IETF Logo Mail Archive

Re: [sidr] beacons and bgpsec

Danny McPherson <danny@tcb.net> Wed, 10 August 2011 19:37 UTC

Return-Path: <danny@tcb.net>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3ACF121F8B38 for <sidr@ietfa.amsl.com>; Wed, 10 Aug 2011 12:37:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.599
X-Spam-Level:
X-Spam-Status: No, score=-106.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qeGCbauyKVGD for <sidr@ietfa.amsl.com>; Wed, 10 Aug 2011 12:37:52 -0700 (PDT)
Received: from exprod6og114.obsmtp.com (exprod6og114.obsmtp.com [64.18.1.33]) by ietfa.amsl.com (Postfix) with ESMTP id 68FB821F8B37 for <sidr@ietf.org>; Wed, 10 Aug 2011 12:37:52 -0700 (PDT)
Received: from peregrine.verisign.com ([216.168.239.74]) (using TLSv1) by exprod6ob114.postini.com ([64.18.5.12]) with SMTP ID DSNKTkLeMI5vDeTYkJYObuTxNVdtoZJSwhJC@postini.com; Wed, 10 Aug 2011 12:38:25 PDT
Received: from dul1wnexcn01.vcorp.ad.vrsn.com (dul1wnexcn01.vcorp.ad.vrsn.com [10.170.12.138]) by peregrine.verisign.com (8.13.6/8.13.4) with ESMTP id p7AJcNlM004102 for <sidr@ietf.org>; Wed, 10 Aug 2011 15:38:23 -0400
Received: from dul1dmcphers-m2.vcorp.ad.vrsn.com ([10.100.0.146]) by dul1wnexcn01.vcorp.ad.vrsn.com with Microsoft SMTPSVC(6.0.3790.4675); Wed, 10 Aug 2011 15:38:22 -0400
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Apple Message framework v1084)
From: Danny McPherson <danny@tcb.net>
In-Reply-To: <p06240803ca685bff5443@[128.89.89.43]>
Date: Wed, 10 Aug 2011 15:38:21 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <D6D12861-412E-4A65-B626-B627449981B8@tcb.net>
References: <A37CADA4-F16D-4C01-8D9C-D01001C4EFE4@tcb.net> <21C19DA8-7BF3-4832-8C13-C9A45FE026FB@algebras.org> <87D9E106-2A37-4E1E-8C69-7084C199A3FE@tcb.net> <331AEFBD-6AE5-469E-A11E-E672DC61DCDC@pobox.com> <B92913D1-AB82-4D9F-B8A9-F8F4F99713D6@tcb.net> <p06240803ca685bff5443@[128.89.89.43]>
To: sidr wg list <sidr@ietf.org>
X-Mailer: Apple Mail (2.1084)
X-OriginalArrivalTime: 10 Aug 2011 19:38:22.0826 (UTC) FILETIME=[10AA94A0:01CC5795]
Subject: Re: [sidr] beacons and bgpsec
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Aug 2011 19:37:53 -0000

On Aug 10, 2011, at 12:04 PM, Stephen Kent wrote:

> My recollection of Randy's presentation was not what you suggest.

Again, I don't recall putting any words in Randy's mouth, if I did, it was unintentional.  However...

> I think he said that having each AS along a path associated a lifetime with the sig it applied to an update was a bad idea.  He also said that a beacon rate of about 24 hours, at the origin AS, seemed potentially useful, and would not result in excessive routing churn.

Periodic updates of the entire routing table *with much larger and more updates* seems undesirable at best to me, particularly to ""reduce the vulnerability window for replay attacks" to "days".

I suggest we stick with the current triggered updates operation or take this to IDR, it's a fundamental change from where we are today, and one's perspective of "excessive routing churn" seems to be relative.

-danny

v2.23.0 | Report a Bug | By Email