IETF Logo Mail Archive

Re: [RPSEC] BGP Security Requirements v08

Stephen Kent <kent@bbn.com> Tue, 10 July 2007 22:04 UTC

Return-path: <rpsec-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1I8Np5-00004u-Kn; Tue, 10 Jul 2007 18:04:43 -0400
Received: from rpsec by megatron.ietf.org with local (Exim 4.43) id 1I8Np4-0008WT-Sn for rpsec-confirm+ok@megatron.ietf.org; Tue, 10 Jul 2007 18:04:42 -0400
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1I8Np4-0008WL-HL for rpsec@ietf.org; Tue, 10 Jul 2007 18:04:42 -0400
Received: from mx11.bbn.com ([128.33.0.80]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1I8Nop-0007sQ-6P for rpsec@ietf.org; Tue, 10 Jul 2007 18:04:42 -0400
Received: from dhcp89-089-071.bbn.com ([128.89.89.71]) by mx11.bbn.com with esmtp (Exim 4.60) (envelope-from <kent@bbn.com>) id 1I8NoI-0008AE-3l; Tue, 10 Jul 2007 18:03:54 -0400
Mime-Version: 1.0
Message-Id: <p06240519c2b9b020c206@[128.89.89.71]>
In-Reply-To: <20070710213538.GB27477@1-4-5.net>
References: <20070709142132.GF7635@1-4-5.net> <p06240505c2b95577827e@[128.89.89.71]> <20070710213538.GB27477@1-4-5.net>
Date: Tue, 10 Jul 2007 18:04:13 -0400
To: Tony Tauber <ttauber@1-4-5.net>
From: Stephen Kent <kent@bbn.com>
Subject: Re: [RPSEC] BGP Security Requirements v08
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 00e94c813bef7832af255170dca19e36
Cc: rpsec@ietf.org
X-BeenThere: rpsec@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Routing Protocol Security Requirements <rpsec.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/rpsec>, <mailto:rpsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/rpsec>
List-Post: <mailto:rpsec@ietf.org>
List-Help: <mailto:rpsec-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/rpsec>, <mailto:rpsec-request@ietf.org?subject=subscribe>
Errors-To: rpsec-bounces@ietf.org

At 2:35 PM -0700 7/10/07, Tony Tauber wrote:
>Hi Steve,
>
>As usual your detailed comments were helpful.
>Comments are inline.
>
>On Tue, Jul 10, 2007 at 11:38:44AM -0400, Stephen Kent wrote:
>>  Tony,
>>
>>  Thanks for updating the requirements document. I see that almost all
>>  of my suggested edits were incorporated, but a couple of questions I
>>  raised in my comments were not addressed, which leaves some
>>  ambiguity.  Here are the residual questions/comments:
>>
>>  In (new) section 4.2 (Incremental Deployment), the second bullet says:
>>
>  > o  A BGP security mechanism MUST provide backward compatibility in
>>  the message formatting, transmission, and processing of routing
>>  information carried through a mixed security environment.  Message
>>  formatting in a fully secured environment MAY be handled in a
>>  non-backward compatible fashion though care must be taken to ensure
>>  UPDATES can traverse intermediate routers which don't support the new
>  > format.
>>
>>  My comment was:  One might interpret this to mean that any extended
>>  form of UDATE message MUST be transmitted through ASes that are not
>>  capable of processing it. This is imposing an unnecessary burden on
>>  solutions, since an alternative is to just mot send such messages
>>  through ASes than can't make use of them.
>
>I see this requirement as a (possibly unnecessary) corollary to the
>requirement for supporting non-contiguous deployments.  The fact that
>the interpretation is ambiguous about how specifically one achieves this
>goal (perhaps properly) reflects the fact that solutions can get
>creative.

I worried that one might interpret the requirement as imposing an 
undue restriction on solutions, by requiring that solutions be able 
to send UPDATEs with a modified format through ASes that might not be 
able to process a new format. We seem to be in agreement that one 
ought not impose such requirements on solutions. If so, then how 
about rewording this bullet to say:

"A BGP security mechanism MUST provide backward compatibility in
the message formatting, transmission, and processing of routing
information carried through a mixed security environment.  Message
formatting in a fully secured environment MAY be handled in a
non-backward compatible fashion. Care must be taken to ensure either that
UPDATES can traverse intermediate routers which don't support the new
format, or that UPDATEs using a new format are not sent to ASes that cannot
support such messages."

>...
>  >
>>  The next bullet in the section says:
>>
>  > In an environment where both secured and non-secured systems are
>>  interoperating a mechanism MUST exist for secured systems to identify
>  > whether an originator intended the information to be secured.
>>
>>  My questions was: Does this refer to the Origin AS or the neighbor AS?
>>
>>  I still think we need to say to which originator this bullet refers.
>
>My reading of it would be "originator".  I didn't find it ambiguous.
>
>Perhaps you or someone else could suggest clearer text if needed.

To avoid ambiguity I would suggest:

"In an environment where both secured and non-secured systems are
interoperating a mechanism MUST exist for secured systems to identify
whether the origin AS for a route intended the routing information 
being transmitted to be secured."

Steve


_______________________________________________
RPSEC mailing list
RPSEC@ietf.org
https://www1.ietf.org/mailman/listinfo/rpsec

v2.8.7 | Report a Bug | By Email