks: > > This draft has been around a long long time, and has been subject to a > great deal of discussion. I would like to start a two week last call on > this one, at the end of which we'll forward this to the ADs for final > preparations for publication. > > Please post any comments to the list. Hi, all, I have feedback dating back to June 2007 which remains unaddressed. I repeat it here, as well as adding additional comment from the current version. Joe - -------------------------- - From June 2007: Abstract - I disagree that securing the info between the parties is an easy technical matter; if it were, transport or network would be in more regular use. This document should note explicitly (e.g., in the abstract or at latest in Sec 2.3) that network and transport security are not addressed in this document. - --------------------------- This document really should have a section that addresses the relationship of BGP security to transport and network security. It would be useful to point out that BGP interprets transport reachability as routing reachability - and that this decision renders it particularly vulnerable to attacks that interrupt the transport layer. This implies that BGP SHOULD protect its TCP connection, e.g., via IPsec or TCP-AO. This section should also state that some other issues noted throughout this document - e.g., DDOS overload protection, processing considerations, buffering considerations, router configuration, initialization, key management, etc. - apply to the TCP protection as well as BGP. - --------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkkkdSYACgkQE5f5cImnZrvnGACg03oNtBWZFvFolnSU1n0yhWsm LpEAn3agN6KgXnI8mGTqe6KTrsKI7+Rh =7JL6 -----END PGP SIGNATURE----- _______________________________________________ RPSEC mailing list RPSEC@ietf.org https://www.ietf.org/mailman/listinfo/rpsec
- [RPSEC] Last Call For draft-ietf-rpsec-bgpsecrec-… Russ White
- [RPSEC] I-D ACTION:draft-ietf-rpsec-bgpsecrec-10.… Internet-Drafts
- Re: [RPSEC] I-D ACTION:draft-ietf-rpsec-bgpsecrec… Tony Tauber
- Re: [RPSEC] I-D ACTION:draft-ietf-rpsec-bgpsecrec… Russ White
- Re: [RPSEC] I-D ACTION:draft-ietf-rpsec-bgpsecrec… Geoff Huston
- Re: [RPSEC] Last Call For draft-ietf-rpsec-bgpsec… Geoff Huston
- Re: [RPSEC] Last Call For draft-ietf-rpsec-bgpsec… Joe Touch