Re: [sidr] Ben Campbell's Yes on draft-ietf-sidr-bgpsec-protocol-21: (with COMMENT)
"Ben Campbell" <ben@nostrum.com> Tue, 17 January 2017 19:34 UTC
Return-Path: <ben@nostrum.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A13C3129597; Tue, 17 Jan 2017 11:34:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.099
X-Spam-Level:
X-Spam-Status: No, score=-5.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-3.199] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id htsPA0m5dlE3; Tue, 17 Jan 2017 11:34:28 -0800 (PST)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CAF16129587; Tue, 17 Jan 2017 11:34:28 -0800 (PST)
Received: from [10.0.1.39] (cpe-66-25-7-22.tx.res.rr.com [66.25.7.22]) (authenticated bits=0) by nostrum.com (8.15.2/8.15.2) with ESMTPSA id v0HJYIvd097441 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Tue, 17 Jan 2017 13:34:18 -0600 (CST) (envelope-from ben@nostrum.com)
X-Authentication-Warning: raven.nostrum.com: Host cpe-66-25-7-22.tx.res.rr.com [66.25.7.22] claimed to be [10.0.1.39]
From: Ben Campbell <ben@nostrum.com>
To: "Sriram, Kotikalapudi" <kotikalapudi.sriram@nist.gov>
Date: Tue, 17 Jan 2017 13:34:40 -0600
Message-ID: <B8A1F18D-48DA-4010-829B-8CD2D0C92616@nostrum.com>
In-Reply-To: <DM2PR09MB04464F022CA83E803C01E417847B0@DM2PR09MB0446.namprd09.prod.outlook.com>
References: <148356622825.12945.17416255063037873581.idtracker@ietfa.amsl.com> <DM2PR09MB04464F022CA83E803C01E417847B0@DM2PR09MB0446.namprd09.prod.outlook.com>
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"
Content-Transfer-Encoding: quoted-printable
X-Mailer: MailMate (1.9.6r5319)
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidr/SeEgng6FxoBF98M4_hhudX4yWek>
Cc: "draft-ietf-sidr-bgpsec-protocol@ietf.org" <draft-ietf-sidr-bgpsec-protocol@ietf.org>, "sidr-chairs@ietf.org" <sidr-chairs@ietf.org>, The IESG <iesg@ietf.org>, "sidr@ietf.org" <sidr@ietf.org>, Matthias Waehlisch <m.waehlisch@fu-berlin.de>
Subject: Re: [sidr] Ben Campbell's Yes on draft-ietf-sidr-bgpsec-protocol-21: (with COMMENT)
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Jan 2017 19:34:29 -0000
Thanks for the response. I have one remaining comment, below. I removed sections that I think are resolved. Thanks! Ben. On 14 Jan 2017, at 11:23, Sriram, Kotikalapudi (Fed) wrote: >> >> - 8.4, last paragraph: The text describes a replay attack, and >> delegates >> the mitigation solution to. This is an >> informational reference; it draft-ietf-sidr-bgpsec-rollover >> seems like it should be normative. > > The solution for mitigation of replay attacks is out of band > (in relation to the BGPsec protocol). > As I see it, draft-ietf-sidr-bgpsec-rollover proposes 'a way' > of replay attack mitigation. Techniques for key rollover / > replay attack mitigation are expected to continue to evolve. > There are various variants of the basic key rollover technique that > are discussed in this informational draft: > https://tools.ietf.org/html/draft-sriram-replay-protection-design-discussion-07 > What needs to be pointed out in the BGPsec specification is that > there are solutions available for replay attack mitigation. > The above are the reasons why > draft-ietf-sidr-bgpsec-rollover is included in informational > references. That is a reasonable response, if you think it is realistic that people would implement solutions other than the one in the reference. It would help if the text were more clear that draft-ietf-sider-bgpsec rollover is an example of a possible solutions, and other solutions are possible.
- [sidr] Ben Campbell's Yes on draft-ietf-sidr-bgps… Ben Campbell
- Re: [sidr] Ben Campbell's Yes on draft-ietf-sidr-… Sriram, Kotikalapudi (Fed)
- Re: [sidr] Ben Campbell's Yes on draft-ietf-sidr-… Ben Campbell
- Re: [sidr] Ben Campbell's Yes on draft-ietf-sidr-… Sriram, Kotikalapudi (Fed)