Re: [sidr] Last Draft: ReCharter text
Christopher Morrow <christopher.morrow@gmail.com> Mon, 07 March 2011 03:23 UTC
Return-Path: <christopher.morrow@gmail.com>
X-Original-To: sidr@core3.amsl.com
Delivered-To: sidr@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4DD223A67CC; Sun, 6 Mar 2011 19:23:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.585
X-Spam-Level:
X-Spam-Status: No, score=-103.585 tagged_above=-999 required=5 tests=[AWL=0.014, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8vbGjJgzXtkS; Sun, 6 Mar 2011 19:23:35 -0800 (PST)
Received: from mail-wy0-f172.google.com (mail-wy0-f172.google.com [74.125.82.172]) by core3.amsl.com (Postfix) with ESMTP id 21E453A6827; Sun, 6 Mar 2011 19:23:34 -0800 (PST)
Received: by wyb42 with SMTP id 42so4146049wyb.31 for <multiple recipients>; Sun, 06 Mar 2011 19:24:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=kIdTxMtTupYn4mJv7iUEUmEpuBoQ4a/qKW1h5j6XII8=; b=d6FsEoSkRoAvPTovwuH9ysa+WgPX7Du9/2uUOQiujGY3ZvmcsjvOdjLn1UKuXuhYCp gE7QTbZCuy5N6c67bLZXEcpZrgQguxK0HTGNIw7vQD95dIOJ9weyw9p4nJq3dwKFCAHt DQAMiwEYHJvEpDEovllAoxrCWG89TBaxvBC2g=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=VSO3Ezgm90qAZ5bezmixu1NOgwou3S/hLmoHYjiBCLazHURddTqVNbxxSuiwwg4JcA eAAcQf++RnhzrbznpxnXMmz8cjpjWyQr8Df9fVXgjknKBZSzgPqVWs3dQp3OL8fw4uVI QAuyIMX2LchcQdNNGOnxa6Ao8i5/XUK697E1Q=
MIME-Version: 1.0
Received: by 10.216.221.76 with SMTP id q54mr1510363wep.73.1299468287359; Sun, 06 Mar 2011 19:24:47 -0800 (PST)
Received: by 10.216.82.74 with HTTP; Sun, 6 Mar 2011 19:24:47 -0800 (PST)
In-Reply-To: <D7A0423E5E193F40BE6E94126930C4930872DC9DA5@MBCLUSTER.xchange.nist.gov>
References: <AANLkTinKKVAR6LJcs1K0njV+zFyV-Wn8-t9RJPFVFr0k@mail.gmail.com> <D7A0423E5E193F40BE6E94126930C4930872DC9DA5@MBCLUSTER.xchange.nist.gov>
Date: Sun, 06 Mar 2011 22:24:47 -0500
Message-ID: <AANLkTikzyUBQEHRCxBV915vQVWiAUaCCnBCDL2svLNPf@mail.gmail.com>
From: Christopher Morrow <christopher.morrow@gmail.com>
To: "Sriram, Kotikalapudi" <kotikalapudi.sriram@nist.gov>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: "sidr-chairs@ietf.org" <sidr-chairs@ietf.org>, Adrian Farrel <Adrian.Farrel@huawei.com>, "sidr@ietf.org" <sidr@ietf.org>
Subject: Re: [sidr] Last Draft: ReCharter text
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Mar 2011 03:23:37 -0000
On Sun, Mar 6, 2011 at 5:02 PM, Sriram, Kotikalapudi <kotikalapudi.sriram@nist.gov> wrote: > Chris, > > There is also this WG document which is missing in your list: > "Use cases and interpretation of RPKI objects for issuers and relying parties" > http://tools.ietf.org/html/draft-ietf-sidr-usecases-01 easy enough to add. thanks! (notethat I hadn't heard back from either of the ADs yet, I expect they'll say something in the next few days) -Chris ___________________________________ > From: sidr-bounces@ietf.org [sidr-bounces@ietf.org] On Behalf Of Christopher Morrow [christopher.morrow@gmail.com] > Sent: Thursday, March 03, 2011 10:39 PM > To: sidr@ietf.org; sidr-chairs@ietf.org; Adrian Farrel; Stewart Bryant > Subject: [sidr] Last Draft: ReCharter text > > Ok, so a lot (102 messages on-list) was said about the recharter text here: > > = = = = = = = = = > > Description of Working Group: > > The purpose of the SIDR working group is to reduce vulnerabilities in > the inter-domain routing system. The two vulnerabilities that will be > addressed are: > > * Is an Autonomous System (AS) authorized to originate an IP prefix > * Is the AS-Path represented in the route the same as the path > through which the route update traveled > > The SIDR working group will take practical deployability into consideration. > > Building upon the already completed and implemented framework: > > * Resource Public Key