Re: [sidr] BGPSec scaling (was RE: beacons and bgpsec)
"t.petch" <ietfc@btconnect.com> Wed, 07 September 2011 16:28 UTC
Return-Path: <ietfc@btconnect.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B4FD621F8B84 for <sidr@ietfa.amsl.com>; Wed, 7 Sep 2011 09:28:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.462
X-Spam-Level:
X-Spam-Status: No, score=-2.462 tagged_above=-999 required=5 tests=[AWL=0.137, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d+QFj4YW4S3N for <sidr@ietfa.amsl.com>; Wed, 7 Sep 2011 09:28:23 -0700 (PDT)
Received: from mail.btconnect.com (c2bthomr09.btconnect.com [213.123.20.127]) by ietfa.amsl.com (Postfix) with ESMTP id C628721F8B70 for <sidr@ietf.org>; Wed, 7 Sep 2011 09:28:22 -0700 (PDT)
Received: from host109-153-79-81.range109-153.btcentralplus.com (HELO pc6) ([109.153.79.81]) by c2bthomr09.btconnect.com with SMTP id EIP35085; Wed, 07 Sep 2011 17:30:07 +0100 (BST)
Message-ID: <004401cc6d72$78cb7200$4001a8c0@gateway.2wire.net>
From: "t.petch" <ietfc@btconnect.com>
To: Rob Shakir <rjs@rob.sh>, Jakob Heitz <jakob.heitz@ericsson.com>
References: <A37CADA4-F16D-4C01-8D9C-D01001C4EFE4@tcb.net><21C19DA8-7BF3-4832-8C13-C9A45FE026FB@algebras.org><87D9E106-2A37-4E1E-8C69-7084C199A3FE@tcb.net><331AEFBD-6AE5-469E-A11E-E672DC61DCDC@pobox.com><B92913D1-AB82-4D9F-B8A9-F8F4F99713D6@tcb.net><p06240803ca685bff5443@[128.89.89.43]><D6D12861-412E-4A65-B626-B627449981B8@tcb.net><34E4F50CAFA10349A41E0756550084FB0C2ED5A4@PRVPEXVS04.corp.twcable.com><7B321CF0-ABE6-4FCD-B755-8099BB63399A@rob.sh><5E9BE75F-C0A6-4B48-B15F-7E0B80EFE981@ericsson.com> <D8AAA3B0-B4B8-47D5-A40B-B91049C2B5DB@rob.sh>
Date: Wed, 07 Sep 2011 17:26:06 +0200
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-Mirapoint-IP-Reputation: reputation=Fair-1, source=Queried, refid=tid=0001.0A0B0303.4E679C0F.003E, actions=tag
X-Junkmail-Premium-Raw: score=7/50, refid=2.7.2:2011.9.7.152714:17:7.586, ip=109.153.79.81, rules=__HAS_MSGID, __OUTLOOK_MSGID_1, __SANE_MSGID, __TO_MALFORMED_2, __BOUNCE_CHALLENGE_SUBJ, __BOUNCE_NDR_SUBJ_EXEMPT, __MIME_VERSION, __CT, CT_TP_8859_1, __CT_TEXT_PLAIN, __CTE, __HAS_X_PRIORITY, __HAS_MSMAIL_PRI, __HAS_X_MAILER, USER_AGENT_OE, __OUTLOOK_MUA_1, __USER_AGENT_MS_GENERIC, __ANY_URI, __URI_NO_PATH, BODYTEXTP_SIZE_3000_LESS, BODY_SIZE_2000_2999, __MIME_TEXT_ONLY, RDNS_GENERIC_POOLED, BODY_SIZE_5000_LESS, RDNS_SUSP_GENERIC, __OUTLOOK_MUA, RDNS_SUSP, BODY_SIZE_7000_LESS
X-Junkmail-Status: score=10/50, host=c2bthomr09.btconnect.com
X-Junkmail-Signature-Raw: score=unknown, refid=str=0001.0A0B0207.4E679C10.01DD, ss=1, fgs=0, ip=0.0.0.0, so=2010-07-22 22:03:31, dmn=2009-09-10 00:05:08, mode=multiengine
X-Junkmail-IWF: false
Cc: sidr wg list <sidr@ietf.org>
Subject: Re: [sidr] BGPSec scaling (was RE: beacons and bgpsec)
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Sep 2011 16:28:23 -0000
