Re: [sidr] BGPsec draft and extended messages

"Susan Hares" <> Wed, 15 March 2017 16:43 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 4F2B11316A1; Wed, 15 Mar 2017 09:43:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: 0.947
X-Spam-Status: No, score=0.947 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DOS_OUTLOOK_TO_MX=2.845, HTML_MESSAGE=0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id FT7X0RUfBLDp; Wed, 15 Mar 2017 09:43:19 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id EF95E13171A; Wed, 15 Mar 2017 09:43:18 -0700 (PDT)
X-Default-Received-SPF: pass (skip=forwardok (res=PASS)) x-ip-name=;
From: "Susan Hares" <>
To: "'Alvaro Retana \(aretana\)'" <>, "'Sriram, Kotikalapudi \(Fed\)'" <>, "'Randy Bush'" <>, "'Steve KENT'" <>
Cc: <>, <>, "'Matthias Waehlisch'" <>, "'sidr wg list'" <>
References: <> <> <> <>
In-Reply-To: <>
Date: Wed, 15 Mar 2017 12:38:32 -0400
Message-ID: <031501d29daa$95f44320$c1dcc960$>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0316_01D29D89.0EE4C600"
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQIJvgUkdknlbchV64BNKsEAFS0ypwGwu225AcVHGkYCCCF0zqD750fA
Content-Language: en-us
Archived-At: <>
Subject: Re: [sidr] BGPsec draft and extended messages
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Secure Interdomain Routing <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 15 Mar 2017 16:43:21 -0000



Thank you for working through these issues at this late time. 

<IDR WG chair hat on> 


IDR is talking input on this topic.  So it would be good to post a summary of your discussion to the IDR list.   If it is useful, we can still set aside time for the authors (or SIDR WG chairs) to present their needs at IDR.  If you wish this, please let the IDR chairs know so we can set-up time. 

<IDR WG chair hat off> 


Sue Hares 



From: sidr [] On Behalf Of Alvaro Retana (aretana)
Sent: Wednesday, March 15, 2017 9:45 AM
To: Sriram, Kotikalapudi (Fed); Randy Bush; Steve KENT
Cc:;; Matthias Waehlisch; sidr wg list
Subject: Re: [sidr] BGPsec draft and extended messages




[Speaking as AD]  


The requirement for Extended Messages has been in the BGPSec draft since the beginning (at least the WG -00 version).  Changing it now would mean a significant deviation in the process – but not impossible.


Before committing to supporting any change to the document, I would like to see changes discussed in the sidr WG list.  You may even be able to convince the sidrops Chairs to give you some time in Chicago to discuss in person.  We would need the WG to reach consensus for such a change.



[Speaking as WG Participant]


I think that a possible path forward is to take any reference to the Extended Messages document out, and simply put text similar to this in (from Sriram’s message):


“BGPsec update size is subject to a maximum BGP update size. The maximum size at present is 4096 bytes [RFC4271], and it may be extended to a larger size in the future. If the sending router determines that adding its Secure_Path Segment and Signature Segment causes the BGPsec update to exceed the maximum size, then it will convert the BGPsec update to an unsigned traditional BGP update [using the procedure in Section 4.4] and send the unsigned update. (Note: Please see related discussion in Section 7.)”


I would even just mention the “maximum message size” (with no specific numbers) and leave out mention of any future changes.  This way the BGPSec documents (1) don’t depend on the Extended Messages document, and (2) they depend on whatever BGP can do.  If/when Extended Messages are settled and implemented then BGPSec can make use of them (as can any other application using BGP).














On 3/14/17, 6:26 PM, "Sriram, Kotikalapudi (Fed)" <> wrote:


> Alvaro replied to me in detail.