IETF Logo Mail Archive

Re: [sidr] [Idr] No BGPSEC intradomain ?

Paul Jakma <paul@jakma.org> Thu, 12 April 2012 19:01 UTC

Return-Path: <paul@jakma.org>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4F30221F86AD for <sidr@ietfa.amsl.com>; Thu, 12 Apr 2012 12:01:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FuOz9em-2RKn for <sidr@ietfa.amsl.com>; Thu, 12 Apr 2012 12:01:43 -0700 (PDT)
Received: from mail-wi0-f172.google.com (mail-wi0-f172.google.com [209.85.212.172]) by ietfa.amsl.com (Postfix) with ESMTP id 76E7721F8681 for <sidr@ietf.org>; Thu, 12 Apr 2012 12:01:43 -0700 (PDT)
Received: by wibhj6 with SMTP id hj6so5005706wib.13 for <sidr@ietf.org>; Thu, 12 Apr 2012 12:01:42 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=date:from:to:cc:subject:in-reply-to:message-id:references :user-agent:mime-version:content-type:x-gm-message-state; bh=FshmqROHKowpPK1oxX4Z5nGKnu6iGvElPHr2NRblDJQ=; b=lKC5hUGIxCHb9EmVefPWlFxz1sXvGcqnqIT9hwMHxvHGZA6ZgpJ2Rqf7YFZwegJH8d J2lnBCWBHXyEMGPet6WoUs0YtCbIdY0NClXC+MRkMC31ZfGUm/QIROeKMgoscEVGwSJD TXBebjv+WNSbic5KvceQp8cshf2lO6TrbNYiBqk7vZ3qr9CtQzSU/OBHMjN7JjC7u5ii bmKr2C/jkXUlBhkFuwD+AAB4EMLwRiiFBwt1aDlu68vCvtV/0sKePD+F48bwVZhawC55 dl00nKWoiMcFMOQH49UEJwWRiMruvbg5VSbeCX4WBwBEgPXTA1rF8UrLOpPg9HBdd0Ph LAqQ==
Received: by 10.180.86.132 with SMTP id p4mr8426541wiz.15.1334257302550; Thu, 12 Apr 2012 12:01:42 -0700 (PDT)
Received: from stoner.gla.jakma.org (stoner.jakma.org. [81.168.24.42]) by mx.google.com with ESMTPS id ff9sm54179234wib.2.2012.04.12.12.01.40 (version=TLSv1/SSLv3 cipher=OTHER); Thu, 12 Apr 2012 12:01:40 -0700 (PDT)
Date: Thu, 12 Apr 2012 20:01:37 +0100
From: Paul Jakma <paul@jakma.org>
To: Christopher Morrow <morrowc.lists@gmail.com>
In-Reply-To: <CAL9jLaZDwpje4NtHHMUpzJaHDJLMY-f8gzDUVe3pEKwSqvsm_w@mail.gmail.com>
Message-ID: <alpine.LFD.2.02.1204121855400.3748@stoner.jakma.org>
References: <D7A0423E5E193F40BE6E94126930C4930B96182E71@MBCLUSTER.xchange.nist.gov> <4F828D6D.10907@raszuk.net> <D7A0423E5E193F40BE6E94126930C4930B96C507DA@MBCLUSTER.xchange.nist.gov> <4F830E75.70606@raszuk.net> <24B20D14B2CD29478C8D5D6E9CBB29F60F6F1533@Hermes.columbia.ads.sparta.com> <4F832F5E.9030903@raszuk.net> <0BD03B75-CA3A-4CBA-BBF4-E2100AFA64E4@kumari.net> <4F846121.2050408@raszuk.net> <CAL9jLaYF-MW1cJ2n28BiV1mi+tpPS2ECKB2UxhFMQ=NXxbihCg@mail.gmail.com> <7309FCBCAE981B43ABBE69B31C8D21391B3EE03F77@EUSAACMS0701.eamcs.ericsson.se> <alpine.LFD.2.02.1204111507190.22591@jamaica.dcs.gla.ac.uk> <CAL9jLaZDwpje4NtHHMUpzJaHDJLMY-f8gzDUVe3pEKwSqvsm_w@mail.gmail.com>
User-Agent: Alpine 2.02 (LFD 1266 2009-07-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"; format="flowed"
X-Gm-Message-State: ALoCoQnLq554nUDaKnLCMGyyhElvolZpze5Lfpmnqxe6yjQpq3MQysuwjmvSo3UlZqwWEgQa2eYH
Cc: "idr@ietf.org List" <idr@ietf.org>, "sidr@ietf.org" <sidr@ietf.org>
Subject: Re: [sidr] [Idr] No BGPSEC intradomain ?
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Apr 2012 19:01:45 -0000

On Wed, 11 Apr 2012, Christopher Morrow wrote:

> "if you don't ask for the 'bgpsec capability' then ... you get what
> you get today."

> so, everything you do today, ought to just keep right on working, or
> that's the plan.

Capability negotiation does not mean everything keeps on working. It means 
the session between the BGP speakers keeps working, sure. However, that's 
_not_ everything.

The BGP UPDATE message is no longer context-complete (wrt to the 
well-known attributes at least). If a 3rd-party wishes to be able to 
validate the message as cortrect (in the case of missing attributes) or 
even decode it correctly (in the case where well-known attributes are 
incompatibly redefined in syntax, like AS_PATH has been), it has to have 
seen the opening negotiation - which may have happened days or weeks or 
more before - or it has to be manually configured or make intelligent 
guesses.

It should be quite possible to keep BGP as completely parse-able at the 
message granularity - it just needs a modicum of care. It's a shame that 
ever more proposals are coming along that are overloading message formats, 
dependent on context that may only be exchanged very infrequently...

regards,
-- 
Paul Jakma	paul@jakma.org	@pjakma	Key ID: 64A2FF6A
Fortune:
static from plastic slide rules

v2.23.0 | Report a Bug | By Email