----- Original Message ----- From: "Rob Shakir" <rjs@rob.sh> To: "Jakob Heitz" <jakob.heitz@ericsson.com> Cc: "sidr wg list" <sidr@ietf.org> Sent: Wednesday, September 07, 2011 4:48 PM > > On 7 Sep 2011, at 14:12, Jakob Heitz wrote: > > > While a router that performs BGPSEC may not be more expensive in 5 years than one that does not today, that is not relevant. A router that performs BGPSEC in 5 years will most definitely cost more to produce as well as cost more to run than a router that does not perform BGPSEC in 5 years. > > > > So, a question for you Rob. Will your customers pay the premium for BGP security? > > Hi Jakob, > > This is of course an interesting question - which comes down to the question of whether the threats that are being addressed by bgpsec are common-place. I definitely have customers that would pay a premium to mitigate this as a DoS vector, or malicious interception mechanism, but equally, have customers who would not, based on their current experience. > > From what I have seen of the demand for origin validation at the current time, I would say that my personal opinion (and no dataset to support this, sorry) is that any willingness to pay a premium will grow relatively slowly. As such, this makes the point about trying to ensure that we have a deployable protocol that attempts to represent the smallest step change it can in terms of computational requirements more important to me - since this will mean that it is easier to begin deploying, and meeting the demand. > My own experience of promoting security (and for that matter resilience) is that very few organisations are willing to spend until after disaster strikes. And when that happens, anyone without a solution ready is in trouble, so the onus on us is to have specified a viable solution, the implementation of which is as cheap as possible but no cheaper. Then, when the evil empires turn to Internet routing, as opposed to, say, e-mail, at least we can say that we did our part to prevent it. Promoting new functionality that turns straightaway into more revenue is the easy part and it is rare for security to come in that category. Tom Petch > Kind regards, > r. > _______________________________________________ > sidr mailing list > sidr@ietf.org > https://www.ietf.org/mailman/listinfo/sidr
- [sidr] beacons and bgpsec Danny McPherson
- Re: [sidr] beacons and bgpsec George Michaelson
- Re: [sidr] beacons and bgpsec Danny McPherson
- Re: [sidr] beacons and bgpsec George Michaelson
- Re: [sidr] beacons and bgpsec Danny McPherson
- Re: [sidr] beacons and bgpsec George Michaelson
- Re: [sidr] beacons and bgpsec Randy Bush
- Re: [sidr] beacons and bgpsec Danny McPherson
- Re: [sidr] beacons and bgpsec Paul Hoffman
- Re: [sidr] beacons and bgpsec Danny McPherson
- Re: [sidr] beacons and bgpsec Montgomery, Douglas
- Re: [sidr] beacons and bgpsec Jakob Heitz
- Re: [sidr] beacons and bgpsec Stephen Kent
- Re: [sidr] beacons and bgpsec Stephen Kent
- Re: [sidr] beacons and bgpsec Sandra Murphy
- Re: [sidr] beacons and bgpsec Sandra Murphy
- Re: [sidr] beacons and bgpsec Stephen Kent
- Re: [sidr] beacons and bgpsec Danny McPherson
