[sidr] Last Draft: ReCharter text
Christopher Morrow <christopher.morrow@gmail.com> Fri, 04 March 2011 03:38 UTC
Return-Path: <christopher.morrow@gmail.com>
X-Original-To: sidr@core3.amsl.com
Delivered-To: sidr@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 180893A6922; Thu, 3 Mar 2011 19:38:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.582
X-Spam-Level:
X-Spam-Status: No, score=-103.582 tagged_above=-999 required=5 tests=[AWL=0.017, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P7ydFHamnkw5; Thu, 3 Mar 2011 19:38:21 -0800 (PST)
Received: from mail-wy0-f172.google.com (mail-wy0-f172.google.com [74.125.82.172]) by core3.amsl.com (Postfix) with ESMTP id 5740C3A6925; Thu, 3 Mar 2011 19:38:17 -0800 (PST)
Received: by wyb42 with SMTP id 42so1869906wyb.31 for <multiple recipients>; Thu, 03 Mar 2011 19:39:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:date:message-id:subject:from:to :content-type; bh=rIOA/sk4MU3t2jtKh1mqo5OrbJLQNUiHfEvWSO3Q/v4=; b=ngOxB7XZODk53S6+HKPB2FfgPIbMyUuhjE0tPiCucbC5Zg92RhQ48geEmBazrq1Jds +ydDiY+wQOiXy6lByNY3raIrxYUdqTcqgN6xKFZDl+5AZjbxMZ1nMEDn1g6QitFrwyvh vvjCw8bK9zOnb96KhazhDZdgK7StAf7j4A9eQ=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=YW+q9e40eUMEE6Em7NAqNzw971ZJv8BC5NRV3EUtUbVZkxawLK4K7G5YpGIJEDL16s jKzedmQ/lkeduODIvvAx5TmhbU88ROZXlk5qpsr/YQ6SZ6DJlHHIHb6UPIvK7U6ra966 aE0jbcgm+ZlR0aJALqg9rE1AkHOGXIcc4cqHs=
MIME-Version: 1.0
Received: by 10.216.181.199 with SMTP id l49mr126113wem.68.1299209964944; Thu, 03 Mar 2011 19:39:24 -0800 (PST)
Received: by 10.216.1.197 with HTTP; Thu, 3 Mar 2011 19:39:24 -0800 (PST)
Date: Thu, 03 Mar 2011 22:39:24 -0500
Message-ID: <AANLkTinKKVAR6LJcs1K0njV+zFyV-Wn8-t9RJPFVFr0k@mail.gmail.com>
From: Christopher Morrow <christopher.morrow@gmail.com>
To: sidr@ietf.org, sidr-chairs@ietf.org, Adrian Farrel <Adrian.Farrel@huawei.com>, Stewart Bryant <stbryant@cisco.com>
Content-Type: text/plain; charset="ISO-8859-1"
Subject: [sidr] Last Draft: ReCharter text
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Mar 2011 03:38:22 -0000
Ok, so a lot (102 messages on-list) was said about the recharter text here:
= = = = = = = = =
Description of Working Group:
The purpose of the SIDR working group is to reduce vulnerabilities in
the inter-domain routing system. The two vulnerabilities that will be
addressed are:
* Is an Autonomous System (AS) authorized to originate an IP prefix
* Is the AS-Path represented in the route the same as the path
through which the route update traveled
The SIDR working group will take practical deployability into consideration.
Building upon the already completed and implemented framework:
* Resource Public Key Infrastructure (RPKI)
* Distribution of RPKI data to routing devices and its use in
operational networks
* Document the use of certification objects within the secure
routing architecture
This working group will specify security enhancements for inter-domain
routing protocols.
The SIDR working group is charged with the following goals and
milestones:
ID Date Pub Date
Mar 2011 Jan 2012 An overview of the RPKI and BGP Protocol changes
required for origin and path validation
Mar 2011 Jun 2012 A document describing threats to the routing system
Mar 2011 Jun 2012 A requirements document that addresses these threats
Mar2011 Jan 2012 Document the BGP protocol enhancements that meet
the security requirements
Nov 2010 Jul 2011 draft-ietf-sidr-origin-ops
Mar 2011 Jul 2012 Operational deployment guidance for network operators
Jun 2011 Dec 2011 System and architecture design choices made in
the protocol and RPKI
Mar 2010 Mar 2012 draft-ietf-sidr-cps-irs
Mar 2010 Mar 2012 draft-ietf-sidr-cps-isp
Nov 2010 Jan 2012 draft-ietf-sidr-pfx-validate
Jan 2010 Jun 2011 draft-ietf-sidr-publication
Nov 2010 Jun 2011 draft-ietf-sidr-repos-struct
Nov 2010 Jun 2011 draft-ietf-sidr-roa-format
Feb 2011 Jun 2011 draft-ietf-sidr-rpki-rtr
Nov 2010 Nov 2011 draft-ietf-sidr-ltamgmt
Dec 2010 Oct 2011 draft-rgaglian-sidr-algorithm-agility
Jan 2011 Oct 2011 draft-ietf-sidr-ghostbusters
Jan 2010 Dec 2011 draft-ietf-sidr-keyroll
Jan 2010 May 2011 draft-ietf-sidr-arch
Jan 2010 May 2011 draft-ietf-sidr-cp
Jan 2010 May 2011 draft-ietf-sidr-res-certs
Jan 2010 Jun 2011 draft-ietf-sidr-roa-validation
Jan 2010 Jun 2011 draft-ietf-sidr-signed-object
Jan 2010 Jun 2011 draft-ietf-sidr-rpki-manifests
Jan 2010 Jul 2011 draft-ietf-sidr-rpki-algs
Jan 2010 Jul 2011 draft-ietf-sidr-rescerts-provisioning
Jan 2010 Aug 2011 draft-ietf-sidr-ta
==================
o Of that text, I noticed no argument about the
dates/drafts/work-items, I noticed at least some
discussion about the second vulnerability to address: (let's call
it a goal for now)
----------------------------------------------------------
* Is the AS-Path represented in the route the same as the path
through which the route update traveled
----------------------------------------------------------
A few folks noted that perhaps 'route' was not the right word here,
perhaps NLRI is. Using a wikipedia definition:
"Once a BGP session is running, the BGP speakers exchange UPDATE
messages about destinations to which the speaker offers connectivity.
