Re: [sidr] FW: New Version Notification for draft-sriram-replay-protection-design-discussion-00.txt
"Roque Gagliano (rogaglia)" <rogaglia@cisco.com> Thu, 18 October 2012 13:04 UTC
Return-Path: <rogaglia@cisco.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EA5AE21F8552 for <sidr@ietfa.amsl.com>; Thu, 18 Oct 2012 06:04:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Level:
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mxD77lILoTv2 for <sidr@ietfa.amsl.com>; Thu, 18 Oct 2012 06:04:05 -0700 (PDT)
Received: from rcdn-iport-8.cisco.com (rcdn-iport-8.cisco.com [173.37.86.79]) by ietfa.amsl.com (Postfix) with ESMTP id A583B21F8546 for <sidr@ietf.org>; Thu, 18 Oct 2012 06:04:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=4798; q=dns/txt; s=iport; t=1350565445; x=1351775045; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=ySzeIkM+ziYvEJKrtxjGz9gbOOtVKApyCEax7x3lmNI=; b=JCpz+nxrv+kCV/30KKxO+TpJlP01zve/vfwQZvQn84EA9G2fw/g8vsat +DODGXRGcexhtVGFQwjVrh4u1L2fE4fUtGlTa/Dt4jXvC3seUEHqZobPq gLCajMxgbL9IrA1Z22tXmNKZiVyWdNezzGZbPimkdC7K1EaKkZ7/uJmH1 Y=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AgAFADH9f1CtJXG9/2dsb2JhbABFwD2BCIIgAQEBAgEBAQEBDwEnMgIIAQIFBwQCAQgRBAEBCxQFBAchBgsUCAEIAgQOBQgBGYdQAwkGC5wollENiVSKcGiFYmADiz6IWIJqhTuEVIMlgWuCb4IX
X-IronPort-AV: E=Sophos;i="4.80,607,1344211200"; d="scan'208";a="132992864"
Received: from rcdn-core2-2.cisco.com ([173.37.113.189]) by rcdn-iport-8.cisco.com with ESMTP; 18 Oct 2012 13:04:05 +0000
Received: from xhc-rcd-x09.cisco.com (xhc-rcd-x09.cisco.com [173.37.183.83]) by rcdn-core2-2.cisco.com (8.14.5/8.14.5) with ESMTP id q9ID45Be012436 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Thu, 18 Oct 2012 13:04:05 GMT
Received: from xmb-rcd-x01.cisco.com ([169.254.1.23]) by xhc-rcd-x09.cisco.com ([173.37.183.83]) with mapi id 14.02.0318.001; Thu, 18 Oct 2012 08:04:04 -0500
From: "Roque Gagliano (rogaglia)" <rogaglia@cisco.com>
To: "Sriram, Kotikalapudi" <kotikalapudi.sriram@nist.gov>
Thread-Topic: [sidr] FW: New Version Notification for draft-sriram-replay-protection-design-discussion-00.txt
Thread-Index: AQHNrTENYVfUFBdyXUOH4ZzYAxQB0Q==
Date: Thu, 18 Oct 2012 13:04:04 +0000
Message-ID: <EF4348D391D0334996EE9681630C83F0206BEF8F@xmb-rcd-x01.cisco.com>
References: <D7A0423E5E193F40BE6E94126930C4930BA86CE472@MBCLUSTER.xchange.nist.gov>
In-Reply-To: <D7A0423E5E193F40BE6E94126930C4930BA86CE472@MBCLUSTER.xchange.nist.gov>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.147.19.24]
x-tm-as-product-ver: SMEX-10.2.0.1135-7.000.1014-19284.002
x-tm-as-result: No--47.312300-8.000000-31
x-tm-as-user-approved-sender: No
x-tm-as-user-blocked-sender: No
Content-Type: text/plain; charset="us-ascii"
Content-ID: <9436B00AC83FEC409FF7A979DD700588@cisco.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "sidr wg list (sidr@ietf.org)" <sidr@ietf.org>
Subject: Re: [sidr] FW: New Version Notification for draft-sriram-replay-protection-design-discussion-00.txt
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Oct 2012 13:04:07 -0000
Sriram, I read your document and I have a some comments. 1) In general I did not understand the objective of this draft as you are basically re-stating what is already briefly mentioned at draft-ietf-sidr-bgpsec-rollover-00 and no new elements are there for the WG to take an action. Particularly, I was surprised that in your assessment for the PKR method you did not considered the points highlighted in section 4.2 of our draft (Advantages/Disadvantages). 