Re: [secdir] New Routing Area Security Design Team
"Russ White" <russ@riw.us> Mon, 16 April 2018 13:38 UTC
Return-Path: <russ@riw.us>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 97C4412D880 for <secdir@ietfa.amsl.com>; Mon, 16 Apr 2018 06:38:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=messagingengine.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ku3DoXLlSthY for <secdir@ietfa.amsl.com>; Mon, 16 Apr 2018 06:38:17 -0700 (PDT)
Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0206512D864 for <secdir@ietf.org>; Mon, 16 Apr 2018 06:38:16 -0700 (PDT)
Received: from compute6.internal (compute6.nyi.internal [10.202.2.46]) by mailout.nyi.internal (Postfix) with ESMTP id 451D3214CE; Mon, 16 Apr 2018 09:38:16 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162]) by compute6.internal (MEProxy); Mon, 16 Apr 2018 09:38:16 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=5yvAi2 QTQfaIPAXkUH6dDKknhPxbV12gkypTAo2Pppk=; b=TvH0XG7A5S79BiYNh0ol9J a1C7gH7TNSh2kunBHTQq2Ty9yolUETEh226v/f8fDhA6/69LPMLtZE8waViQU61k /DQf/l+3qv3wIcwH1lYFepVA6my8OTqmA7ru4eSgmUCBMbjiIpwLD77aoV6C5YL9 DNOKbwS5Rmypb+Jo3icMgPRA9RpC5xZsZdRFsJ5hDEfBRHg8EocXuEAXZNbgvL6f xGQqzUB/+s25T+RAdd0ihEOhxgugOd3JgvxadT5uCWZh3TnUAm2FiU7/fDdizASm tuooOriuujJkoCIRw6K/CO9chV9gMNcX7njz5teSIiUtHUslK5p3HXw9b+CBGvQg ==
X-ME-Sender: <xms:SKfUWijFo-VOYQfte_urVk7hgeBJ9OXA-VxMLbtSEGzGDDqjapwA9g>
Received: from Russ (162-229-180-77.lightspeed.rlghnc.sbcglobal.net [162.229.180.77]) by mail.messagingengine.com (Postfix) with ESMTPA id C6CE5E46C2; Mon, 16 Apr 2018 09:38:15 -0400 (EDT)
From: Russ White <russ@riw.us>
To: 'Jeffrey Haas' <jhaas@pfrc.org>, 'Richard Barnes' <rlb@ipv.sx>
Cc: 'Christian Huitema' <huitema@huitema.net>, 'Stewart Bryant' <stewart.bryant@gmail.com>, "'Acee Lindem (acee)'" <acee@cisco.com>, "'BRUNGARD, DEBORAH A'" <db3546@att.com>, 'secdir' <secdir@ietf.org>
References: <F64C10EAA68C8044B33656FA214632C8882C74A7@MISOUT7MSGUSRDE.ITServices.sbc.com> <CAL02cgS9rZKVtZs4aRWJmaQj-anaSqYj8rn8roDdxP+JhBR++A@mail.gmail.com> <F64B6EFA-1CB3-454B-B827-B5886A723D36@pfrc.org> <d37721c3-8e78-6eb8-c0ae-ba0e57a623c3@huitema.net> <026301d3d4e4$380d8b00$a828a100$@riw.us> <209F0EB5-AC41-4D00-8FE6-755802946061@pfrc.org> <CAL02cgTOOVXUXmvoE4JK97i8EeYnHevk4V9ecTepGLcB1YA-2w@mail.gmail.com> <2AD240AE-DF39-4D76-8D6B-BB8AADC6C267@pfrc.org>
In-Reply-To: <2AD240AE-DF39-4D76-8D6B-BB8AADC6C267@pfrc.org>
Date: Mon, 16 Apr 2018 09:38:13 -0400
Message-ID: <024301d3d588$2b8ac6a0$82a053e0$@riw.us>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQIXNZBmczwARyMumKcTrqeA3r6qigBoV+JkAj23bD0BpoR9wQIJ7MVDAPbXNGkCu5yi3gFoqwE4oyEKrQA=
Content-Language: en-us
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/QR4y_IYEDoD0uGRzM0bEW5lksIg>
Subject: Re: [secdir] New Routing Area Security Design Team
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Apr 2018 13:38:19 -0000
> - The fact that you can intentionally mis-represent the path an UPDATE > traverses either accidentally as part of normal prepending operations or > maliciously in an attempt to cause traffic to be misrouted. bgpsec was crafted > to address this issue in conjunction with the RPKI. And this is where we get into trouble -- because, IMHO. BGPSEC, beyond being undeployable, either fails to provide meaningful security and/or makes the problem worse. This isn't just a crypto problem, this is a structural problem with the solution itself. The IETF's focus on BGPSEC as "the only right solution" has caused many in the community to stop looking to the IETF for leadership in solving this problem. At least some folks in the community are looking at other solutions to this problem in a way that intentionally _avoids_ any sort of "deep" interaction with the IETF because of the rut the IETF is in. Until the IETF starts listening to folks beyond BGPSEC supporters, and rethinks what needs to be solved, the IETF will continue to play essentially no role in moving any solution for this problem forward. Hint: ensuring the "proper operation of BGP" is not a good starting point. > What is an open issue is the one that originally brought Stewart to > saag: The MPLS protocols are in need of a transport security upgrade. > As part of that headache, we want to try to get boilerplate and process in > place so that the next time someone needs to either invent a new protocol or > upgrade an existing one, we stop making routing experts who are security > n00bs go through a dance they don't know the steps to. Correct -- this is the problem this design team is attempting to address. It is not that routing folk don't think the BGP problem isn't a problem, it is that the IETF is not a useful place for discussing this problem. Perhaps it will be in the future, but right now there is no hope of having a reasoned, reasonable, and productive discussion on this topic. 😊 Russ
- [secdir] New Routing Area Security Design Team BRUNGARD, DEBORAH A
- Re: [secdir] New Routing Area Security Design Team Richard Barnes
- Re: [secdir] New Routing Area Security Design Team Acee Lindem (acee)
- Re: [secdir] New Routing Area Security Design Team Richard Barnes
- Re: [secdir] New Routing Area Security Design Team BRUNGARD, DEBORAH A
- Re: [secdir] New Routing Area Security Design Team Jeffrey Haas
- Re: [secdir] New Routing Area Security Design Team Christian Huitema
- Re: [secdir] New Routing Area Security Design Team Russ White
- Re: [secdir] New Routing Area Security Design Team Jeffrey Haas
- Re: [secdir] New Routing Area Security Design Team Richard Barnes
- Re: [secdir] New Routing Area Security Design Team Jeffrey Haas
- Re: [secdir] New Routing Area Security Design Team Russ White
- Re: [secdir] New Routing Area Security Design Team Richard Barnes
- Re: [secdir] New Routing Area Security Design Team Jeffrey Haas
- Re: [secdir] New Routing Area Security Design Team Sean Turner
- Re: [secdir] New Routing Area Security Design Team Jeffrey Haas
- Re: [secdir] New Routing Area Security Design Team Christian Huitema
- Re: [secdir] New Routing Area Security Design Team Richard Barnes
- Re: [secdir] New Routing Area Security Design Team Richard Barnes
- Re: [secdir] New Routing Area Security Design Team Jeffrey Haas