In the protocol, the basic CIDR route description is called Network
Layer Reachability Information (NLRI). NLRI includes the expected
destination prefix, prefix length, path of autonomous systems to the
destination and next hop in attributes, which can carry a wide range
of additional information that affects the acceptance policy of the
receiving router. BGP speakers incrementally announce new NLRI to
which they offer reachability, but also announce withdrawals of
prefixes to which the speaker no longer offers connectivity."
This seems mostly correct, we don't actually want to secure something
that changes per router-hop (potentially) - next-hop, but we do care
about prefix/length/as-path. Taking that into account changes the goal
to:
----------------------------------------------------------
* Is the AS-Path represented in the NLRI the same as the path through
which the NLRI traveled
----------------------------------------------------------
o At least one respondent noted that some/all of the work here, as it
affects the
BGP specification will have to be seen/etc by IDR, I don't think the charter
changes as proposed preclude that. I believe the intent was to pass
along all
changes to IDR to make sure they don't see issues with the changes. It's
probably fair to also point out that the current IDR chair acks th
two goals listed,
but still the material relevant to IDR should go there for
checkbox/changes/etc.
--------------------------------------------------------------------------------------------------------------------
Given the above the new charter reads:
= = = = = = = = =
Description of Working Group:
The purpose of the SIDR working group is to reduce vulnerabilities in
the inter-domain routing system. The two vulnerabilities that will be
addressed are:
* Is an Autonomous System (AS) authorized to originate an IP prefix
* Is the AS-Path represented in the NLRI the same as the path
through which the NLRI traveled
The SIDR working group will take practical deployability into consideration.
Building upon the already completed and implemented framework:
* Resource Public Key Infrastructure (RPKI)
* Distribution of RPKI data to routing devices and its use in
operational networks
* Document the use of certification objects within the secure
routing architecture
This working group will specify security enhancements for inter-domain
routing protocols.
The SIDR working group is charged with the following goals and
milestones:
ID Date Pub Date
Mar 2011 Jan 2012 An overview of the RPKI and BGP Protocol changes
required for origin and path validation
Mar 2011 Jun 2012 A document describing threats to the routing system
Mar 2011 Jun 2012 A requirements document that addresses these threats
Mar2011 Jan 2012 Document the BGP protocol enhancements that meet
the security requirements
Nov 2010 Jul 2011 draft-ietf-sidr-origin-ops
Mar 2011 Jul 2012 Operational deployment guidance for network operators
Jun 2011 Dec 2011 System and architecture design choices made in
the protocol and RPKI
Mar 2010 Mar 2012 draft-ietf-sidr-cps-irs
Mar 2010 Mar 2012 draft-ietf-sidr-cps-isp
Nov 2010 Jan 2012 draft-ietf-sidr-pfx-validate
Jan 2010 Jun 2011 draft-ietf-sidr-publication
Nov 2010 Jun 2011 draft-ietf-sidr-repos-struct
Nov 2010 Jun 2011 draft-ietf-sidr-roa-format
Feb 2011 Jun 2011 draft-ietf-sidr-rpki-rtr
Nov 2010 Nov 2011 draft-ietf-sidr-ltamgmt
Dec 2010 Oct 2011 draft-rgaglian-sidr-algorithm-agility
Jan 2011 Oct 2011 draft-ietf-sidr-ghostbusters
Jan 2010 Dec 2011 draft-ietf-sidr-keyroll
Jan 2010 May 2011 draft-ietf-sidr-arch
Jan 2010 May 2011 draft-ietf-sidr-cp
Jan 2010 May 2011 draft-ietf-sidr-res-certs
Jan 2010 Jun 2011 draft-ietf-sidr-roa-validation
Jan 2010 Jun 2011 draft-ietf-sidr-signed-object
Jan 2010 Jun 2011 draft-ietf-sidr-rpki-manifests
Jan 2010 Jul 2011 draft-ietf-sidr-rpki-algs
Jan 2010 Jul 2011 draft-ietf-sidr-rescerts-provisioning
Jan 2010 Aug 2011 draft-ietf-sidr-ta
==================
This I'll send along to the IESG shortly.
-Chris
- [sidr] Last Draft: ReCharter text Christopher Morrow
- Re: [sidr] Last Draft: ReCharter text Randy Bush
- Re: [sidr] Last Draft: ReCharter text Russ White
- Re: [sidr] Last Draft: ReCharter text Christopher Morrow
- Re: [sidr] Last Draft: ReCharter text Sriram, Kotikalapudi
- Re: [sidr] Last Draft: ReCharter text Christopher Morrow
- Re: [sidr] Last Draft: ReCharter text John G. Scudder
- Re: [sidr] Last Draft: ReCharter text Randy Bush
- Re: [sidr] Last Draft: ReCharter text Christopher Morrow