IETF Logo Mail Archive

RE: [RPSEC] Feedback on draft-behringer-bgp-session-req-01

"Barry Greene \(bgreene\)" <bgreene@cisco.com> Fri, 22 June 2007 13:31 UTC

Return-path: <rpsec-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1I1jEK-0004AG-BQ; Fri, 22 Jun 2007 09:31:16 -0400
Received: from rpsec by megatron.ietf.org with local (Exim 4.43) id 1I1jEJ-0004AB-1w for rpsec-confirm+ok@megatron.ietf.org; Fri, 22 Jun 2007 09:31:15 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1I1jEI-0004A2-Ob for rpsec@ietf.org; Fri, 22 Jun 2007 09:31:14 -0400
Received: from sj-iport-6.cisco.com ([171.71.176.117]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1I1jEI-00088G-CX for rpsec@ietf.org; Fri, 22 Jun 2007 09:31:14 -0400
Received: from sj-dkim-4.cisco.com ([171.71.179.196]) by sj-iport-6.cisco.com with ESMTP; 22 Jun 2007 06:31:14 -0700
X-IronPort-AV: i="4.16,451,1175497200"; d="scan'208"; a="170224759:sNHT47415312"
Received: from sj-core-4.cisco.com (sj-core-4.cisco.com [171.68.223.138]) by sj-dkim-4.cisco.com (8.12.11/8.12.11) with ESMTP id l5MDVD1f015463; Fri, 22 Jun 2007 06:31:13 -0700
Received: from xbh-sjc-221.amer.cisco.com (xbh-sjc-221.cisco.com [128.107.191.63]) by sj-core-4.cisco.com (8.12.10/8.12.6) with ESMTP id l5MDVDGW005434; Fri, 22 Jun 2007 13:31:13 GMT
Received: from xmb-sjc-227.amer.cisco.com ([128.107.191.43]) by xbh-sjc-221.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Fri, 22 Jun 2007 06:31:13 -0700
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [RPSEC] Feedback on draft-behringer-bgp-session-req-01
Date: Fri, 22 Jun 2007 06:31:13 -0700
Message-ID: <C35ADD020AEBD04383C1F7F644227FDF03E688C4@xmb-sjc-227.amer.cisco.com>
In-Reply-To: <467AE0B5.2080104@isi.edu>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [RPSEC] Feedback on draft-behringer-bgp-session-req-01
Thread-Index: Ace0Q5LX664kpNjVTfiM6QHBRd0VtQASytRw
References: <467AE0B5.2080104@isi.edu>
From: "Barry Greene \(bgreene\)" <bgreene@cisco.com>
To: "Joe Touch" <touch@ISI.EDU>, <rpsec@ietf.org>
X-OriginalArrivalTime: 22 Jun 2007 13:31:13.0624 (UTC) FILETIME=[9A7A9D80:01C7B4D1]
DKIM-Signature: v=0.5; a=rsa-sha256; q=dns/txt; l=2450; t=1182519073; x=1183383073; c=relaxed/simple; s=sjdkim4002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=bgreene@cisco.com; z=From:=20=22Barry=20Greene=20\(bgreene\)=22=20<bgreene@cisco.com> |Subject:=20RE=3A=20[RPSEC]=20Feedback=20on=20draft-behringer-bgp-session -req-01 |Sender:=20; bh=LKMkg9UJCzqfqx6UKZQDEJness0YvTUE00HVEYfLM/U=; b=LYadufgP7AJ1191YE5nLqTByPMnIMT3O7FzX8yu/W/XS01B0mtS+RLpO/2TShfjdDuLFAYxQ uZzU9mZcWXEe/frXHmRkOVwgiQqVldk/AZX0GeIfslwYPLxgMq+u6qzl;
Authentication-Results: sj-dkim-4; header.From=bgreene@cisco.com; dkim=pass ( sig from cisco.com/sjdkim4002 verified; );
X-Spam-Score: 0.0 (/)
X-Scan-Signature: f60d0f7806b0c40781eee6b9cd0b2135
Cc:
X-BeenThere: rpsec@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Routing Protocol Security Requirements <rpsec.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/rpsec>, <mailto:rpsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/rpsec>
List-Post: <mailto:rpsec@ietf.org>
List-Help: <mailto:rpsec-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/rpsec>, <mailto:rpsec-request@ietf.org?subject=subscribe>
Errors-To: rpsec-bounces@ietf.org

I guess we have differing views on the definition of "security." If I
can classify based on a policy which provides me more resistance from
attacks, then that is a "security tool." Hence, GTSM is a security tool.


> -----Original Message-----
> From: Joe Touch [mailto:touch@ISI.EDU] 
> Sent: Thursday, June 21, 2007 1:34 PM
> To: rpsec@ietf.org
> Subject: [RPSEC] Feedback on draft-behringer-bgp-session-req-01
> 
> Hi, all,
> 
> The following feedback was requested on the TCPM's 
> TCP-AUTH-DT (TCP-Auth design team) mailing list. TCP-Auth is 
> TCMP's work towards an update to TCP-MD5, based on two 
> current proposals (noted below).
> 
> Joe
> 
> ---------------------------------------------
> 
> This document appears to overlap ongoing work in TCPM to 
> characterize concerns with using TCP-MD5 to secure BGP, and 
> use of alternatives.
> E.g., draft-ietf-tcpm-antispoof. The TCP-Auth team is 
> currently workiing to revise draft-bellovin-tcpsec, and an 
> update to that should be out shortly.
> 
> Some additional comments:
> 
> Sec 1 - the OSI stack is not the reference model for the Internet.
> GTSM is not IP layer security; it is a heuristic that checks 
> TTLs in IP packets, and assumes that there is other security 
> protecting tunnels to a host. It would be more appropriate to 
> cite IPsec as IP security, and GTSM as "other protection mechanisms".
> 
> Other work in this area:
> 	- draft-ietf-tcpm-antispoof (as noted above)
> 	- draft-ietf-tcpm-tcpsecure
> 	- draft-bellovin-tcpsec
> as well as specific proposals to update TCP-MD5:
> 	- draft-touch-tcpm-tcp-simple-auth
> 	- draft-bonica-tcp-auth
> 
> Further, to a large extent, the preference of router managers 
> to avoid IPsec was the motivation behind BTNS:
> 	- http://www.ietf.org/html.charters/btns-charter.html
> See also the problem and applicability statement:
> 	- draft-ietf-btns-prob-and-applic
> 
> draft-bellovin-tcpsec should be cited in "Dependence on the 
> MD5 algorithm...", as well as RFC4808
> 
> 3.2 - IPsec = RFC4301
> in addition to Bonica's proposed alternative, please include 
> mine   ;-)   :
> draft-touch-tcpm-tcp-simple-auth
> 
> 3.3 - "This requirement is currently..." - also by IPsec.
> 
> --
> ----------------------------------------
> Joe Touch
> Sr. Network Engineer, USAF TSAT Space Segment
> 
> 


_______________________________________________
RPSEC mailing list
RPSEC@ietf.org
https://www1.ietf.org/mailman/listinfo/rpsec

v2.8.7 | Report a Bug | By Email