Re: [RPSEC] Discontiguous Deployment (Show of Hands)....

Doug Montgomery <dougm@nist.gov> Thu, 01 March 2007 05:19 UTC

Return-path: <rpsec-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1HMdh4-00075z-QF; Thu, 01 Mar 2007 00:19:06 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1HMdh2-0006yy-P6 for rpsec@ietf.org; Thu, 01 Mar 2007 00:19:04 -0500
Received: from rimp1.nist.gov ([129.6.16.226] helo=smtp.nist.gov) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1HMdgf-00018x-P4 for rpsec@ietf.org; Thu, 01 Mar 2007 00:19:04 -0500
Received: from [127.0.0.1] ([129.6.220.186]) by smtp.nist.gov (8.13.1/8.13.1) with ESMTP id l215IMeQ009077; Thu, 1 Mar 2007 00:18:23 -0500
Message-ID: <45E6621F.8050905@nist.gov>
Date: Thu, 01 Mar 2007 00:18:23 -0500
From: Doug Montgomery <dougm@nist.gov>
Organization: http://www.antd.nist.gov/
User-Agent: Thunderbird 1.5.0.9 (Windows/20061207)
MIME-Version: 1.0
To: Sandy Murphy <sandy@tislabs.com>
Subject: Re: [RPSEC] Discontiguous Deployment (Show of Hands)....
References: <20070228174125.E53EC3F443@pecan.tislabs.com>
In-Reply-To: <20070228174125.E53EC3F443@pecan.tislabs.com>
X-Enigmail-Version: 0.94.0.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-NIST-MailScanner: Found to be clean
X-NIST-MailScanner-From: dougm@nist.gov
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 69a74e02bbee44ab4f8eafdbcedd94a1
Cc: riw@cisco.com, rpsec@ietf.org, ttauber@1-4-5.net
X-BeenThere: rpsec@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Routing Protocol Security Requirements <rpsec.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/rpsec>, <mailto:rpsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/rpsec>
List-Post: <mailto:rpsec@ietf.org>
List-Help: <mailto:rpsec-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/rpsec>, <mailto:rpsec-request@ietf.org?subject=subscribe>
Errors-To: rpsec-bounces@ietf.org


Sandy Murphy wrote:
> I got to thinking about:
>
> Tony Tauber said:
>
>   
>>>   o  In an environment where secured service is in the process of
>>>      being deplyed a mechanism MUST exist to support a transition
>>>      free of service interruption.
>>>       
>> I think the original bullet is about something else and still has
>> merit, but I like your addition.
>>     
>
> If a secured service requires a change in the router software,
> would it not then require a service interrruption to upgrade the software?
> Is this stipulation intended to outlaw any and all in-band secured service?
> Would a replacement for the TCP MD5 method, for example, be outlawed?
>
> Just how broad a "free of service interruption" requirement is this?
>
> --Sandy
>   
I would interpret this to mean that the global service is free of
persistent interruptions that directly result from the current state of
partial deployment.   That is interruptions in  the global service due
to non-interoperability among old and new (i.e., secured) implementations.

Clearly all kinds of other local transient service interruptions (node /
peering session) can and do occur today in BGP.  It would seem a
stringent requirement to suggest that these couldn't occur during a
protocol transition.

dougm



_______________________________________________
RPSEC mailing list
RPSEC@ietf.org
https://www1.ietf.org/mailman/listinfo/rpsec