IETF Logo Mail Archive

Re: [RPSEC] BGP Security Requirements v08

Curtis Villamizar <curtis@occnc.com> Fri, 13 July 2007 04:07 UTC

Return-path: <rpsec-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1I9CRL-00071d-As; Fri, 13 Jul 2007 00:07:35 -0400
Received: from rpsec by megatron.ietf.org with local (Exim 4.43) id 1I9CRK-00071W-9x for rpsec-confirm+ok@megatron.ietf.org; Fri, 13 Jul 2007 00:07:34 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1I9CRJ-00071N-Bv for rpsec@ietf.org; Fri, 13 Jul 2007 00:07:33 -0400
Received: from 69.37.59.172.adsl.snet.net ([69.37.59.172] helo=harbor.brookfield.occnc.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1I9CRF-000833-0s for rpsec@ietf.org; Fri, 13 Jul 2007 00:07:33 -0400
Received: from harbor.brookfield.occnc.com (harbor.brookfield.occnc.com [69.37.59.172]) by harbor.brookfield.occnc.com (8.13.6/8.13.6) with ESMTP id l6D45ZQa081057; Fri, 13 Jul 2007 00:05:35 -0400 (EDT) (envelope-from curtis@harbor.brookfield.occnc.com)
Message-Id: <200707130405.l6D45ZQa081057@harbor.brookfield.occnc.com>
To: Tony Tauber <ttauber@1-4-5.net>
From: Curtis Villamizar <curtis@occnc.com>
Subject: Re: [RPSEC] BGP Security Requirements v08
In-reply-to: Your message of "Wed, 11 Jul 2007 07:20:15 PDT." <20070711142015.GC27477@1-4-5.net>
Date: Fri, 13 Jul 2007 00:05:35 -0400
X-Spam-Score: 0.1 (/)
X-Scan-Signature: e1e48a527f609d1be2bc8d8a70eb76cb
Cc: rpsec@ietf.org, Joe Touch <touch@ISI.EDU>
X-BeenThere: rpsec@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: curtis@occnc.com
List-Id: Routing Protocol Security Requirements <rpsec.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/rpsec>, <mailto:rpsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/rpsec>
List-Post: <mailto:rpsec@ietf.org>
List-Help: <mailto:rpsec-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/rpsec>, <mailto:rpsec-request@ietf.org?subject=subscribe>
Errors-To: rpsec-bounces@ietf.org

In message <20070711142015.GC27477@1-4-5.net>
Tony Tauber writes:
>  
> On Wed, Jul 11, 2007 at 06:42:11AM -0700, Joe Touch wrote:
> > 
> > 
> > > Diff from last version:
> > > 
> > > http://tools.ietf.org/wg/rpsec/draft-ietf-rpsec-bgpsecrec/draft-ietf-rpsec-bgpsecrec-08-from-07.wdiff.html
> > > 
> > 
> > I didn't see any changes related to the feedback I posted on the
> > transport protocol issues and GTSM. There are a number of current I-Ds
> > in this space that are not discussed, and any description that includes
> > the need for keying (SHOULD) might reconsider whether GTSM qualifies as
> > relevant at all in this space.
> > 
> > Joe
>  
> Hi Joe,
>  
> I appreciate your comments and attention.  I tried to work these in with
> by making a couple of modest changes in what's now section 11.  GTSM is
> (and was) only mentioned in the doc by way of saying it's inadequate as
> a "solution".  If you feel strongly that more change is needed, send
> proposed text.
>  
> Thanks,
>  
> Tony


GTSM is very effective in protecting against certain high volume
attacks that would cripple infrastructure protected by cryptographic
means alone.  From a practical standpoint GTSM used alone may be
inadequate as a solution (though some ISPs might contest even that)
but it is a required part of any solution in an ISP environment.

Curtis



_______________________________________________
RPSEC mailing list
RPSEC@ietf.org
https://www1.ietf.org/mailman/listinfo/rpsec

v2.8.7 | Report a Bug | By Email