Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs

Randy Bush <randy@psg.com> Tue, 20 May 2014 14:38 UTC

Return-Path: <randy@psg.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2ADF81A0468 for <sidr@ietfa.amsl.com>; Tue, 20 May 2014 07:38:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.551
X-Spam-Level:
X-Spam-Status: No, score=-2.551 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.651] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LW0p0oIWVfJU for <sidr@ietfa.amsl.com>; Tue, 20 May 2014 07:38:30 -0700 (PDT)
Received: from ran.psg.com (ran.psg.com [IPv6:2001:418:8006::18]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 96C9F1A034A for <sidr@ietf.org>; Tue, 20 May 2014 07:38:30 -0700 (PDT)
Received: from localhost ([127.0.0.1] helo=ryuu.psg.com.psg.com) by ran.psg.com with esmtp (Exim 4.76) (envelope-from <randy@psg.com>) id 1WmlBT-00079g-P9; Tue, 20 May 2014 14:38:28 +0000
Date: Tue, 20 May 2014 17:38:26 +0300
Message-ID: <m2zjiccy71.wl%randy@psg.com>
From: Randy Bush <randy@psg.com>
To: Christopher Morrow <morrowc.lists@gmail.com>
In-Reply-To: <CAL9jLaa+fM9WDQOpbszZPZqducSaFUbhF_d4S1Ntg0P3gvG+1Q@mail.gmail.com>
References: <52D072F6.9030304@ops-netman.net> <52D0A0AC.5040903@ops-netman.net> <CF07E61E.AF86%wesley.george@twcable.com> <m238kcea01.wl%randy@psg.com> <CF0BE8F1.B1BE%wesley.george@twcable.com> <m2a9ehjto3.wl%randy@psg.com> <52E92B20.9060505@bbn.com> <CAL9jLaapjPL0_OU8-L0U5BiLXPPoEhkCZym=7R_qDDLSobKVjA@mail.gmail.com> <m2iosq8f9e.wl%randy@psg.com> <CAL9jLab5=JNbPRMji7xWWCR_+QLRpbguShU7K_Uu56jYxKymZw@mail.gmail.com> <m2vbucdkqi.wl%randy@psg.com> <CAL9jLaYeqtqf9ewN=A7Zxnx6xRGxV=64_TyX3NLgWUt237tCkg@mail.gmail.com> <m2ioqbed03.wl%randy@psg.com> <F415D68C-DC4B-4DA1-9DC8-FB4CB06558B9@cisco.com> <m2bnvcgouf.wl%randy@psg.com> <CAL9jLaasqgPv4SsEw5+0iPXhVub0fNc7Cw0G0fZ_PADmfLDTuA@mail.gmail.com> <m28uqggnel.wl%randy@psg.com> <m2bnuseevv.wl%randy@psg.com> <CAL9jLaa+fM9WDQOpbszZPZqducSaFUbhF_d4S1Ntg0P3gvG+1Q@mail.gmail.com>
User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/22.3 Mule/5.0 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.7 - "Harue")
Content-Type: text/plain; charset="US-ASCII"
Archived-At: http://mailarchive.ietf.org/arch/msg/sidr/8HKJcsrBRtZRiNmXOMLSz7my8Qc
Cc: sidr wg list <sidr@ietf.org>
Subject: Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 May 2014 14:38:32 -0000

> i didn't update the tracker... (i hadn't ever in the past).

uh, that is between you and the datawhacker

> Did we circle down on an answer for the leak/persay language that
> everyone's happy with? If so I'd like to push out a pub request today.

as far as i am aware, there is no issue with leak language.  we got past
folk looking up 'per se' in their dictionaries.  the one open issue is

    >>>>>   3.14  While the trust level of a route should be determined by the
    >>>>>         BGPsec protocol, local routing preference and policy MUST then
    >>>>>         be applied to best path and other routing decisions.  Such
    >>>>>         mechanisms SHOULD conform with [I-D.ietf-sidr-ltamgmt].
    >>>>> ...
    >>>>>   3.17  If a BGPsec design makes use of a security infrastructure, that
    >>>>>         infrastructure SHOULD enable each network operator to select
    >>>>>         the entities it will trust when authenticating data in the
    >>>>>         security infrastructure.  See, for example,
    >>>>>         [I-D.ietf-sidr-ltamgmt].
    >>>
    >>> What about adding that "the connection to this security infrastructure
    >>> MUST be through a secure channel"?
    > 
    > it's done via rcynic and/or rpki-to-rtr, right? depending on where in
    > the process you are... presuming the process looks like:
    >   publication-point - gatherer - cache - router
    >                       (rcynic)     (rcynic)   (rpki-rtr)

    apologies to roque.  some external data were indeed what was meant (an
    rpki-like thing is an example), and was inteneded by "security
    infrastructure."

    the authenticity of those data is an issue.  we might say so in sec
    cons.

and i am waiting for wglc to close so i can make the hack once.

randy