Re: [sidr] draft-sriram-bgpsec-design-choices-00 -- IXP and Route Server
"Sriram, Kotikalapudi" <kotikalapudi.sriram@nist.gov> Fri, 08 July 2011 23:27 UTC
Return-Path: <kotikalapudi.sriram@nist.gov>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F416B21F8ABC for <sidr@ietfa.amsl.com>; Fri, 8 Jul 2011 16:27:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MWpoi7nzSUb5 for <sidr@ietfa.amsl.com>; Fri, 8 Jul 2011 16:27:02 -0700 (PDT)
Received: from wsget1.nist.gov (wsget1.nist.gov [129.6.13.150]) by ietfa.amsl.com (Postfix) with ESMTP id 3D00D21F8A91 for <sidr@ietf.org>; Fri, 8 Jul 2011 16:27:01 -0700 (PDT)
Received: from WSXGHUB1.xchange.nist.gov (129.6.18.96) by wsget1.nist.gov (129.6.13.150) with Microsoft SMTP Server (TLS) id 14.1.323.0; Fri, 8 Jul 2011 19:26:25 -0400
Received: from MBCLUSTER.xchange.nist.gov ([fe80::d479:3188:aec0:cb66]) by WSXGHUB1.xchange.nist.gov ([129.6.18.96]) with mapi; Fri, 8 Jul 2011 19:26:40 -0400
From: "Sriram, Kotikalapudi" <kotikalapudi.sriram@nist.gov>
To: Sandra Murphy <Sandra.Murphy@sparta.com>, Chris Hall <chris.hall@highwayman.com>
Date: Fri, 08 Jul 2011 19:26:38 -0400
Thread-Topic: [sidr] draft-sriram-bgpsec-design-choices-00 -- IXP and Route Server
Thread-Index: Acw9pWzKq/QwlyNIRImAxQJr5R8gbAAHaG5A
Message-ID: <D7A0423E5E193F40BE6E94126930C4930879E9BDD3@MBCLUSTER.xchange.nist.gov>
References: <012601cc3d54$8f07c4e0$ad174ea0$@highwayman.com> <m2y609kptw.wl%randy@psg.com> <014001cc3d74$319571c0$94c05540$@highwayman.com> <m2pqlklw3v.wl%randy@psg.com> <014a01cc3d7f$6312f730$2938e590$@highwayman.com> <m2oc14ljh7.wl%randy@psg.com> <017d01cc3da0$9f8cd390$dea67ab0$@highwayman.com> <Pine.WNT.4.64.1107081506110.1536@SMURPHY-LT.columbia.ads.sparta.com>
In-Reply-To: <Pine.WNT.4.64.1107081506110.1536@SMURPHY-LT.columbia.ads.sparta.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Cc: 'sidr wg list' <sidr@ietf.org>
Subject: Re: [sidr] draft-sriram-bgpsec-design-choices-00 -- IXP and Route Server
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Jul 2011 23:27:03 -0000
Sandy's observations are correct. Further, the topic of Section 6.6 cannot be either "accepted" or "rejected" as a matter of BGPSEC protocol specification. It is merely a statement that _outside_of_the_BGPSEC_protocol_specification_, any two consenting ASes can have this private arrangement. Section 6.6 clearly notes thus: "This is a private arrangement between said parties and is invisible to other ASes. Thus, this arrangement is not part of the BGPSEC protocol specification." http://tools.ietf.org/html/draft-sriram-bgpsec-design-choices-00#section-6.6 Sriram > -----Original Message----- > From: sidr-bounces@ietf.org [mailto:sidr-bounces@ietf.org] On Behalf Of Sandra Murphy > Sent: Friday, July 08, 2011 3:30 PM > To: Chris Hall > Cc: 'sidr wg list' > Subject: Re: [sidr] draft-sriram-bgpsec-design-choices-00 -- IXP and Route Server > > > > On Fri, 8 Jul 2011, Chris Hall wrote: > > > Randy Bush wrote (on Fri 08-Jul-2011 at 19:24 +0100): > > .... > >>> This is what "6.6 Proxy Signing" in > >>> draft-sriram-bgpsec-design-choices suggests, is it > >>> not ? Or does that blow the trust model to hell, > >>> also ? > > > >> it does indeed. that is why 6.6 was rejected. > > > > Ah. There I was, reading a draft of 5-Jul-2011 and thinking I was up > > to date :-( > > The previous section, 6.5, lists alternatives for handling stub ASs. > Note that alternative 2 is the same description as 6.6, but alternative 2 > was not the chosen alternative. That might be what Randy meant when he > said "rejected." > > Section 6.6 rightly notes that if an AS decided to share its private key > with another AS, no one outside the agreement could tell the difference. > > Therein lies the power and the danger of sharing private keys. > > --Sandy, regular ol' wg member > > > > > > OK. If the RS ASN is in the path, then nobody needs to depend on the > > integrity of the RS (however trustworthy one may expect them to be). > > I look forward to the ASN count mechanism appearing in the draft(s), > > and support for Route Servers making its way into the Requirements. > > > > Chris > > > > _______________________________________________ > > sidr mailing list > > sidr@ietf.org > > https://www.ietf.org/mailman/listinfo/sidr > > > _______________________________________________ > sidr mailing list > sidr@ietf.org > https://www.ietf.org/mailman/listinfo/sidr
- [sidr] draft-sriram-bgpsec-design-choices-00 -- I… Chris Hall
- Re: [sidr] draft-sriram-bgpsec-design-choices-00 … Randy Bush
- Re: [sidr] draft-sriram-bgpsec-design-choices-00 … Chris Hall
- Re: [sidr] draft-sriram-bgpsec-design-choices-00 … Randy Bush
- Re: [sidr] draft-sriram-bgpsec-design-choices-00 … Robert Raszuk
- Re: [sidr] draft-sriram-bgpsec-design-choices-00 … Chris Hall
- Re: [sidr] draft-sriram-bgpsec-design-choices-00 … Randy Bush
- Re: [sidr] draft-sriram-bgpsec-design-choices-00 … Chris Hall
- Re: [sidr] draft-sriram-bgpsec-design-choices-00 … Randy Bush
- Re: [sidr] draft-sriram-bgpsec-design-choices-00 … Randy Bush
- Re: [sidr] draft-sriram-bgpsec-design-choices-00 … Sandra Murphy
- [sidr] IXP and Route Server and Next Hop transpar… Robert Raszuk
- Re: [sidr] draft-sriram-bgpsec-design-choices-00 … Sriram, Kotikalapudi
- Re: [sidr] draft-sriram-bgpsec-design-choices-00 … Chris Hall
- Re: [sidr] draft-sriram-bgpsec-design-choices-00 … Sriram, Kotikalapudi
- Re: [sidr] IXP and Route Server and Next Hop tran… Randy Bush
- Re: [sidr] draft-sriram-bgpsec-design-choices-00 … Roque Gagliano
- Re: [sidr] IXP and Route Server and Next Hop tran… Sandra Murphy
- Re: [sidr] IXP and Route Server and Next Hop tran… Robert Raszuk
- Re: [sidr] draft-sriram-bgpsec-design-choices-00 … Chris Hall
- Re: [sidr] draft-sriram-bgpsec-design-choices-00 … Chris Hall