IETF Logo Mail Archive

Re: [sidr] Mirja Kühlewind's No Objection on draft-ietf-sidr-bgpsec-ops-12: (with COMMENT)

Randy Bush <randy@psg.com> Tue, 03 January 2017 01:37 UTC

Return-Path: <randy@psg.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8B4E11293F3; Mon, 2 Jan 2017 17:37:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.001
X-Spam-Level:
X-Spam-Status: No, score=-10.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-3.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8VNXcXecPYYd; Mon, 2 Jan 2017 17:37:47 -0800 (PST)
Received: from ran.psg.com (ran.psg.com [IPv6:2001:418:8006::18]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8056A126CD8; Mon, 2 Jan 2017 17:37:47 -0800 (PST)
Received: from localhost ([127.0.0.1] helo=ryuu.psg.com) by ran.psg.com with esmtp (Exim 4.86_2) (envelope-from <randy@psg.com>) id 1cOE2n-0001NH-AA; Tue, 03 Jan 2017 01:37:41 +0000
Date: Tue, 03 Jan 2017 10:37:38 +0900
Message-ID: <m2shp0nct9.wl-randy@psg.com>
From: Randy Bush <randy@psg.com>
To: Chris Morrow <morrowc@ops-netman.net>
In-Reply-To: <yj9o60lx6kvm.wl%morrowc@ops-netman.net>
References: <148336377615.21819.15119186800162780376.idtracker@ietfa.amsl.com> <m2vatxmv83.wl-randy@psg.com> <563AAA29-82F7-4202-8A54-855CD7702595@kuehlewind.net> <m2tw9hmq76.wl-randy@psg.com> <yj9o60lx6kvm.wl%morrowc@ops-netman.net>
User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/24.5 Mule/6.0 (HANACHIRUSATO)
MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue")
Content-Type: text/plain; charset="US-ASCII"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidr/_HEC-yISns562sWIs_SZ1Pssvw4>
Cc: Mirja Kuehlewind <ietf@kuehlewind.net>, The IESG <iesg@ietf.org>, sidr wg list <sidr@ietf.org>
Subject: Re: [sidr] Mirja Kühlewind's No Objection on draft-ietf-sidr-bgpsec-ops-12: (with COMMENT)
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Jan 2017 01:37:48 -0000

ok, i have had coffee.

as a bif gedanken experiment, posit a global registry where r0 can say
"i can speak bgpsec."  i am a distant r1 and receive an unsigned path
with r0 in it.
  o did someone before r0 on the path not speak bgpsec, so the path was
    never signed?
  o did someone between us not speak bgpsec, so the path was stripped?
  o was there a monkey in the middle?

i think we did discuss this problem space, and decided that, as long as
we allow islands of partial deployment, and therefore path stripping,
the monkey is on our back.  we might have been wrong in this; but even
with coffee i do not see a way out.

and i do not think the idea of partial path signing, r0 signing a
received unsigned path, would have helped a lot.

it is not clear to me that this is a space where the ops doc can help
much.  i am open to ideas.

randy

v2.23.0 | Report a Bug | By Email