[saag] NIST draft report on routing security
Melchior Aelmans <melchior@aelmans.eu> Wed, 30 October 2019 16:38 UTC
Return-Path: <melchior@aelmans.eu>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A619D120058 for <saag@ietfa.amsl.com>; Wed, 30 Oct 2019 09:38:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=aelmans-eu.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hZeJRay6TRij for <saag@ietfa.amsl.com>; Wed, 30 Oct 2019 09:38:35 -0700 (PDT)
Received: from mail-wr1-x42e.google.com (mail-wr1-x42e.google.com [IPv6:2a00:1450:4864:20::42e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 34B65120024 for <saag@ietf.org>; Wed, 30 Oct 2019 09:38:35 -0700 (PDT)
Received: by mail-wr1-x42e.google.com with SMTP id v9so3074002wrq.5 for <saag@ietf.org>; Wed, 30 Oct 2019 09:38:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=aelmans-eu.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to; bh=0U7cwkcD/gWJDvQjb4BG5q1mDaSwnR4ZdRQVtSPR4jY=; b=1kq4OCfsDXKg5TCBv7scWlNtj4j/VuSsYe0Gogfvas6mJMH1lVAq1/w5thMeLJmB4Z N0lcQWPkDxV6LBlZEHGtGMGVkej8+Y8GDJiStjM3O19onKALbT6xQdoUxifYlrpZ3nW/ rFW+1WVmiYaVHYXpUOnSfAkaNO+FD7s6BL+9L8+0yLRNQjXTa1otwz3lX98zFP+DtC53 FJ+5XzuEefbSQ21RbP4Bh8m4hXqnRJx6gCzP1fSMIHQFCB4XG+YMf1bII9ai4WAIIhi+ pmNGwG9FVYgVaEYDgKdM+P1DajDxWGnGTDsYGhahfzfY80CRK/MeqQajb9QK/27P4Joo jRCA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=0U7cwkcD/gWJDvQjb4BG5q1mDaSwnR4ZdRQVtSPR4jY=; b=MfFWaCE6xSR89IfbGfhrTWi5Hb/LDXHOqAFvxyC/mtwXWQLIRoSlBPqXeTc04ls1dT cEFLkdLrQM0fJ0mU2O8ex6fuAER4br5kUm0lZlu0mWnu83y44Dg0HfnrlCptPVaoBoAr GlmCCjRTO+Rh2alWJ3Su0DL9wGecLYU8GEA/6I1DFhOrXRFxk//lSSCBGc4TCtyXP+P1 ChrO3SMYkQ20nJK+ttraKiXiT/mp1+9PSSYNqRHx51nYFgc6HqYZvSwmbHb+ZTgSVpqw EYTZ/Ti6Fmtv6ZTRfv93eTlKj2Ik1Av0iTN3r9BH2XovprHZj1riBhe/jbMvzwVVagyV HOJQ==
X-Gm-Message-State: APjAAAUnGKrOIpICfn8Hwu3Ogzbm83K9ystmbSkV96T/VrdG3DDT+y2e RAuVHtnLZlhhGJdn6BlyiZfgTf9QWlkAra1abdJuv2QZCLj2j8UZ
X-Google-Smtp-Source: APXvYqxPaZVusfFGQggR+6k+YbC0jGxL3QNAY0okbYI5t13aLQe2Rlqx1LmWhztua200MGQAicgnlQInnSrEcd2Wbdg=
X-Received: by 2002:a5d:55c7:: with SMTP id i7mr715943wrw.371.1572453513418; Wed, 30 Oct 2019 09:38:33 -0700 (PDT)
MIME-Version: 1.0
From: Melchior Aelmans <melchior@aelmans.eu>
Date: Wed, 30 Oct 2019 11:38:22 -0500
Message-ID: <CALxNLBiAKx0Hap5gYtSOyntDC4=q-bQeyHpP03xExe-Ry3i8sg@mail.gmail.com>
To: saag@ietf.org
Content-Type: multipart/alternative; boundary="00000000000017eefb0596235d3c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/fJ3apUIwXOyxWFjaqMFT_V4u4mY>
Subject: [saag] NIST draft report on routing security
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Oct 2019 16:38:37 -0000
Hi SAAG, Just a few remarks and questions I spotted after reading https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-189-draft2.pdf ; - Security recommendation 35: why only filter customer sessions with ROA data? Shouldn't filtering take place on all EBGP sessions? - Currently the draft only links to the RIPE validator; shouldn't links be included to NLnet Labs and Cloudflare OctoRPKI for example? - Security recommendation 51: why only “smaller ISPs”? Cheers, Melchior
- [saag] NIST draft report on routing security Melchior Aelmans
- Re: [saag] NIST draft report on routing security Sriram, Kotikalapudi (Fed)
- Re: [saag] NIST draft report on routing security Sriram, Kotikalapudi (Fed)