Re: [sidr] draft-sriram-bgpsec-design-choices-00 -- IXP and Route Server
Sandra Murphy <Sandra.Murphy@sparta.com> Fri, 08 July 2011 19:30 UTC
Return-Path: <Sandra.Murphy@cobham.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B191921F8CEE for <sidr@ietfa.amsl.com>; Fri, 8 Jul 2011 12:30:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -99.183
X-Spam-Level:
X-Spam-Status: No, score=-99.183 tagged_above=-999 required=5 tests=[AWL=3.417, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3BRxSf-r8wSE for <sidr@ietfa.amsl.com>; Fri, 8 Jul 2011 12:30:29 -0700 (PDT)
Received: from M4.sparta.com (M4.sparta.com [157.185.61.2]) by ietfa.amsl.com (Postfix) with ESMTP id A596421F8CC5 for <sidr@ietf.org>; Fri, 8 Jul 2011 12:30:28 -0700 (PDT)
Received: from Beta5.sparta.com (beta5.sparta.com [157.185.63.21]) by M4.sparta.com (8.13.5/8.13.5) with ESMTP id p68JUMdt009168; Fri, 8 Jul 2011 14:30:23 -0500
Received: from nemo.columbia.ads.sparta.com (nemo.columbia.sparta.com [157.185.80.75]) by Beta5.sparta.com (8.13.8/8.13.8) with ESMTP id p68JUJRD015529; Fri, 8 Jul 2011 14:30:22 -0500
Received: from SMURPHY-LT.columbia.ads.sparta.com ([157.185.81.116]) by nemo.columbia.ads.sparta.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.4675); Fri, 8 Jul 2011 15:30:19 -0400
Date: Fri, 08 Jul 2011 15:30:19 -0400
From: Sandra Murphy <Sandra.Murphy@sparta.com>
To: Chris Hall <chris.hall@highwayman.com>
In-Reply-To: <017d01cc3da0$9f8cd390$dea67ab0$@highwayman.com>
Message-ID: <Pine.WNT.4.64.1107081506110.1536@SMURPHY-LT.columbia.ads.sparta.com>
References: <012601cc3d54$8f07c4e0$ad174ea0$@highwayman.com> <m2y609kptw.wl%randy@psg.com> <014001cc3d74$319571c0$94c05540$@highwayman.com> <m2pqlklw3v.wl%randy@psg.com> <014a01cc3d7f$6312f730$2938e590$@highwayman.com> <m2oc14ljh7.wl%randy@psg.com> <017d01cc3da0$9f8cd390$dea67ab0$@highwayman.com>
X-X-Sender: sandy@nemo.columbia.sparta.com
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"; format="flowed"
X-OriginalArrivalTime: 08 Jul 2011 19:30:19.0282 (UTC) FILETIME=[78D1DF20:01CC3DA5]
Cc: 'sidr wg list' <sidr@ietf.org>
Subject: Re: [sidr] draft-sriram-bgpsec-design-choices-00 -- IXP and Route Server
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Jul 2011 19:30:30 -0000
On Fri, 8 Jul 2011, Chris Hall wrote: > Randy Bush wrote (on Fri 08-Jul-2011 at 19:24 +0100): > .... >>> This is what "6.6 Proxy Signing" in >>> draft-sriram-bgpsec-design-choices suggests, is it >>> not ? Or does that blow the trust model to hell, >>> also ? > >> it does indeed. that is why 6.6 was rejected. > > Ah. There I was, reading a draft of 5-Jul-2011 and thinking I was up > to date :-( The previous section, 6.5, lists alternatives for handling stub ASs. Note that alternative 2 is the same description as 6.6, but alternative 2 was not the chosen alternative. That might be what Randy meant when he said "rejected." Section 6.6 rightly notes that if an AS decided to share its private key with another AS, no one outside the agreement could tell the difference. Therein lies the power and the danger of sharing private keys. --Sandy, regular ol' wg member > > OK. If the RS ASN is in the path, then nobody needs to depend on the > integrity of the RS (however trustworthy one may expect them to be). > I look forward to the ASN count mechanism appearing in the draft(s), > and support for Route Servers making its way into the Requirements. > > Chris > > _______________________________________________ > sidr mailing list > sidr@ietf.org > https://www.ietf.org/mailman/listinfo/sidr >
- [sidr] draft-sriram-bgpsec-design-choices-00 -- I… Chris Hall
- Re: [sidr] draft-sriram-bgpsec-design-choices-00 … Randy Bush
- Re: [sidr] draft-sriram-bgpsec-design-choices-00 … Chris Hall
- Re: [sidr] draft-sriram-bgpsec-design-choices-00 … Randy Bush
- Re: [sidr] draft-sriram-bgpsec-design-choices-00 … Robert Raszuk
- Re: [sidr] draft-sriram-bgpsec-design-choices-00 … Chris Hall
- Re: [sidr] draft-sriram-bgpsec-design-choices-00 … Randy Bush
- Re: [sidr] draft-sriram-bgpsec-design-choices-00 … Chris Hall
- Re: [sidr] draft-sriram-bgpsec-design-choices-00 … Randy Bush
- Re: [sidr] draft-sriram-bgpsec-design-choices-00 … Randy Bush
- Re: [sidr] draft-sriram-bgpsec-design-choices-00 … Sandra Murphy
- [sidr] IXP and Route Server and Next Hop transpar… Robert Raszuk
- Re: [sidr] draft-sriram-bgpsec-design-choices-00 … Sriram, Kotikalapudi
- Re: [sidr] draft-sriram-bgpsec-design-choices-00 … Chris Hall
- Re: [sidr] draft-sriram-bgpsec-design-choices-00 … Sriram, Kotikalapudi
- Re: [sidr] IXP and Route Server and Next Hop tran… Randy Bush
- Re: [sidr] draft-sriram-bgpsec-design-choices-00 … Roque Gagliano
- Re: [sidr] IXP and Route Server and Next Hop tran… Sandra Murphy
- Re: [sidr] IXP and Route Server and Next Hop tran… Robert Raszuk
- Re: [sidr] draft-sriram-bgpsec-design-choices-00 … Chris Hall
- Re: [sidr] draft-sriram-bgpsec-design-choices-00 … Chris Hall