Re: [sidr] New Version Notification for draft-sriram-replay-protection-design-discussion-05.txt
"Sriram, Kotikalapudi" <kotikalapudi.sriram@nist.gov> Tue, 20 October 2015 17:06 UTC
Return-Path: <kotikalapudi.sriram@nist.gov>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B076E1ACCE0 for <sidr@ietfa.amsl.com>; Tue, 20 Oct 2015 10:06:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AZpvERcXNwhn for <sidr@ietfa.amsl.com>; Tue, 20 Oct 2015 10:06:23 -0700 (PDT)
Received: from na01-by2-obe.outbound.protection.outlook.com (mail-by2on0107.outbound.protection.outlook.com [207.46.100.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3762E1ACC83 for <sidr@ietf.org>; Tue, 20 Oct 2015 10:06:23 -0700 (PDT)
Received: from SN1PR09MB0799.namprd09.prod.outlook.com (10.162.101.145) by SN1PR09MB0798.namprd09.prod.outlook.com (10.162.101.144) with Microsoft SMTP Server (TLS) id 15.1.300.14; Tue, 20 Oct 2015 17:06:21 +0000
Received: from SN1PR09MB0799.namprd09.prod.outlook.com ([10.162.101.145]) by SN1PR09MB0799.namprd09.prod.outlook.com ([10.162.101.145]) with mapi id 15.01.0300.010; Tue, 20 Oct 2015 17:06:21 +0000
From: "Sriram, Kotikalapudi" <kotikalapudi.sriram@nist.gov>
To: "Stephen Kent (kent@bbn.com)" <kent@bbn.com>, "sidr wg list (sidr@ietf.org)" <sidr@ietf.org>
Thread-Topic: New Version Notification for draft-sriram-replay-protection-design-discussion-05.txt
Thread-Index: AQHRCsgx63Hz4NMkw0C45R4kayT6dJ50k9DQ
Date: Tue, 20 Oct 2015 17:06:21 +0000
Message-ID: <SN1PR09MB0799B4B9115CE2C71D41644E84390@SN1PR09MB0799.namprd09.prod.outlook.com>
References: <20151019234507.4182.51437.idtracker@ietfa.amsl.com>
In-Reply-To: <20151019234507.4182.51437.idtracker@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=kotikalapudi.sriram@nist.gov;
x-originating-ip: [129.6.140.100]
x-microsoft-exchange-diagnostics: 1; SN1PR09MB0798; 5:ITu5VvDkROypy1Shy43GA/3c+0A0NM/E7OrybpURxFPp0clT7FOQWjpvnXM/J306K88McobwNomCHt7g38ZvkfAGEGU1WJ2l+5sQm5O68R/Wk112ggXKXqMJD40tJZsz34MnaKX8Fpi/n9Wg33b+eQ==; 24:cyIDIoG0VHc1U1kstJWxGw7rUq7ug0tA+QxougDT96VSYqCCFeqNfIbOMh2jJfLLyaupxW+Agqp196jOnaIuTUog+ozwrd81yWs6FLv8TO4=; 20:ODxOwLODPmyoRG6jjxx32jmdEOkdf1uVrEYQg3N1CDXXR2f3vCCgSg3j/2NtyP8QTsI0pZrZtRKJBFppyZ5QkA==
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:SN1PR09MB0798;
x-microsoft-antispam-prvs: <SN1PR09MB079832E0713115B9F762BFFB84390@SN1PR09MB0798.namprd09.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(65766998875637);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(2401047)(520078)(5005006)(8121501046)(3002001); SRVR:SN1PR09MB0798; BCL:0; PCL:0; RULEID:; SRVR:SN1PR09MB0798;
x-forefront-prvs: 073515755F
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(377424004)(189002)(199003)(377454003)(13464003)(92566002)(107886002)(33656002)(106116001)(101416001)(5008740100001)(99286002)(106356001)(46102003)(105586002)(230783001)(50986999)(54356999)(76176999)(10400500002)(4001150100001)(86362001)(2900100001)(97736004)(2950100001)(102836002)(81156007)(77096005)(76576001)(15975445007)(5001960100002)(5001770100001)(74316001)(11100500001)(64706001)(66066001)(19580405001)(5004730100002)(122556002)(19580395003)(5007970100001)(40100003)(5002640100001)(5003600100002)(189998001)(87936001); DIR:OUT; SFP:1102; SCL:1; SRVR:SN1PR09MB0798; H:SN1PR09MB0799.namprd09.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts)
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Oct 2015 17:06:21.3124 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR09MB0798
Archived-At: <http://mailarchive.ietf.org/arch/msg/sidr/j1PQ8wQzdW7k48ZaBe7NwrW3CB4>
Subject: Re: [sidr] New Version Notification for draft-sriram-replay-protection-design-discussion-05.txt
