Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs
Randy Bush <randy@psg.com> Tue, 20 May 2014 14:38 UTC
Return-Path: <randy@psg.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2ADF81A0468 for <sidr@ietfa.amsl.com>; Tue, 20 May 2014 07:38:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.551
X-Spam-Level:
X-Spam-Status: No, score=-2.551 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.651] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LW0p0oIWVfJU for <sidr@ietfa.amsl.com>; Tue, 20 May 2014 07:38:30 -0700 (PDT)
Received: from ran.psg.com (ran.psg.com [IPv6:2001:418:8006::18]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 96C9F1A034A for <sidr@ietf.org>; Tue, 20 May 2014 07:38:30 -0700 (PDT)
Received: from localhost ([127.0.0.1] helo=ryuu.psg.com.psg.com) by ran.psg.com with esmtp (Exim 4.76) (envelope-from <randy@psg.com>) id 1WmlBT-00079g-P9; Tue, 20 May 2014 14:38:28 +0000
Date: Tue, 20 May 2014 17:38:26 +0300
Message-ID: <m2zjiccy71.wl%randy@psg.com>
From: Randy Bush <randy@psg.com>
To: Christopher Morrow <morrowc.lists@gmail.com>
In-Reply-To: <CAL9jLaa+fM9WDQOpbszZPZqducSaFUbhF_d4S1Ntg0P3gvG+1Q@mail.gmail.com>
References: <52D072F6.9030304@ops-netman.net> <52D0A0AC.5040903@ops-netman.net> <CF07E61E.AF86%wesley.george@twcable.com> <m238kcea01.wl%randy@psg.com> <CF0BE8F1.B1BE%wesley.george@twcable.com> <m2a9ehjto3.wl%randy@psg.com> <52E92B20.9060505@bbn.com> <CAL9jLaapjPL0_OU8-L0U5BiLXPPoEhkCZym=7R_qDDLSobKVjA@mail.gmail.com> <m2iosq8f9e.wl%randy@psg.com> <CAL9jLab5=JNbPRMji7xWWCR_+QLRpbguShU7K_Uu56jYxKymZw@mail.gmail.com> <m2vbucdkqi.wl%randy@psg.com> <CAL9jLaYeqtqf9ewN=A7Zxnx6xRGxV=64_TyX3NLgWUt237tCkg@mail.gmail.com> <m2ioqbed03.wl%randy@psg.com> <F415D68C-DC4B-4DA1-9DC8-FB4CB06558B9@cisco.com> <m2bnvcgouf.wl%randy@psg.com> <CAL9jLaasqgPv4SsEw5+0iPXhVub0fNc7Cw0G0fZ_PADmfLDTuA@mail.gmail.com> <m28uqggnel.wl%randy@psg.com> <m2bnuseevv.wl%randy@psg.com> <CAL9jLaa+fM9WDQOpbszZPZqducSaFUbhF_d4S1Ntg0P3gvG+1Q@mail.gmail.com>
User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/22.3 Mule/5.0 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.7 - "Harue")
Content-Type: text/plain; charset="US-ASCII"
Archived-At: http://mailarchive.ietf.org/arch/msg/sidr/8HKJcsrBRtZRiNmXOMLSz7my8Qc
Cc: sidr wg list <sidr@ietf.org>
Subject: Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 May 2014 14:38:32 -0000
> i didn't update the tracker... (i hadn't ever in the past). uh, that is between you and the datawhacker > Did we circle down on an answer for the leak/persay language that > everyone's happy with? If so I'd like to push out a pub request today. as far as i am aware, there is no issue with leak language. we got past folk looking up 'per se' in their dictionaries. the one open issue is >>>>> 3.14 While the trust level of a route should be determined by the >>>>> BGPsec protocol, local routing preference and policy MUST then >>>>> be applied to best path and other routing decisions. Such >>>>> mechanisms SHOULD conform with [I-D.ietf-sidr-ltamgmt]. >>>>> ... >>>>> 3.17 If a BGPsec design makes use of a security infrastructure, that >>>>> infrastructure SHOULD enable each network operator to select >>>>> the entities it will trust when authenticating data in the >>>>> security infrastructure. See, for example, >>>>> [I-D.ietf-sidr-ltamgmt]. >>> >>> What about adding that "the connection to this security infrastructure >>> MUST be through a secure channel"? > > it's done via rcynic and/or rpki-to-rtr, right? depending on where in > the process you are... presuming the process looks like: > publication-point - gatherer - cache - router > (rcynic) (rcynic) (rpki-rtr) apologies to roque. some external data were indeed what was meant (an rpki-like thing is an example), and was inteneded by "security infrastructure." the authenticity of those data is an issue. we might say so in sec cons. and i am waiting for wglc to close so i can make the hack once. randy
- [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Christopher Morrow
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Danny McPherson
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Shane Amante
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs George, Wes
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Stephen Kent
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Danny McPherson
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Stephen Kent
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Eric Osterweil
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Christopher Morrow
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Sriram, Kotikalapudi
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Russ White
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Randy Bush
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Russ White
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Randy Bush
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Randy Bush
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Jakob Heitz
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Sriram, Kotikalapudi
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Eric Osterweil
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Danny McPherson
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Danny McPherson
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Christopher Morrow
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Eric Osterweil
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Jakob Heitz
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Brian Dickson
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Christopher Morrow
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Danny McPherson
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Christopher Morrow
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Sriram, Kotikalapudi
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Danny McPherson
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Eric Osterweil
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Brian Dickson
- [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Chris Morrow
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Sriram, Kotikalapudi
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Warren Kumari
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Keyur Patel (keyupate)
- [sidr] Another potential DOS attack on RP softwar… Demian Rosenkranz
- Re: [sidr] Another potential DOS attack on RP sof… Tim Bruijnzeels
- Re: [sidr] Another potential DOS attack on RP sof… Jared Mauch
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs George, Wes
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Warren Kumari
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs George, Wes
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Randy Bush
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs George, Wes
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Randy Bush
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Stephen Kent
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Christopher Morrow
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Randy Bush
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Christopher Morrow
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Randy Bush
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Randy Bush
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Christopher Morrow
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Christopher Morrow
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Randy Bush
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Roque Gagliano (rogaglia)
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Randy Bush
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Christopher Morrow
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Randy Bush
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Roque Gagliano (rogaglia)
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Randy Bush
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Christopher Morrow
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Randy Bush
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Christopher Morrow
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs George, Wes
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Christopher Morrow
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Randy Bush
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Christopher Morrow
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Christopher Morrow
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Randy Bush
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Christopher Morrow
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Randy Bush
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Montgomery, Douglas
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Montgomery, Douglas
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Sandra Murphy