Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs
Randy Bush <randy@psg.com> Mon, 05 May 2014 17:12 UTC
Return-Path: <randy@psg.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 552521A0177 for <sidr@ietfa.amsl.com>; Mon, 5 May 2014 10:12:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.551
X-Spam-Level:
X-Spam-Status: No, score=-7.551 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.651] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J84xZ08nOTf7 for <sidr@ietfa.amsl.com>; Mon, 5 May 2014 10:12:38 -0700 (PDT)
Received: from ran.psg.com (ran.psg.com [198.180.150.18]) by ietfa.amsl.com (Postfix) with ESMTP id AF99B1A00D7 for <sidr@ietf.org>; Mon, 5 May 2014 10:12:38 -0700 (PDT)
Received: from localhost ([127.0.0.1] helo=ryuu.psg.com.psg.com) by ran.psg.com with esmtp (Exim 4.76) (envelope-from <randy@psg.com>) id 1WhMRN-0003YF-5r; Mon, 05 May 2014 17:12:33 +0000
Date: Mon, 05 May 2014 19:12:34 +0200
Message-ID: <m28uqggnel.wl%randy@psg.com>
From: Randy Bush <randy@psg.com>
To: Christopher Morrow <morrowc.lists@gmail.com>
In-Reply-To: <CAL9jLaasqgPv4SsEw5+0iPXhVub0fNc7Cw0G0fZ_PADmfLDTuA@mail.gmail.com>
References: <52D072F6.9030304@ops-netman.net> <52D0A0AC.5040903@ops-netman.net> <CF07E61E.AF86%wesley.george@twcable.com> <m238kcea01.wl%randy@psg.com> <CF0BE8F1.B1BE%wesley.george@twcable.com> <m2a9ehjto3.wl%randy@psg.com> <52E92B20.9060505@bbn.com> <CAL9jLaapjPL0_OU8-L0U5BiLXPPoEhkCZym=7R_qDDLSobKVjA@mail.gmail.com> <m2iosq8f9e.wl%randy@psg.com> <CAL9jLab5=JNbPRMji7xWWCR_+QLRpbguShU7K_Uu56jYxKymZw@mail.gmail.com> <m2vbucdkqi.wl%randy@psg.com> <CAL9jLaYeqtqf9ewN=A7Zxnx6xRGxV=64_TyX3NLgWUt237tCkg@mail.gmail.com> <m2ioqbed03.wl%randy@psg.com> <F415D68C-DC4B-4DA1-9DC8-FB4CB06558B9@cisco.com> <m2bnvcgouf.wl%randy@psg.com> <CAL9jLaasqgPv4SsEw5+0iPXhVub0fNc7Cw0G0fZ_PADmfLDTuA@mail.gmail.com>
User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/22.3 Mule/5.0 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.7 - "Harue")
Content-Type: text/plain; charset="US-ASCII"
Archived-At: http://mailarchive.ietf.org/arch/msg/sidr/q7xL43Bb1c26cnu9p8f75tpKSlg
Cc: sidr wg list <sidr@ietf.org>
Subject: Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 May 2014 17:12:40 -0000
>>>>> 3.14 While the trust level of a route should be determined by the >>>>> BGPsec protocol, local routing preference and policy MUST then >>>>> be applied to best path and other routing decisions. Such >>>>> mechanisms SHOULD conform with [I-D.ietf-sidr-ltamgmt]. >>>>> ... >>>>> 3.17 If a BGPsec design makes use of a security infrastructure, that >>>>> infrastructure SHOULD enable each network operator to select >>>>> the entities it will trust when authenticating data in the >>>>> security infrastructure. See, for example, >>>>> [I-D.ietf-sidr-ltamgmt]. >>> >>> What about adding that "the connection to this security infrastructure >>> MUST be through a secure channel"? > > it's done via rcynic and/or rpki-to-rtr, right? depending on where in > the process you are... presuming the process looks like: > publication-point - gatherer - cache - router > (rcynic) (rcynic) (rpki-rtr) apologies to roque. some external data were indeed what was meant (an rpki-like thing is an example), and was inteneded by "security infrastructure." the authenticity of those data is an issue. we might say so in sec cons. randy
- [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Christopher Morrow
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Danny McPherson
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Shane Amante
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs George, Wes
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Stephen Kent
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Danny McPherson
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Stephen Kent
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Eric Osterweil
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Christopher Morrow
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Sriram, Kotikalapudi
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Russ White
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Randy Bush
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Russ White
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Randy Bush
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Randy Bush
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Jakob Heitz
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Sriram, Kotikalapudi
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Eric Osterweil
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Danny McPherson
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Danny McPherson
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Christopher Morrow
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Eric Osterweil
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Jakob Heitz
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Brian Dickson
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Christopher Morrow
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Danny McPherson
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Christopher Morrow
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Sriram, Kotikalapudi
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Danny McPherson
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Eric Osterweil
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Brian Dickson
- [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Chris Morrow
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Sriram, Kotikalapudi
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Warren Kumari
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Keyur Patel (keyupate)
- [sidr] Another potential DOS attack on RP softwar… Demian Rosenkranz
- Re: [sidr] Another potential DOS attack on RP sof… Tim Bruijnzeels
- Re: [sidr] Another potential DOS attack on RP sof… Jared Mauch
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs George, Wes
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Warren Kumari
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs George, Wes
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Randy Bush
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs George, Wes
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Randy Bush
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Stephen Kent
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Christopher Morrow
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Randy Bush
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Christopher Morrow
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Randy Bush
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Randy Bush
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Christopher Morrow
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Christopher Morrow
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Randy Bush
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Roque Gagliano (rogaglia)
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Randy Bush
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Christopher Morrow
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Randy Bush
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Roque Gagliano (rogaglia)
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Randy Bush
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Christopher Morrow
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Randy Bush
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Christopher Morrow
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs George, Wes
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Christopher Morrow
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Randy Bush
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Christopher Morrow
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Christopher Morrow
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Randy Bush
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Christopher Morrow
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Randy Bush
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Montgomery, Douglas
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Montgomery, Douglas
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs Sandra Murphy