Re: [RPSEC] BGP Security Requirements v08
Stephen Kent <kent@bbn.com> Mon, 16 July 2007 18:28 UTC
Return-path: <rpsec-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com)
by megatron.ietf.org with esmtp (Exim 4.43)
id 1IAVJJ-0003hA-8l; Mon, 16 Jul 2007 14:28:41 -0400
Received: from rpsec by megatron.ietf.org with local (Exim 4.43)
id 1IAVJH-0003h5-Qx
for rpsec-confirm+ok@megatron.ietf.org; Mon, 16 Jul 2007 14:28:39 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org)
by megatron.ietf.org with esmtp (Exim 4.43) id 1IAVJH-0003gx-HU
for rpsec@ietf.org; Mon, 16 Jul 2007 14:28:39 -0400
Received: from mx11.bbn.com ([128.33.0.80])
by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IAVJD-0006UY-8j
for rpsec@ietf.org; Mon, 16 Jul 2007 14:28:39 -0400
Received: from dhcp89-089-071.bbn.com ([128.89.89.71])
by mx11.bbn.com with esmtp (Exim 4.60) (envelope-from <kent@bbn.com>)
id 1IAVJC-0005RZ-5b; Mon, 16 Jul 2007 14:28:34 -0400
Mime-Version: 1.0
Message-Id: <p06240507c2c167b442a1@[128.89.89.71]>
In-Reply-To: <200707140126.l6E1QwYZ061559@harbor.brookfield.occnc.com>
References: <200707140126.l6E1QwYZ061559@harbor.brookfield.occnc.com>
Date: Mon, 16 Jul 2007 14:28:54 -0400
To: curtis@occnc.com
From: Stephen Kent <kent@bbn.com>
Subject: Re: [RPSEC] BGP Security Requirements v08
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 769a46790fb42fbb0b0cc700c82f7081
Cc: rpsec@ietf.org, Russ White <riw@cisco.com>
X-BeenThere: rpsec@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Routing Protocol Security Requirements <rpsec.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/rpsec>,
<mailto:rpsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/rpsec>
List-Post: <mailto:rpsec@ietf.org>
List-Help: <mailto:rpsec-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/rpsec>,
<mailto:rpsec-request@ietf.org?subject=subscribe>
Errors-To: rpsec-bounces@ietf.org
At 9:26 PM -0400 7/13/07, Curtis Villamizar wrote: >... > > >I think most of the WG is comfortable with this and is insisting on >it. How many times do we need to go in circles on this? Once every >IETF meeting? You may be right. Hoqwever, I appear to be the primary (only?) person who reads each draft and provides comments and edits to Tony, so I'm don't think that the WG consensus has been established, at least not through the editing process. >... >> >2. Is information about the validity of an AS path useful to AS' on the >> >"other side" of a non-supporting AS? >> >> because there may be no way to verify the number, much less the >> identify of ASes listed in an UPDATE between the end of the secured >> path and the current AS, the utility of the passing that data beyond >> the end of the secured part of the path is questionable. > > >The real world problem is that this is the best you are going to get >for attempts to use any such mechanism on most of the Internet at >least during early deployment which might be many years or longer. >There is no sense defining a protocol which won't get deployed. If >you do there is a good chance it won't be widely implemented - or >implemented at all without someone throwing big money at it. So even >if the application you have in mind would never trust information from >another island, you need this capability to have some chance that the >protocol you define will get widely implemented and eventually >deployed in enough places to start to gather critical mass. > >A bit of optimism maybe. Sorry, Curtis, but I don't understand your reasoning above. I think we all want to establish requirements for a protocol that will be widely deployed, and agree that deployment will be a long time coming. I think the question is why, if the path info received by an "island AS" has a number of unverified hops, is this path info useful, in a security sense, to the AS that receives? How does the requirement to send such info promote adoption of the protocol? Steve _______________________________________________ RPSEC mailing list RPSEC@ietf.org https://www1.ietf.org/mailman/listinfo/rpsec
