IETF Logo Mail Archive

[RPSEC] Charter Bashing...

Russ White <ruwhite@cisco.com> Wed, 03 April 2002 01:09 UTC

Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA10497 for <rpsec-archive@odin.ietf.org>; Tue, 2 Apr 2002 20:09:41 -0500 (EST)
Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id UAA01178; Tue, 2 Apr 2002 20:09:35 -0500 (EST)
Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id UAA01150 for <rpsec@ns.ietf.org>; Tue, 2 Apr 2002 20:09:34 -0500 (EST)
Received: from cisco.com (uzura.cisco.com [64.102.17.77]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA10489 for <rpsec@ietf.org>; Tue, 2 Apr 2002 20:09:33 -0500 (EST)
Received: from ruwhite-u10.cisco.com (ruwhite-u10.cisco.com [64.102.48.251]) by cisco.com (8.8.8/2.6/Cisco List Logging/8.8.8) with ESMTP id UAA28813 for <rpsec@ietf.org>; Tue, 2 Apr 2002 20:09:04 -0500 (EST)
Date: Tue, 02 Apr 2002 20:09:04 -0500
From: Russ White <ruwhite@cisco.com>
Reply-To: Russ White <riw@cisco.com>
To: rpsec@ietf.org
Message-ID: <Pine.GSO.4.21.0204022005380.7130-100000@ruwhite-u10.cisco.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
Subject: [RPSEC] Charter Bashing...
Sender: rpsec-admin@ietf.org
Errors-To: rpsec-admin@ietf.org
X-Mailman-Version: 1.0
Precedence: bulk
List-Id: Routing Protocol Security Requirements <rpsec.ietf.org>
X-BeenThere: rpsec@ietf.org

We left Minneapolis with the understanding that this should be a
working group, but that we need to bash the charter some before
going to the IESG with the proposal. A copy of the latest charter
draft is below....

I know we had a good number of things to add from the comments we
got there, so bash away....

:-)

Russ
__________________________________

Routing Protocol Security Requirements (rpsec)

CHAIRS: Russ White (riw@cisco.com)
        Danny McPherson (danny@tcb.net)


Description
-----------

The lack of a common set of security requirements and methods for
routing protocols has resulted in a wide variety of security
mechanisms for individual routing protocols.  Ongoing work on
requirements for the next generation routing system and future
work on the actual mechanisms for it will require well documented
routing security requirements.

The products of this working group will be used by routing
protcool designers to ensure adequate coverage of security in the
future, including well known and possible threats. It is not the
goal of this working group to revisit current routing protocol
security mechanisms.

The goal of this BOF is to discuss creation and charter of a WG
in the routing area that would be charged with the following
tasks:

 - Document threat models for routing protocols
 - Document security requirements for routing protocols

Proposed WG milestones:

  1. Jul 2002: Submit initial I-D (or set of I-Ds) which details
     the threats to routing protocols.

  2. Oct 2002: Submit initial I-D (or set of I-Ds) which outlines
     security requirements for routing protocols.

  3. Dec 2002: Submit I-Ds documenting threats to routing
     protocols for publication as Informational RFC.

  4. Mar 2003: Submit the I-D documenting security requirements
     to routing protocols for publication as Informational RFC.

  5. Mar 2003: Evaluate progress, recharter with new goals (see
     possible future work below) or shutdown.

BOF Agenda
----------

 1. Agenda bashing
 2. Overview of security issues in routing protocols
 3. Overview of the current status of routing protocol security
    work
 4. Presentation on proposed WG charter and milestones
 5. Open mike (discussion, Q&As)


References
----------

 1. Flaws in packet's authentication of OSPFv2, Jerome Etienne
    http://www.ietf.org/internet-drafts/draft-etienne-ospfv2-auth-flaws-00.txt
 2. Flaws in RIPv2 packet's authentication, Jerome Etienne
    http://www.ietf.org/internet-drafts/draft-etienne-ripv2-auth-flaws-00.txt
 3. BGP Security Vulnerabilities Analysis, S. Murphy
     http://www.ietf.org/internet-drafts/draft-murphy-bgp-vuln-00.txt
 4. BGP Security Protections, S. Murphy
    http://www.ietf.org/internet-drafts/draft-murphy-bgp-protect-00.txt
 5. OSPF with digital signature against an insider, Jerome
    Etienne 
    http://www.ietf.org/internet-drafts/draft-etienne-rfc2154-flaws-00.txt
 6. Secure BGP (S-BGP)
    http://www.net-tech.bbn.com/sbgp/draft-clynn-s-bgp-protocol-00.txt
 7. OSPF Version 2 (RFC2328)
    http://www.ietf.org/rfc/rfc2328.txt
 8. RIP-2 MD5 Authentication (RFC2082)
    http://www.ietf.org/rfc/rfc2082.txt
 9. IS-IS Cryptographic Authentication
    http://www.ietf.org/internet-drafts/draft-ietf-isis-hmac-03.txt
 10. Protection of BGP Sessions via the TCP MD5 Signature Option
     http://www.ietf.org/rfc/rfc2385.txt
     http://www.ietf.org/internet-drafts/draft-ietf-idr-rfc2385bis-00.txt

Possible Future Work
--------------------

 - Document the feasibility of various types of security
   mechinisms within routing protocols
 - Document requirements for new security mechanisms
 - Document security requirements for the next generation routing
   system







_______________________________________________
RPSEC mailing list
RPSEC@ietf.org
https://www1.ietf.org/mailman/listinfo/rpsec

v2.23.0 | Report a Bug | By Email