IETF Logo Mail Archive

Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs

"Roque Gagliano (rogaglia)" <rogaglia@cisco.com> Mon, 05 May 2014 17:14 UTC

Return-Path: <rogaglia@cisco.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 234C51A02E1 for <sidr@ietfa.amsl.com>; Mon, 5 May 2014 10:14:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -15.152
X-Spam-Level:
X-Spam-Status: No, score=-15.152 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.651, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WVWk8w3pDXJb for <sidr@ietfa.amsl.com>; Mon, 5 May 2014 10:14:45 -0700 (PDT)
Received: from rcdn-iport-4.cisco.com (rcdn-iport-4.cisco.com [173.37.86.75]) by ietfa.amsl.com (Postfix) with ESMTP id 411481A00D7 for <sidr@ietf.org>; Mon, 5 May 2014 10:14:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1216; q=dns/txt; s=iport; t=1399310082; x=1400519682; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=++6PDVpuj+irm3x/s0Gfu+dL3JqknS8pg0IT4yTqUUk=; b=LW2QFQp3FEDVKh5ldcX22qS3XhYEIEkEvEDisZnnmJIb/JdQJ+71OC0n bPNKCtaw4RZ6cQSz7IjY0bQGb0ReR5ht193qfQb5jI7w95N/ubvtSOKWn V84DyElOS+UvUHPKxoPbNlweVzhCmloybaMU09/2CgWhpSqgB3j65jdgl w=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AjgHAO/FZ1OtJV2d/2dsb2JhbABZgwaBJ6oxAQIFAZoMgRgWdIIlAQEBAwE6PwULAgEINhAyJQIEDgWIOQjLbheFVoNbhFMbMweDKoEVBJk0knSDNIIv
X-IronPort-AV: E=Sophos;i="4.97,989,1389744000"; d="scan'208";a="322580719"
Received: from rcdn-core-6.cisco.com ([173.37.93.157]) by rcdn-iport-4.cisco.com with ESMTP; 05 May 2014 17:14:41 +0000
Received: from xhc-aln-x04.cisco.com (xhc-aln-x04.cisco.com [173.36.12.78]) by rcdn-core-6.cisco.com (8.14.5/8.14.5) with ESMTP id s45HEf3Z015117 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Mon, 5 May 2014 17:14:41 GMT
Received: from xmb-rcd-x02.cisco.com ([169.254.4.118]) by xhc-aln-x04.cisco.com ([173.36.12.78]) with mapi id 14.03.0123.003; Mon, 5 May 2014 12:14:41 -0500
From: "Roque Gagliano (rogaglia)" <rogaglia@cisco.com>
To: Randy Bush <randy@psg.com>
Thread-Topic: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs
Thread-Index: AQHPaH23g+Y1On9pTU2gzdMektI5tA==
Date: Mon, 05 May 2014 17:14:41 +0000
Message-ID: <24A5BD7D-7206-4801-8450-B4C28E5ABF47@cisco.com>
References: <52D072F6.9030304@ops-netman.net> <52D0A0AC.5040903@ops-netman.net> <CF07E61E.AF86%wesley.george@twcable.com> <m238kcea01.wl%randy@psg.com> <CF0BE8F1.B1BE%wesley.george@twcable.com> <m2a9ehjto3.wl%randy@psg.com> <52E92B20.9060505@bbn.com> <CAL9jLaapjPL0_OU8-L0U5BiLXPPoEhkCZym=7R_qDDLSobKVjA@mail.gmail.com> <m2iosq8f9e.wl%randy@psg.com> <CAL9jLab5=JNbPRMji7xWWCR_+QLRpbguShU7K_Uu56jYxKymZw@mail.gmail.com> <m2vbucdkqi.wl%randy@psg.com> <CAL9jLaYeqtqf9ewN=A7Zxnx6xRGxV=64_TyX3NLgWUt237tCkg@mail.gmail.com> <m2ioqbed03.wl%randy@psg.com> <F415D68C-DC4B-4DA1-9DC8-FB4CB06558B9@cisco.com> <m2bnvcgouf.wl%randy@psg.com>
In-Reply-To: <m2bnvcgouf.wl%randy@psg.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.155.144.166]
Content-Type: text/plain; charset="us-ascii"
Content-ID: <BD3E1634A908C745845A555BBA700C5D@emea.cisco.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/sidr/Hpkn3SRafIS8HizYBF2SvI6iL84
Cc: sidr wg list <sidr@ietf.org>
Subject: Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 May 2014 17:14:47 -0000

On May 5, 2014, at 9:41 AM, Randy Bush <randy@psg.com> wrote:

>>>>>  3.14  While the trust level of a route should be determined by the
>>>>>        BGPsec protocol, local routing preference and policy MUST then
>>>>>        be applied to best path and other routing decisions.  Such
>>>>>        mechanisms SHOULD conform with [I-D.ietf-sidr-ltamgmt].
>>>>> ...
>>>>>  3.17  If a BGPsec design makes use of a security infrastructure, that
>>>>>        infrastructure SHOULD enable each network operator to select
>>>>>        the entities it will trust when authenticating data in the
>>>>>        security infrastructure.  See, for example,
>>>>>        [I-D.ietf-sidr-ltamgmt].
>> 
>> What about adding that "the connection to this security infrastructure
>> MUST be through a secure channel"?
> 
> connection from what?  mains power?  :)
> this is about routers speaking bgpsec.  imiho, it would be ill-adviised
> to start down the rat-hole of operational practices of router management
> for which there is no proof of termination.

I was thinking on the issues we had on origin with adding security for RTR and to better document this requirement early on.

Roque

> randy

v2.23.0 | Report a Bug | By Email