IETF Logo Mail Archive

Re: [sidr] draft-sriram-bgpsec-design-choices-00 -- IXP and Route Server

"Sriram, Kotikalapudi" <kotikalapudi.sriram@nist.gov> Fri, 08 July 2011 23:27 UTC

Return-Path: <kotikalapudi.sriram@nist.gov>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F416B21F8ABC for <sidr@ietfa.amsl.com>; Fri, 8 Jul 2011 16:27:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MWpoi7nzSUb5 for <sidr@ietfa.amsl.com>; Fri, 8 Jul 2011 16:27:02 -0700 (PDT)
Received: from wsget1.nist.gov (wsget1.nist.gov [129.6.13.150]) by ietfa.amsl.com (Postfix) with ESMTP id 3D00D21F8A91 for <sidr@ietf.org>; Fri, 8 Jul 2011 16:27:01 -0700 (PDT)
Received: from WSXGHUB1.xchange.nist.gov (129.6.18.96) by wsget1.nist.gov (129.6.13.150) with Microsoft SMTP Server (TLS) id 14.1.323.0; Fri, 8 Jul 2011 19:26:25 -0400
Received: from MBCLUSTER.xchange.nist.gov ([fe80::d479:3188:aec0:cb66]) by WSXGHUB1.xchange.nist.gov ([129.6.18.96]) with mapi; Fri, 8 Jul 2011 19:26:40 -0400
From: "Sriram, Kotikalapudi" <kotikalapudi.sriram@nist.gov>
To: Sandra Murphy <Sandra.Murphy@sparta.com>, Chris Hall <chris.hall@highwayman.com>
Date: Fri, 08 Jul 2011 19:26:38 -0400
Thread-Topic: [sidr] draft-sriram-bgpsec-design-choices-00 -- IXP and Route Server
Thread-Index: Acw9pWzKq/QwlyNIRImAxQJr5R8gbAAHaG5A
Message-ID: <D7A0423E5E193F40BE6E94126930C4930879E9BDD3@MBCLUSTER.xchange.nist.gov>
References: <012601cc3d54$8f07c4e0$ad174ea0$@highwayman.com> <m2y609kptw.wl%randy@psg.com> <014001cc3d74$319571c0$94c05540$@highwayman.com> <m2pqlklw3v.wl%randy@psg.com> <014a01cc3d7f$6312f730$2938e590$@highwayman.com> <m2oc14ljh7.wl%randy@psg.com> <017d01cc3da0$9f8cd390$dea67ab0$@highwayman.com> <Pine.WNT.4.64.1107081506110.1536@SMURPHY-LT.columbia.ads.sparta.com>
In-Reply-To: <Pine.WNT.4.64.1107081506110.1536@SMURPHY-LT.columbia.ads.sparta.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Cc: 'sidr wg list' <sidr@ietf.org>
Subject: Re: [sidr] draft-sriram-bgpsec-design-choices-00 -- IXP and Route Server
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Jul 2011 23:27:03 -0000

Sandy's observations are correct.
Further, the topic of Section 6.6 cannot be either "accepted" or "rejected"
as a matter of BGPSEC protocol specification.
It is merely a statement that _outside_of_the_BGPSEC_protocol_specification_,
any two consenting ASes can have this private arrangement.
Section 6.6 clearly notes thus:   
"This is a private arrangement between said parties and is invisible to other ASes.  
Thus, this arrangement is not part of the BGPSEC protocol specification."
http://tools.ietf.org/html/draft-sriram-bgpsec-design-choices-00#section-6.6 

Sriram

> -----Original Message-----
> From: sidr-bounces@ietf.org [mailto:sidr-bounces@ietf.org] On Behalf Of Sandra Murphy
> Sent: Friday, July 08, 2011 3:30 PM
> To: Chris Hall
> Cc: 'sidr wg list'
> Subject: Re: [sidr] draft-sriram-bgpsec-design-choices-00 -- IXP and Route Server
> 
> 
> 
> On Fri, 8 Jul 2011, Chris Hall wrote:
> 
> > Randy Bush wrote (on Fri 08-Jul-2011 at 19:24 +0100):
> > ....
> >>> This is what "6.6 Proxy Signing" in
> >>> draft-sriram-bgpsec-design-choices suggests, is it
> >>> not ?  Or does that blow the trust model to hell,
> >>> also ?
> >
> >> it does indeed.  that is why 6.6 was rejected.
> >
> > Ah.  There I was, reading a draft of 5-Jul-2011 and thinking I was up
> > to date :-(
> 
> The previous section, 6.5, lists alternatives for handling stub ASs.
> Note that alternative 2 is the same description as 6.6, but alternative 2
> was not the chosen alternative.  That might be what Randy meant when he
> said "rejected."
> 
> Section 6.6 rightly notes that if an AS decided to share its private key
> with another AS, no one outside the agreement could tell the difference.
> 
> Therein lies the power and the danger of sharing private keys.
> 
> --Sandy, regular ol' wg member
> 
> 
> >
> > OK.  If the RS ASN is in the path, then nobody needs to depend on the
> > integrity of the RS (however trustworthy one may expect them to be).
> > I look forward to the ASN count mechanism appearing in the draft(s),
> > and support for Route Servers making its way into the Requirements.
> >
> > Chris
> >
> > _______________________________________________
> > sidr mailing list
> > sidr@ietf.org
> > https://www.ietf.org/mailman/listinfo/sidr
> >
> _______________________________________________
> sidr mailing list
> sidr@ietf.org
> https://www.ietf.org/mailman/listinfo/sidr

v2.23.0 | Report a Bug | By Email