Re: [RPSEC] Discontiguous Deployment (Show of Hands)....
Tony Tauber <ttauber@1-4-5.net> Mon, 29 January 2007 17:17 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com)
by megatron.ietf.org with esmtp (Exim 4.43)
id 1HBa8f-0004iI-TZ; Mon, 29 Jan 2007 12:17:53 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org)
by megatron.ietf.org with esmtp (Exim 4.43) id 1HBa8f-0004iA-1v
for rpsec@ietf.org; Mon, 29 Jan 2007 12:17:53 -0500
Received: from m106.maoz.com ([205.167.76.9])
by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1HBa8d-0001O3-M9
for rpsec@ietf.org; Mon, 29 Jan 2007 12:17:53 -0500
Received: from m106.maoz.com (localhost.localdomain [127.0.0.1])
by m106.maoz.com (8.13.8/8.13.8) with ESMTP id l0THHmJa017592;
Mon, 29 Jan 2007 09:17:48 -0800
Received: from localhost (ttauber@localhost)
by m106.maoz.com (8.13.8/8.12.11/Submit) with ESMTP id l0THHmpH017589;
Mon, 29 Jan 2007 09:17:48 -0800
X-Authentication-Warning: m106.maoz.com: ttauber owned process doing -bs
Date: Mon, 29 Jan 2007 09:17:48 -0800 (PST)
From: Tony Tauber <ttauber@1-4-5.net>
X-X-Sender: ttauber@m106.maoz.com
To: Russ White <riw@cisco.com>
Subject: Re: [RPSEC] Discontiguous Deployment (Show of Hands)....
In-Reply-To: <44CA8803.1010807@cisco.com>
Message-ID: <Pine.LNX.4.64.0701290909430.14084@m106.maoz.com>
References: <44CA8803.1010807@cisco.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
X-Spam-Score: 0.0 (/)
X-Scan-Signature: d0bdc596f8dd1c226c458f0b4df27a88
Cc: rpsec@ietf.org
X-BeenThere: rpsec@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Routing Protocol Security Requirements <rpsec.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/rpsec>,
<mailto:rpsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/rpsec>
List-Post: <mailto:rpsec@ietf.org>
List-Help: <mailto:rpsec-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/rpsec>,
<mailto:rpsec-request@ietf.org?subject=subscribe>
Errors-To: rpsec-bounces@ietf.org
Hi All,
Sorry for the long snooze.
See the new third sentence below and fourth bullet-point after that.
I feel these are only marginal clarifications on what was contextual
received wisdom within the group. If there are no grave concerns by
week's end, I'll submit the changes.
Thanks,
Tony
----
3.2. Incremental deployment
It will not be feasible to deploy a newly secured BGP protocol
throughout the public Internet instantaneously. It also may not be
possible to deploy a such a protocol to all routers in a large AS at
+ one time. Any proposed solution MUST support an incremental
+ deployment which will provide some benefit for those who participate.
Because of this, there are several requirements that any proposed
mechanism to secure BGP must consider.
o A BGP security mechanism MUST enable each BGP speaker to configure
use of the security mechanism on a per-peer basis.
o A BGP security mechanism MUST provide backward compatibility in
the message formatting, transmission, and processing of routing
information carried through a mixed security environment. Message
formatting in a fully secured environment MAY be handled in a non-
backward compatible fashion though care must be taken to ensure
UPDATES can traverse intermediate routers which don't support the
new format.
o In an environment where both secured and non-secured systems are
interoperating a mechanism MUST exist for secured systems to
identify whether an originator intended the information to be
secured.
+ o Proposed solutions MUST provide comment and analysis of what the
+ security services the solution will provide in the case of
+ incremental deployment scenarios (e.g, contiguous islands,
+ discontiguous islands, universal deployment).
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> I would call for a hum, but we can't hear it, of course, on email,
> so.... Please state your answer to the following:
>
> o Discontiguous deployment should be included as a capability any
> proposed mechanism SHOULD have.
>
> o Discontiguous deployment should be included as a capability any
> proposed mechanism MUST have.
>
> o We should say something about discontiguous deployment, but we
> shouldn't attach any requirements to that statement.
>
> o Discontiguous deployment should not be included in the requirements at
> all.
>
> I'd just like to settle where we are, so we can actually work on wording
> with a common understanding of what it is we are trying to actually word.
>
> :-)
>
> Russ
>
_______________________________________________
RPSEC mailing list
RPSEC@ietf.org
https://www1.ietf.org/mailman/listinfo/rpsec
- [RPSEC] Discontiguous Deployment (Show of Hands).… Russ White
- RE: [RPSEC] Discontiguous Deployment (Show of Han… Tony Li
- Re: [RPSEC] Discontiguous Deployment (Show of Han… Marcus Leech
- Re: [RPSEC] Discontiguous Deployment (Show of Han… Iljitsch van Beijnum
- Re: [RPSEC] Discontiguous Deployment (Show of Han… Blaine Christian
- RE: [RPSEC] Discontiguous Deployment (Show of Han… Tony Li
- Re: [RPSEC] Discontiguous Deployment (Show of Han… Cat Okita
- Re: [RPSEC] Discontiguous Deployment (Show of Han… Iljitsch van Beijnum
- Re: [RPSEC] Discontiguous Deployment (Show of Han… Tom Petch
- Re: [RPSEC] Discontiguous Deployment (Show of Han… Russ White
- Re: [RPSEC] Discontiguous Deployment (Show of Han… sandy
- Re: [RPSEC] Discontiguous Deployment (Show of Han… sandy
- Re: [RPSEC] Discontiguous Deployment (Show of Han… Stephen Kent
- Re: [RPSEC] Discontiguous Deployment (Show of Han… sandy
- Re: [RPSEC] Discontiguous Deployment (Show of Han… Stephen Kent
- RE: [RPSEC] Discontiguous Deployment (Show of Han… Bora Akyol
- Re: [RPSEC] Discontiguous Deployment (Show of Han… Henk Uijterwaal
- Re: [RPSEC] Discontiguous Deployment (Show of Han… Tony Tauber
- Re: [RPSEC] Discontiguous Deployment (Show of Han… Tony Tauber
- Re: [RPSEC] Discontiguous Deployment (Show of Han… Curtis Villamizar
- Re: [RPSEC] Discontiguous Deployment (Show of Han… Sandy Murphy
- Re: [RPSEC] Discontiguous Deployment (Show of Han… Curtis Villamizar
- Re: [RPSEC] Discontiguous Deployment (Show of Han… Doug Montgomery