Re: [sidr] [Idr] AS_SET depreciation (RFC6472) and BGP multipath
Jakob Heitz <jakob.heitz@ericsson.com> Wed, 28 March 2012 22:02 UTC
Return-Path: <jakob.heitz@ericsson.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 29C3021E80FC; Wed, 28 Mar 2012 15:02:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.489
X-Spam-Level:
X-Spam-Status: No, score=-6.489 tagged_above=-999 required=5 tests=[AWL=0.110, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qO+zX15AHvXl; Wed, 28 Mar 2012 15:02:50 -0700 (PDT)
Received: from imr4.ericy.com (imr4.ericy.com [198.24.6.9]) by ietfa.amsl.com (Postfix) with ESMTP id C281B21E80B1; Wed, 28 Mar 2012 15:02:49 -0700 (PDT)
Received: from eusaamw0707.eamcs.ericsson.se ([147.117.20.32]) by imr4.ericy.com (8.14.3/8.14.3/Debian-9.1ubuntu1) with ESMTP id q2SM2laZ017641; Wed, 28 Mar 2012 17:02:49 -0500
Received: from EUSAACMS0701.eamcs.ericsson.se ([169.254.1.55]) by eusaamw0707.eamcs.ericsson.se ([147.117.20.32]) with mapi; Wed, 28 Mar 2012 18:02:46 -0400
From: Jakob Heitz <jakob.heitz@ericsson.com>
To: sidr wg list <sidr@ietf.org>
Date: Wed, 28 Mar 2012 18:03:16 -0400
Thread-Topic: [Idr] AS_SET depreciation (RFC6472) and BGP multipath
Thread-Index: Ac0NLoGzh7neYzreT06/e8Cqxu9uMA==
Message-ID: <1229E370-0830-4815-AFB7-304D1479FC62@ericsson.com>
References: <4F72166F.6080503@raszuk.net> <20120328210335.GB16814@slice> <4F737DF4.7030202@raszuk.net> <24F722F3-4D36-40D4-83FE-27B14CB5B9ED@tony.li> <5FE465B7-5005-4FE4-B97C-0608C9F9A45C@ericsson.com>
In-Reply-To: <5FE465B7-5005-4FE4-B97C-0608C9F9A45C@ericsson.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "idr@ietf.org List" <idr@ietf.org>
Subject: Re: [sidr] [Idr] AS_SET depreciation (RFC6472) and BGP multipath
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Mar 2012 22:02:51 -0000
including sidr -- Jakob Heitz. On Mar 28, 2012, at 11:57 PM, "Jakob Heitz" <jakob.heitz@ericsson.com> wrote: > This can be done. > Like I said before: aggregate the signatures of the paths being aggregated. > String all the signed paths together (after wrapping them with a header), add your SKI and destination AS (as normal) and sign over the lot. > > Question is: does anyone want to? > > -- > Jakob Heitz. > > > On Mar 28, 2012, at 11:17 PM, "Tony Li" <tony.li@tony.li> wrote: > >> >> On Mar 28, 2012, at 2:09 PM, Robert Raszuk wrote: >> >>>>> * Continue to call as_aggregate and still generate AS_SET >>>>> effectively depreciating RFC6472 (quagga approach) >>>> >>>> Generating sets is the safest thing to do. >>> >>> Glad you said this. I do agree. >> >> >> Understood, but how do you ever secure this? Set SIDR aside for a second, what would ANY path verification mechanism have to do to secure the full path? >> >> It would seem that the ONLY thing one could reasonably do is to describe the full topology, and that would seem to require the ability to describe an arbitrary tree, not just a set of vectors of paths. >> >> Tony >> >> _______________________________________________ >> Idr mailing list >> Idr@ietf.org >> https://www.ietf.org/mailman/listinfo/idr > _______________________________________________ > Idr mailing list > Idr@ietf.org > https://www.ietf.org/mailman/listinfo/idr
- Re: [sidr] [Idr] AS_SET depreciation (RFC6472) an… Jakob Heitz
- Re: [sidr] [Idr] AS_SET depreciation (RFC6472) an… Paul Jakma
- Re: [sidr] [Idr] AS_SET depreciation (RFC6472) an… Jakob Heitz
- Re: [sidr] [Idr] AS_SET depreciation (RFC6472) an… Robert Raszuk
- Re: [sidr] [Idr] AS_SET depreciation (RFC6472) an… Jakob Heitz
- Re: [sidr] [Idr] AS_SET depreciation (RFC6472) an… Paul Jakma
- Re: [sidr] [Idr] AS_SET depreciation (RFC6472) an… Christopher Morrow
- Re: [sidr] [Idr] AS_SET depreciation (RFC6472) an… Robert Raszuk
- Re: [sidr] [Idr] AS_SET depreciation (RFC6472) an… Christopher Morrow
- Re: [sidr] [Idr] AS_SET depreciation (RFC6472) an… Robert Raszuk
- Re: [sidr] [Idr] AS_SET depreciation (RFC6472) an… Jeffrey Haas
- Re: [sidr] [Idr] AS_SET depreciation (RFC6472) an… Christopher Morrow
- Re: [sidr] [Idr] AS_SET depreciation (RFC6472) an… Murphy, Sandra
- Re: [sidr] [Idr] AS_SET depreciation (RFC6472) an… heasley
- Re: [sidr] [Idr] AS_SET depreciation (RFC6472) an… Jakob Heitz
- Re: [sidr] [Idr] AS_SET depreciation (RFC6472) an… Robert Raszuk
- Re: [sidr] [Idr] AS_SET depreciation (RFC6472) an… Robert Raszuk
- Re: [sidr] [Idr] AS_SET depreciation (RFC6472) an… Brian Dickson
- Re: [sidr] [Idr] AS_SET depreciation (RFC6472) an… Robert Raszuk
- Re: [sidr] [Idr] AS_SET depreciation (RFC6472) an… Jeffrey Haas
- Re: [sidr] [Idr] AS_SET depreciation (RFC6472) an… Jeffrey Haas
- Re: [sidr] [Idr] AS_SET depreciation (RFC6472) an… Jeffrey Haas
- Re: [sidr] [Idr] AS_SET depreciation (RFC6472) an… Christopher Morrow
- Re: [sidr] [Idr] AS_SET depreciation (RFC6472) an… Jakob Heitz
- Re: [sidr] [Idr] AS_SET depreciation (RFC6472) an… Jeffrey Haas
- Re: [sidr] [Idr] AS_SET depreciation (RFC6472) an… Susan Hares