Re: [sidr] Master thesis - RPKI
"Sriram, Kotikalapudi" <kotikalapudi.sriram@nist.gov> Wed, 15 January 2014 17:22 UTC
Return-Path: <kotikalapudi.sriram@nist.gov>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7A5E31ADFAE for <sidr@ietfa.amsl.com>; Wed, 15 Jan 2014 09:22:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id my4mj6nS0PCF for <sidr@ietfa.amsl.com>; Wed, 15 Jan 2014 09:22:35 -0800 (PST)
Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2lp0203.outbound.protection.outlook.com [207.46.163.203]) by ietfa.amsl.com (Postfix) with ESMTP id 80D0A1ADF7F for <sidr@ietf.org>; Wed, 15 Jan 2014 09:22:35 -0800 (PST)
Received: from BLUPR09MB053.namprd09.prod.outlook.com (10.255.211.146) by BLUPR09MB053.namprd09.prod.outlook.com (10.255.211.146) with Microsoft SMTP Server (TLS) id 15.0.847.13; Wed, 15 Jan 2014 17:22:15 +0000
Received: from BLUPR09MB053.namprd09.prod.outlook.com ([169.254.14.203]) by BLUPR09MB053.namprd09.prod.outlook.com ([169.254.14.203]) with mapi id 15.00.0847.008; Wed, 15 Jan 2014 17:22:15 +0000
From: "Sriram, Kotikalapudi" <kotikalapudi.sriram@nist.gov>
To: Demian Rosenkranz <drosen2s@smail.inf.h-brs.de>, "sidr@ietf.org" <sidr@ietf.org>
Thread-Topic: [sidr] Master thesis - RPKI
Thread-Index: AQHPEIPUW2CXk5SPXEaR2EKfTmaE1pqDYy3AgAEDhACAAXu0cA==
Date: Wed, 15 Jan 2014 17:22:15 +0000
Message-ID: <117b37a9b60e4417b41381ebdde53414@BLUPR09MB053.namprd09.prod.outlook.com>
References: <52D3FE0B.1080808@smail.inf.h-brs.de> <24B20D14B2CD29478C8D5D6E9CBB29F678F1DE97@HSV-MB002.huntsville.ads.sparta.com> <5d0fd135e7b94f38836297f58bca92fd@BLUPR09MB053.namprd09.prod.outlook.com> <52D562AA.3090309@smail.inf.h-brs.de>
In-Reply-To: <52D562AA.3090309@smail.inf.h-brs.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [129.6.140.100]
x-forefront-prvs: 00922518D8
x-forefront-antispam-report: SFV:NSPM; SFS:(10009001)(779001)(679001)(689001)(243025003)(189002)(199002)(51704005)(31966008)(15975445006)(85306002)(87266001)(19580405001)(59766001)(77982001)(47446002)(76786001)(79102001)(76576001)(69226001)(74502001)(74662001)(51856001)(81816001)(63696002)(76482001)(54356001)(53806001)(46102001)(83322001)(19580395003)(81686001)(74366001)(74316001)(80976001)(77096001)(15202345003)(83072002)(80022001)(85852003)(66066001)(33646001)(65816001)(87936001)(81542001)(2656002)(50986001)(74876001)(47976001)(90146001)(4396001)(56816005)(49866001)(76796001)(47736001)(56776001)(93136001)(81342001)(74706001)(92566001)(54316002)(93516002)(24736002); DIR:OUT; SFP:1101; SCL:1; SRVR:BLUPR09MB053; H:BLUPR09MB053.namprd09.prod.outlook.com; CLIP:129.6.140.100; FPR:; MLV:nspm; RD:InfoNoRecords; MX:1; A:1; LANG:en;
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
Subject: Re: [sidr] Master thesis - RPKI
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Jan 2014 17:22:37 -0000
>From: sidr [mailto:sidr-bounces@ietf.org] On Behalf Of Demian Rosenkranz > >Correct, Im talking about really short lifetimes for ROAs (EE certificates). The >RP software would be forced to cryptographically checks the objects again >and again over short intervals. >But long lifetimes for ROAs (EE certificates) mean at least bigger CRLs. >This would be one benefit of short lifetimes. > Even if about a few hundred origination-change events occur in a year that require ROA-EE-certificate rollover, you are dealing with an increase of merely just that many additional entries in the CRL (with the long-lifetime ROAs and revocation approach). If instead short lifetimes are used, then 500,000 certs and ROAs would be propagated in the RPKI system periodically in each of those short intervals. The latter seems to be a much bigger price to pay. But if you can provide further analysis and insight in your thesis, it would be very welcome. We discussed and quantified these types choices and trade-offs earlier not in the context of ROA (EE cert) lifetimes, but in the context of AS or router key rollover mechanisms to mitigate BGPSEC update replay attacks. Please see: http://tools.ietf.org/html/draft-sriram-replay-protection-design-discussion-02 http://www.ietf.org/proceedings/85/slides/slides-85-sidr-4.pdf http://tools.ietf.org/html/draft-ietf-sidr-bgpsec-rollover-02 Sriram
- [sidr] Master thesis - RPKI Demian Rosenkranz
- Re: [sidr] Master thesis - RPKI Murphy, Sandra
- Re: [sidr] Master thesis - RPKI Sriram, Kotikalapudi
- Re: [sidr] Master thesis - RPKI Matthias Waehlisch
- Re: [sidr] Master thesis - RPKI Matthias Waehlisch
- Re: [sidr] Master thesis - RPKI Demian Rosenkranz
- Re: [sidr] Master thesis - RPKI Demian Rosenkranz
- Re: [sidr] Master thesis - RPKI Demian Rosenkranz
- Re: [sidr] Master thesis - RPKI Sriram, Kotikalapudi
- Re: [sidr] Master thesis - RPKI Sriram, Kotikalapudi
- Re: [sidr] Master thesis - RPKI Matthias Waehlisch
- Re: [sidr] Master thesis - RPKI Sriram, Kotikalapudi
- Re: [sidr] Master thesis - RPKI Demian Rosenkranz