IETF Logo Mail Archive

Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2?

Joe Touch <touch@isi.edu> Thu, 28 April 2011 17:31 UTC

Return-Path: <touch@isi.edu>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 05DEFE06CE for <sidr@ietfa.amsl.com>; Thu, 28 Apr 2011 10:31:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.584
X-Spam-Level:
X-Spam-Status: No, score=-102.584 tagged_above=-999 required=5 tests=[AWL=-0.585, BAYES_00=-2.599, J_CHICKENPOX_15=0.6, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dnrrLNuA9of6 for <sidr@ietfa.amsl.com>; Thu, 28 Apr 2011 10:31:42 -0700 (PDT)
Received: from nitro.isi.edu (nitro.isi.edu [128.9.208.207]) by ietfa.amsl.com (Postfix) with ESMTP id A9C48E069A for <sidr@ietf.org>; Thu, 28 Apr 2011 10:31:42 -0700 (PDT)
Received: from [128.9.160.166] (abc.isi.edu [128.9.160.166]) (authenticated bits=0) by nitro.isi.edu (8.13.8/8.13.8) with ESMTP id p3SHV2R1026477 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NOT); Thu, 28 Apr 2011 10:31:03 -0700 (PDT)
Message-ID: <4DB9A456.3060709@isi.edu>
Date: Thu, 28 Apr 2011 10:31:02 -0700
From: Joe Touch <touch@isi.edu>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.15) Gecko/20110303 Thunderbird/3.1.9
MIME-Version: 1.0
To: "t.petch" <ietfc@btconnect.com>
References: <4DAF44AC.8060408@isi.edu><E3076C4C-F27C-40A8-A033-2EBB8C39A3D2@cisco.com><4DAF796C.7010807@isi.edu><BANLkTi=Oc-fEKOYCRQqM97wPxSSXjrdTRw@mail.gmail.com><409BDC5C-FE86-444A-BC0D-6DA00E7BF0F3@isi.edu> <BANLkTikLi2p7UipJ!TRSQqVOL6GkLn=j9iA@mail.gmail.com> <F0FABE61-FC1D-45ED-A21D-ED7A1228A997@isi.edu> <01eb01cc0325$6e4fd260$4001a8c0@gateway.2wire.net> <4DB592B3.3090805@isi.edu> <033e01cc05a8$0a82f160$4001a8c0@gateway.2wire.net>
In-Reply-To: <033e01cc05a8$0a82f160$4001a8c0@gateway.2wire.net>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-MailScanner-ID: p3SHV2R1026477
X-ISI-4-69-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Cc: sidr wg list <sidr@ietf.org>
Subject: Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2?
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Apr 2011 17:31:48 -0000

On 4/28/2011 6:27 AM, t.petch wrote:
> ----- Original Message -----
> From: "Joe Touch"<touch@isi.edu>
> To: "t.petch"<ietfc@btconnect.com>
> Cc: "Christopher Morrow"<morrowc.lists@gmail.com>; "sidr wg list"
> <sidr@ietf.org>
> Sent: Monday, April 25, 2011 5:26 PM
>
>> Hi, Tom,
>>
>> On 4/25/2011 1:47 AM, t.petch wrote:
>> ....
>>> I think that the point is not that it is or is not a BGP connection
>>> but that security for BGP was predicated on the assumption that
>>> the TCP connection would be short in terms of hops, ie none,
>>> and it was that that made a less stringent approach to security
>>> acceptable, one that would not be acceptable for an Internet
>>> wide access for - say - a Web site.
>>
>> Hopcount security, i.e., GTSM (RFC 3682) is not at all related to TCP-AO.
>
> Understood; I was thinking of RFC4278 which calls out the unusual nature of
> BGP sessions and the impact on security requirements.

That document explains why TCP MD5 was considered appropriate for BGP, 
given the variance in the maturity level of the standards of the two docs.

TCP-AO has no such assertions or qualifications. It is a general purpose 
mechanism that includes some properties useful for BGP, but that are 
also very relevant to exchanges between clients and caches as well.

> I am familiar with TCP-AO from the TCPM list, but am not enough of a
> cryptanalyst to know whether or not it is appropriate for rpki-rtr.
>
> By contrast, I have seen SSH and TLS discussed much more extensively
> on their lists and have been part of the pain of adding them to syslog and
> SNMP.
>
> And I do not know where these rpki-rtr sessions will go to and from but
> suspect that they will not be BGP-like.

BGP-like presumably means:
	- long lived
	- between known endpoints
	- over short IP hops

Of these, only "long lived" had any impact on the TCP-AO design.

Of these, any can be relevant to rpki-rtr sessions, from the traffic 
I've seen on this list.

Keying is another relevant issue; configuration of SSH and TLS for 
pre-shared keys is different than for TCP MD5 (and TCP-AO, which uses 
similar master keys), and not the typical case.

My point is that TCP-AO wasn't designed for BGP; it was designed as a 
general purpose mechanism.

Joe

v2.23.0 | Report a Bug | By Email