- Re: [sidr] beacons and bgpsec Jakob Heitz
- Re: [sidr] beacons and bgpsec Sandra Murphy
- Re: [sidr] beacons and bgpsec Jakob Heitz
- Re: [sidr] beacons and bgpsec Geoff Huston
- [sidr] BGPSec scaling (was RE: beacons and bgpsec) George, Wesley
- Re: [sidr] BGPSec scaling (was RE: beacons and bg… Rob Shakir
- Re: [sidr] BGPSec scaling (was RE: beacons and bg… Jakob Heitz
- Re: [sidr] BGPSec scaling (was RE: beacons and bg… Randy Bush
- Re: [sidr] BGPSec scaling (was RE: beacons and bg… Rob Shakir
- Re: [sidr] BGPSec scaling (was RE: beacons and bg… George, Wesley
- Re: [sidr] BGPSec scaling (was RE: beacons and bg… t.petch
- Re: [sidr] BGPSec scaling (was RE: beacons and bg… George, Wesley
- Re: [sidr] BGPSec scaling (was RE: beacons and bg… Smith, Donald
- Re: [sidr] BGPSec scaling (was RE: beacons and bg… Robert Raszuk
- Re: [sidr] BGPSec scaling (was RE: beacons and bg… Sriram, Kotikalapudi
- Re: [sidr] BGPSec scaling (was RE: beacons and bg… Shane Amante
- Re: [sidr] BGPSec scaling (was RE: beacons and bg… t.petch
- Re: [sidr] BGPSec scaling (was RE: beacons and bg… Rob Shakir
- Re: [sidr] BGPSec scaling (was RE: beacons and bg… George, Wesley
- Re: [sidr] BGPSec scaling (was RE: beacons and bg… Jakob Heitz
- Re: [sidr] BGPSec scaling (was RE: beacons and bg… Robert Raszuk
- Re: [sidr] BGPSec scaling (was RE: beacons and bg… Sriram, Kotikalapudi
- Re: [sidr] BGPSec scaling (was RE: beacons and bg… Sriram, Kotikalapudi
- Re: [sidr] BGPSec scaling (was RE: beacons and bg… Randy Bush
- Re: [sidr] BGPSec scaling (was RE: beacons and bg… Russ White
- Re: [sidr] BGPSec scaling (was RE: beacons and bg… Randy Bush
- Re: [sidr] BGPSec scaling (was RE: beacons and bg… Russ White
- Re: [sidr] BGPSec scaling (was RE: beacons and bg… Randy Bush
- Re: [sidr] BGPSec scaling (was RE: beacons and bg… Jakob Heitz
- Re: [sidr] BGPSec scaling (was RE: beacons and bg… Russ White
- Re: [sidr] BGPSec scaling (was RE: beacons and bg… Christopher Morrow
- Re: [sidr] BGPSec scaling (was RE: beacons and bg… Randy Bush
- Re: [sidr] BGPSec scaling (was RE: beacons and bg… Jakob Heitz
- Re: [sidr] BGPSec scaling (was RE: beacons and bg… Randy Bush
- Re: [sidr] BGPSec scaling (was RE: beacons and bg… Sriram, Kotikalapudi
- Re: [sidr] BGPSec scaling (was RE: beacons and bg… Sriram, Kotikalapudi
- Re: [sidr] BGPSec scaling (was RE: beacons and bg… Sriram, Kotikalapudi
- Re: [sidr] BGPSec scaling (was RE: beacons and bg… George, Wesley
- Re: [sidr] BGPSec scaling (was RE: beacons and bg… Randy Bush
- Re: [sidr] BGPSec scaling (was RE: beacons and bg… George, Wesley
- Re: [sidr] BGPSec scaling (was RE: beacons and bg… Jakob Heitz
- Re: [sidr] BGPSec scaling (was RE: beacons and bg… Randy Bush
- Re: [sidr] BGPSec scaling (was RE: beacons and bg… Robert Raszuk
- Re: [sidr] BGPSec scaling (was RE: beacons and bg… George, Wesley
- Re: [sidr] BGPSec scaling (was RE: beacons and bg… Christopher Morrow
- Re: [sidr] BGPSec scaling (was RE: beacons and bg… Rob Shakir