Re: [RPSEC] BGP Security Requirements v08
Stephen Kent <kent@bbn.com> Tue, 10 July 2007 22:27 UTC
Return-path: <rpsec-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com)
by megatron.ietf.org with esmtp (Exim 4.43)
id 1I8OBB-0001BJ-Io; Tue, 10 Jul 2007 18:27:33 -0400
Received: from rpsec by megatron.ietf.org with local (Exim 4.43)
id 1I8OBA-0001BE-Pj
for rpsec-confirm+ok@megatron.ietf.org; Tue, 10 Jul 2007 18:27:32 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org)
by megatron.ietf.org with esmtp (Exim 4.43) id 1I8OBA-0001B6-GH
for rpsec@ietf.org; Tue, 10 Jul 2007 18:27:32 -0400
Received: from mx12.bbn.com ([128.33.0.81])
by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1I8OB6-0006Ga-4b
for rpsec@ietf.org; Tue, 10 Jul 2007 18:27:32 -0400
Received: from dhcp89-089-071.bbn.com ([128.89.89.71])
by mx12.bbn.com with esmtp (Exim 4.60) (envelope-from <kent@bbn.com>)
id 1I8OB5-00052r-5h; Tue, 10 Jul 2007 18:27:27 -0400
Mime-Version: 1.0
Message-Id: <p0624051bc2b9b71a6499@[128.89.89.71]>
In-Reply-To: <20070710214430.7AF9F3F421@pecan.tislabs.com>
References: <20070710214430.7AF9F3F421@pecan.tislabs.com>
Date: Tue, 10 Jul 2007 18:27:24 -0400
To: sandy@tislabs.com (Sandy Murphy)
From: Stephen Kent <kent@bbn.com>
Subject: Re: [RPSEC] BGP Security Requirements v08
X-Spam-Score: 0.5 (/)
X-Scan-Signature: cf3becbbd6d1a45acbe2ffd4ab88bdc2
Cc: rpsec@ietf.org, ttauber@1-4-5.net
X-BeenThere: rpsec@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Routing Protocol Security Requirements <rpsec.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/rpsec>,
<mailto:rpsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/rpsec>
List-Post: <mailto:rpsec@ietf.org>
List-Help: <mailto:rpsec-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/rpsec>,
<mailto:rpsec-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============1125489586=="
Errors-To: rpsec-bounces@ietf.org
At 5:44 PM -0400 7/10/07, Sandy Murphy wrote: > > My comment was: One might interpret this to mean that any extended >> form of UDATE message MUST be transmitted through ASes that are not >> capable of processing it. This is imposing an unnecessary burden on >> solutions, since an alternative is to just mot send such messages >> through ASes than can't make use of them. > >This is a question about use of security information during initial >deployment. If there are islands of deployment that must communicate >through seas of non-deployment, is it useful for the deployer to >learn that there is a protected route island out there? When the >information came to them over an unprotected sea? > >I'd say that there is a potential for benefit. Perhaps the unprotected >sea in between is known by other out-of-band means to be reliable, >even if clueless about the new protection mechanisms. There might >be operational procedures that protect the intermediate sea that >are adequate from the point of view of the recipient on the island. > >So I'd say that passing the info along is potentially beneficial, >to some, and should be passed. The cost to the clueless routers >is storage and bandwidth - processing cost should be minimal. > >--Sandy Sandy, You make a good point about the potential benefits of being able to pass updated UPDATEs through ASes who are not able to make use of them. However, the benefit is only a potential one, and the flip side is that the intermediate ASes might not be able to store the data from the UPDATEs, which would thus disallow the solution approach. If, as Tony suggested, we want to avoid imposing undue constraints on solutions, then we ought not impose this specific one. Steve
_______________________________________________ RPSEC mailing list RPSEC@ietf.org https://www1.ietf.org/mailman/listinfo/rpsec
- [RPSEC] BGP Security Requirements v08 Tony Tauber
- Re: [RPSEC] BGP Security Requirements v08 Stephen Kent
- Re: [RPSEC] BGP Security Requirements v08 Tony Tauber