2) Your summary statement: "The Expire Time (ET) method is best" does not represent the WG consensus when our draft was accepted as WG item and when the timestamp field was removed from the Protocol Specification. IMHO, the problem with your comparison between ET and PKR is that you did not mentioned that implementing ET introduces important changes to current BGP implementations. The design decision is to either maintain states in every BGP speaker (having to allocate an expiration time to every update and needing to check if that time is old) vs increase the churn at the RPKI repository system and more admin processes in the RPKI. The group took the second path. 3) Your study of EKR is very bias because the effect of event-driven key rollovers will depends on the event that is driving that key rollover. Particularly, and putting it on the same words that our draft uses, in this particular case you are comparing a rollover of the "transit" certificate key vs a rollover of the "origin" certificate key. As you wrote in the document, when you rollover the transit certificate, you gain the possibility to refresh transit policies which is not the case with either ET or only rolling over the origin certificate key using PKR. But rolling over the transit certificate key should be very rare because of the reasons that you and us mention. Regards, Roque On Sep 22, 2012, at 1:19 AM, Sriram, Kotikalapudi wrote: > This submission is an informative design discussion document that provides insights > into the operation of multiple alternative methods for replay-attack protection. > We hope that the SIDR WG will take the insights and trade-offs presented here as input > for deciding on the choice of a mechanism for protection from replay attacks. > It is meant to be a companion document to the standards track > I-D.-ietf-sidr-bgpsec-rollover that will specify a method to be used > with BGPSEC for replay-attack protection. > > A set slides with figures that is referenced in the document can be found at: > http://www.nist.gov/itl/antd/upload/replay-discussion.pdf > (the figures are helpful but not necessary to read the document). > > Comments welcome. > > Sriram > > -----Original Message----- > From: internet-drafts@ietf.org [mailto:internet-drafts@ietf.org] > Sent: Friday, September 21, 2012 7:01 PM > To: sriram.ietf@gmail.com > Cc: Montgomery, Douglas; Sriram, Kotikalapudi > Subject: New Version Notification for draft-sriram-replay-protection-design-discussion-00.txt > > > A new version of I-D, draft-sriram-replay-protection-design-discussion-00.txt > has been successfully submitted by Kotikalapudi Sriram and posted to the IETF repository. > > Filename: draft-sriram-replay-protection-design-discussion > Revision: 00 > Title: Design Discussion and Comparison of Replay-Attack Protection Mechanisms for BGPSEC > Creation date: 2012-09-22 > WG ID: Individual Submission > Number of pages: 17 > URL: http://www.ietf.org/internet-drafts/draft-sriram-replay-protection-design-discussion-00.txt > Status: http://datatracker.ietf.org/doc/draft-sriram-replay-protection-design-discussion > Htmlized: http://tools.ietf.org/html/draft-sriram-replay-protection-design-discussion-00 > > > Abstract: > The BGPSEC protocol requires a method for protection from replay > attacks, at least to control the window of exposure. In the context > of BGPSEC, a replay attack occurs when an adversary suppresses a > prefix withdrawal (implicit or explicit) or replays a previously > received BGPSEC announcement for a prefix that has since been > withdrawn. This informational document provides design discussion > and comparison of multiple alternative replay-attack protection > mechanisms weighing their pros and cons. It is meant to be a > companion document to the standards track I-D.-ietf-sidr-bgpsec- > rollover that will specify a method to be used with BGPSEC for > replay-attack protection. > > _______________________________________________ > sidr mailing list > sidr@ietf.org > https://www.ietf.org/mailman/listinfo/sidr
- [sidr] FW: New Version Notification for draft-sri… Sriram, Kotikalapudi
- Re: [sidr] FW: New Version Notification for draft… Roque Gagliano (rogaglia)
- Re: [sidr] FW: New Version Notification for draft… Roque Gagliano (rogaglia)
- Re: [sidr] FW: New Version Notification for draft… Sriram, Kotikalapudi
- Re: [sidr] FW: New Version Notification for draft… Roque Gagliano (rogaglia)
- Re: [sidr] FW: New Version Notification for draft… Sriram, Kotikalapudi
- Re: [sidr] FW: New Version Notification for draft… Roque Gagliano (rogaglia)
- Re: [sidr] FW: New Version Notification for draft… Sriram, Kotikalapudi