IETF Logo Mail Archive

Re: [sidr] Confederations and Private ASNs (WAS: AD Review of draft-ietf-sidr-bgpsec-protocol-18)

"Alvaro Retana (aretana)" <aretana@cisco.com> Thu, 15 December 2016 16:09 UTC

Return-Path: <aretana@cisco.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B6252129731; Thu, 15 Dec 2016 08:09:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.417
X-Spam-Level:
X-Spam-Status: No, score=-17.417 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-2.896, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZDlHBLgzS_Nz; Thu, 15 Dec 2016 08:09:25 -0800 (PST)
Received: from rcdn-iport-4.cisco.com (rcdn-iport-4.cisco.com [173.37.86.75]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DC50012A00C; Thu, 15 Dec 2016 08:09:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=13804; q=dns/txt; s=iport; t=1481818162; x=1483027762; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=clScRdO0JjapLMjU/nXxmQgMbbwGO0SgKKKBVVXsn/Y=; b=eOylZsqrUa8odXGxr2d/x9JvkfV24QmthMjsmSBKsVcCcK0S67KNzZLD lwIFAUG3o+Z/oT4swslWRcVZ8zBVPpJiZSk6ZynzHRmyAoEO2hxG5iT// 7tZTlwfBNVNUgUaBIQCTH3ICFd1FMK273sjrl6bZOuIhjK3V+mcGtxi9B s=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AqAQAGv1JY/4gNJK1dGQEBAQEBAQEBAQEBBwEBAQEBgnNEAQEBAQEfWoEGB41HllePZoUkggmGIgIagWw/FAECAQEBAQEBAWIohGkBAQMBEhFWBQsCAQYCQgICAjAlAgQBDQUbB4hBCItOj1UBjXaCKC+KYQEBAQEBAQEBAQEBAQEBAQEBAQEBAR2GNoF9glyHRC2CMAWVAIVsAZEygXSFAYlWkiIBHzeBIjgBAYNDHBiBRXKHX4ENAQEB
X-IronPort-AV: E=Sophos;i="5.33,352,1477958400"; d="scan'208,217";a="183693665"
Received: from alln-core-3.cisco.com ([173.36.13.136]) by rcdn-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 15 Dec 2016 16:09:21 +0000
Received: from XCH-ALN-004.cisco.com (xch-aln-004.cisco.com [173.36.7.14]) by alln-core-3.cisco.com (8.14.5/8.14.5) with ESMTP id uBFG9LeG013645 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 15 Dec 2016 16:09:21 GMT
Received: from xch-aln-002.cisco.com (173.36.7.12) by XCH-ALN-004.cisco.com (173.36.7.14) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Thu, 15 Dec 2016 10:09:21 -0600
Received: from xch-aln-002.cisco.com ([173.36.7.12]) by XCH-ALN-002.cisco.com ([173.36.7.12]) with mapi id 15.00.1210.000; Thu, 15 Dec 2016 10:09:21 -0600
From: "Alvaro Retana (aretana)" <aretana@cisco.com>
To: "Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov>, "draft-ietf-sidr-bgpsec-protocol@ietf.org" <draft-ietf-sidr-bgpsec-protocol@ietf.org>, "sidr-chairs@ietf.org" <sidr-chairs@ietf.org>
Thread-Topic: Confederations and Private ASNs (WAS: AD Review of draft-ietf-sidr-bgpsec-protocol-18)
Thread-Index: AQHSUmenE2EHhTbiU0q7IXrD4ZYx2aEF0Iz4gAN2lwA=
Date: Thu, 15 Dec 2016 16:09:21 +0000
Message-ID: <98186E08-8CAC-4EB0-9E84-BBABACC43678@cisco.com>
References: <7055D209-5BF7-4B5D-A675-356CD2CBFF4D@cisco.com> <DM2PR09MB04460DC9A23E1F58AEE629BF849B0@DM2PR09MB0446.namprd09.prod.outlook.com>
In-Reply-To: <DM2PR09MB04460DC9A23E1F58AEE629BF849B0@DM2PR09MB0446.namprd09.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/f.1c.0.161115
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.117.15.4]
Content-Type: multipart/alternative; boundary="_000_98186E088CAC4EB09E84BBABACC43678ciscocom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidr/WV6GLQmBIyCWJcuaglzANDG0g0Y>
Cc: Matthias Waehlisch <m.waehlisch@fu-berlin.de>, "sidr@ietf.org" <sidr@ietf.org>
Subject: Re: [sidr] Confederations and Private ASNs (WAS: AD Review of draft-ietf-sidr-bgpsec-protocol-18)
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Dec 2016 16:09:31 -0000

On 12/13/16, 7:26 AM, "Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov> wrote:



> [Sriram-3] I understand now your main comment about confederation. I think there are

> two ways to address it (of course I hope other people chime in as well):

>

> Choice A: The pCount = 0 solution that you have suggested.

>

> But I feel that this is somewhat a cosmetic solution. In your example, it can be perhaps

> questioned whether the signature with pCount = 0 from AS2 to AS65001 does actually fit

> the security guarantee from Section 8.1 that you’ve cited.  Because AS2 (the AS with the

> public ASN) did not produce that signature directly. Instead AS65001 played proxy for

> AS2 -- which is of course part of the original solution anyway. So we may consider choice

> B below.



Well, the PE with both AS2 and AS65001 *is* both AS2 *and* AS65001…so I don’t see it as a proxy.



> Choice B: Include a caveat to the statement in Section 8.1. For instance, we modify it as

> follows:

>

> For each AS in the path, a BGPsec speaker authorized by the holder

>      of the AS number intentionally chose (in accordance with local

>      policy) to propagate the route advertisement to the subsequent AS

>      in the path (except for a minor caveat that applies in the case of BGPsec speakers

>       in a  confederation). The caveat applies because a BGPsec speaker

>       in a confederation-member AS can be a proxy receiver and signer for the public AS

>       (identified by the public AS number of the confederation). Therefore, a signature that > appears to

>      correspond to an AS with the public AS number may actually

>      be proxy produced by a member AS that has an internal AS number

>      not matching the public AS number. The confederation-member ASes

>      are cognizant of this and hence it poses no security concern

>      within the confederation, and it is transparent to ASes outside

>      the confederation (see Section 4.3).

>

> [Sriram-3] Do you feel Choice B makes sense?



Personally, I don’t like Choice B because it reads: “we guarantee X, except in a scenario where the signatures are not what they seem”…   It doesn’t give me a warm a fuzzy feeling, especially when we’re talking about a security-related document.



This is where I would like the Chairs/rest of the WG to pitch in.



…

> [Sriram-3]  Perhaps I should wait for some more IESG LC reviews to roll in before I include

> this set of changes and those from Russ (Gen-ART) and Nevil (OPS-DIR)? Please advise.



The IETF LC ends tomorrow.  Include the changes with anything you receive by tomorrow.



Thanks!



Alvaro.

v2.23.0 | Report a Bug | By Email