Re: [sidr] request for agenda items for interim meeting 6 Jun
"Sriram, Kotikalapudi" <kotikalapudi.sriram@nist.gov> Mon, 04 June 2012 18:53 UTC
Return-Path: <kotikalapudi.sriram@nist.gov>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 20A6A11E80BC; Mon, 4 Jun 2012 11:53:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.854
X-Spam-Level:
X-Spam-Status: No, score=-5.854 tagged_above=-999 required=5 tests=[AWL=-0.744, BAYES_05=-1.11, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DhHmVPP6B4nI; Mon, 4 Jun 2012 11:53:41 -0700 (PDT)
Received: from wsget1.nist.gov (wsget1.nist.gov [129.6.13.150]) by ietfa.amsl.com (Postfix) with ESMTP id 92E9F11E80B5; Mon, 4 Jun 2012 11:53:38 -0700 (PDT)
Received: from WSXGHUB1.xchange.nist.gov (129.6.18.96) by wsget1.nist.gov (129.6.13.150) with Microsoft SMTP Server (TLS) id 14.1.355.2; Mon, 4 Jun 2012 14:53:35 -0400
Received: from MBCLUSTER.xchange.nist.gov ([fe80::d479:3188:aec0:cb66]) by WSXGHUB1.xchange.nist.gov ([129.6.18.96]) with mapi; Mon, 4 Jun 2012 14:53:37 -0400
From: "Sriram, Kotikalapudi" <kotikalapudi.sriram@nist.gov>
To: "John G. Scudder" <jgs@juniper.net>
Date: Mon, 04 Jun 2012 14:51:45 -0400
Thread-Topic: [sidr] request for agenda items for interim meeting 6 Jun
Thread-Index: Ac0/U5HRPlsCbHtVSUK1+tV3UsF//ADKs4sO
Message-ID: <D7A0423E5E193F40BE6E94126930C4930B9A71FA4B@MBCLUSTER.xchange.nist.gov>
References: <24B20D14B2CD29478C8D5D6E9CBB29F60F70A267@Hermes.columbia.ads.sparta.com> <24B20D14B2CD29478C8D5D6E9CBB29F625F0975D@Hermes.columbia.ads.sparta.com> <4FBBB6D1.9000008@bbn.com> <m2r4ub7vta.wl%randy@psg.com> <4FBC0936.7000905@bbn.com>, <5BA9D6DE-BE0E-4922-9E09-7B85BD6F9342@juniper.net> <24B20D14B2CD29478C8D5D6E9CBB29F625F12333@Hermes.columbia.ads.sparta.com> <AAAF2A7E-4CC7-426C-8956-BF68A2327009@juniper.net> <D7A0423E5E193F40BE6E94126930C4930B9B247700@MBCLUSTER.xchange.nist.gov>, <5F5F8CF8-061C-47C9-942C-7908963EF347@juniper.net>
In-Reply-To: <5F5F8CF8-061C-47C9-942C-7908963EF347@juniper.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Cc: "idr@ietf.org List" <idr@ietf.org>, "Murphy, Sandra" <Sandra.Murphy@sparta.com>, "sidr@ietf.org list" <sidr@ietf.org>
Subject: Re: [sidr] request for agenda items for interim meeting 6 Jun
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Jun 2012 18:53:42 -0000
Thanks for the clarification. The Secure_Path semantics in BGPSEC are the same as the *essential semantics* of BGP AS_PATH. The *essential semantics* being the sequence of ASs the prefix announcement has passed through (including AS prepending). So the Secure_Path semantics would be compatible with AS_PATH as long as said essential semantics do not change. I am curious if there is a realistic example of feature change to BGP such that the AS_PATH would no longer adhere to its essential semantics. Sriram ________________________________________ From: John G. Scudder [jgs@juniper.net] Sent: Thursday, May 31, 2012 1:31 PM To: Sriram, Kotikalapudi Cc: Murphy, Sandra; idr@ietf.org List; sidr@ietf.org list Subject: Re: [sidr] request for agenda items for interim meeting 6 Jun On May 30, 2012, at 8:02 PM, Sriram, Kotikalapudi wrote: >> >> Right, and agreed (see "formally an attack" above). But to repeat my further >> point, if the AS_PATH is present (even if not secured): "at least there's scope for a >> network operator on the receiving end to tolerate the validation failure and use >> the route anyway, if desired. In the case where there's no AS_PATH, the data are >> just gone with no chance for appeal." >> > > John, > > I do not agree that in the event of "validation failure" the route becomes unusable > in BGPSEC as currently specified. That's not what I meant. My point was that a feature may be applied that wants to change the AS_PATH in a way that can't be represented in the BGPSEC_Path_Signatures. In other words, your later statement: > the Secure_Path segment is still usable as it provides the AS path info. is not correct in all cases. Likewise, to this statement: > So validation failure in BGPSEC does not mean that "the data are just gone." My point is not that validation failure causes this. It's that absent AS_PATH, a semantically