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Oct 2015 17:06:25 -0000
We (authors) have made significant changes/updates in this new version-05 of the individual I-D. draft-sriram-replay-protection-design-discussion. The draft had been in keep-alive mode. But now that there is renewal of interest in this topic with the revised/updated versions of [draft-ietf-sidr-bgpsec-rollover] in March and July 2015, we decided to update the replay-protection design discussion draft as well. In private emails to the authors (back in October, November 2013), Steve Kent had given us extensive comments and suggestions on version-02 of the draft. [Sorry, Steve, for postponing it until now but we had never forgotten it. And thank you once again.] We have incorporated most of Steve's comments/suggestions in this new version. He suggested changing the "replay attack" name to something better that recognizes that it is actually withdrawal suppression more often than replay. So in this new version, we have coined a new name and acronym that covers both: Replay Attack and Withdrawal Suppression (RAWS) That name seems to have served the purpose well in this revised doc. We feel that the document now has good clarity and presentation due to Steve's suggestions as well as some of our own rethinking. Feedback, comments are welcome on the updated draft. Thank you. Sriram -----Original Message----- From: internet-drafts@ietf.org [mailto:internet-drafts@ietf.org] Sent: Monday, October 19, 2015 7:45 PM To: Montgomery, Douglas <dougm@nist.gov>; Sriram, Kotikalapudi <kotikalapudi.sriram@nist.gov> Subject: New Version Notification for draft-sriram-replay-protection-design-discussion-05.txt A new version of I-D, draft-sriram-replay-protection-design-discussion-05.txt has been successfully submitted by Kotikalapudi Sriram and posted to the IETF repository. Name: draft-sriram-replay-protection-design-discussion Revision: 05 Title: Design Discussion and Comparison of Protection Mechanisms for Replay Attack and Withdrawal Suppression in BGPsec Document date: 2015-10-19 Group: Individual Submission Pages: 17 URL: https://www.ietf.org/internet-drafts/draft-sriram-replay-protection-design-discussion-05.txt Status: https://datatracker.ietf.org/doc/draft-sriram-replay-protection-design-discussion/ Htmlized: https://tools.ietf.org/html/draft-sriram-replay-protection-design-discussion-05 Diff: https://www.ietf.org/rfcdiff?url2=draft-sriram-replay-protection-design-discussion-05 Abstract: In the context of BGPsec, a withdrawal suppression occurs when an adversary AS suppresses a prefix withdrawal with the intension of continuing to attract traffic for that prefix based on a previous (signed and valid) BGPsec announcement that was earlier propagated. Subsequently if the adversary AS had a BGPsec session reset with a neighboring BGPsec speaker and when the session is restored, the AS replays said previous BGPsec announcement (even though it was withdrawn), then such a replay action is called a replay attack. The BGPsec protocol should incorporate a method for protection from Replay Attack and Withdrawal Suppression (RAWS), at least to control the window of exposure. This informational document provides design discussion and comparison of multiple alternative RAWS protection mechanisms weighing their pros and cons. This is meant to be a companion document to the standards track I-D.-ietf-sidr-bgpsec- rollover that will specify a method to be used with BGPsec for RAWS protection.
- Re: [sidr] New Version Notification for draft-sriā¦ Sriram, Kotikalapudi