IETF Logo Mail Archive

Re: [sidr] request for agenda items for interim meeting 6 Jun

"John G. Scudder" <jgs@juniper.net> Wed, 30 May 2012 20:53 UTC

Return-Path: <jgs@juniper.net>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 216DE11E809C; Wed, 30 May 2012 13:53:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.58
X-Spam-Level:
X-Spam-Status: No, score=-6.58 tagged_above=-999 required=5 tests=[AWL=0.019, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XGb4b4cdFtt3; Wed, 30 May 2012 13:53:36 -0700 (PDT)
Received: from exprod7og117.obsmtp.com (exprod7og117.obsmtp.com [64.18.2.6]) by ietfa.amsl.com (Postfix) with ESMTP id 657C821F874F; Wed, 30 May 2012 13:53:32 -0700 (PDT)
Received: from P-EMHUB01-HQ.jnpr.net ([66.129.224.36]) (using TLSv1) by exprod7ob117.postini.com ([64.18.6.12]) with SMTP ID DSNKT8aIzKxAs2onG6tCgi6IWl2WpnzfUqpn@postini.com; Wed, 30 May 2012 13:53:36 PDT
Received: from [172.16.13.202] (172.16.13.202) by P-EMHUB01-HQ.jnpr.net (172.24.192.33) with Microsoft SMTP Server id 8.3.213.0; Wed, 30 May 2012 13:52:20 -0700
MIME-Version: 1.0 (Apple Message framework v1278)
Content-Type: text/plain; charset="us-ascii"
From: "John G. Scudder" <jgs@juniper.net>
In-Reply-To: <24B20D14B2CD29478C8D5D6E9CBB29F625F12333@Hermes.columbia.ads.sparta.com>
Date: Wed, 30 May 2012 16:52:19 -0400
Content-Transfer-Encoding: quoted-printable
Message-ID: <AAAF2A7E-4CC7-426C-8956-BF68A2327009@juniper.net>
References: <24B20D14B2CD29478C8D5D6E9CBB29F60F70A267@Hermes.columbia.ads.sparta.com> <24B20D14B2CD29478C8D5D6E9CBB29F625F0975D@Hermes.columbia.ads.sparta.com> <4FBBB6D1.9000008@bbn.com> <m2r4ub7vta.wl%randy@psg.com> <4FBC0936.7000905@bbn.com>, <5BA9D6DE-BE0E-4922-9E09-7B85BD6F9342@juniper.net> <24B20D14B2CD29478C8D5D6E9CBB29F625F12333@Hermes.columbia.ads.sparta.com>
To: "Murphy, Sandra" <Sandra.Murphy@sparta.com>
X-Mailer: Apple Mail (2.1278)
Cc: "idr@ietf.org List" <idr@ietf.org>, "sidr@ietf.org list" <sidr@ietf.org>
Subject: Re: [sidr] request for agenda items for interim meeting 6 Jun
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 May 2012 20:53:37 -0000

[added IDR to cc]

On May 30, 2012, at 12:10 PM, Murphy, Sandra wrote:

...
> About extensibility - as you say, any new segment type not built into implementations would result in fatal errors.  So any new segment type would need to be built into implementations before use.  The question then becomes - can the signature attributes also be augmented at the same time to deal with the new segment types?
...
> So the AS_PATH extensibility could be maintained in the security protections - as long as the new extension is "protectable".

OK, as long as it's practical to extend the BGPSEC_Path_Signatures attribute. I confess to not having given this much thought but it doesn't appear to be as easily extensible as AS_PATH, because the latter has a TLV structure and the former doesn't. I guess your answer is that since AS_PATH extensions are in practice a big deal, you'll just introduce a new, incompatible format of BGPSEC_Path_Signatures to match? If this is the plan, BGPSEC_Path_Signatures should include a version number, since it would be a little rude to consume another code point from the one-byte BGP path attribute code point space for this purpose. Also, for generality you'll need to think about whether you want to be able to support different subsets of extensions -- this is easy in a TLV-encoded attribute but hard if all you've got is a version number. (Another answer might be that Additional_info will serve as the extensibility placeholder, but if so its length field is too small.)

...
> I am quite sure I don't know the complete list of AS_PATH knobs!

Nor do I, from memory. But we probably should plan to enumerate a list of them so that we can categorize them as "we can do this", "this is formally an attack and therefore will never be supported", or "other", and then iterate on "other".

> But some of those I do know are hacks that would allow attacks as well.  The fact that the security protections prohibit the attacks is a good thing.  If there's a way to identify good, not evil, uses, then we can design for that.  But in cases where there's no real way to distinguish the good from the evil, we're in a hard place.  Shoot a hole in the protection to allow the hack or prohibit the hack.

Right, and agreed (see "formally an attack" above). But to repeat my further point, if the AS_PATH is present (even if not secured): "at least there's scope for a network operator on the receiving end to tolerate the validation failure and use the route anyway, if desired. In the case where there's no AS_PATH, the data are just gone with no chance for appeal."

--John

v2.23.0 | Report a Bug | By Email