IETF Logo Mail Archive

Re: [RPSEC] BGP Security Requirements v08

Curtis Villamizar <curtis@occnc.com> Fri, 13 July 2007 16:48 UTC

Return-path: <rpsec-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1I9OJh-0000QG-OX; Fri, 13 Jul 2007 12:48:29 -0400
Received: from rpsec by megatron.ietf.org with local (Exim 4.43) id 1I9OJg-0000NN-Ng for rpsec-confirm+ok@megatron.ietf.org; Fri, 13 Jul 2007 12:48:28 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1I9OJg-0000N6-E9 for rpsec@ietf.org; Fri, 13 Jul 2007 12:48:28 -0400
Received: from 69.37.59.172.adsl.snet.net ([69.37.59.172] helo=harbor.brookfield.occnc.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1I9OJb-0006Vu-WB for rpsec@ietf.org; Fri, 13 Jul 2007 12:48:28 -0400
Received: from harbor.brookfield.occnc.com (harbor.brookfield.occnc.com [69.37.59.172]) by harbor.brookfield.occnc.com (8.13.6/8.13.6) with ESMTP id l6DGl2fH022003; Fri, 13 Jul 2007 12:47:02 -0400 (EDT) (envelope-from curtis@harbor.brookfield.occnc.com)
Message-Id: <200707131647.l6DGl2fH022003@harbor.brookfield.occnc.com>
To: "Barry Greene \(bgreene\)" <bgreene@cisco.com>
From: Curtis Villamizar <curtis@occnc.com>
Subject: Re: [RPSEC] BGP Security Requirements v08
In-reply-to: Your message of "Fri, 13 Jul 2007 07:40:07 PDT." <C35ADD020AEBD04383C1F7F644227FDF04028C86@xmb-sjc-227.amer.cisco.com>
Date: Fri, 13 Jul 2007 12:47:02 -0400
X-Spam-Score: 0.1 (/)
X-Scan-Signature: b4a0a5f5992e2a4954405484e7717d8c
Cc: rpsec@ietf.org, Tony Tauber <ttauber@1-4-5.net>, Joe Touch <touch@ISI.EDU>
X-BeenThere: rpsec@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: curtis@occnc.com
List-Id: Routing Protocol Security Requirements <rpsec.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/rpsec>, <mailto:rpsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/rpsec>
List-Post: <mailto:rpsec@ietf.org>
List-Help: <mailto:rpsec-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/rpsec>, <mailto:rpsec-request@ietf.org?subject=subscribe>
Errors-To: rpsec-bounces@ietf.org

In message <C35ADD020AEBD04383C1F7F644227FDF04028C86@xmb-sjc-227.amer.cisco.com>
"Barry Greene \(bgreene\)" writes:
>  
>  
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>  
> In the last draft it was pretty clear.  


Are we reading the same draft?  It would be nice to have the draft
name in the subject line.

In draft-ietf-rpsec-bgpsecrec-08 the only mention of GTSM is the
following and there is no mention of the issue of high volume DOS.

   Current
   approaches to improving resilience of BGP transport (e.g., TCP-MD5
   [5] and GTSM [7]) are inadequate and require significant operator
   interaction to maintain a respectable level of security.

The draft is in denial regarding the existance of DOS issues, the
existing means to address DOS, and the fact that DOS is not addressed
by crypto methods.

I keep bringing this up and nothing changes.

Curtis


> > -----Original Message-----
> > From: Joe Touch [mailto:touch@ISI.EDU] 
> > Sent: Thursday, July 12, 2007 11:57 PM
> > To: curtis@occnc.com
> > Cc: rpsec@ietf.org; Tony Tauber
> > Subject: Re: [RPSEC] BGP Security Requirements v08
> > 
> > 
> > 
> > Curtis Villamizar wrote:
> > ...
> > > GTSM is very effective in protecting against certain high volume 
> > > attacks that would cripple infrastructure protected by 
> > cryptographic 
> > > means alone.  From a practical standpoint GTSM used alone may be 
> > > inadequate as a solution (though some ISPs might contest even
> > > that)  but it is a required part of any solution in an ISP
> > > environment.  
> > > 
> > > Curtis
> > 
> > I agree that DOS attacks benefit from protections that help 
> > reduce the impact of attack traffic; GTSM falls into that 
> > category - it's clearly a useful part of a DOS solution, but 
> > DOS protection isn't cryptographic protection. The bulk of 
> > the BGP security requirements document focuses on 
> > cryptographic issues - not DOS protection. It's worth noting 
> > the difference, but not lumping the solutions together.
> > 
> > Joe
> > 
> > --
> > ----------------------------------------
> > Joe Touch
> > Sr. Network Engineer, USAF TSAT Space Segment


_______________________________________________
RPSEC mailing list
RPSEC@ietf.org
https://www1.ietf.org/mailman/listinfo/rpsec

v2.8.7 | Report a Bug | By Email