IETF Logo Mail Archive

Re: [sidr] Ben Campbell's Yes on draft-ietf-sidr-bgpsec-protocol-21: (with COMMENT)

"Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov> Wed, 18 January 2017 03:54 UTC

Return-Path: <kotikalapudi.sriram@nist.gov>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 512381294B7; Tue, 17 Jan 2017 19:54:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nistgov.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hBLu3JxlnxmF; Tue, 17 Jan 2017 19:54:37 -0800 (PST)
Received: from gcc01-CY1-obe.outbound.protection.outlook.com (mail-cy1gcc01on0111.outbound.protection.outlook.com [23.103.200.111]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9333C129671; Tue, 17 Jan 2017 19:54:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nistgov.onmicrosoft.com; s=selector1-nist-gov; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=DK1SKQPsJg+bfWPa6un3RRzEhX8JVXTGIcctznMd1E8=; b=UPkFth7+xgBBqKXcAOrCs46mpg4Hx7HeeLzitIGShc13FRH/QluGXgd8vcB23EL1bKL1rYWAf4K25zDpJG7ePaVI2qe2BS0Tj6E4wjLB1tmftBy098ynKuGlZiR0tVDaWEpJF2wKu/TUF4fg22uFAf7ZuxsOI6FZHPG6W0tJCUE=
Received: from DM2PR09MB0446.namprd09.prod.outlook.com (10.161.252.145) by DM2PR09MB0448.namprd09.prod.outlook.com (10.161.252.147) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.845.12; Wed, 18 Jan 2017 03:54:36 +0000
Received: from DM2PR09MB0446.namprd09.prod.outlook.com ([10.161.252.145]) by DM2PR09MB0446.namprd09.prod.outlook.com ([10.161.252.145]) with mapi id 15.01.0845.013; Wed, 18 Jan 2017 03:54:36 +0000
From: "Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov>
To: Ben Campbell <ben@nostrum.com>
Thread-Topic: Ben Campbell's Yes on draft-ietf-sidr-bgpsec-protocol-21: (with COMMENT)
Thread-Index: AQHSZtOj8RWDBRi0KkOPVX8e3dZBrKE4RbqMgATeHACAAIgR9w==
Date: Wed, 18 Jan 2017 03:54:36 +0000
Message-ID: <DM2PR09MB0446B3F7BE2CBA23AFAC62DE847F0@DM2PR09MB0446.namprd09.prod.outlook.com>
References: <148356622825.12945.17416255063037873581.idtracker@ietfa.amsl.com> <DM2PR09MB04464F022CA83E803C01E417847B0@DM2PR09MB0446.namprd09.prod.outlook.com>, <B8A1F18D-48DA-4010-829B-8CD2D0C92616@nostrum.com>
In-Reply-To: <B8A1F18D-48DA-4010-829B-8CD2D0C92616@nostrum.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=kotikalapudi.sriram@nist.gov;
x-originating-ip: [129.6.222.227]
x-ms-office365-filtering-correlation-id: ed0e207c-7b30-4438-e60b-08d43f55b84d
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001);SRVR:DM2PR09MB0448;
x-microsoft-exchange-diagnostics: 1; DM2PR09MB0448; 7:N8hVi3mfAGfBaaGDSGNf/6hYSgIKjTZi7cdb/wWcdEARGjNFTah70aqYIBckLpQAnuTsjtTEA9dUUMW4ElHrjDXZM9rYrozBYaLntvGcrR8tcnpnO6FAg664qCGRL3m8DfTHnMjXw1ug23r8M/E49Dd3OTbOfusInUJ1FhpvZCM0sUPXmm252vFqhA3/MHZOaIHtwMzcaH3KR/iRkkfz0scXJmPVCAEJSN5evAiw0ai2T0EnxPVbQbhwQgsR99+bCN2ZBYzIMFzI2ssQKGMG7WXWaYo1gMsvr5ll9kJRXrrDjAnEbzHsn11bhcTXNYqYuaT+k9WuaiZl790kmAZXmWmJB1BlY70jHZi2EYXAo8t9wJPAYQfavknEpC+1GZ1elSo+ON9tWG1E8PnReYDuN8cLsdXN7DZfHKw/rcFowURHDyU+aCTVTx5HGV+RfurINFE1KDBkeBQcG1lBN/eDXw==
x-microsoft-antispam-prvs: <DM2PR09MB044836C8DB7AAFCD6C050CBF847F0@DM2PR09MB0448.namprd09.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040375)(601004)(2401047)(5005006)(8121501046)(3002001)(10201501046)(6055026)(6041248)(20161123560025)(20161123564025)(20161123555025)(20161123562025)(6072148); SRVR:DM2PR09MB0448; BCL:0; PCL:0; RULEID:; SRVR:DM2PR09MB0448;
x-forefront-prvs: 01917B1794
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(7916002)(39410400002)(39850400002)(39860400002)(39450400003)(39840400002)(199003)(189002)(8676002)(81166006)(7696004)(305945005)(6116002)(97736004)(66066001)(74316002)(110136003)(92566002)(6916009)(53936002)(2950100002)(8936002)(33656002)(189998001)(81156014)(5660300001)(122556002)(105586002)(6436002)(3280700002)(4326007)(55016002)(99286003)(6506006)(102836003)(7736002)(50986999)(54906002)(106116001)(77096006)(3846002)(86362001)(38730400001)(76176999)(230783001)(2906002)(2900100001)(9686003)(68736007)(3660700001)(54356999)(101416001)(6306002)(25786008)(106356001)(229853002); DIR:OUT; SFP:1102; SCL:1; SRVR:DM2PR09MB0448; H:DM2PR09MB0446.namprd09.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Jan 2017 03:54:36.1454 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR09MB0448
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidr/a2yZpAKN_ginOrb1ktBpd0OSXX8>
Cc: "draft-ietf-sidr-bgpsec-protocol@ietf.org" <draft-ietf-sidr-bgpsec-protocol@ietf.org>, "sidr-chairs@ietf.org" <sidr-chairs@ietf.org>, The IESG <iesg@ietf.org>, "sidr@ietf.org" <sidr@ietf.org>, Matthias Waehlisch <m.waehlisch@fu-berlin.de>
Subject: Re: [sidr] Ben Campbell's Yes on draft-ietf-sidr-bgpsec-protocol-21: (with COMMENT)
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Jan 2017 03:54:39 -0000

