IETF Logo Mail Archive

Re: [sidr] Stephen Farrell's No Objection on draft-ietf-sidr-bgpsec-ops-13: (with COMMENT)

Randy Bush <randy@psg.com> Thu, 05 January 2017 07:24 UTC

Return-Path: <randy@psg.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 508401293EE; Wed, 4 Jan 2017 23:24:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.001
X-Spam-Level:
X-Spam-Status: No, score=-10.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-3.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6gR7AHbzi8P4; Wed, 4 Jan 2017 23:24:34 -0800 (PST)
Received: from ran.psg.com (ran.psg.com [IPv6:2001:418:8006::18]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 38DAF1293DB; Wed, 4 Jan 2017 23:24:34 -0800 (PST)
Received: from localhost ([127.0.0.1] helo=ryuu.psg.com) by ran.psg.com with esmtp (Exim 4.86_2) (envelope-from <randy@psg.com>) id 1cP2PW-0007bj-0Q; Thu, 05 Jan 2017 07:24:30 +0000
Date: Thu, 05 Jan 2017 16:24:27 +0900
Message-ID: <m2k2aageac.wl-randy@psg.com>
From: Randy Bush <randy@psg.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
In-Reply-To: <fe9d214a-a4a8-1534-e9c1-fe7068b4ed2f@cs.tcd.ie>
References: <148353764984.13034.8506727126675155642.idtracker@ietfa.amsl.com> <m2mvf6lti7.wl-randy@psg.com> <fe9d214a-a4a8-1534-e9c1-fe7068b4ed2f@cs.tcd.ie>
User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/24.5 Mule/6.0 (HANACHIRUSATO)
MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue")
Content-Type: text/plain; charset="US-ASCII"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidr/HGgHZktAmaOPlirfG47uaoO5Rb4>
Cc: The IESG <iesg@ietf.org>, sidr wg list <sidr@ietf.org>
Subject: Re: [sidr] Stephen Farrell's No Objection on draft-ietf-sidr-bgpsec-ops-13: (with COMMENT)
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Jan 2017 07:24:35 -0000

>> so, i think you are referring to
>> 
>>    As core BGPsec-capable routers may require large memory and/or modern
>>    CPUs, origin validation based on the Resource Public Key
>>    Infrastructure (RPKI), [RFC6811], will occur over some years and
>>    BGPsec will start to deploy after that.
>> 
>> as rpki is deployed to a fair extent, origin validation is baked into
>> current routers, and bgpsec in the core will require bigger hardware, OV
>> before BGPsec would seem to be the sequence.
>> 
>> otoh, your last statement is true, an operator will have to set up rpki
>> data before deploying either origin validation or bgpsec.  rpki is
>> needed for both.
>> 
>> so i am not sure what you are suggesting i do.
> 
> I was suggesting re-wording so that the text cannot be read so
> as to mean "don't bother with BGPsec until the entire world has
> finished deploying OV."
> 
> Maybe:
> 
>    As core BGPsec-capable routers may require large memory and/or modern
>    CPUs, origin validation based on the Resource Public Key
>    Infrastructure (RPKI), [RFC6811], will occur over some years and,
>    once origin validation has been deployed at an AS, then BGPsec
>    can start to deploy in that AS.
> 
> Though I'm not sure that's precisely right either.

ok, how about

   Origin Validation based on the Resource Public Key Infrastructure
   (RPKI), [RFC6811], is in its early phases.  As BGPsec,
   [I-D.ietf-sidr-bgpsec-protocol] may require larger memory and/or more
   modern CPUs, it expected to be deployed incrementally over a longer
   time span.  BGPsec is a new protocol with many operational
   considerations which this document attempts to describe.  As with
   most operational practices, this document will likely evolve.

i am still not in love with it.

longitudinal study: how has the distribution of draft word count pre and
post iesg review changed over time?

for research papers, there is considerable pressure to be terse to get
one's content into restricted page limits.

randy

v2.23.0 | Report a Bug | By Email