Re: [sidr] Mirja Kühlewind's No Objection on draft-ietf-sidr-bgpsec-ops-12: (with COMMENT)
Randy Bush <randy@psg.com> Tue, 03 January 2017 23:32 UTC
Return-Path: <randy@psg.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8A27E129479; Tue, 3 Jan 2017 15:32:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.001
X-Spam-Level:
X-Spam-Status: No, score=-10.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-3.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9_umPQFjWpy8; Tue, 3 Jan 2017 15:32:03 -0800 (PST)
Received: from ran.psg.com (ran.psg.com [IPv6:2001:418:8006::18]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 48DFA1293D6; Tue, 3 Jan 2017 15:32:03 -0800 (PST)
Received: from localhost ([127.0.0.1] helo=ryuu.psg.com) by ran.psg.com with esmtp (Exim 4.86_2) (envelope-from <randy@psg.com>) id 1cOYYI-0005iD-3O; Tue, 03 Jan 2017 23:31:34 +0000
Date: Wed, 04 Jan 2017 08:31:31 +0900
Message-ID: <m2lgurn2jw.wl-randy@psg.com>
From: Randy Bush <randy@psg.com>
To: Peter Hessler <phessler@theapt.org>
In-Reply-To: <20170103083907.GE5069@gir.theapt.org>
References: <148336377615.21819.15119186800162780376.idtracker@ietfa.amsl.com> <m2vatxmv83.wl-randy@psg.com> <563AAA29-82F7-4202-8A54-855CD7702595@kuehlewind.net> <m2tw9hmq76.wl-randy@psg.com> <yj9o60lx6kvm.wl%morrowc@ops-netman.net> <m2shp0nct9.wl-randy@psg.com> <20170103083907.GE5069@gir.theapt.org>
User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/24.5 Mule/6.0 (HANACHIRUSATO)
MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue")
Content-Type: text/plain; charset="US-ASCII"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidr/pCtzkV3264h45ys9UO24ArgLOM4>
Cc: Chris Morrow <morrowc@ops-netman.net>, Mirja Kuehlewind <ietf@kuehlewind.net>, The IESG <iesg@ietf.org>, sidr wg list <sidr@ietf.org>
Subject: Re: [sidr] Mirja Kühlewind's No Objection on draft-ietf-sidr-bgpsec-ops-12: (with COMMENT)
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Jan 2017 23:32:04 -0000
>> ok, i have had coffee. >> >> as a bif gedanken experiment, posit a global registry where r0 can say >> "i can speak bgpsec." i am a distant r1 and receive an unsigned path >> with r0 in it. >> o did someone before r0 on the path not speak bgpsec, so the path was >> never signed? >> o did someone between us not speak bgpsec, so the path was stripped? >> o was there a monkey in the middle? >> >> i think we did discuss this problem space, and decided that, as long as >> we allow islands of partial deployment, and therefore path stripping, >> the monkey is on our back. we might have been wrong in this; but even >> with coffee i do not see a way out. >> >> and i do not think the idea of partial path signing, r0 signing a >> received unsigned path, would have helped a lot. >> >> it is not clear to me that this is a space where the ops doc can help >> much. i am open to ideas. > > I'm currently not using bgpsec (or rpki for that matter). BUT, if there > was no path to go back, I would never ever use it. Destroying my ASN > because I wasn't ready to migrate is a straight-up No Go(tm). > > Mistakes will be made. Rolling back will happen. Preventing rolling > back will kill the baby and will guarentee this will never be rolled > out. what do you mean by "no path to go back" and "rolling back?" where do you see "destroying" your AS? my only guess is that o you have not read the spec or any documentation on it, and o you triggered on the phrase "path stripping" fwiw, path stripping is removing the bgpsec gorp from a bgpsec path and rendering a classic bgp4 path to hand to a bgp listener who does not understand bgpsec. no ASs are harmed in the process. randy
- [sidr] Mirja Kühlewind's No Objection on draft-ie… Mirja Kuehlewind
- Re: [sidr] Mirja Kühlewind's No Objection on draf… Randy Bush
- Re: [sidr] Mirja Kühlewind's No Objection on draf… Mirja Kuehlewind (IETF)
- Re: [sidr] Mirja Kühlewind's No Objection on draf… Randy Bush
- Re: [sidr] Mirja Kühlewind's No Objection on draf… Chris Morrow
- Re: [sidr] Mirja Kühlewind's No Objection on draf… Randy Bush
- Re: [sidr] Mirja Kühlewind's No Objection on draf… Peter Hessler
- Re: [sidr] Mirja Kühlewind's No Objection on draf… Chris Morrow
- Re: [sidr] Mirja Kühlewind's No Objection on draf… Alvaro Retana (aretana)
- Re: [sidr] Mirja Kühlewind's No Objection on draf… Mirja Kuehlewind (IETF)
- Re: [sidr] Mirja Kühlewind's No Objection on draf… Sriram, Kotikalapudi (Fed)
- Re: [sidr] Mirja Kühlewind's No Objection on draf… Sriram, Kotikalapudi (Fed)
- Re: [sidr] Mirja Kühlewind's No Objection on draf… Randy Bush
- Re: [sidr] Mirja Kühlewind's No Objection on draf… Randy Bush
- Re: [sidr] Mirja Kühlewind's No Objection on draf… Christopher Morrow