- [RPSEC] BGP Security Requirements v08 Tony Tauber
- Re: [RPSEC] BGP Security Requirements v08 Stephen Kent
- Re: [RPSEC] BGP Security Requirements v08 Tony Tauber
- Re: [RPSEC] BGP Security Requirements v08 Sandy Murphy
- Re: [RPSEC] BGP Security Requirements v08 Stephen Kent
- Re: [RPSEC] BGP Security Requirements v08 Stephen Kent
- Re: [RPSEC] BGP Security Requirements v08 Russ White
- Re: [RPSEC] BGP Security Requirements v08 Russ White
- Re: [RPSEC] BGP Security Requirements v08 Joe Touch
- RE: [RPSEC] BGP Security Requirements v08 Barry Greene (bgreene)
- Re: [RPSEC] BGP Security Requirements v08 Tony Tauber
- Re: [RPSEC] BGP Security Requirements v08 Joe Touch
- Re: [RPSEC] BGP Security Requirements v08 Sandy Murphy
- Re: [RPSEC] BGP Security Requirements v08 Russ White
- Re: [RPSEC] BGP Security Requirements v08 Sandy Murphy
- Re: [RPSEC] BGP Security Requirements v08 Stephen Kent
- Re: [RPSEC] BGP Security Requirements v08 Stephen Kent
- Re: [RPSEC] BGP Security Requirements v08 Curtis Villamizar
- Re: [RPSEC] BGP Security Requirements v08 Joe Touch
- RE: [RPSEC] BGP Security Requirements v08 Barry Greene (bgreene)
- Re: [RPSEC] BGP Security Requirements v08 Joe Touch
- Re: [RPSEC] BGP Security Requirements v08 Curtis Villamizar
- Re: [RPSEC] BGP Security Requirements v08 Joe Touch
- Re: [RPSEC] BGP Security Requirements v08 Curtis Villamizar
- Re: [RPSEC] BGP Security Requirements v08 Sandy Murphy
- Re: [RPSEC] BGP Security Requirements v08 Sandy Murphy
- Re: [RPSEC] BGP Security Requirements v08 Russ White
- Re: [RPSEC] BGP Security Requirements v08 Sandy Murphy
- Re: [RPSEC] BGP Security Requirements v08 Russ White
- Re: [RPSEC] BGP Security Requirements v08 Curtis Villamizar
- Re: [RPSEC] BGP Security Requirements v08 Michael H. Behringer
- Re: [RPSEC] BGP Security Requirements v08 Stephen Kent
- Re: [RPSEC] BGP Security Requirements v08 Robert Loomans
- Re: [RPSEC] BGP Security Requirements v08 Stephen Kent
- Re: [RPSEC] BGP Security Requirements v08 Curtis Villamizar
- Re: [RPSEC] BGP Security Requirements v08 Curtis Villamizar
- Re: [RPSEC] BGP Security Requirements v08 Stephen Kent
- RE: [RPSEC] BGP Security Requirements v08 James Ko
- Re: [RPSEC] BGP Security Requirements v08 Sandy Murphy
- Re: [RPSEC] BGP Security Requirements v08 Stephen Kent
- Re: [RPSEC] BGP Security Requirements v08 Tony Tauber
- Re: [RPSEC] BGP Security Requirements v08 Sandy Murphy
- Re: [RPSEC] BGP Security Requirements v08 Russ White
- Re: [RPSEC] BGP Security Requirements v08 Curtis Villamizar
- Re: [RPSEC] BGP Security Requirements v08 Curtis Villamizar
- Re: [RPSEC] BGP Security Requirements v08 Curtis Villamizar
- Re: [RPSEC] BGP Security Requirements v08 Curtis Villamizar
- Re: [RPSEC] BGP Security Requirements v08 Russ White
- Re: [RPSEC] BGP Security Requirements v08 Curtis Villamizar
- Re: [RPSEC] BGP Security Requirements v08 Stephen Kent
- Re: [RPSEC] BGP Security Requirements v08 Stephen Kent
- Re: [RPSEC] BGP Security Requirements v08 Stephen Kent
- Re: [RPSEC] BGP Security Requirements v08 Curtis Villamizar
- Re: [RPSEC] BGP Security Requirements v08 Russ White
- Re: [RPSEC] BGP Security Requirements v08 Curtis Villamizar
- Re: [RPSEC] BGP Security Requirements v08 Sandy Murphy
- Re: [RPSEC] BGP Security Requirements v08 Curtis Villamizar
- Re: [RPSEC] BGP Security Requirements v08 Curtis Villamizar
- Re: [RPSEC] BGP Security Requirements v08 Russ White
- Re: [RPSEC] BGP Security Requirements v08 Curtis Villamizar
- Re: [RPSEC] BGP Security Requirements v08 Russ White
- Re: [RPSEC] BGP Security Requirements v08 tom.petch
- Re: [RPSEC] BGP Security Requirements v08 Stephen Kent
- Re: [RPSEC] BGP Security Requirements v08 Stephen Kent
- Re: [RPSEC] BGP Security Requirements v08 Stephen Kent
- Re: [RPSEC] BGP Security Requirements v08 Stephen Kent
- Re: [RPSEC] BGP Security Requirements v08 Curtis Villamizar
- Re: [RPSEC] BGP Security Requirements v08 Curtis Villamizar
- Re: [RPSEC] BGP Security Requirements v08 Stephen Kent
- Re: [RPSEC] BGP Security Requirements v08 Stephen Kent