IETF Logo Mail Archive

Re: [sidr] draft-ietf-sidr-bgpsec-protocol-13's security guarantees

David Mandelberg <david@mandelberg.org> Wed, 09 September 2015 00:52 UTC

Return-Path: <david@mandelberg.org>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 202971AC3C2 for <sidr@ietfa.amsl.com>; Tue, 8 Sep 2015 17:52:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.2
X-Spam-Level:
X-Spam-Status: No, score=-1.2 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0gmxOtI96ZPX for <sidr@ietfa.amsl.com>; Tue, 8 Sep 2015 17:52:05 -0700 (PDT)
Received: from nm2-vm9.access.bullet.mail.gq1.yahoo.com (nm2-vm9.access.bullet.mail.gq1.yahoo.com [216.39.63.240]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 38B711A1B4A for <sidr@ietf.org>; Tue, 8 Sep 2015 17:52:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1441759924; bh=EvjxwhCHWgw4jZ5ZP/e7NvXLdDG+eMHfNPmUg87+sis=; h=Date:From:To:Subject:In-Reply-To:References:From:Subject; b=d06eY035jyqQaCneY+zhlrGb2AkFwGBH3XLEwxvR9dui1eNCOArD+4w67lkaGa2Bpa1ort2r2fp1/zoJ7di5oZVOX7aaAH0azfIOdcuLU/SzHIWnI+WqLCJUv8BmjyipohLTDUr2n22tN7VGi9EjXqtn6uic+z3UCgnNmBjKFN5NG0qsD5ISw5Nw70El/2TBNNjFuDXmhCAjNakM7Y0rlPP8Aighl7TSRyyBrXjbkYPucCQ74gCENnRcqf78s0QD3e8mNlc1cgnTzjggH51ukJjRj6SP5hCRQoXu0nyieHb0OX9C7qG5v/A/QUkKGWKpFJlFbic4qvo8oCZkWnfZ3w==
Received: from [216.39.60.176] by nm2.access.bullet.mail.gq1.yahoo.com with NNFMP; 09 Sep 2015 00:52:04 -0000
Received: from [98.138.226.240] by tm12.access.bullet.mail.gq1.yahoo.com with NNFMP; 09 Sep 2015 00:52:04 -0000
Received: from [127.0.0.1] by smtp111.sbc.mail.ne1.yahoo.com with NNFMP; 09 Sep 2015 00:52:04 -0000
X-Yahoo-Newman-Id: 673662.76170.bm@smtp111.sbc.mail.ne1.yahoo.com
X-Yahoo-Newman-Property: ymail-3
X-YMail-OSG: 5dOLrJoVM1lY2edIczf6e93XWDjMAaRjEenqGaQk2OxDi9r mR8MmKZbKxi0jIpGvjd6BdyKrpqcrFwav44rVbL78SbdewqOpWSp.W9vS6NC WJIrHdzB3slcs2wMPlds27ws4c3GjkLOcTIQl8Zk0MfvZ9e1f54oO03pmc1M llZbEBfWEG6F4U8mu0BmbmJcvINB2HUHxG53L4X7jCcNM_TUYgc1FzKDonPk DWShuznyZLWtW46dtBpDFLWr3ciyICZtWesDyFYowih_ZcmsJDOB0Z8Lskig SNcc9V.5KbBarCCtOpp_ESXSyESXr6Pft.8m4sfoiGwUopLzpvKu_XE.H73y 0XFmyjqvidrZdf3NJeiF352ZX0fOX2RF33kD9IGu8tHsOIhbuYU1h9a.xy8B 5arVI3VZg8KOn_prhZfja3U.4sC2ehGGLhvp5deqZwzB.7fsxuEJy3H6os87 dGfmAzPhw.G742dKrYOE05pNY0Aau3GWEH.0dBiB3pfD2pciCGKr2nAoAGu5 tch3dgyJWpVlnC780u2_OHg8iad6IBMYL46jEeg--
X-Yahoo-SMTP: 4kJJK.qswBDPuwyc5wW.BPAQqNXdy5j09UNyeAS0pyOQ708-
Received: from secure.mandelberg.org (c-76-24-31-176.hsd1.ma.comcast.net [76.24.31.176]) by uriel.mandelberg.org (Postfix) with ESMTPSA id B18461C6095 for <sidr@ietf.org>; Tue, 8 Sep 2015 20:52:03 -0400 (EDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Date: Tue, 08 Sep 2015 20:52:03 -0400
From: David Mandelberg <david@mandelberg.org>
To: sidr@ietf.org
In-Reply-To: <CY1PR09MB0793C5F4A00D677A03A335FE84570@CY1PR09MB0793.namprd09.prod.outlook.com>
References: <SN1PR09MB079938B1A44171328C0B16CA846A0@SN1PR09MB0799.namprd09.prod.outlook.com> <D20B8CAC.45839%dougm@nist.gov> <CY1PR09MB079376AC097FDDB73531814184690@CY1PR09MB0793.namprd09.prod.outlook.com>, <CY1PR09MB07938E511E53195C383DDD6884680@CY1PR09MB0793.namprd09.prod.outlook.com> <CY1PR09MB0793C5F4A00D677A03A335FE84570@CY1PR09MB0793.namprd09.prod.outlook.com>
Message-ID: <ce50c67cb262f8da1be397d19a4f4366@mail.mandelberg.org>
X-Sender: david@mandelberg.org
User-Agent: Roundcube Webmail/0.7.2
Content-Transfer-Encoding: quoted-printable
Archived-At: <http://mailarchive.ietf.org/arch/msg/sidr/Z3OUnC_DU5VcSffoPMoHqns624U>
Subject: Re: [sidr] draft-ietf-sidr-bgpsec-protocol-13's security guarantees
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Sep 2015 00:52:07 -0000

On 2015-09-04 13:08, Sriram, Kotikalapudi wrote:
> 3.  In consideration of the above (#2), the document should instead
> strongly recommend that “if an AS signs an update without verifying 
> first,
> it SHOULD return to the update at its earliest and verify, and 
> forward
> a new signed update, if necessary." Make this a strong BCP 
> recommendation.

Without replay protection, I don't see how this recommendation would 
help. I.e., the old signed update would still be valid.

-- 
David Eric Mandelberg / dseomn
http://david.mandelberg.org/

v2.31.3 | Report a Bug | By Email | System Status