Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs
Warren Kumari <warren@kumari.net> Sun, 19 January 2014 18:49 UTC
Return-Path: <warren@kumari.net>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 308941ADF78 for <sidr@ietfa.amsl.com>; Sun, 19 Jan 2014 10:49:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.978
X-Spam-Level:
X-Spam-Status: No, score=-1.978 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TAydUu7QYjYl for <sidr@ietfa.amsl.com>; Sun, 19 Jan 2014 10:49:14 -0800 (PST)
Received: from mail-wi0-f175.google.com (mail-wi0-f175.google.com [209.85.212.175]) by ietfa.amsl.com (Postfix) with ESMTP id 30F2E1A1DFA for <sidr@ietf.org>; Sun, 19 Jan 2014 10:49:14 -0800 (PST)
Received: by mail-wi0-f175.google.com with SMTP id hr1so2481283wib.2 for <sidr@ietf.org>; Sun, 19 Jan 2014 10:49:00 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=8tSB3eG/GIXWiQdjCt4m+Luh6N1QntMqwtfKPuPK+aI=; b=MHwJidk5wW1xgISWYWQtFXXKjniEwCf+tVgRTM1P2tjJm0FqaiPSBw4ANCXSXMcqi9 K2QbxbWQPBRms+UYx5/B1xmilj3lXm8ELcuP4XzF8NcQJD6tHukd6IPMHrCGRw3gYLAZ 4syXG+u8H0a6Qd6DbmooOUatzi4D9PmH09YUjIYOy2qq04z4vOhiCcjNM1MJlIxasH0y IcLtlvrJfGKYvvGAlBJlzME8RUWQACPiXGKvOjfKeWugX7BK2Z/hjocFrGTYYM7FBPlN zHxxeztciZ3h2vbenCq589pQ5o7xZ6Gwp02rwSkAbmGzHdjTLXpp3cu0oVhSN9/hysh1 7Amw==
X-Gm-Message-State: ALoCoQlbXp6IwQTX8XP7E9+Sq5k+zQ8cwegtz8I7ODK7kkFJnRHyr7f0lEFJRA4tGDyr68AB/nW+
MIME-Version: 1.0
X-Received: by 10.194.202.230 with SMTP id kl6mr11236182wjc.9.1390157340472; Sun, 19 Jan 2014 10:49:00 -0800 (PST)
Received: by 10.194.54.167 with HTTP; Sun, 19 Jan 2014 10:49:00 -0800 (PST)
X-Originating-IP: [66.84.81.40]
In-Reply-To: <ce126281f8d14573a1b26db064792fc8@BLUPR09MB053.namprd09.prod.outlook.com>
References: <52D072F6.9030304@ops-netman.net> <52D0A0AC.5040903@ops-netman.net> <ce126281f8d14573a1b26db064792fc8@BLUPR09MB053.namprd09.prod.outlook.com>
Date: Sun, 19 Jan 2014 13:49:00 -0500
Message-ID: <CAHw9_iKzV97GwxxN2+ZLtvPsYS8OZ0-7J=XeHT_LFN8Fyt=5QA@mail.gmail.com>
From: Warren Kumari <warren@kumari.net>
To: "Sriram, Kotikalapudi" <kotikalapudi.sriram@nist.gov>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: Chris Morrow <morrowc@ops-netman.net>, "sidr-ads@tools.ietf.org" <sidr-ads@tools.ietf.org>, sidr wg list <sidr@ietf.org>
Subject: Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 19 Jan 2014 18:49:16 -0000
On Tue, Jan 14, 2014 at 6:38 PM, Sriram, Kotikalapudi <kotikalapudi.sriram@nist.gov> wrote: > I support publication of this document as an RFC. As do I. W > I have some comments listed below that are meant to help improve clarity. > > 3.2 (current) A BGPsec design must allow the receiver of a BGP announcement to determine, to a strong level of certainty, that the received PATH attribute accurately represents the sequence of eBGP exchanges that propagated the prefix from the origin AS to the receiver, particularly if an AS has added or deleted any AS number other than its own in the path attribute. This includes modification to the number of AS prepends. > > 3.2 (suggested rewording) A BGPsec design must allow the receiver of a BGP announcement to determine, to a strong level of certainty, that the received PATH attribute accurately represents the sequence of eBGP exchanges that propagated the prefix from the origin AS to the receiver. Specifically, if an AS has deleted any ASN from the AS PATH it received or added an ASN other than its own then the verification of the update (if propagated) MUST fail at its neighboring BGPsec routers. This includes modification to the number of AS prepends, i.e. an AS in the path MUST NOT be able to modify the AS prepends (if any) of preceding ASs in the AS PATH. > > 3.4 (current) A BGPsec design MUST be amenable to incremental deployment. This implies that incompatible protocol capabilities MUST be negotiated. > > "Negotiating incompatible protocol" -- the phrase doesn't sound right to me. > > 3.4 (suggested rewording) A BGPsec design MUST be amenable to incremental deployment. This implies that a BGPsec capable router MUST be backward compatible and MUST negotiate BGP-4 protocol with a BGP-4 only neighbor, and MUST interoperate with the BGP-4 only neighbor. > > 3.4 and 3.13 are related (overlapping). You may consider combining them. > > In 3.14, this statement "Such mechanisms SHOULD conform with [I-D.ietf-sidr-ltamgmt]" seems a bit abrupt. You should state what in [I-D.ietf-sidr-ltamgmt] is relevant here to "best path and other routing decisions." Note: You do speak about [I-D.ietf-sidr-ltamgmt] more specifically again in 3.17. > > Sriram > > _______________________________________________ > sidr mailing list > sidr@ietf.org > https://www.ietf.org/mailman/listinfo/sidr
- [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Christopher Morrow
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Danny McPherson
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Shane Amante
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs George, Wes
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Stephen Kent
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Danny McPherson
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Stephen Kent
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Eric Osterweil
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Christopher Morrow
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Sriram, Kotikalapudi
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Russ White
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Randy Bush
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Russ White
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Randy Bush
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Randy Bush
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Jakob Heitz
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Sriram, Kotikalapudi
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Eric Osterweil
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Danny McPherson
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Danny McPherson
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Christopher Morrow
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Eric Osterweil
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Jakob Heitz
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Brian Dickson
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Christopher Morrow
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Danny McPherson
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Christopher Morrow
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Sriram, Kotikalapudi
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Danny McPherson
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Eric Osterweil
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Brian Dickson
- [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Chris Morrow
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Sriram, Kotikalapudi
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Warren Kumari
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Keyur Patel (keyupate)
- [sidr] Another potential DOS attack on RP softwar… Demian Rosenkranz
- Re: [sidr] Another potential DOS attack on RP sof… Tim Bruijnzeels
- Re: [sidr] Another potential DOS attack on RP sof… Jared Mauch
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs George, Wes
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Warren Kumari
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs George, Wes
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Randy Bush
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs George, Wes
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Randy Bush
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Stephen Kent
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Christopher Morrow
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Randy Bush
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Christopher Morrow
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Randy Bush
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Randy Bush
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Christopher Morrow
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Christopher Morrow
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Randy Bush
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Roque Gagliano (rogaglia)
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Randy Bush
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Christopher Morrow
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Randy Bush
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Roque Gagliano (rogaglia)
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Randy Bush
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Christopher Morrow
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Randy Bush
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Christopher Morrow
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs George, Wes
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Christopher Morrow
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Randy Bush
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Christopher Morrow
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Christopher Morrow
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Randy Bush
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Christopher Morrow
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Randy Bush
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Montgomery, Douglas
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Montgomery, Douglas
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Sandra Murphy