IETF Logo Mail Archive

Re: [sidr] BGPSec scaling (was RE: beacons and bgpsec)

"t.petch" <ietfc@btconnect.com> Wed, 07 September 2011 16:28 UTC

Return-Path: <ietfc@btconnect.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B4FD621F8B84 for <sidr@ietfa.amsl.com>; Wed, 7 Sep 2011 09:28:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.462
X-Spam-Level:
X-Spam-Status: No, score=-2.462 tagged_above=-999 required=5 tests=[AWL=0.137, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d+QFj4YW4S3N for <sidr@ietfa.amsl.com>; Wed, 7 Sep 2011 09:28:23 -0700 (PDT)
Received: from mail.btconnect.com (c2bthomr09.btconnect.com [213.123.20.127]) by ietfa.amsl.com (Postfix) with ESMTP id C628721F8B70 for <sidr@ietf.org>; Wed, 7 Sep 2011 09:28:22 -0700 (PDT)
Received: from host109-153-79-81.range109-153.btcentralplus.com (HELO pc6) ([109.153.79.81]) by c2bthomr09.btconnect.com with SMTP id EIP35085; Wed, 07 Sep 2011 17:30:07 +0100 (BST)
Message-ID: <004401cc6d72$78cb7200$4001a8c0@gateway.2wire.net>
From: "t.petch" <ietfc@btconnect.com>
To: Rob Shakir <rjs@rob.sh>, Jakob Heitz <jakob.heitz@ericsson.com>
References: <A37CADA4-F16D-4C01-8D9C-D01001C4EFE4@tcb.net><21C19DA8-7BF3-4832-8C13-C9A45FE026FB@algebras.org><87D9E106-2A37-4E1E-8C69-7084C199A3FE@tcb.net><331AEFBD-6AE5-469E-A11E-E672DC61DCDC@pobox.com><B92913D1-AB82-4D9F-B8A9-F8F4F99713D6@tcb.net><p06240803ca685bff5443@[128.89.89.43]><D6D12861-412E-4A65-B626-B627449981B8@tcb.net><34E4F50CAFA10349A41E0756550084FB0C2ED5A4@PRVPEXVS04.corp.twcable.com><7B321CF0-ABE6-4FCD-B755-8099BB63399A@rob.sh><5E9BE75F-C0A6-4B48-B15F-7E0B80EFE981@ericsson.com> <D8AAA3B0-B4B8-47D5-A40B-B91049C2B5DB@rob.sh>
Date: Wed, 07 Sep 2011 17:26:06 +0200
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-Mirapoint-IP-Reputation: reputation=Fair-1, source=Queried, refid=tid=0001.0A0B0303.4E679C0F.003E, actions=tag
X-Junkmail-Premium-Raw: score=7/50, refid=2.7.2:2011.9.7.152714:17:7.586, ip=109.153.79.81, rules=__HAS_MSGID, __OUTLOOK_MSGID_1, __SANE_MSGID, __TO_MALFORMED_2, __BOUNCE_CHALLENGE_SUBJ, __BOUNCE_NDR_SUBJ_EXEMPT, __MIME_VERSION, __CT, CT_TP_8859_1, __CT_TEXT_PLAIN, __CTE, __HAS_X_PRIORITY, __HAS_MSMAIL_PRI, __HAS_X_MAILER, USER_AGENT_OE, __OUTLOOK_MUA_1, __USER_AGENT_MS_GENERIC, __ANY_URI, __URI_NO_PATH, BODYTEXTP_SIZE_3000_LESS, BODY_SIZE_2000_2999, __MIME_TEXT_ONLY, RDNS_GENERIC_POOLED, BODY_SIZE_5000_LESS, RDNS_SUSP_GENERIC, __OUTLOOK_MUA, RDNS_SUSP, BODY_SIZE_7000_LESS
X-Junkmail-Status: score=10/50, host=c2bthomr09.btconnect.com
X-Junkmail-Signature-Raw: score=unknown, refid=str=0001.0A0B0207.4E679C10.01DD, ss=1, fgs=0, ip=0.0.0.0, so=2010-07-22 22:03:31, dmn=2009-09-10 00:05:08, mode=multiengine
X-Junkmail-IWF: false
Cc: sidr wg list <sidr@ietf.org>
Subject: Re: [sidr] BGPSec scaling (was RE: beacons and bgpsec)
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Sep 2011 16:28:23 -0000

----- Original Message -----
From: "Rob Shakir" <rjs@rob.sh>
To: "Jakob Heitz" <jakob.heitz@ericsson.com>
Cc: "sidr wg list" <sidr@ietf.org>
Sent: Wednesday, September 07, 2011 4:48 PM
>
> On 7 Sep 2011, at 14:12, Jakob Heitz wrote:
>
> > While a router that performs BGPSEC may not be more expensive in 5 years
than one that does not today, that is not relevant. A router that performs
BGPSEC in 5 years will most definitely cost more to produce as well as cost more
to run than a router that does not perform BGPSEC in 5 years.
> >
> > So, a question for you Rob. Will your customers pay the premium for BGP
security?
>
> Hi Jakob,
>
> This is of course an interesting question - which comes down to the question
of whether the threats that are being addressed by bgpsec are common-place. I
definitely have customers that would pay a premium to mitigate this as a DoS
vector, or malicious interception mechanism, but equally, have customers who
would not, based on their current experience.
>
> From what I have seen of the demand for origin validation at the current time,
I would say that my personal opinion (and no dataset to support this, sorry) is
that any willingness to pay a premium will grow relatively slowly. As such, this
makes the point about trying to ensure that we have a deployable protocol that
attempts to represent the smallest step change it can in terms of computational
requirements more important to me - since this will mean that it is easier to
begin deploying, and meeting the demand.
>

My own experience of promoting security (and for that matter resilience) is that
very few organisations are willing to spend until after disaster strikes.  And
when that happens, anyone without a solution ready is in trouble, so the onus on
us is to have specified a viable solution, the implementation of which is as
cheap as possible but no cheaper.  Then, when the evil empires turn to Internet
routing, as opposed to, say, e-mail, at least we can say that we did our part to
prevent it.

Promoting new functionality that turns straightaway into more revenue is the
easy part and it is rare for security to come in that category.

Tom Petch

> Kind regards,
> r.
> _______________________________________________
> sidr mailing list
> sidr@ietf.org
> https://www.ietf.org/mailman/listinfo/sidr

v2.23.0 | Report a Bug | By Email