Infrastructure (RPKI) > * Distribution of RPKI data to routing devices and its use in > operational networks > * Document the use of certification objects within the secure > routing architecture > > > This working group will specify security enhancements for inter-domain > routing protocols. > > The SIDR working group is charged with the following goals and > milestones: > ID Date Pub Date > Mar 2011 Jan 2012 An overview of the RPKI and BGP Protocol changes > required for origin and path validation > Mar 2011 Jun 2012 A document describing threats to the routing system > Mar 2011 Jun 2012 A requirements document that addresses these threats > Mar2011 Jan 2012 Document the BGP protocol enhancements that meet > the security requirements > Nov 2010 Jul 2011 draft-ietf-sidr-origin-ops > Mar 2011 Jul 2012 Operational deployment guidance for network operators > Jun 2011 Dec 2011 System and architecture design choices made in > the protocol and RPKI > Mar 2010 Mar 2012 draft-ietf-sidr-cps-irs > Mar 2010 Mar 2012 draft-ietf-sidr-cps-isp > Nov 2010 Jan 2012 draft-ietf-sidr-pfx-validate > Jan 2010 Jun 2011 draft-ietf-sidr-publication > Nov 2010 Jun 2011 draft-ietf-sidr-repos-struct > Nov 2010 Jun 2011 draft-ietf-sidr-roa-format > Feb 2011 Jun 2011 draft-ietf-sidr-rpki-rtr > Nov 2010 Nov 2011 draft-ietf-sidr-ltamgmt > Dec 2010 Oct 2011 draft-rgaglian-sidr-algorithm-agility > Jan 2011 Oct 2011 draft-ietf-sidr-ghostbusters > Jan 2010 Dec 2011 draft-ietf-sidr-keyroll > Jan 2010 May 2011 draft-ietf-sidr-arch > Jan 2010 May 2011 draft-ietf-sidr-cp > Jan 2010 May 2011 draft-ietf-sidr-res-certs > Jan 2010 Jun 2011 draft-ietf-sidr-roa-validation > Jan 2010 Jun 2011 draft-ietf-sidr-signed-object > Jan 2010 Jun 2011 draft-ietf-sidr-rpki-manifests > Jan 2010 Jul 2011 draft-ietf-sidr-rpki-algs > Jan 2010 Jul 2011 draft-ietf-sidr-rescerts-provisioning > Jan 2010 Aug 2011 draft-ietf-sidr-ta > > > ================== > > o Of that text, I noticed no argument about the > dates/drafts/work-items, I noticed at least some > discussion about the second vulnerability to address: (let's call > it a goal for now) > > ---------------------------------------------------------- > * Is the AS-Path represented in the route the same as the path > through which the route update traveled > ---------------------------------------------------------- > > A few folks noted that perhaps 'route' was not the right word here, > perhaps NLRI is. Using a wikipedia definition: > "Once a BGP session is running, the BGP speakers exchange UPDATE > messages about destinations to which the speaker offers connectivity. > In the protocol, the basic CIDR route description is called Network > Layer Reachability Information (NLRI). NLRI includes the expected > destination prefix, prefix length, path of autonomous systems to the > destination and next hop in attributes, which can carry a wide range > of additional information that affects the acceptance policy of the > receiving router. BGP speakers incrementally announce new NLRI to > which they offer reachability, but also announce withdrawals of > prefixes to which the speaker no longer offers connectivity." > > This seems mostly correct, we don't actually want to secure something > that changes per router-hop (potentially) - next-hop, but we do care > about prefix/length/as-path. Taking that into account changes the goal > to: > > > ---------------------------------------------------------- > * Is the AS-Path represented in the NLRI the same as the path through > which the NLRI traveled > ---------------------------------------------------------- > > o At least one respondent noted that some/all of the work here, as it > affects the > BGP specification will have to