Re: [saag] NIST draft report on routing security
"Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov> Mon, 27 January 2020 18:01 UTC
Return-Path: <kotikalapudi.sriram@nist.gov>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 03D8B3A0883 for <saag@ietfa.amsl.com>; Mon, 27 Jan 2020 10:01:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.102
X-Spam-Level:
X-Spam-Status: No, score=-2.102 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FROM_GOV_DKIM_AU=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nist.gov
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hGgsLjMUrtHo for <saag@ietfa.amsl.com>; Mon, 27 Jan 2020 10:01:15 -0800 (PST)
Received: from GCC02-BL0-obe.outbound.protection.outlook.com (mail-bl2gcc02on2135.outbound.protection.outlook.com [40.107.89.135]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 579643A0888 for <saag@ietf.org>; Mon, 27 Jan 2020 10:01:12 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=IApQZg5LJN9IAJ4SVfbVoXVVpySBlDynauBXFivqZhhbcooCUzHtGMLHkP9ZIMLYClULL/jpIJ/xZjKiBwLWGJ/0R497fD7KS4248+t4fjA+AhLcGaREc5Cc8O92oQWcOlVz0KZSPUK03VptaMyg37Wd4Ei/cMVgAzRBSPAZ0/w+BhcZ6WW/QSCz7ov88rGDVF50WlhjFZ42PbQT5WLz9oKpSVV+dZXPZMtxduQPO6Gp6ZXYB/f2TwNTOAmO9PiyGXFr2PCbEIZJTyzseAG/tLBjI0yOj54qxkAjn7HrwXcZXkCTfrCoIEobbVcQcgQqQea2bvqRlHTtOw3Oych2mw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=fZsZ+uH00ptxP69Ja7D+OPmqd3jSR8vCNjOfhlvNuvA=; b=odxT9Re933Nf5Vz8sQqG7eMYIFJaT2P2w0cTsY5Xjyl3zVS+9b/KHjCkXqNANZ3+ZcJNznhEoPvyd2+uwvAbwj5TqaU4L8xgbAiMCAujoV6vYlcbgcktXK8Jq/64xfrENsuER06+WB6o/HrhNP9hlC8L8jsvwBc4J/hxoyA2XXC9ef+YagsXcLd2aYdz9GgluBlUBbRbXFvu48TMERPCw5PNrhAG85xkTShxAfpHRG6bmuPzrNmXOKAXwe7h5+mtCzFE5hTcgqr2QFw7yzn16spnfu3WikxDBPh/0eapGk3Yfa8ExhgK90BWCN5ES23w9xnMKfUMlw11c8RVhFAeCQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nist.gov; dmarc=pass action=none header.from=nist.gov; dkim=pass header.d=nist.gov; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nist.gov; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=fZsZ+uH00ptxP69Ja7D+OPmqd3jSR8vCNjOfhlvNuvA=; b=icSmIbrE8A5RRnZbBxMoBhznuNeId4anRaYPsgwMpJTdIVUCqanJbf0p/6bxHKPFU8/Fm7nVZV4gt3jTlHh9PXlIFj7bA+Al85F9Dm9bhItiTxIeCL9E4PigjH081p3KfNgbz+iuKCkjRoxKlmmWFSie8FQNe/1+NEbTUTo6oag=
Received: from DM5PR0901MB2424.namprd09.prod.outlook.com (52.132.128.143) by DM5PR0901MB2197.namprd09.prod.outlook.com (10.167.107.166) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2665.22; Mon, 27 Jan 2020 17:03:25 +0000
Received: from DM5PR0901MB2424.namprd09.prod.outlook.com ([fe80::edaa:9e28:ffe1:dd68]) by DM5PR0901MB2424.namprd09.prod.outlook.com ([fe80::edaa:9e28:ffe1:dd68%4]) with mapi id 15.20.2665.017; Mon, 27 Jan 2020 17:03:25 +0000
From: "Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov>
To: Melchior Aelmans <melchior@aelmans.eu>
CC: IETF SAAG <saag@ietf.org>, "Stephen Farrell (stephen.farrell@cs.tcd.ie)" <stephen.farrell@cs.tcd.ie>
Thread-Topic: Re: [saag] NIST draft report on routing security
Thread-Index: AdXVMF2NDkCSPBebR2OTixwqJVa6Hg==
Date: Mon, 27 Jan 2020 17:03:24 +0000
Message-ID: <DM5PR0901MB24241E5280AAB5192DDC0429840B0@DM5PR0901MB2424.namprd09.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=kotikalapudi.sriram@nist.gov;
x-originating-ip: [129.6.140.161]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 177ccf0d-acdf-4d4d-5e38-08d7a34ad280
x-ms-traffictypediagnostic: DM5PR0901MB2197:|DM5PR0901MB2197:
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <DM5PR0901MB2197298A79C921D9E3AB570E840B0@DM5PR0901MB2197.namprd09.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:7691;
