Re: [sidr] [Idr] No BGPSEC intradomain ?

Jeffrey Haas <jhaas@pfrc.org> Thu, 12 April 2012 14:50 UTC

Return-Path: <jhaas@slice.pfrc.org>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6655E21F8683; Thu, 12 Apr 2012 07:50:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.74
X-Spam-Level:
X-Spam-Status: No, score=-101.74 tagged_above=-999 required=5 tests=[AWL=0.525, BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Uogph6M2NH+H; Thu, 12 Apr 2012 07:50:34 -0700 (PDT)
Received: from slice.pfrc.org (slice.pfrc.org [67.207.130.108]) by ietfa.amsl.com (Postfix) with ESMTP id 0389221F8681; Thu, 12 Apr 2012 07:50:33 -0700 (PDT)
Received: by slice.pfrc.org (Postfix, from userid 1001) id 9BCAE1703CC; Thu, 12 Apr 2012 10:50:33 -0400 (EDT)
Date: Thu, 12 Apr 2012 10:50:33 -0400
From: Jeffrey Haas <jhaas@pfrc.org>
To: Robert Raszuk <robert@raszuk.net>
Message-ID: <20120412145033.GA9700@slice>
References: <24B20D14B2CD29478C8D5D6E9CBB29F60F6F1533@Hermes.columbia.ads.sparta.com> <4F832F5E.9030903@raszuk.net> <0BD03B75-CA3A-4CBA-BBF4-E2100AFA64E4@kumari.net> <4F846121.2050408@raszuk.net> <CAL9jLaYF-MW1cJ2n28BiV1mi+tpPS2ECKB2UxhFMQ=NXxbihCg@mail.gmail.com> <7309FCBCAE981B43ABBE69B31C8D21391B3EE03F77@EUSAACMS0701.eamcs.ericsson.se> <alpine.LFD.2.02.1204111507190.22591@jamaica.dcs.gla.ac.uk> <CAL9jLaZDwpje4NtHHMUpzJaHDJLMY-f8gzDUVe3pEKwSqvsm_w@mail.gmail.com> <DCC302FAA9FE5F4BBA4DCAD465693779173DCB5AAB@PRVPEXVS03.corp.twcable.com> <4F86DE1D.4020505@raszuk.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <4F86DE1D.4020505@raszuk.net>
User-Agent: Mutt/1.5.20 (2009-06-14)
Cc: "idr@ietf.org List" <idr@ietf.org>, Paul Jakma <paul@jakma.org>, "sidr@ietf.org" <sidr@ietf.org>
Subject: Re: [sidr] [Idr] No BGPSEC intradomain ?
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Apr 2012 14:50:34 -0000

On Thu, Apr 12, 2012 at 03:52:29PM +0200, Robert Raszuk wrote:
> I very much agree with both Paul and Wes that new BGP version number
> or at least new set of AFIs would be the best way to smoothly
> migrate unsecure BGP to secure one.

If it's not backward compatible, sure.

> I have not seem anyone resisting that idea yet with real technical
> arguments against it ;)

See my migration comments earlier.  If you think you can get a given SP that
might be willing to install BGPSEC at the edges also willing to upgrade
every other BGP speaker inside their AS... you're more optimistic than I.

-- Jeff