Re: [sidr] [Idr] No BGPSEC intradomain ?

Christopher Morrow <morrowc.lists@gmail.com> Wed, 11 April 2012 15:22 UTC

Return-Path: <christopher.morrow@gmail.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F21E821F8565; Wed, 11 Apr 2012 08:22:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.532
X-Spam-Level:
X-Spam-Status: No, score=-103.532 tagged_above=-999 required=5 tests=[AWL=0.067, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D6QfyogJ6jql; Wed, 11 Apr 2012 08:22:40 -0700 (PDT)
Received: from mail-gy0-f172.google.com (mail-gy0-f172.google.com [209.85.160.172]) by ietfa.amsl.com (Postfix) with ESMTP id 340F221F8564; Wed, 11 Apr 2012 08:22:40 -0700 (PDT)
Received: by ghbg16 with SMTP id g16so572925ghb.31 for <multiple recipients>; Wed, 11 Apr 2012 08:22:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type; bh=Cjty43SZKN9D/BGuS/UdOIRdSnjEXRRYQv0Atn3IDSQ=; b=pCGyERgCMuKcizXjIbXtgqv3WZ5DQqQtnKgZAiOONKRFYaTCSjQ+5J5K6vb2fkZI/y tZBZ+1CpBtUis+QzPYQ0LfXiqLTJgvPBaVo78JVFPk5OqQIXfg1Ls2nXypjVtmnuOSgf XfEjxOi3o8Lk3qT9ug86UVmsZO2ePkiGZfKEtv933ZFV0/erYYHK32o69T3oSGOVbazP IbynM11ulClGEskVIiN8hIV1Wb/TglN/b886J7Mcubz4faa0Xpzt8X1afkyegvbzFgK1 SwIj2Kp0n7Fpqtj6GQNiRisoXKXOrJwWKJSNIyVEFtpWtw9Fnl0r8XgU5sPxgESbjhET yOiw==
MIME-Version: 1.0
Received: by 10.60.22.138 with SMTP id d10mr3059397oef.69.1334157759726; Wed, 11 Apr 2012 08:22:39 -0700 (PDT)
Sender: christopher.morrow@gmail.com
Received: by 10.182.153.34 with HTTP; Wed, 11 Apr 2012 08:22:39 -0700 (PDT)
In-Reply-To: <alpine.LFD.2.02.1204111507190.22591@jamaica.dcs.gla.ac.uk>
References: <D7A0423E5E193F40BE6E94126930C4930B96182E71@MBCLUSTER.xchange.nist.gov> <4F828D6D.10907@raszuk.net> <D7A0423E5E193F40BE6E94126930C4930B96C507DA@MBCLUSTER.xchange.nist.gov> <4F830E75.70606@raszuk.net> <24B20D14B2CD29478C8D5D6E9CBB29F60F6F1533@Hermes.columbia.ads.sparta.com> <4F832F5E.9030903@raszuk.net> <0BD03B75-CA3A-4CBA-BBF4-E2100AFA64E4@kumari.net> <4F846121.2050408@raszuk.net> <CAL9jLaYF-MW1cJ2n28BiV1mi+tpPS2ECKB2UxhFMQ=NXxbihCg@mail.gmail.com> <7309FCBCAE981B43ABBE69B31C8D21391B3EE03F77@EUSAACMS0701.eamcs.ericsson.se> <alpine.LFD.2.02.1204111507190.22591@jamaica.dcs.gla.ac.uk>
Date: Wed, 11 Apr 2012 11:22:39 -0400
X-Google-Sender-Auth: 0A1hMHoSzC92RA-AWvo3URoOZ6Y
Message-ID: <CAL9jLaZDwpje4NtHHMUpzJaHDJLMY-f8gzDUVe3pEKwSqvsm_w@mail.gmail.com>
From: Christopher Morrow <morrowc.lists@gmail.com>
To: Paul Jakma <paul@jakma.org>
Content-Type: text/plain; charset=ISO-8859-1
Cc: "idr@ietf.org List" <idr@ietf.org>, "sidr@ietf.org" <sidr@ietf.org>
Subject: Re: [sidr] [Idr] No BGPSEC intradomain ?
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Apr 2012 15:22:41 -0000

On Wed, Apr 11, 2012 at 10:12 AM, Paul Jakma <paul@jakma.org> wrote:
> On Tue, 10 Apr 2012, Jakob Heitz wrote:
>
>> I agree with Robert. Today, there are many tools that interact with BGP
>> messages. If the AS_PATH disappears, they will all break.
>
>
> Indeed. If mandatory, well-known attributes are removed, then the BGP
> protocol version number needs to be bumped.
>
> There's near-0-cost in doing that for those interested in implementing the
> new functionality, and it avoids a world of hurt for all the various tools
> (sometimes in-house/home-grown) out there that believe they know what
> they're getting when the version says 4.

"if you don't ask for the 'bgpsec capability' then ... you get what
you get today."

also

"if you ask for the 'bgpsec capabiltiy' then ... you get (and can
presumably handle) the changes"

so, everything you do today, ought to just keep right on working, or
that's the plan.