Re: [secdir] New Routing Area Security Design Team
"Acee Lindem (acee)" <acee@cisco.com> Fri, 13 April 2018 21:25 UTC
Return-Path: <acee@cisco.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9828012D574 for <secdir@ietfa.amsl.com>; Fri, 13 Apr 2018 14:25:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.511
X-Spam-Level:
X-Spam-Status: No, score=-14.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7UWzSwGsUBdk for <secdir@ietfa.amsl.com>; Fri, 13 Apr 2018 14:25:19 -0700 (PDT)
Received: from rcdn-iport-1.cisco.com (rcdn-iport-1.cisco.com [173.37.86.72]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E4267129C6D for <secdir@ietf.org>; Fri, 13 Apr 2018 14:25:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=4846; q=dns/txt; s=iport; t=1523654718; x=1524864318; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=9+FdOKsVQaVGuKNoSZiaKiE2RbzZjjmiZBWd2jFIXnE=; b=He//bwrPKf+sixJOWIV1NF+PxRSJD45hiNM2quR8VVW+APvSb4VDdWqg A9U8dQmNPGbKjV5oaJTeNLxzxJxWEI7o7eHvDnCWoXgjGXwKtBCuixevS n7oY53q8fpu4AUGPSFqcGH4B5SKiG9OStOMAXLR9iq0wW+VDZr1RRLAqk 0=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0D6AAAiH9Fa/4ENJK1SChkBAQEBAQEBAQEBAQEHAQEBAQGDEwQrYXooCoNaiAKNEYF0dRqGZ4wBgXsLGAuEFUsCGoITITQYAQIBAQEBAQECbBwMhSIBAQEBAwEBIRE6CxACAQgOAwMBAgMCIwMCAgIfBgsUAQgIAQEEDgUYAoRbAxUPqE6CHIcLDYErgi+BCYZ7ghOBDgEjgjMHLoJPQgEBA4EyKyaCWjCCJAKHTo9kLAgChVaFZYJ9gW6KWYklP4YMAhETAYEkARw4gVJwFTsqAYIYCYMoAQOERoMVhT5vAQuNVYEXAQE
X-IronPort-AV: E=Sophos;i="5.48,446,1517875200"; d="scan'208";a="380802669"
Received: from alln-core-9.cisco.com ([173.36.13.129]) by rcdn-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 13 Apr 2018 21:25:17 +0000
Received: from XCH-RTP-015.cisco.com (xch-rtp-015.cisco.com [64.101.220.155]) by alln-core-9.cisco.com (8.14.5/8.14.5) with ESMTP id w3DLPHXl008556 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Fri, 13 Apr 2018 21:25:17 GMT
Received: from xch-rtp-015.cisco.com (64.101.220.155) by XCH-RTP-015.cisco.com (64.101.220.155) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Fri, 13 Apr 2018 17:25:16 -0400
Received: from xch-rtp-015.cisco.com ([64.101.220.155]) by XCH-RTP-015.cisco.com ([64.101.220.155]) with mapi id 15.00.1320.000; Fri, 13 Apr 2018 17:25:16 -0400
From: "Acee Lindem (acee)" <acee@cisco.com>
To: Richard Barnes <rlb@ipv.sx>, "BRUNGARD, DEBORAH A" <db3546@att.com>
CC: "secdir@ietf.org" <secdir@ietf.org>, "russ@riw.us" <russ@riw.us>, "Jeffrey Haas (jhaas@pfrc.org)" <jhaas@pfrc.org>, "Stewart Bryant (stewart.bryant@gmail.com)" <stewart.bryant@gmail.com>
Thread-Topic: [secdir] New Routing Area Security Design Team
Thread-Index: AdPTYCpdxrWraEBxSTyykispJqF3TQAJkpIA///O6wA=
Date: Fri, 13 Apr 2018 21:25:16 +0000
Message-ID: <187AE9A0-E125-4B54-A286-488F52CB88B6@cisco.com>
References: <F64C10EAA68C8044B33656FA214632C8882C74A7@MISOUT7MSGUSRDE.ITServices.sbc.com> <CAL02cgS9rZKVtZs4aRWJmaQj-anaSqYj8rn8roDdxP+JhBR++A@mail.gmail.com>
In-Reply-To: <CAL02cgS9rZKVtZs4aRWJmaQj-anaSqYj8rn8roDdxP+JhBR++A@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.116.152.200]
Content-Type: text/plain; charset="utf-8"
Content-ID: <B776D366CEB7C64ABCD01831280EBE71@emea.cisco.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/GBjLpdr4AN_H7-GIcGTTK0gBQhg>
Subject: Re: [secdir] New Routing Area Security Design Team
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Apr 2018 21:25:21 -0000
Hi Richard, When you talk about Routing Security, it is like the blind men and elephant, everyone has a different opinion on what the priorities are. From my viewpoint (and I do have one bad eye ;^), one of the outcomes should be finding the right set of authors for protocol specific “XXXX Security Considerations” documents where XXXX is BGP, IS-IS, OSPF, LDP, PIM, etc. Additionally, we’d provide a generic outline for these documents. Thanks, Acee From: Richard Barnes <rlb@ipv.sx> Date: Friday, April 13, 2018 at 4:21 PM To: Deborah Brungard <db3546@att.com> Cc: "secdir@ietf.org" <secdir@ietf.org>, Russ White <russ@riw.us>, Jeff Haas <jhaas@pfrc.org>, Stewart Bryant <stewart.bryant@gmail.com>, Acee