Re: [sidr] Last Draft: ReCharter text
"Sriram, Kotikalapudi" <kotikalapudi.sriram@nist.gov> Sun, 06 March 2011 22:02 UTC
Return-Path: <kotikalapudi.sriram@nist.gov>
X-Original-To: sidr@core3.amsl.com
Delivered-To: sidr@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id AD53C3A6879; Sun, 6 Mar 2011 14:02:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ye7HLEo6lQfk; Sun, 6 Mar 2011 14:02:26 -0800 (PST)
Received: from smtp.nist.gov (rimp1.nist.gov [129.6.16.226]) by core3.amsl.com (Postfix) with ESMTP id A2C313A6845; Sun, 6 Mar 2011 14:02:26 -0800 (PST)
Received: from WSXGHUB1.xchange.nist.gov (WSXGHUB1.xchange.nist.gov [129.6.18.96]) by smtp.nist.gov (8.13.1/8.13.1) with ESMTP id p26M2qBD029059; Sun, 6 Mar 2011 17:02:52 -0500
Received: from MBCLUSTER.xchange.nist.gov ([fe80::d479:3188:aec0:cb66]) by WSXGHUB1.xchange.nist.gov ([129.6.18.96]) with mapi; Sun, 6 Mar 2011 17:02:52 -0500
From: "Sriram, Kotikalapudi" <kotikalapudi.sriram@nist.gov>
To: Christopher Morrow <christopher.morrow@gmail.com>, "sidr@ietf.org" <sidr@ietf.org>, "sidr-chairs@ietf.org" <sidr-chairs@ietf.org>, Adrian Farrel <Adrian.Farrel@huawei.com>, Stewart Bryant <stbryant@cisco.com>
Date: Sun, 06 Mar 2011 17:02:51 -0500
Thread-Topic: [sidr] Last Draft: ReCharter text
Thread-Index: AcvaHciFI52qli3dSu6ta/F41NPy4wCK1W9c
Message-ID: <D7A0423E5E193F40BE6E94126930C4930872DC9DA5@MBCLUSTER.xchange.nist.gov>
References: <AANLkTinKKVAR6LJcs1K0njV+zFyV-Wn8-t9RJPFVFr0k@mail.gmail.com>
In-Reply-To: <AANLkTinKKVAR6LJcs1K0njV+zFyV-Wn8-t9RJPFVFr0k@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
X-NIST-MailScanner: Found to be clean
X-NIST-MailScanner-From: kotikalapudi.sriram@nist.gov
Subject: Re: [sidr] Last Draft: ReCharter text
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 06 Mar 2011 22:02:30 -0000
Chris, There is also this WG document which is missing in your list: "Use cases and interpretation of RPKI objects for issuers and relying parties" http://tools.ietf.org/html/draft-ietf-sidr-usecases-01 Sriram ________________________________________ From: sidr-bounces@ietf.org [sidr-bounces@ietf.org] On Behalf Of Christopher Morrow [christopher.morrow@gmail.com] Sent: Thursday, March 03, 2011 10:39 PM To: sidr@ietf.org; sidr-chairs@ietf.org; Adrian Farrel; Stewart Bryant Subject: [sidr] Last Draft: ReCharter text Ok, so a lot (102 messages on-list) was said about the recharter text here: = = = = = = = = = Description of Working Group: The purpose of the SIDR working group is to reduce vulnerabilities in the inter-domain routing system. The two vulnerabilities that will be addressed are: * Is an Autonomous System (AS) authorized to originate an IP prefix * Is the AS-Path represented in the route the same as the path through which the route update traveled The SIDR working group will take practical deployability into consideration. Building upon the already completed and implemented framework: * Resource Public Key Infrastructure (RPKI) * Distribution of RPKI data to routing devices and its use in operational networks * Document the use of certification objects within the secure routing architecture This working group will specify security enhancements for inter-domain routing protocols. The SIDR working group is charged with the following goals and milestones: ID Date Pub Date Mar 2011 Jan 2012 An overview of the RPKI and BGP Protocol changes required for origin and path validation Mar 2011 Jun 2012 A document describing threats to the routing system Mar 2011 Jun 2012 A requirements document that addresses these threats Mar2011 Jan 2012 Document the BGP protocol enhancements that meet the security requirements Nov 2010 Jul 2011 draft-ietf-sidr-origin-ops Mar 2011 Jul 2012 Operational deployment guidance for network operators Jun 2011 Dec 2011 System and architecture design choices made in the protocol and RPKI Mar 2010 Mar 2012 draft-ietf-sidr-cps-irs Mar 2010 Mar 2012 draft-ietf-sidr-cps-isp Nov 2010 Jan 2012 draft-ietf-sidr-pfx-validate Jan 2010 Jun 2011 draft-ietf-sidr-publication Nov 2010 Jun 2011 draft-ietf-sidr-repos-struct Nov 2010 Jun 2011 draft-ietf-sidr-roa-format Feb 2011 Jun 2011 draft-ietf-sidr-rpki-rtr Nov 2010 Nov 2011 draft-ietf-sidr-ltamgmt Dec 2010 Oct 2011 draft-rgaglian-sidr-algorithm-agility Jan 2011 Oct 2011 draft-ietf-sidr-ghostbusters Jan 2010 Dec 2011 draft-ietf-sidr-keyroll Jan 2010 May 2011 draft-ietf-sidr-arch Jan 2010 May 2011 draft-ietf-sidr-cp Jan 2010 May 2011 draft-ietf-sidr-res-certs Jan 2010 Jun 2011 draft-ietf-sidr-roa-validation Jan 2010 Jun 2011 draft-ietf-sidr-signed-object Jan 2010 Jun 2011 draft-ietf-sidr-rpki-manifests Jan 2010 Jul 2011 draft-ietf-sidr-rpki-algs Jan 2010 Jul 2011 draft-ietf-sidr-rescerts-provisioning Jan 2010 Aug 2011 draft-ietf-sidr-ta ================== o Of that text, I noticed no argument about the dates/drafts/work-items, I noticed at least some discussion about the second vulnerability to address: (let's call it a goal for now) ---------------------------------------------------------- * Is