IETF Logo Mail Archive

[RPSEC] Feedback on draft-behringer-bgp-session-req-01

Joe Touch <touch@ISI.EDU> Thu, 21 June 2007 20:34 UTC

Return-path: <rpsec-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1I1TMH-0001tN-6l; Thu, 21 Jun 2007 16:34:25 -0400
Received: from rpsec by megatron.ietf.org with local (Exim 4.43) id 1I1TMG-0001tC-IQ for rpsec-confirm+ok@megatron.ietf.org; Thu, 21 Jun 2007 16:34:24 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1I1TMG-0001sz-8h for rpsec@ietf.org; Thu, 21 Jun 2007 16:34:24 -0400
Received: from vapor.isi.edu ([128.9.64.64]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1I1TMF-0006KC-RX for rpsec@ietf.org; Thu, 21 Jun 2007 16:34:24 -0400
Received: from [75.215.104.154] (154.sub-75-215-104.myvzw.com [75.215.104.154]) by vapor.isi.edu (8.13.8/8.13.8) with ESMTP id l5LKXwPg004356; Thu, 21 Jun 2007 13:33:58 -0700 (PDT)
Message-ID: <467AE0B5.2080104@isi.edu>
Date: Thu, 21 Jun 2007 13:33:57 -0700
From: Joe Touch <touch@ISI.EDU>
User-Agent: Thunderbird 2.0.0.4 (Windows/20070604)
MIME-Version: 1.0
To: rpsec@ietf.org
X-Enigmail-Version: 0.95.1
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 25620135586de10c627e3628c432b04a
Subject: [RPSEC] Feedback on draft-behringer-bgp-session-req-01
X-BeenThere: rpsec@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Routing Protocol Security Requirements <rpsec.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/rpsec>, <mailto:rpsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/rpsec>
List-Post: <mailto:rpsec@ietf.org>
List-Help: <mailto:rpsec-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/rpsec>, <mailto:rpsec-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============0505754276=="
Errors-To: rpsec-bounces@ietf.org

Hi, all,

The following feedback was requested on the TCPM's TCP-AUTH-DT (TCP-Auth
design team) mailing list. TCP-Auth is TCMP's work towards an update to
TCP-MD5, based on two current proposals (noted below).

Joe

---------------------------------------------

This document appears to overlap ongoing work in TCPM to characterize
concerns with using TCP-MD5 to secure BGP, and use of alternatives.
E.g., draft-ietf-tcpm-antispoof. The TCP-Auth team is currently workiing
to revise draft-bellovin-tcpsec, and an update to that should be out
shortly.

Some additional comments:

Sec 1 - the OSI stack is not the reference model for the Internet.
GTSM is not IP layer security; it is a heuristic that checks TTLs in IP
packets, and assumes that there is other security protecting tunnels to
a host. It would be more appropriate to cite IPsec as IP security, and
GTSM as "other protection mechanisms".

Other work in this area:
	- draft-ietf-tcpm-antispoof (as noted above)
	- draft-ietf-tcpm-tcpsecure
	- draft-bellovin-tcpsposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGeuCxE5f5cImnZrsRAjj5AJ9LkE9b0IfDPmwrp3JZszFdT9CmOwCfUdXs
EqO9ZGajzAhkXX9gRS7YlzU=W+V3
-----END PGP SIGNATURE-----

--------------enigCD0E0DBCDB6BA044BC9AE154--



--=======17995109=
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
RPSEC mailing list
RPSEC@ietf.org
https://www1.ietf.org/mailman/listinfo/rpsec

--=======17995109=--

v2.8.7 | Report a Bug | By Email