Lindem <acee@cisco.com> Subject: Re: [secdir] New Routing Area Security Design Team (trimming the CC list a bit) Hey Deborah, Delighted to hear this news. Do you have an idea of what the initial deliverables are for this group? What security problems are they going to try to address? TBH, it seems like the headline problem at the Internet level is BGP abuse. The base RPKI docs have been out for several years now, and BGPSEC is pretty much finished, but the deployment numbers continue to hover around 8-9% for even the most basic protections. It would be delightful to have a group take a look at what the deployment blockers are here, and whether there's anything the IETF could do to help, whether it's updating protocols, producing deployment guides, writing code, etc. We shouldn't think that RFCs are the only tool in our arsenal. Thanks, --Richard [1] https://rpki-monitor.antd.nist.gov/ On Fri, Apr 13, 2018 at 4:11 PM, BRUNGARD, DEBORAH A <mailto:db3546@att.com> wrote: The Routing ADs have chartered a design team as described below. I will be the AD-contact: mailto:db3546@att.com Routing Area Security Design Team Charter Internet security threats have evolved in the last couple of years and questions are arising about the security properties of many long-standing IETF routing protocols and new protocols under development. This is an opportunity for the Routing Area to evaluate current assumptions and make recommendations for new work. The Routing Area will kick off a Routing Area-wide Design team with support from the OPS Area and Security Area. The first phase will consist of a small team: Stewart Bryant mailto:stewart.bryant@gmail.com Jeff Haas mailto:jhaas@pfrc.org Acee Lindem mailto:acee@cisco.com Russ White mailto:russ@riw.us They will be responsible to set up an environment (e..g. wiki), identify work items, and coordinating overall the work effort. It is the expectation this initial phase will be done by May 1. A second phase will consist of small teams working on targeted items. Work items will include review of current deployments (use models) and threat models, evaluation criteria and useful advice when doing new work (on existing protocols and new protocols), and recommendations on where new work is needed in cooperation with the responsible working group. The work will have support from the Security Area and OPS Area. The design team will have a private mailing list for this first phase and can be reached at mailto:rt-dt-security@ietf.org. Regards, Deborah _______________________________________________ secdir mailing list mailto:secdir@ietf.org https://www.ietf.org/mailman/listinfo/secdir wiki: http://tools.ietf.org/area/sec/trac/wiki/SecDirReview
- [secdir] New Routing Area Security Design Team BRUNGARD, DEBORAH A
- Re: [secdir] New Routing Area Security Design Team Richard Barnes
- Re: [secdir] New Routing Area Security Design Team Acee Lindem (acee)
- Re: [secdir] New Routing Area Security Design Team Richard Barnes
- Re: [secdir] New Routing Area Security Design Team BRUNGARD, DEBORAH A
- Re: [secdir] New Routing Area Security Design Team Jeffrey Haas
- Re: [secdir] New Routing Area Security Design Team Christian Huitema
- Re: [secdir] New Routing Area Security Design Team Russ White
- Re: [secdir] New Routing Area Security Design Team Jeffrey Haas
- Re: [secdir] New Routing Area Security Design Team Richard Barnes
- Re: [secdir] New Routing Area Security Design Team Jeffrey Haas
- Re: [secdir] New Routing Area Security Design Team Russ White
- Re: [secdir] New Routing Area Security Design Team Richard Barnes
- Re: [secdir] New Routing Area Security Design Team Jeffrey Haas
- Re: [secdir] New Routing Area Security Design Team Sean Turner
- Re: [secdir] New Routing Area Security Design Team Jeffrey Haas
- Re: [secdir] New Routing Area Security Design Team Christian Huitema
- Re: [secdir] New Routing Area Security Design Team Richard Barnes
- Re: [secdir] New Routing Area Security Design Team Richard Barnes
- Re: [secdir] New Routing Area Security Design Team Jeffrey Haas