Ben,

Thank you. Please see my response inline below.

>>>
>>>  - 8.4, last paragraph: The text describes a replay attack, and
>>> delegates
>>>  the mitigation solution to. This is an
>>>  informational reference; it draft-ietf-sidr-bgpsec-rollover
>>> seems like it should be normative.
>>
>> The solution for mitigation of replay attacks is out of band
>> (in relation to the BGPsec protocol).
>> As I see it, draft-ietf-sidr-bgpsec-rollover proposes 'a way'
>> of replay attack mitigation. Techniques for key rollover /
>> replay attack mitigation are expected to continue to evolve.
>> There are various variants of the basic key rollover technique that
>> are discussed in this informational draft:
>> https://tools.ietf.org/html/draft-sriram-replay-protection-design-discussion-07
>> What needs to be pointed out in the BGPsec specification is that
>> there are solutions available for replay attack mitigation.
>> The above are the reasons why
>> draft-ietf-sidr-bgpsec-rollover is included in informational
>> references.
>
>That is a reasonable response, if you think it is realistic that people
>would implement solutions other than the one in the reference. It would
>help if the text were more clear that draft-ietf-sider-bgpsec rollover
>is an example of a possible solutions, and other solutions are possible.
>

I will try to edit the text a bit to make that clear when I have the next
opportunity to edit the document. 

Sriram

v2.23.0 | Report a Bug | By Email