non-representable AS_PATH will be lost if forced through BGPSEC_Path_Signatures. To reiterate, the options to address the case where a feature wants to produce output that can't be represented in BGPSEC_Path_Signatures are: - Don't solve it. Effectively forbid any such feature. - Carry both AS_PATH and BGPSEC_Path_Signatures in every update. Rules for reconciliation would be required. - Downgrade BGPSEC update to BGP update. - Extend BGPSEC_Path_Signatures format to be able to represent the needed feature. (As Sandy noted, this only makes sense insofar as the feature isn't formally an attack, so this option is incomplete.) The validation failure I spoke of is a potential *consequence* of the middle two options above, and as you say, the operator can then decide what to do. --John
- [sidr] request for agenda items for interim meeti… Murphy, Sandra
- Re: [sidr] request for agenda items for interim m… Murphy, Sandra
- Re: [sidr] request for agenda items for interim m… Murphy, Sandra
- Re: [sidr] request for agenda items for interim m… Alexey Melnikov
- Re: [sidr] request for agenda items for interim m… Warren Kumari
- Re: [sidr] request for agenda items for interim m… Alexey Melnikov
- Re: [sidr] request for agenda items for interim m… Murphy, Sandra
- Re: [sidr] request for agenda items for interim m… Matt Lepinski
- Re: [sidr] request for agenda items for interim m… Shane Amante
- Re: [sidr] request for agenda items for interim m… Warren Kumari
- Re: [sidr] request for agenda items for interim m… Randy Bush
- Re: [sidr] request for agenda items for interim m… Matt Lepinski
- Re: [sidr] request for agenda items for interim m… Randy Bush
- Re: [sidr] request for agenda items for interim m… Sriram, Kotikalapudi
- Re: [sidr] request for agenda items for interim m… Randy Bush
- Re: [sidr] request for agenda items for interim m… Shane Amante
- Re: [sidr] request for agenda items for interim m… Randy Bush
- Re: [sidr] request for agenda items for interim m… Randy Bush
- Re: [sidr] request for agenda items for interim m… Shane Amante
- Re: [sidr] request for agenda items for interim m… Randy Bush
- Re: [sidr] request for agenda items for interim m… Shane Amante
- Re: [sidr] request for agenda items for interim m… Roque Gagliano (rogaglia)
- Re: [sidr] request for agenda items for interim m… Randy Bush
- Re: [sidr] request for agenda items for interim m… Roque Gagliano (rogaglia)
- Re: [sidr] request for agenda items for interim m… George, Wes
- Re: [sidr] request for agenda items for interim m… Christopher Morrow
- Re: [sidr] request for agenda items for interim m… John G. Scudder
- [sidr] BGPSEC proposal to drop AS_PATH [was: Fwd:… John G. Scudder
- Re: [sidr] BGPSEC proposal to drop AS_PATH [was: … John G. Scudder
- Re: [sidr] BGPSEC proposal to drop AS_PATH [was: … John G. Scudder
- Re: [sidr] BGPSEC proposal to drop AS_PATH [was: … Randy Bush
- Re: [sidr] BGPSEC proposal to drop AS_PATH [was: … Jakob Heitz
- Re: [sidr] BGPSEC proposal to drop AS_PATH [was: … Randy Bush
- Re: [sidr] BGPSEC proposal to drop AS_PATH [was: … Jakob Heitz
- Re: [sidr] BGPSEC proposal to drop AS_PATH [was: … Randy Bush
- Re: [sidr] BGPSEC proposal to drop AS_PATH [was: … Jakob Heitz
- Re: [sidr] [Idr] BGPSEC proposal to drop AS_PATH … Robert Raszuk
- Re: [sidr] BGPSEC proposal to drop AS_PATH [was: … Stephen Kent
- Re: [sidr] request for agenda items for interim m… Murphy, Sandra
- Re: [sidr] request for agenda items for interim m… Matt Lepinski
- Re: [sidr] request for agenda items for interim m… John G. Scudder
- Re: [sidr] BGPSEC proposal to drop AS_PATH [was: … Russ White
- Re: [sidr] request for agenda items for interim m… Sriram, Kotikalapudi
- Re: [sidr] BGPSEC proposal to drop AS_PATH [was: … John G. Scudder
- Re: [sidr] request for agenda items for interim m… John G. Scudder
- Re: [sidr] BGPSEC proposal to drop AS_PATH [was: … John G. Scudder
- Re: [sidr] BGPSEC proposal to drop AS_PATH [was: … Russ White
- Re: [sidr] BGPSEC proposal to drop AS_PATH [was: … Robert Raszuk
- Re: [sidr] request for agenda items for interim m… Sriram, Kotikalapudi
- Re: [sidr] request for agenda items for interim m… John G. Scudder