Re: [RPSEC] BGP Security Requirements v08
Russ White <riw@cisco.com> Wed, 11 July 2007 13:34 UTC
Return-path: <rpsec-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com)
by megatron.ietf.org with esmtp (Exim 4.43)
id 1I8cKT-0003dE-Ek; Wed, 11 Jul 2007 09:34:05 -0400
Received: from rpsec by megatron.ietf.org with local (Exim 4.43)
id 1I8cKS-0003cU-5k
for rpsec-confirm+ok@megatron.ietf.org; Wed, 11 Jul 2007 09:34:04 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org)
by megatron.ietf.org with esmtp (Exim 4.43) id 1I8cKR-0003cM-SZ
for rpsec@ietf.org; Wed, 11 Jul 2007 09:34:03 -0400
Received: from xmail04.myhosting.com ([168.144.250.19])
by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1I8cKN-0000Ex-J2
for rpsec@ietf.org; Wed, 11 Jul 2007 09:34:03 -0400
Received: (qmail 21429 invoked from network); 11 Jul 2007 13:33:59 -0000
Received: from unknown (HELO [192.168.100.205])
(Authenticated-user:_russ@riw.us@[65.190.218.139])
(envelope-sender <riw@cisco.com>)
by xmail04.myhosting.com (qmail-ldap-1.03) with ESMTPA
for <kent@bbn.com>; 11 Jul 2007 13:33:58 -0000
Message-ID: <4694DC3E.5010007@cisco.com>
Date: Wed, 11 Jul 2007 09:33:50 -0400
From: Russ White <riw@cisco.com>
User-Agent: Thunderbird 2.0.0.4 (Windows/20070604)
MIME-Version: 1.0
To: Stephen Kent <kent@bbn.com>
Subject: Re: [RPSEC] BGP Security Requirements v08
References: <20070709142132.GF7635@1-4-5.net> <p06240505c2b95577827e@[128.89.89.71]> <20070710213538.GB27477@1-4-5.net>
<p06240519c2b9b020c206@[128.89.89.71]>
In-Reply-To: <p06240519c2b9b020c206@[128.89.89.71]>
X-Enigmail-Version: 0.95.2
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 4d87d2aa806f79fed918a62e834505ca
Cc: rpsec@ietf.org, Tony Tauber <ttauber@1-4-5.net>
X-BeenThere: rpsec@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Routing Protocol Security Requirements <rpsec.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/rpsec>,
<mailto:rpsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/rpsec>
List-Post: <mailto:rpsec@ietf.org>
List-Help: <mailto:rpsec-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/rpsec>,
<mailto:rpsec-request@ietf.org?subject=subscribe>
Errors-To: rpsec-bounces@ietf.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >> I see this requirement as a (possibly unnecessary) corollary to the >> requirement for supporting non-contiguous deployments. The fact that >> the interpretation is ambiguous about how specifically one achieves this >> goal (perhaps properly) reflects the fact that solutions can get >> creative. > > "A BGP security mechanism MUST provide backward compatibility in > the message formatting, transmission, and processing of routing > information carried through a mixed security environment. Message > formatting in a fully secured environment MAY be handled in a > non-backward compatible fashion. Care must be taken to ensure either that > UPDATES can traverse intermediate routers which don't support the new > format, or that UPDATEs using a new format are not sent to ASes that cannot > support such messages." This is a pretty traditional and standard argument in routing protocol circles whenever extensions to a routing protocol are proposed--do we make it so older routers can at least forward the new information, or do we make it so it won't work in the presence of older routers? IMHO, it generally comes down to--is the information useful to routers on the other side of the nonsupporting router? Maybe it's useful to break this into two questions? 1. Is information about the authorization of an originator to advertise reachability useful to AS' on the "other side" of a non-supporting AS? 2. Is information about the validity of an AS path useful to AS' on the "other side" of a non-supporting AS? If we could resolve these two questions, I think the wording pretty much falls out (?).... :-) Russ - -- riw@cisco.com CCIE <>< Grace Alone -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGlNw+ER27sUhU9OQRAsSqAJsFUPiEP1lbTbGwfODzvnZAlVL14ACfcqxG lRvm1II2jRhvRpUL+gE3/2o= =rtHi -----END PGP SIGNATURE----- _______________________________________________ RPSEC mailing list RPSEC@ietf.org https://www1.ietf.org/mailman/listinfo/rpsec