be seen/etc by IDR, I don't think the charter > changes as proposed preclude that. I believe the intent was to pass > along all > changes to IDR to make sure they don't see issues with the changes. It's > probably fair to also point out that the current IDR chair acks th > two goals listed, > but still the material relevant to IDR should go there for > checkbox/changes/etc. > > -------------------------------------------------------------------------------------------------------------------- > Given the above the new charter reads: > > > = = = = = = = = = > > Description of Working Group: > > The purpose of the SIDR working group is to reduce vulnerabilities in > the inter-domain routing system. The two vulnerabilities that will be > addressed are: > > * Is an Autonomous System (AS) authorized to originate an IP prefix > * Is the AS-Path represented in the NLRI the same as the path > through which the NLRI traveled > > The SIDR working group will take practical deployability into consideration. > > Building upon the already completed and implemented framework: > > * Resource Public Key Infrastructure (RPKI) > * Distribution of RPKI data to routing devices and its use in > operational networks > * Document the use of certification objects within the secure > routing architecture > > > This working group will specify security enhancements for inter-domain > routing protocols. > > The SIDR working group is charged with the following goals and > milestones: > ID Date Pub Date > Mar 2011 Jan 2012 An overview of the RPKI and BGP Protocol changes > required for origin and path validation > Mar 2011 Jun 2012 A document describing threats to the routing system > Mar 2011 Jun 2012 A requirements document that addresses these threats > Mar2011 Jan 2012 Document the BGP protocol enhancements that meet > the security requirements > Nov 2010 Jul 2011 draft-ietf-sidr-origin-ops > Mar 2011 Jul 2012 Operational deployment guidance for network operators > Jun 2011 Dec 2011 System and architecture design choices made in > the protocol and RPKI > Mar 2010 Mar 2012 draft-ietf-sidr-cps-irs > Mar 2010 Mar 2012 draft-ietf-sidr-cps-isp > Nov 2010 Jan 2012 draft-ietf-sidr-pfx-validate > Jan 2010 Jun 2011 draft-ietf-sidr-publication > Nov 2010 Jun 2011 draft-ietf-sidr-repos-struct > Nov 2010 Jun 2011 draft-ietf-sidr-roa-format > Feb 2011 Jun 2011 draft-ietf-sidr-rpki-rtr > Nov 2010 Nov 2011 draft-ietf-sidr-ltamgmt > Dec 2010 Oct 2011 draft-rgaglian-sidr-algorithm-agility > Jan 2011 Oct 2011 draft-ietf-sidr-ghostbusters > Jan 2010 Dec 2011 draft-ietf-sidr-keyroll > Jan 2010 May 2011 draft-ietf-sidr-arch > Jan 2010 May 2011 draft-ietf-sidr-cp > Jan 2010 May 2011 draft-ietf-sidr-res-certs > Jan 2010 Jun 2011 draft-ietf-sidr-roa-validation > Jan 2010 Jun 2011 draft-ietf-sidr-signed-object > Jan 2010 Jun 2011 draft-ietf-sidr-rpki-manifests > Jan 2010 Jul 2011 draft-ietf-sidr-rpki-algs > Jan 2010 Jul 2011 draft-ietf-sidr-rescerts-provisioning > Jan 2010 Aug 2011 draft-ietf-sidr-ta > > > ================== > > This I'll send along to the IESG shortly. > > -Chris > _______________________________________________ > sidr mailing list > sidr@ietf.org > https://www.ietf.org/mailman/listinfo/sidr >
- [sidr] Last Draft: ReCharter text Christopher Morrow
- Re: [sidr] Last Draft: ReCharter text Randy Bush
- Re: [sidr] Last Draft: ReCharter text Russ White
- Re: [sidr] Last Draft: ReCharter text Christopher Morrow
- Re: [sidr] Last Draft: ReCharter text Sriram, Kotikalapudi
- Re: [sidr] Last Draft: ReCharter text Christopher Morrow
- Re: [sidr] Last Draft: ReCharter text John G. Scudder
- Re: [sidr] Last Draft: ReCharter text Randy Bush
- Re: [sidr] Last Draft: ReCharter text Christopher Morrow