IETF Logo Mail Archive

Re: [sidr] Mirja Kühlewind's No Objection on draft-ietf-sidr-bgpsec-ops-12: (with COMMENT)

Randy Bush <randy@psg.com> Mon, 02 January 2017 15:33 UTC

Return-Path: <randy@psg.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C4D8A12965F; Mon, 2 Jan 2017 07:33:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.001
X-Spam-Level:
X-Spam-Status: No, score=-10.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-3.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I4saIfB7LsXM; Mon, 2 Jan 2017 07:33:58 -0800 (PST)
Received: from ran.psg.com (ran.psg.com [IPv6:2001:418:8006::18]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E76A4120727; Mon, 2 Jan 2017 07:33:57 -0800 (PST)
Received: from localhost ([127.0.0.1] helo=ryuu.psg.com) by ran.psg.com with esmtp (Exim 4.86_2) (envelope-from <randy@psg.com>) id 1cO4cT-0007jf-3l; Mon, 02 Jan 2017 15:33:53 +0000
Date: Tue, 03 Jan 2017 00:33:49 +0900
Message-ID: <m2tw9hmq76.wl-randy@psg.com>
From: Randy Bush <randy@psg.com>
To: "Mirja Kuehlewind (IETF)" <ietf@kuehlewind.net>
In-Reply-To: <563AAA29-82F7-4202-8A54-855CD7702595@kuehlewind.net>
References: <148336377615.21819.15119186800162780376.idtracker@ietfa.amsl.com> <m2vatxmv83.wl-randy@psg.com> <563AAA29-82F7-4202-8A54-855CD7702595@kuehlewind.net>
User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/24.5 Mule/6.0 (HANACHIRUSATO)
MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue")
Content-Type: text/plain; charset="US-ASCII"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidr/M6d79HOITl9WjnmVTIvENYM-DuA>
Cc: draft-ietf-sidr-bgpsec-ops@ietf.org, Chris Morrow <morrowc@ops-netman.net>, sidr-chairs@ietf.org, The IESG <iesg@ietf.org>, sidr@ietf.org
Subject: Re: [sidr] Mirja Kühlewind's No Objection on draft-ietf-sidr-bgpsec-ops-12: (with COMMENT)
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Jan 2017 15:33:59 -0000

hi mirja,

> could there be a similar case here, where a router is known to support
> BGPsec and others would ignore/drop non-signed announcements?

hmmmm.  as far as i can remember, this has not actually been discussed.

how would a router be known to support bgpsec?  well, if i saw it on a
signed path.  (for the moment, let's ignore changes over time).  but it
might have an out-degree of O(100) and some portion are signed and the
rest not.  the ones that are not signed are due to the peer not
negotiating bgpsec, or that one or the other is configured to not have
the peering be bgpsec.

and it's way too late here for me to do the necessary deep dive into
draft-ietf-sidr-bgpsec-pki-profiles-18.txt to know if i can definitively
identify a router, especially as one router can have multiple ASs and
therefore multiple certs and therefore multiple skis.

maybe someone on the us beast coast has had enough coffee to hit me with
a clue by four when i wake.

randy

v2.30.2 | Report a Bug | By Email | System Status