- [RPSEC] BGP Security Requirements v08 Tony Tauber
- Re: [RPSEC] BGP Security Requirements v08 Stephen Kent
- Re: [RPSEC] BGP Security Requirements v08 Tony Tauber
- Re: [RPSEC] BGP Security Requirements v08 Sandy Murphy
- Re: [RPSEC] BGP Security Requirements v08 Stephen Kent
- Re: [RPSEC] BGP Security Requirements v08 Stephen Kent
- Re: [RPSEC] BGP Security Requirements v08 Russ White
- Re: [RPSEC] BGP Security Requirements v08 Russ White
- Re: [RPSEC] BGP Security Requirements v08 Joe Touch
- RE: [RPSEC] BGP Security Requirements v08 Barry Greene (bgreene)
- Re: [RPSEC] BGP Security Requirements v08 Tony Tauber
- Re: [RPSEC] BGP Security Requirements v08 Joe Touch
- Re: [RPSEC] BGP Security Requirements v08 Sandy Murphy
- Re: [RPSEC] BGP Security Requirements v08 Russ White
- Re: [RPSEC] BGP Security Requirements v08 Sandy Murphy
- Re: [RPSEC] BGP Security Requirements v08 Stephen Kent
- Re: [RPSEC] BGP Security Requirements v08 Stephen Kent
- Re: [RPSEC] BGP Security Requirements v08 Curtis Villamizar
- Re: [RPSEC] BGP Security Requirements v08 Joe Touch
- RE: [RPSEC] BGP Security Requirements v08 Barry Greene (bgreene)
- Re: [RPSEC] BGP Security Requirements v08 Joe Touch
- Re: [RPSEC] BGP Security Requirements v08 Curtis Villamizar
- Re: [RPSEC] BGP Security Requirements v08 Joe Touch
- Re: [RPSEC] BGP Security Requirements v08 Curtis Villamizar
- Re: [RPSEC] BGP Security Requirements v08 Sandy Murphy
- Re: [RPSEC] BGP Security Requirements v08 Sandy Murphy
- Re: [RPSEC] BGP Security Requirements v08 Russ White
- Re: [RPSEC] BGP Security Requirements v08 Sandy Murphy
- Re: [RPSEC] BGP Security Requirements v08 Russ White
- Re: [RPSEC] BGP Security Requirements v08 Curtis Villamizar
- Re: [RPSEC] BGP Security Requirements v08 Michael H. Behringer
- Re: [RPSEC] BGP Security Requirements v08 Stephen Kent
- Re: [RPSEC] BGP Security Requirements v08 Robert Loomans
- Re: [RPSEC] BGP Security Requirements v08 Stephen Kent
- Re: [RPSEC] BGP Security Requirements v08 Curtis Villamizar
- Re: [RPSEC] BGP Security Requirements v08 Curtis Villamizar
- Re: [RPSEC] BGP Security Requirements v08 Stephen Kent
- RE: [RPSEC] BGP Security Requirements v08 James Ko
- Re: [RPSEC] BGP Security Requirements v08 Sandy Murphy
- Re: [RPSEC] BGP Security Requirements v08 Stephen Kent
- Re: [RPSEC] BGP Security Requirements v08 Tony Tauber
- Re: [RPSEC] BGP Security Requirements v08 Sandy Murphy
- Re: [RPSEC] BGP Security Requirements v08 Russ White
- Re: [RPSEC] BGP Security Requirements v08 Curtis Villamizar
- Re: [RPSEC] BGP Security Requirements v08 Curtis Villamizar
- Re: [RPSEC] BGP Security Requirements v08 Curtis Villamizar
- Re: [RPSEC] BGP Security Requirements v08 Curtis Villamizar
- Re: [RPSEC] BGP Security Requirements v08 Russ White
- Re: [RPSEC] BGP Security Requirements v08 Curtis Villamizar
- Re: [RPSEC] BGP Security Requirements v08 Stephen Kent
- Re: [RPSEC] BGP Security Requirements v08 Stephen Kent
- Re: [RPSEC] BGP Security Requirements v08 Stephen Kent
- Re: [RPSEC] BGP Security Requirements v08 Curtis Villamizar
- Re: [RPSEC] BGP Security Requirements v08 Russ White
- Re: [RPSEC] BGP Security Requirements v08 Curtis Villamizar
- Re: [RPSEC] BGP Security Requirements v08 Sandy Murphy
- Re: [RPSEC] BGP Security Requirements v08 Curtis Villamizar
- Re: [RPSEC] BGP Security Requirements v08 Curtis Villamizar
- Re: [RPSEC] BGP Security Requirements v08 Russ White
- Re: [RPSEC] BGP Security Requirements v08 Curtis Villamizar
- Re: [RPSEC] BGP Security Requirements v08 Russ White
- Re: [RPSEC] BGP Security Requirements v08 tom.petch
- Re: [RPSEC] BGP Security Requirements v08 Stephen Kent
- Re: [RPSEC] BGP Security Requirements v08 Stephen Kent
- Re: [RPSEC] BGP Security Requirements v08 Stephen Kent
- Re: [RPSEC] BGP Security Requirements v08 Stephen Kent
- Re: [RPSEC] BGP Security Requirements v08 Curtis Villamizar
- Re: [RPSEC] BGP Security Requirements v08 Curtis Villamizar
- Re: [RPSEC] BGP Security Requirements v08 Stephen Kent
- Re: [RPSEC] BGP Security Requirements v08 Stephen Kent