Re: [RPSEC] I-D ACTION:draft-ietf-rpsec-bgpsecrec-10.txt
Geoff Huston <gih@apnic.net> Wed, 19 November 2008 19:07 UTC
Return-Path: <rpsec-bounces@ietf.org>
X-Original-To: rpsec-archive@megatron.ietf.org
Delivered-To: ietfarch-rpsec-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B008D28C18B; Wed, 19 Nov 2008 11:07:18 -0800 (PST)
X-Original-To: rpsec@core3.amsl.com
Delivered-To: rpsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2C22328C18B for <rpsec@core3.amsl.com>; Wed, 19 Nov 2008 11:07:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ffl6QVWy3lDo for <rpsec@core3.amsl.com>; Wed, 19 Nov 2008 11:07:16 -0800 (PST)
Received: from asmtp.apnic.net (asmtp.apnic.net [202.12.29.51]) by core3.amsl.com (Postfix) with ESMTP id DF9B928C17A for <rpsec@ietf.org>; Wed, 19 Nov 2008 11:07:15 -0800 (PST)
Received: from CPE-124-177-149-104.qld.bigpond.net.au (CPE-124-177-149-104.qld.bigpond.net.au [124.177.149.104]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by asmtp.apnic.net (Postfix) with ESMTP id F14B7110062; Thu, 20 Nov 2008 05:07:13 +1000 (EST)
Message-Id: <9DAD5770-84DF-409A-BAE1-12DB57E25E7D@apnic.net>
From: Geoff Huston <gih@apnic.net>
To: Tony Tauber <ttauber@1-4-5.net>
In-Reply-To: <49242629.3050206@cisco.com>
Mime-Version: 1.0 (Apple Message framework v929.2)
Date: Thu, 20 Nov 2008 06:07:12 +1100
References: <20081103183001.907703A6BB4@core3.amsl.com> <20081117035407.GB28269@1-4-5.net> <49242629.3050206@cisco.com>
X-Mailer: Apple Mail (2.929.2)
Cc: Ross Callon <rcallon@juniper.net>, rpsec@ietf.org, David Ward <dward@cisco.com>
Subject: Re: [RPSEC] I-D ACTION:draft-ietf-rpsec-bgpsecrec-10.txt
X-BeenThere: rpsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Routing Protocol Security Requirements <rpsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/rpsec>, <mailto:rpsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/rpsec>
List-Post: <mailto:rpsec@ietf.org>
List-Help: <mailto:rpsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rpsec>, <mailto:rpsec-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"; DelSp="yes"
Sender: rpsec-bounces@ietf.org
Errors-To: rpsec-bounces@ietf.org
SIDR WG co-chair hat ON Hi Tony, The draft still contains the text: o AS_PATH Feasibility Check: The AS_PATH list may correspond to a valid list of autonomous systems according to the first verification category listed in the "Areas to Secure" Section above. Further study will determine the extent to which this is a security requirement. o Update Transit Check: Routing information carried through BGP may include information that can be used to verify the re- advertisement or modification by each autonomous system through which the UPDATE has passed. This check is more rigorous than the "valid list of autonomous systems" above. Further study will determine the extent to which this is a security requirement. SIDR has the chartered role to work on means of implementing those security requirements as identified by the RPSEWC working group. The charter states: The SIDR working group will develop security mechanisms which fulfill those requirements which have been agreed on by the RPSEC working group. As it stands it is somewhat difficult to figure out what to do about AS Path validation given that the text punts on this with a reference to "further study. It seems that AS Path validation, in either form, is not a agreed requirement from the RPSEC working group. Is this a correct interpretation of the situation Tony? Do you have any advice you can pass to the SIDR WG on this topic? regards, Geoff co-chair SIDR WG On 20/11/2008, at 1:43 AM, Russ White wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > >> Russ, can we move forward with this? > > I don't see why not.... I would say it's time to issue a last call on > this one, and move ahead. > > :-) > > Russ > > - -- > russ@cisco.com CCIE CCDE <>< Grace Alone > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.3 (Darwin) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFJJCYpER27sUhU9OQRAh7+AKDf/AUJdl6iknHj9hSenjopWbie6QCg7z98 > +ekbhVfA2yl8GS6Y6unvgo4= > =8a6b > -----END PGP SIGNATURE----- > _______________________________________________ > RPSEC mailing list > RPSEC@ietf.org > https://www.ietf.org/mailman/listinfo/rpsec _______________________________________________ RPSEC mailing list RPSEC@ietf.org https://www.ietf.org/mailman/listinfo/rpsec
- [RPSEC] Last Call For draft-ietf-rpsec-bgpsecrec-… Russ White
- [RPSEC] I-D ACTION:draft-ietf-rpsec-bgpsecrec-10.… Internet-Drafts
- Re: [RPSEC] I-D ACTION:draft-ietf-rpsec-bgpsecrec… Tony Tauber
- Re: [RPSEC] I-D ACTION:draft-ietf-rpsec-bgpsecrec… Russ White
- Re: [RPSEC] I-D ACTION:draft-ietf-rpsec-bgpsecrec… Geoff Huston
- Re: [RPSEC] Last Call For draft-ietf-rpsec-bgpsec… Geoff Huston
- Re: [RPSEC] Last Call For draft-ietf-rpsec-bgpsec… Joe Touch