x-forefront-prvs: 02951C14DC
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39850400004)(396003)(366004)(376002)(346002)(136003)(199004)(189003)(54906003)(81156014)(186003)(81166006)(8676002)(478600001)(9686003)(6506007)(86362001)(2906002)(7696005)(26005)(316002)(4326008)(66476007)(64756008)(66446008)(66556008)(66946007)(76116006)(966005)(6916009)(15650500001)(55016002)(33656002)(52536014)(71200400001)(8936002)(5660300002); DIR:OUT; SFP:1102; SCL:1; SRVR:DM5PR0901MB2197; H:DM5PR0901MB2424.namprd09.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: y7sDNF11uCLf/q4w/mqxo5zj302T8x0L895bxpQ2uvOxXkHWhWWbjor3HHTXwhr0lD5ujP9vG606xnSc50RQjTA53gZw4I/fA4S0daXNJ/4nAy5iGQ9fZraWbW2KwPwIAHj2UKknibMrHWDT7Sgs6dwZTfkr99X1DbBdJMWkKkMUqp1UX36nmy7FNzI6x2f9yBxneCItUNxCuqVBx0rMVh6hdv51ElPIQrQ0bQAr7KeULpU03PNnuIkzRrx60AelQ3/APwuvvo1pyerJR2CcSzSkmjsF1pX5RVoQqAJsWzJPsqDINcqLcer+10X+LnTOKfiCWRfU6dls1zPDim8ZXsKCc6ZDHKfzpC4b/VpzvoWgF3xlZWGWpxc+Y9QxFDOa0HsM4+Sjwvk3XTiNwcD/hbwcyqoZ4YVYgCqwxuoXuBsQJ8hNrueEJ0g4n8zbGZwtAWS0v7/fOIJZYZUoi8BxsCas4bUtGj8Cbb/F5A1SzG4rYCfopDNcyexTtLQV3kUJ
x-ms-exchange-antispam-messagedata: jEpfUvTxE9SD2Qrwu+ubLOOvl70NF3IJEYXm7CqHrNwe+w3eXytTpY9ykyilmytCSv4FwJqryDQO9ekbrZG+R0zSxFiZcnuUJm8tkfOfSYmv6LSH+SWvNTEOKUb3XdR7Qcr46yZRy4PbEph30w8ytA==
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-Network-Message-Id: 177ccf0d-acdf-4d4d-5e38-08d7a34ad280
X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Jan 2020 17:03:24.9170 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: XZ+BchhW1o9si/12/1ii28EsxIfzwZKrDn61d+iQQmYjxUir0zTCdIC3Y9QLaKOAOVufs/wj1PZ0XU72S2tJHg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR0901MB2197
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/zM-1SiJ-zmtlAWUgJ44DntkO8Fg>
Subject: Re: [saag] NIST draft report on routing security
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Jan 2020 18:01:17 -0000
Hi, Melchior: I am responding to your comments posted October 30, 2019: https://mailarchive.ietf.org/arch/msg/saag/fJ3apUIwXOyxWFjaqMFT_V4u4mY Thanks for reading the NIST draft and offering your comments. We (NIST) have published the final report (security recommendations) ... Resilient Interdomain Traffic Exchange: BGP Security and DDoS Mitigation https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-189.pdf Changes based on your comments were incorporated in the final pub. Authors' responses to your comments are listed as Comments set #7 here: https://csrc.nist.gov/CSRC/media/Publications/sp/800-189/draft/documents/NIST.SP.800-189-draft2-comments-responses.pdf Sriram -------------------------------------------------------------- Date: Wed, 30 October 2019 From: Melchior Aelmans <melchior@aelmans.eu> Hi SAAG, Just a few remarks and questions I spotted after reading https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-189-draft2.pdf ; - Security recommendation 35: why only filter customer sessions with ROA data? Shouldn't filtering take place on all EBGP sessions? - Currently the draft only links to the RIPE validator; shouldn't links be included to NLnet Labs and Cloudflare OctoRPKI for example? - Security recommendation 51: why only "smaller ISPs"? Cheers, Melchior
- [saag] NIST draft report on routing security Melchior Aelmans
- Re: [saag] NIST draft report on routing security Sriram, Kotikalapudi (Fed)
- Re: [saag] NIST draft report on routing security Sriram, Kotikalapudi (Fed)