IETF Logo Mail Archive

Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs

Warren Kumari <warren@kumari.net> Sun, 19 January 2014 18:49 UTC

Return-Path: <warren@kumari.net>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 308941ADF78 for <sidr@ietfa.amsl.com>; Sun, 19 Jan 2014 10:49:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.978
X-Spam-Level:
X-Spam-Status: No, score=-1.978 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TAydUu7QYjYl for <sidr@ietfa.amsl.com>; Sun, 19 Jan 2014 10:49:14 -0800 (PST)
Received: from mail-wi0-f175.google.com (mail-wi0-f175.google.com [209.85.212.175]) by ietfa.amsl.com (Postfix) with ESMTP id 30F2E1A1DFA for <sidr@ietf.org>; Sun, 19 Jan 2014 10:49:14 -0800 (PST)
Received: by mail-wi0-f175.google.com with SMTP id hr1so2481283wib.2 for <sidr@ietf.org>; Sun, 19 Jan 2014 10:49:00 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=8tSB3eG/GIXWiQdjCt4m+Luh6N1QntMqwtfKPuPK+aI=; b=MHwJidk5wW1xgISWYWQtFXXKjniEwCf+tVgRTM1P2tjJm0FqaiPSBw4ANCXSXMcqi9 K2QbxbWQPBRms+UYx5/B1xmilj3lXm8ELcuP4XzF8NcQJD6tHukd6IPMHrCGRw3gYLAZ 4syXG+u8H0a6Qd6DbmooOUatzi4D9PmH09YUjIYOy2qq04z4vOhiCcjNM1MJlIxasH0y IcLtlvrJfGKYvvGAlBJlzME8RUWQACPiXGKvOjfKeWugX7BK2Z/hjocFrGTYYM7FBPlN zHxxeztciZ3h2vbenCq589pQ5o7xZ6Gwp02rwSkAbmGzHdjTLXpp3cu0oVhSN9/hysh1 7Amw==
X-Gm-Message-State: ALoCoQlbXp6IwQTX8XP7E9+Sq5k+zQ8cwegtz8I7ODK7kkFJnRHyr7f0lEFJRA4tGDyr68AB/nW+
MIME-Version: 1.0
X-Received: by 10.194.202.230 with SMTP id kl6mr11236182wjc.9.1390157340472; Sun, 19 Jan 2014 10:49:00 -0800 (PST)
Received: by 10.194.54.167 with HTTP; Sun, 19 Jan 2014 10:49:00 -0800 (PST)
X-Originating-IP: [66.84.81.40]
In-Reply-To: <ce126281f8d14573a1b26db064792fc8@BLUPR09MB053.namprd09.prod.outlook.com>
References: <52D072F6.9030304@ops-netman.net> <52D0A0AC.5040903@ops-netman.net> <ce126281f8d14573a1b26db064792fc8@BLUPR09MB053.namprd09.prod.outlook.com>
Date: Sun, 19 Jan 2014 13:49:00 -0500
Message-ID: <CAHw9_iKzV97GwxxN2+ZLtvPsYS8OZ0-7J=XeHT_LFN8Fyt=5QA@mail.gmail.com>
From: Warren Kumari <warren@kumari.net>
To: "Sriram, Kotikalapudi" <kotikalapudi.sriram@nist.gov>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: Chris Morrow <morrowc@ops-netman.net>, "sidr-ads@tools.ietf.org" <sidr-ads@tools.ietf.org>, sidr wg list <sidr@ietf.org>
Subject: Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 19 Jan 2014 18:49:16 -0000

On Tue, Jan 14, 2014 at 6:38 PM, Sriram, Kotikalapudi
<kotikalapudi.sriram@nist.gov> wrote:
> I support publication of this document as an RFC.

As do I.
W


> I have some comments listed below that are meant to help improve clarity.
>
> 3.2 (current) A BGPsec design must allow the receiver of a BGP announcement  to determine, to a strong level of certainty, that the received PATH attribute accurately represents the sequence of eBGP exchanges that propagated the prefix from the origin AS to the receiver, particularly if an AS has added or deleted any AS number other than its own in the path attribute.  This includes  modification to the number of AS prepends.
>
> 3.2 (suggested rewording) A BGPsec design must allow the receiver of a BGP announcement  to determine, to a strong level of certainty, that the received PATH attribute accurately represents the sequence of eBGP exchanges that propagated the prefix from the origin AS to the receiver. Specifically, if an AS has deleted any ASN from the AS PATH it received or added an ASN other than its own then the verification of the update (if propagated) MUST fail at its neighboring  BGPsec routers.  This includes modification to the number of AS prepends, i.e. an AS in the path MUST NOT be able to modify the AS prepends (if any) of preceding ASs in the AS PATH.
>
> 3.4 (current) A BGPsec design MUST be amenable to incremental deployment. This implies that incompatible protocol capabilities MUST be negotiated.
>
> "Negotiating incompatible protocol" -- the phrase doesn't sound right to me.
>
> 3.4 (suggested rewording) A BGPsec design MUST be amenable to incremental deployment. This implies that a BGPsec capable router MUST be backward compatible and MUST negotiate BGP-4 protocol with a BGP-4 only neighbor,  and MUST interoperate with the BGP-4 only neighbor.
>
> 3.4 and 3.13 are related (overlapping). You may consider combining them.
>
> In 3.14, this statement "Such mechanisms  SHOULD conform with [I-D.ietf-sidr-ltamgmt]" seems a bit abrupt. You should state what in [I-D.ietf-sidr-ltamgmt] is relevant here to "best path and other routing decisions."  Note: You do speak about [I-D.ietf-sidr-ltamgmt] more specifically again in 3.17.
>
> Sriram
>
> _______________________________________________
> sidr mailing list
> sidr@ietf.org
> https://www.ietf.org/mailman/listinfo/sidr

v2.23.0 | Report a Bug | By Email