- Re: [RPSEC] BGP Security Requirements v08 Sandy Murphy
- Re: [RPSEC] BGP Security Requirements v08 Stephen Kent
- Re: [RPSEC] BGP Security Requirements v08 Stephen Kent
- Re: [RPSEC] BGP Security Requirements v08 Russ White
- Re: [RPSEC] BGP Security Requirements v08 Russ White
- Re: [RPSEC] BGP Security Requirements v08 Joe Touch
- RE: [RPSEC] BGP Security Requirements v08 Barry Greene (bgreene)
- Re: [RPSEC] BGP Security Requirements v08 Tony Tauber
- Re: [RPSEC] BGP Security Requirements v08 Joe Touch
- Re: [RPSEC] BGP Security Requirements v08 Sandy Murphy
- Re: [RPSEC] BGP Security Requirements v08 Russ White
- Re: [RPSEC] BGP Security Requirements v08 Sandy Murphy
- Re: [RPSEC] BGP Security Requirements v08 Stephen Kent
- Re: [RPSEC] BGP Security Requirements v08 Stephen Kent
- Re: [RPSEC] BGP Security Requirements v08 Curtis Villamizar
- Re: [RPSEC] BGP Security Requirements v08 Joe Touch
- RE: [RPSEC] BGP Security Requirements v08 Barry Greene (bgreene)
- Re: [RPSEC] BGP Security Requirements v08 Joe Touch
- Re: [RPSEC] BGP Security Requirements v08 Curtis Villamizar
- Re: [RPSEC] BGP Security Requirements v08 Joe Touch
- Re: [RPSEC] BGP Security Requirements v08 Curtis Villamizar
- Re: [RPSEC] BGP Security Requirements v08 Sandy Murphy
- Re: [RPSEC] BGP Security Requirements v08 Sandy Murphy
- Re: [RPSEC] BGP Security Requirements v08 Russ White
- Re: [RPSEC] BGP Security Requirements v08 Sandy Murphy
- Re: [RPSEC] BGP Security Requirements v08 Russ White
- Re: [RPSEC] BGP Security Requirements v08 Curtis Villamizar
- Re: [RPSEC] BGP Security Requirements v08 Michael H. Behringer
- Re: [RPSEC] BGP Security Requirements v08 Stephen Kent
- Re: [RPSEC] BGP Security Requirements v08 Robert Loomans
- Re: [RPSEC] BGP Security Requirements v08 Stephen Kent
- Re: [RPSEC] BGP Security Requirements v08 Curtis Villamizar
- Re: [RPSEC] BGP Security Requirements v08 Curtis Villamizar
- Re: [RPSEC] BGP Security Requirements v08 Stephen Kent
- RE: [RPSEC] BGP Security Requirements v08 James Ko
- Re: [RPSEC] BGP Security Requirements v08 Sandy Murphy
- Re: [RPSEC] BGP Security Requirements v08 Stephen Kent
- Re: [RPSEC] BGP Security Requirements v08 Tony Tauber
- Re: [RPSEC] BGP Security Requirements v08 Sandy Murphy
- Re: [RPSEC] BGP Security Requirements v08 Russ White
- Re: [RPSEC] BGP Security Requirements v08 Curtis Villamizar
- Re: [RPSEC] BGP Security Requirements v08 Curtis Villamizar
- Re: [RPSEC] BGP Security Requirements v08 Curtis Villamizar
- Re: [RPSEC] BGP Security Requirements v08 Curtis Villamizar
- Re: [RPSEC] BGP Security Requirements v08 Russ White
- Re: [RPSEC] BGP Security Requirements v08 Curtis Villamizar
- Re: [RPSEC] BGP Security Requirements v08 Stephen Kent
- Re: [RPSEC] BGP Security Requirements v08 Stephen Kent
- Re: [RPSEC] BGP Security Requirements v08 Stephen Kent
- Re: [RPSEC] BGP Security Requirements v08 Curtis Villamizar
- Re: [RPSEC] BGP Security Requirements v08 Russ White
- Re: [RPSEC] BGP Security Requirements v08 Curtis Villamizar
- Re: [RPSEC] BGP Security Requirements v08 Sandy Murphy
- Re: [RPSEC] BGP Security Requirements v08 Curtis Villamizar
- Re: [RPSEC] BGP Security Requirements v08 Curtis Villamizar
- Re: [RPSEC] BGP Security Requirements v08 Russ White
- Re: [RPSEC] BGP Security Requirements v08 Curtis Villamizar
- Re: [RPSEC] BGP Security Requirements v08 Russ White
- Re: [RPSEC] BGP Security Requirements v08 tom.petch
- Re: [RPSEC] BGP Security Requirements v08 Stephen Kent
- Re: [RPSEC] BGP Security Requirements v08 Stephen Kent
- Re: [RPSEC] BGP Security Requirements v08 Stephen Kent
- Re: [RPSEC] BGP Security Requirements v08 Stephen Kent
- Re: [RPSEC] BGP Security Requirements v08 Curtis Villamizar
- Re: [RPSEC] BGP Security Requirements v08 Curtis Villamizar
- Re: [RPSEC] BGP Security Requirements v08 Stephen Kent
- Re: [RPSEC] BGP Security Requirements v08 Stephen Kent