the AS-Path represented in the route the same as the path through which the route update traveled ---------------------------------------------------------- A few folks noted that perhaps 'route' was not the right word here, perhaps NLRI is. Using a wikipedia definition: "Once a BGP session is running, the BGP speakers exchange UPDATE messages about destinations to which the speaker offers connectivity. In the protocol, the basic CIDR route description is called Network Layer Reachability Information (NLRI). NLRI includes the expected destination prefix, prefix length, path of autonomous systems to the destination and next hop in attributes, which can carry a wide range of additional information that affects the acceptance policy of the receiving router. BGP speakers incrementally announce new NLRI to which they offer reachability, but also announce withdrawals of prefixes to which the speaker no longer offers connectivity." This seems mostly correct, we don't actually want to secure something that changes per router-hop (potentially) - next-hop, but we do care about prefix/length/as-path. Taking that into account changes the goal to: ---------------------------------------------------------- * Is the AS-Path represented in the NLRI the same as the path through which the NLRI traveled ---------------------------------------------------------- o At least one respondent noted that some/all of the work here, as it affects the BGP specification will have to be seen/etc by IDR, I don't think the charter changes as proposed preclude that. I believe the intent was to pass along all changes to IDR to make sure they don't see issues with the changes. It's probably fair to also point out that the current IDR chair acks th two goals listed, but still the material relevant to IDR should go there for checkbox/changes/etc. -------------------------------------------------------------------------------------------------------------------- Given the above the new charter reads: = = = = = = = = = Description of Working Group: The purpose of the SIDR working group is to reduce vulnerabilities in the inter-domain routing system. The two vulnerabilities that will be addressed are: * Is an Autonomous System (AS) authorized to originate an IP prefix * Is the AS-Path represented in the NLRI the same as the path through which the NLRI traveled The SIDR working group will take practical deployability into consideration. Building upon the already completed and implemented framework: * Resource Public Key Infrastructure (RPKI) * Distribution of RPKI data to routing devices and its use in operational networks * Document the use of certification objects within the secure routing architecture This working group will specify security enhancements for inter-domain routing protocols. The SIDR working group is charged with the following goals and milestones: ID Date Pub Date Mar 2011 Jan 2012 An overview of the RPKI and BGP Protocol changes required for origin and path validation Mar 2011 Jun 2012 A document describing threats to the routing system Mar 2011 Jun 2012 A requirements document that addresses these threats Mar2011 Jan 2012 Document the BGP protocol enhancements that meet the security requirements Nov 2010 Jul 2011 draft-ietf-sidr-origin-ops Mar 2011 Jul 2012 Operational deployment guidance for network operators Jun 2011 Dec 2011 System and architecture design choices made in the protocol and RPKI Mar 2010 Mar 2012 draft-ietf-sidr-cps-irs Mar 2010 Mar 2012 draft-ietf-sidr-cps-isp Nov 2010 Jan 2012 draft-ietf-sidr-pfx-validate Jan 2010 Jun 2011 draft-ietf-sidr-publication Nov 2010 Jun 2011 draft-ietf-sidr-repos-struct Nov 2010 Jun 2011 draft-ietf-sidr-roa-format Feb 2011 Jun 2011 draft-ietf-sidr-rpki-rtr Nov 2010 Nov 2011 draft-ietf-sidr-ltamgmt Dec 2010 Oct 2011 draft-rgaglian-sidr-algorithm-agility Jan 2011 Oct 2011 draft-ietf-sidr-ghostbusters Jan 2010 Dec 2011 draft-ietf-sidr-keyroll Jan 2010 May 2011 draft-ietf-sidr-arch Jan 2010 May 2011 draft-ietf-sidr-cp Jan 2010 May 2011 draft-ietf-sidr-res-certs Jan 2010 Jun 2011 draft-ietf-sidr-roa-validation Jan 2010 Jun 2011 draft-ietf-sidr-signed-object Jan 2010 Jun 2011 draft-ietf-sidr-rpki-manifests Jan 2010 Jul 2011 draft-ietf-sidr-rpki-algs Jan 2010 Jul 2011 draft-ietf-sidr-rescerts-provisioning Jan 2010 Aug 2011 draft-ietf-sidr-ta ================== This I'll send along to the IESG shortly. -Chris _______________________________________________ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr
- [sidr] Last Draft: ReCharter text Christopher Morrow
- Re: [sidr] Last Draft: ReCharter text Randy Bush
- Re: [sidr] Last Draft: ReCharter text Russ White
- Re: [sidr] Last Draft: ReCharter text Christopher Morrow
- Re: [sidr] Last Draft: ReCharter text Sriram, Kotikalapudi
- Re: [sidr] Last Draft: ReCharter text Christopher Morrow
- Re: [sidr] Last Draft: ReCharter text John G. Scudder
- Re: [sidr] Last Draft: ReCharter text Randy Bush
- Re: [sidr] Last Draft: ReCharter text Christopher Morrow