Re: [sidr] I-D Action: draft-ietf-sidr-bgpsec-protocol-01.txt
Matt Lepinski <mlepinski@bbn.com> Tue, 01 November 2011 17:01 UTC
Return-Path: <mlepinski@bbn.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BA3FF21F8461 for <sidr@ietfa.amsl.com>; Tue, 1 Nov 2011 10:01:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KZXy9a6aqKGe for <sidr@ietfa.amsl.com>; Tue, 1 Nov 2011 10:01:34 -0700 (PDT)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.0.80]) by ietfa.amsl.com (Postfix) with ESMTP id CA3E721F844D for <sidr@ietf.org>; Tue, 1 Nov 2011 10:01:34 -0700 (PDT)
Received: from [128.89.255.45] (port=1354) by smtp.bbn.com with esmtps (TLSv1:CAMELLIA256-SHA:256) (Exim 4.74 (FreeBSD)) (envelope-from <mlepinski@bbn.com>) id 1RLHgE-000F6B-M3 for sidr@ietf.org; Tue, 01 Nov 2011 12:59:19 -0400
Message-ID: <4EB02586.5010101@bbn.com>
Date: Tue, 01 Nov 2011 12:59:50 -0400
From: Matt Lepinski <mlepinski@bbn.com>
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20110929 Thunderbird/7.0.1
MIME-Version: 1.0
To: sidr@ietf.org
References: <20111031193803.30761.81234.idtracker@ietfa.amsl.com>
In-Reply-To: <20111031193803.30761.81234.idtracker@ietfa.amsl.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: Re: [sidr] I-D Action: draft-ietf-sidr-bgpsec-protocol-01.txt
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Nov 2011 17:01:35 -0000
I have updated the BGPSEC protocol specification. At the SIDR meeting in Quebec, there was significant discussion about how BGPSEC could provide security of the AS-PATH attribute while still accommodating the needs of route servers that participate in BGP, but do not wish to increase the length of the AS-PATH attribute. The -01 version of the draft contains a mechanism (a field called pCount) which attempts to address this issue by having route servers create BGPSEC signatures without increasing the effective length of the AS-PATH attribute. I would greatly appreciate comments on this mechanism and whether it adequately addresses the issues raised at the last SIDR meeting and subsequently discussed on the list. There was has also been significant discussion on the SIDR list of the "Expire TIme" field in BGPSEC and the associated "Beacon-ing" (that is, periodic re-advertisement of a prefix with a new signature and a new Expire Time) as a mechanism to address replay attacks (as well as attacks where a malicious peer fails to propagate the withdrawal of a route). My understanding is that the consensus of the working group was that the current Expire Time mechanism is reasonable as long as re-advertisement is only required at the origin AS (and not at intermediate ASes). The current -01 version of the draft attempts to reflect that consensus. Finally, there are a number of small editorial changes that I believe will improve the clarity of the draft. Thanks again to everyone who has reviewed the document, feedback on how the text could be made more easily understandable is especially welcome. - Matt Lepinski On 10/31/2011 3:38 PM, internet-drafts@ietf.org wrote: > A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Secure Inter-Domain Routing Working Group of the IETF. > > Title : BGPSEC Protocol Specification > Author(s) : Matthew Lepinski > Filename : draft-ietf-sidr-bgpsec-protocol-01.txt > Pages : 28 > Date : 2011-10-31 > > This document describes BGPSEC, an extension to the Border Gateway > Protocol (BGP) that provides security for the AS-PATH attribute in > BGP update messages. BGPSEC is implemented via a new optional non- > transitive BGP path attribute that carries a digital signature > produced by each autonomous system on the AS-PATH. > > > > A URL for this Internet-Draft is: > http://www.ietf.org/internet-drafts/draft-ietf-sidr-bgpsec-protocol-01.txt > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > This Internet-Draft can be retrieved at: > ftp://ftp.ietf.org/internet-drafts/draft-ietf-sidr-bgpsec-protocol-01.txt > _______________________________________________ > sidr mailing list > sidr@ietf.org > https://www.ietf.org/mailman/listinfo/sidr >
- [sidr] I-D Action: draft-ietf-sidr-bgpsec-protoco… internet-drafts
- Re: [sidr] I-D Action: draft-ietf-sidr-bgpsec-pro… Matt Lepinski
- Re: [sidr] I-D Action: draft-ietf-sidr-bgpsec-pro… Danny McPherson
- Re: [sidr] I-D Action: draft-ietf-sidr-bgpsec-pro… Brian Dickson
- Re: [sidr] I-D Action: draft-ietf-sidr-bgpsec-pro… Randy Bush
- Re: [sidr] I-D Action: draft-ietf-sidr-bgpsec-pro… George, Wes
- [sidr] various Randy Bush
- Re: [sidr] various George, Wes
- Re: [sidr] various Randy Bush
- Re: [sidr] various George, Wes
- Re: [sidr] various Randy Bush
- Re: [sidr] various George, Wes
- Re: [sidr] various Danny McPherson
- Re: [sidr] various Randy Bush
- Re: [sidr] various Brian Dickson
- Re: [sidr] various George, Wes
- Re: [sidr] various Randy Bush
- Re: [sidr] various Brian Dickson
- Re: [sidr] various Randy Bush
- Re: [sidr] various Brian Dickson