Re: [sidr] [Idr] No BGPSEC intradomain ?

Robert Raszuk <robert@raszuk.net> Thu, 12 April 2012 13:52 UTC

Return-Path: <robert@raszuk.net>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 706DC21F85CE for <sidr@ietfa.amsl.com>; Thu, 12 Apr 2012 06:52:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8pWF3h5+rMEG for <sidr@ietfa.amsl.com>; Thu, 12 Apr 2012 06:52:21 -0700 (PDT)
Received: from mail1310.opentransfer.com (mail1310.opentransfer.com [76.162.254.103]) by ietfa.amsl.com (Postfix) with ESMTP id E504621F85A1 for <sidr@ietf.org>; Thu, 12 Apr 2012 06:52:18 -0700 (PDT)
Received: (qmail 17535 invoked by uid 399); 12 Apr 2012 13:52:18 -0000
Received: from unknown (HELO ?172.20.31.168?) (pbs:robert@raszuk.net@64.197.120.3) by mail1310.opentransfer.com with ESMTPM; 12 Apr 2012 13:52:18 -0000
X-Originating-IP: 64.197.120.3
Message-ID: <4F86DE1D.4020505@raszuk.net>
Date: Thu, 12 Apr 2012 15:52:29 +0200
From: Robert Raszuk <robert@raszuk.net>
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:11.0) Gecko/20120327 Thunderbird/11.0.1
MIME-Version: 1.0
To: "George, Wes" <wesley.george@twcable.com>, Paul Jakma <paul@jakma.org>
References: <D7A0423E5E193F40BE6E94126930C4930B96182E71@MBCLUSTER.xchange.nist.gov> <4F828D6D.10907@raszuk.net> <D7A0423E5E193F40BE6E94126930C4930B96C507DA@MBCLUSTER.xchange.nist.gov> <4F830E75.70606@raszuk.net> <24B20D14B2CD29478C8D5D6E9CBB29F60F6F1533@Hermes.columbia.ads.sparta.com> <4F832F5E.9030903@raszuk.net> <0BD03B75-CA3A-4CBA-BBF4-E2100AFA64E4@kumari.net> <4F846121.2050408@raszuk.net> <CAL9jLaYF-MW1cJ2n28BiV1mi+tpPS2ECKB2UxhFMQ=NXxbihCg@mail.gmail.com> <7309FCBCAE981B43ABBE69B31C8D21391B3EE03F77@EUSAACMS0701.eamcs.ericsson.se> <alpine.LFD.2.02.1204111507190.22591@jamaica.dcs.gla.ac.uk> <CAL9jLaZDwpje4NtHHMUpzJaHDJLMY-f8gzDUVe3pEKwSqvsm_w@mail.gmail.com> <DCC302FAA9FE5F4BBA4DCAD465693779173DCB5AAB@PRVPEXVS03.corp.twcable.com>
In-Reply-To: <DCC302FAA9FE5F4BBA4DCAD465693779173DCB5AAB@PRVPEXVS03.corp.twcable.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: "idr@ietf.org List" <idr@ietf.org>, "sidr@ietf.org" <sidr@ietf.org>
Subject: Re: [sidr] [Idr] No BGPSEC intradomain ?
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: robert@raszuk.net
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Apr 2012 13:52:26 -0000

I very much agree with both Paul and Wes that new BGP version number or 
at least new set of AFIs would be the best way to smoothly migrate 
unsecure BGP to secure one.

I have not seem anyone resisting that idea yet with real technical 
arguments against it ;)

Rgs,
R.

> [WEG] Why*are*  we so resistant to incrementing the BGP version? I
> think that there's some merit to the idea that this suite of things
> represents a significant enough change to BGP that a change in
> version number might be a cleaner way to do the capability
> negotiation, perhaps even incorporating other secondary capabilities
> so that there isn't so much individual capability negotiation for all
> of the things that we've tacked onto BGP4 over the years. In other
> words, if you support BGPv5, you support the a list of capabilities
> (eg 4-byte ASN, GR, route refresh, etc), and they no longer have to
> be negotiated separately. Even if we move directly from version 4 to
> 6 as it seems we are wont to do, I think this bears some
> consideration (by IDR, of course);-)
>
> Wes George