IETF Logo Mail Archive

Re: [RPSEC] BGP Security Requirements v08

Curtis Villamizar <curtis@occnc.com> Sat, 14 July 2007 01:27 UTC

Return-path: <rpsec-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1I9WQM-0004zv-4y; Fri, 13 Jul 2007 21:27:54 -0400
Received: from rpsec by megatron.ietf.org with local (Exim 4.43) id 1I9WQL-0004vg-FZ for rpsec-confirm+ok@megatron.ietf.org; Fri, 13 Jul 2007 21:27:53 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1I9WQK-0004tp-VT for rpsec@ietf.org; Fri, 13 Jul 2007 21:27:52 -0400
Received: from 69.37.59.172.adsl.snet.net ([69.37.59.172] helo=harbor.brookfield.occnc.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1I9WQG-000818-H3 for rpsec@ietf.org; Fri, 13 Jul 2007 21:27:52 -0400
Received: from harbor.brookfield.occnc.com (harbor.brookfield.occnc.com [69.37.59.172]) by harbor.brookfield.occnc.com (8.13.6/8.13.6) with ESMTP id l6E1QwYZ061559; Fri, 13 Jul 2007 21:26:58 -0400 (EDT) (envelope-from curtis@harbor.brookfield.occnc.com)
Message-Id: <200707140126.l6E1QwYZ061559@harbor.brookfield.occnc.com>
To: Stephen Kent <kent@bbn.com>
From: Curtis Villamizar <curtis@occnc.com>
Subject: Re: [RPSEC] BGP Security Requirements v08
In-reply-to: Your message of "Wed, 11 Jul 2007 11:04:17 EDT." <p06240528c2baa0b1241a@[128.89.89.71]>
Date: Fri, 13 Jul 2007 21:26:58 -0400
X-Spam-Score: 0.1 (/)
X-Scan-Signature: d185fa790257f526fedfd5d01ed9c976
Cc: rpsec@ietf.org, Russ White <riw@cisco.com>
X-BeenThere: rpsec@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: curtis@occnc.com
List-Id: Routing Protocol Security Requirements <rpsec.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/rpsec>, <mailto:rpsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/rpsec>
List-Post: <mailto:rpsec@ietf.org>
List-Help: <mailto:rpsec-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/rpsec>, <mailto:rpsec-request@ietf.org?subject=subscribe>
Errors-To: rpsec-bounces@ietf.org

In message <p06240528c2baa0b1241a@[128.89.89.71]>
Stephen Kent writes:
>  
> At 9:33 AM -0400 7/11/07, Russ White wrote:
> >-----BEGIN PGP SIGNED MESSAGE-----
> >Hash: SHA1
> >
> >
> >>>  I see this requirement as a (possibly unnecessary) corollary to the
> >>>  requirement for supporting non-contiguous deployments.  The fact that
> >>>  the interpretation is ambiguous about how specifically one achieves this
> >>>  goal (perhaps properly) reflects the fact that solutions can get
> >>>  creative.
> >>
> >>  "A BGP security mechanism MUST provide backward compatibility in
> >>  the message formatting, transmission, and processing of routing
> >>  information carried through a mixed security environment.  Message
> >>  formatting in a fully secured environment MAY be handled in a
> >>  non-backward compatible fashion. Care must be taken to ensure either that
> >>  UPDATES can traverse intermediate routers which don't support the new
> >>  format, or that UPDATEs using a new format are not sent to ASes that cannot
> >>  support such messages."
> >
> >This is a pretty traditional and standard argument in routing protocol
> >circles whenever extensions to a routing protocol are proposed--do we
> >make it so older routers can at least forward the new information, or do
> >we make it so it won't work in the presence of older routers? IMHO, it
> >generally comes down to--is the information useful to routers on the
> >other side of the nonsupporting router?
>  
> I agree that it is generally useful to have a router forward data 
> that it can't use itself, but that a later router might be able to 
> use.  However, I am not comfortable with a suggestion that if a 
> solution cannot always guarantee this capability, that it is an 
> unacceptable solution.


I think most of the WG is comfortable with this and is insisting on
it.  How many times do we need to go in circles on this?  Once every
IETF meeting?


> >Maybe it's useful to break this into two questions?
> >
> >1. Is information about the authorization of an originator to advertise
> >reachability useful to AS' on the "other side" of a non-supporting AS?
>  
> it could be useful.


Yes.  So don't create a protocol that prevents it.


> >2. Is information about the validity of an AS path useful to AS' on the
> >"other side" of a non-supporting AS?
>  
> because there may be no way to verify the number, much less the 
> identify of ASes listed in an UPDATE between the end of the secured 
> path and the current AS, the utility of the passing that data beyond 
> the end of the secured part of the path is questionable.


The real world problem is that this is the best you are going to get
for attempts to use any such mechanism on most of the Internet at
least during early deployment which might be many years or longer.
There is no sense defining a protocol which won't get deployed.  If
you do there is a good chance it won't be widely implemented - or
implemented at all without someone throwing big money at it.  So even
if the application you have in mind would never trust information from
another island, you need this capability to have some chance that the
protocol you define will get widely implemented and eventually
deployed in enough places to start to gather critical mass.

A bit of optimism maybe.


> Steve


Curtis


_______________________________________________
RPSEC mailing list
RPSEC@ietf.org
https://www1.ietf.org/mailman/listinfo/rpsec

v2.8.7 | Report a Bug | By Email