Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-ops - ENDS: 2016-06-14 (June 14 2016)
Aris Lambrianidis <aristidis.lambrianidis@ams-ix.net> Wed, 15 June 2016 15:27 UTC
Return-Path: <aristidis.lambrianidis@ams-ix.net>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D272112D68B; Wed, 15 Jun 2016 08:27:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.327
X-Spam-Level:
X-Spam-Status: No, score=-3.327 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-1.426, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UJhJU_Bw3r8u; Wed, 15 Jun 2016 08:27:21 -0700 (PDT)
Received: from deliverix.ams-ix.net (deliverix.ams-ix.net [IPv6:2001:67c:1a8:a101::70]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1203212D8EB; Wed, 15 Jun 2016 08:27:19 -0700 (PDT)
X-Virus-Scanned: Debian amavisd-new at ams-ix.net
Received: from hq-40.office.ams-ix.net (hq-40.office.ams-ix.net [91.200.19.40]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: aristidis) by deliverix.ams-ix.net (Postfix) with ESMTPSA id B27F6412FD; Wed, 15 Jun 2016 17:27:15 +0200 (CEST)
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
Content-Type: multipart/signed; boundary="Apple-Mail=_5FBA58F0-C276-4C2B-A9B6-2B4B81D98A9B"; protocol="application/pgp-signature"; micalg="pgp-sha256"
X-Pgp-Agent: GPGMail 2.6b2
From: Aris Lambrianidis <aristidis.lambrianidis@ams-ix.net>
In-Reply-To: <E5A2A64E-429D-4E77-80EE-BA57B20AEBC8@tislabs.com>
Date: Thu, 16 Jun 2016 00:27:12 +0900
Message-Id: <BED2066B-2444-401D-BA02-967C8894DBF2@ams-ix.net>
References: <yj9owpm8agia.wl%morrowc@ops-netman.net> <61339176-792E-4000-BBBD-D17D4962E249@tislabs.com> <E5A2A64E-429D-4E77-80EE-BA57B20AEBC8@tislabs.com>
To: sidr <sidr@ietf.org>
X-Mailer: Apple Mail (2.3124)
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidr/U3uLcoUUUbRsZmM6ODg-fwQvx0o>
Cc: sidr chairs <sidr-chairs@ietf.org>, Sandra Murphy <sandy@tislabs.com>
Subject: Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-ops - ENDS: 2016-06-14 (June 14 2016)
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Jun 2016 15:27:23 -0000
> On 15 Jun 2016, at 22:35 , Sandra Murphy <sandy@tislabs.com> wrote: > > Could we get some feedback that this document is ready for publication? Hi, My 0.02 of your favourite currency denomination: Nits: Line 94: There’s a typo: “twp” instead of “two” Line 202: Grammatical error: “it’s” instead of “its” Line 317: Typo: “see see” instead of “see” Content: The middle paragraph of section 6. feels a bit foggy to me: > BGPsec protocol capability negotiation provides for a speaker signing > the data it sends without being able to accept signed data. Thus a > smallish edge router may hold only its own signing key(s), sign it's > announcements, but not receive signed announcements and therefore not > need to deal with the majority of the RPKI. Thus such routers CPU, > RAM, and crypto needs are trivial and additional hardware should not > be needed. Here’s what my take of the situation described would be: “Operators might be utilising hardware with limited resources. In such cases, BGPsec protocol capability negotiation allows for a resource constrained edge router to just hold its own signing key(s) and sign its announcements, but not receive signed announcements. Therefore, the router would not have to deal with the majority of the RPKI, potentially saving the need for additional hardware." What is “smallish" is more relative than, say, “resource constrained”. Perhaps an operator uses a large edge router that is overloaded or just wants to keep their processing overhead low. Kind regards, Aris Lambrianidis
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-ops - END… Christopher Morrow
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-ops - END… Matthias Waehlisch
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-ops - END… Randy Bush
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-ops - END… Randy Bush
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-ops - END… Matthias Waehlisch
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-ops - END… Matthias Waehlisch
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-ops - END… Randy Bush
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-ops - END… Sean Turner
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-ops - END… Aris Lambrianidis
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-ops - END… Sandra Murphy
- [sidr] WGLC: draft-ietf-sidr-bgpsec-ops - ENDS: 2… Chris Morrow
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-ops - END… Sandra Murphy