IETF Logo Mail Archive

Re: [sidr] suggested amendment to draft-ymbk-bgpsec-reqs

Doug Montgomery <dougm.tlist@gmail.com> Fri, 01 April 2011 13:34 UTC

Return-Path: <dougm.tlist@gmail.com>
X-Original-To: sidr@core3.amsl.com
Delivered-To: sidr@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4805C3A680F for <sidr@core3.amsl.com>; Fri, 1 Apr 2011 06:34:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.186
X-Spam-Level:
X-Spam-Status: No, score=-3.186 tagged_above=-999 required=5 tests=[AWL=0.186, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, SARE_SUB_OBFU_Q1=0.227]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yUQaGoTaXKzR for <sidr@core3.amsl.com>; Fri, 1 Apr 2011 06:34:56 -0700 (PDT)
Received: from mail-bw0-f44.google.com (mail-bw0-f44.google.com [209.85.214.44]) by core3.amsl.com (Postfix) with ESMTP id 9BF823A688A for <sidr@ietf.org>; Fri, 1 Apr 2011 06:34:13 -0700 (PDT)
Received: by bwz13 with SMTP id 13so2745191bwz.31 for <sidr@ietf.org>; Fri, 01 Apr 2011 06:35:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:message-id:date:from:user-agent:mime-version:to :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=B++sfg7vW3p/wVIzUlr+kW77KYnpvhRj6ZAr1ouLTOo=; b=B/PEx5vzABply7XuvblfC3jyiGyuRY5NkwTPbUzCZWNdFDo/I1EyJ2yjQi6IpbZEDn xh1x55gtn+3z5v2xrgI28x4K7nMrIaRK+dAlfSI0Wg2EBkOPqwJirIq7okmKJJgdzzEa CqBPWVjL01sZtqKSmTJgXBytG2lSwVAPHDvYo=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; b=OQWDLqubgI1huYt3kdLow8HgzkZtY3cF0DSl5KdTRw/jPNhDjY6UZYUifrVgvtGoIr /P8VtDdT51aPz1gRxNlplZ/QpLayDgZfG/GLwbuxAhXMbdgKeUFrRPHkFdJv8Zd0pN+T hNo90AufPBN4eSGk/WPLMn2WW1H5/0htqe4ss=
Received: by 10.204.8.141 with SMTP id h13mr1549062bkh.64.1301664953369; Fri, 01 Apr 2011 06:35:53 -0700 (PDT)
Received: from dhcp-151a.meeting.ietf.org (dhcp-151a.meeting.ietf.org [130.129.21.26]) by mx.google.com with ESMTPS id q24sm1407900bks.21.2011.04.01.06.35.51 (version=SSLv3 cipher=OTHER); Fri, 01 Apr 2011 06:35:52 -0700 (PDT)
Message-ID: <4D95D4B6.9050704@gmail.com>
Date: Fri, 01 Apr 2011 09:35:50 -0400
From: Doug Montgomery <dougm.tlist@gmail.com>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1.9) Gecko/20100317 Thunderbird/3.0.4
MIME-Version: 1.0
To: sidr@ietf.org
References: <4D95C701.9010308@gmail.com>
In-Reply-To: <4D95C701.9010308@gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: Re: [sidr] suggested amendment to draft-ymbk-bgpsec-reqs
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Apr 2011 13:34:58 -0000

On 4/1/11 8:37 AM, Andrei Robachevsky wrote:
> Hi,
>
> I propose the inclusion of the following requirement:
>
> 3.x A BGPsec design should not decrease the performance characteristics
> of the BGP, nor have a negative impact on the overall resilience of the
> routing system.
>    
"should not decrease" seems a bit literal and restrictive.   One could 
argue that no addition of a feature that put more bits on the wire could 
meet that goal.

Maybe the operative requirement is that the performance implications 
with respect to convergence be clearly defined (in an algorithmic sense 
(e.g., require 1 RSA/SHA verification per hop, and the addition of x 
bytes of new attributes per hop).

Maybe some follow up bench marking of independent implementations in the 
protocol report later would further clarify the issue.

All other characterizations of larger impacts on convergence will be 
based upon models ... and more speculative.

As for resilience, I think it also key to document what factors might 
influence resilience issues of BGPSEC operations (e.g., distribution of 
global RPKI data, etc).

One should also note that the goal of this protocol is to improve the 
resilience of the system ... ;^).

As it stands now, BGPSEC is opt-in.    So it seems that clearly 
documenting these issues is more operative than make absolute 
requirements about them.


> Examples that I have in mind is the convergence time or a solution that
> can make the global routing system more fragile (e.g. an expired
> signature blacking out a significant part of the Internet). Perhaps that
> should also be covered in the deployment considerations, since this
> depends partly on local policy decisions.
>
> Andrei
> _______________________________________________
> sidr mailing list
> sidr@ietf.org
> https://www.ietf.org/mailman/listinfo/sidr
>

v2.23.0 | Report a Bug | By Email