Re: [Sidr] Architecture document: narrowing the scope

Danny McPherson <danny@tcb.net> Mon, 10 March 2008 23:20 UTC

Return-Path: <sidr-bounces@ietf.org>
X-Original-To: ietfarch-sidr-archive@core3.amsl.com
Delivered-To: ietfarch-sidr-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9A6783A6A39; Mon, 10 Mar 2008 16:20:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -100.707
X-Spam-Level:
X-Spam-Status: No, score=-100.707 tagged_above=-999 required=5 tests=[AWL=-0.270, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_ORG=0.611, RDNS_NONE=0.1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2v9WqXlNx3jR; Mon, 10 Mar 2008 16:20:01 -0700 (PDT)
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A590928C224; Mon, 10 Mar 2008 16:20:01 -0700 (PDT)
X-Original-To: sidr@core3.amsl.com
Delivered-To: sidr@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1C11A3A6A92 for <sidr@core3.amsl.com>; Mon, 10 Mar 2008 16:20:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f+Y67r2Lxowb for <sidr@core3.amsl.com>; Mon, 10 Mar 2008 16:20:00 -0700 (PDT)
Received: from dog.tcb.net (dog.tcb.net [64.78.150.133]) by core3.amsl.com (Postfix) with ESMTP id 1F2BC28C3C8 for <sidr@ietf.org>; Mon, 10 Mar 2008 16:20:00 -0700 (PDT)
Received: by dog.tcb.net (Postfix, from userid 0) id 4D1AB268037; Mon, 10 Mar 2008 17:17:40 -0600 (MDT)
Received: from dhcp-1587.ietf71.ietf.org (division.aa.arbor.net [152.160.38.65]) (authenticated-user smtp) (TLSv1/SSLv3 AES128-SHA 128/128) by dog.tcb.net with SMTP; for sidr@ietf.org; Mon, 10 Mar 2008 17:17:40 -0600 (MDT) (envelope-from danny@tcb.net)
Message-Id: <193EEF5F-FFD4-4635-B6A3-87E6AE77D1AD@tcb.net>
From: Danny McPherson <danny@tcb.net>
To: sidr@ietf.org
In-Reply-To: <alpine.LRH.1.00.0803110039560.26663@netcore.fi>
Mime-Version: 1.0 (Apple Message framework v919.2)
Date: Mon, 10 Mar 2008 17:17:24 -0600
References: <alpine.LRH.1.00.0803110039560.26663@netcore.fi>
X-Mailer: Apple Mail (2.919.2)
Subject: Re: [Sidr] Architecture document: narrowing the scope
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: sidr-bounces@ietf.org
Errors-To: sidr-bounces@ietf.org

[top post only]

I agree with Pekka's recommendations here and think
recasting it to be far more precise about what problems
we're discussing in the architecture document is very
important.

-danny


On Mar 10, 2008, at 4:59 PM, Pekka Savola wrote:

> Hi,
>
> As discussed in the meeting, it might make sense to scope the
> architecture document in such a manner that the document doesn't need
> to be in progress while the more specific secure routing work goes on.
>
> I believe this recasting needs to start from the basics (preferably
> from the draft name but changing that isn't probably worth it),
> because the current Title and Abstract can be read to describe secure
> internet routing infrastructure, which it doesn't really do in the
> wider interpretation.
>
> Replace title:
>
>   An Infrastructure to Support Secure Internet Routing
>
> with e.g.:
>
>   A Public Key Infrastructure to Describe Route Origination
>   Authorizations
>
> I don't see a need to have Secure Internet Routing in the title at
> all; it is prone to mislead the user.
>
> Similar recasting should be applied in Abstract and Introduction, e.g.
> with Abstract:
>
> Abstract
>
>    This document describes an architecture for an infrastructure to
>    support secure Internet routing. The foundation of this  
> architecture
>    is a public key infrastructure (PKI) that represents the allocation
>    hierarchy of IP address space and Autonomous System Numbers;
>    certificates from this PKI are used to verify signed objects that
>    authorize autonomous systems to originate routes for specified IP
>    address prefixes. The data objects that comprise the PKI, as well  
> as
>    other signed objects necessary for secure routing, are stored and
>    disseminated through a distributed repository system. This document
>    also describes at a high level how this architecture can be used to
>    add security features to common operations such as IP address space
>    allocation and route filter construction.
>
> Replace with (also summarizing it a bit):
>
>    This document describes a public key infrastructure (PKI), the
>    certificates of which could be used to verify signed objects that
>    authorize autonomous systems to originate routes for specified IP
>    address prefixes.  These and supporting data objects can be  
> stored and
>    disseminated through a distributed repository system.
>
> Possibly also keep the last sentence, but this is a bit of can of
> worms because these mechanisms have already been described as
> incomplete (and to avoid this can of worms, some text in section 7.2
> and 7.3 could possibly be removed or reworded):
>
>                                                         This document
>    also describes at a high level how this architecture can be used to
>    add security features to common operations such as IP address space
>    allocation and route filter construction.
>
> -- 
> Pekka Savola                 "You each name yourselves king, yet the
> Netcore Oy                    kingdom bleeds."
> Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
> _______________________________________________
> Sidr mailing list
> Sidr@ietf.org
> https://www.ietf.org/mailman/listinfo/sidr

_______________________________________________
Sidr mailing list
Sidr@ietf.org
https://www.ietf.org/mailman/listinfo/sidr