IETF Logo Mail Archive

Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs

Christopher Morrow <morrowc.lists@gmail.com> Tue, 20 May 2014 15:46 UTC

Return-Path: <christopher.morrow@gmail.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1CA141A06FA for <sidr@ietfa.amsl.com>; Tue, 20 May 2014 08:46:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6Y0qHOZYDX1P for <sidr@ietfa.amsl.com>; Tue, 20 May 2014 08:46:06 -0700 (PDT)
Received: from mail-lb0-x235.google.com (mail-lb0-x235.google.com [IPv6:2a00:1450:4010:c04::235]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7A13B1A0183 for <sidr@ietf.org>; Tue, 20 May 2014 08:46:06 -0700 (PDT)
Received: by mail-lb0-f181.google.com with SMTP id q8so561047lbi.12 for <sidr@ietf.org>; Tue, 20 May 2014 08:46:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=1JcQRgisZ4tJWTjE4LsW877MReqlMrR2hGQjmowhij0=; b=EOA3/abs39Qu6AUFlNb/FHPCq50ziusTgwqPf7ohsmwciVhAhGGjjkn9F76syusRXQ VkzwAk+Sm7u3RmEcwGH547K5QCh1NOmePQ8U0FTOPbmyqOvGZ/JGHzf6W5Gxa4rNmZs8 VeX9aNKO9a1+TPKBwPSpVl8Ubn2EbwXpsLXjMkMsNYk3xZ5EYkzpk+SFUjn4/WOZ8qPJ mMcr2ePyCYjiyO/YK/h3+EjHrXFitHbz/hX6MfaTCASe4P0d9fSma+BtY4uXN0m0Z1xs zyhJTwg8QpQ4xT4oN00XU9RJrJSzsC5LqWb9A1r/hPVRAiRiXRCr4AASU3psber58K7a NcBQ==
MIME-Version: 1.0
X-Received: by 10.152.20.40 with SMTP id k8mr2603174lae.62.1400600764532; Tue, 20 May 2014 08:46:04 -0700 (PDT)
Sender: christopher.morrow@gmail.com
Received: by 10.153.5.161 with HTTP; Tue, 20 May 2014 08:46:04 -0700 (PDT)
In-Reply-To: <m2zjiccy71.wl%randy@psg.com>
References: <52D072F6.9030304@ops-netman.net> <52D0A0AC.5040903@ops-netman.net> <CF07E61E.AF86%wesley.george@twcable.com> <m238kcea01.wl%randy@psg.com> <CF0BE8F1.B1BE%wesley.george@twcable.com> <m2a9ehjto3.wl%randy@psg.com> <52E92B20.9060505@bbn.com> <CAL9jLaapjPL0_OU8-L0U5BiLXPPoEhkCZym=7R_qDDLSobKVjA@mail.gmail.com> <m2iosq8f9e.wl%randy@psg.com> <CAL9jLab5=JNbPRMji7xWWCR_+QLRpbguShU7K_Uu56jYxKymZw@mail.gmail.com> <m2vbucdkqi.wl%randy@psg.com> <CAL9jLaYeqtqf9ewN=A7Zxnx6xRGxV=64_TyX3NLgWUt237tCkg@mail.gmail.com> <m2ioqbed03.wl%randy@psg.com> <F415D68C-DC4B-4DA1-9DC8-FB4CB06558B9@cisco.com> <m2bnvcgouf.wl%randy@psg.com> <CAL9jLaasqgPv4SsEw5+0iPXhVub0fNc7Cw0G0fZ_PADmfLDTuA@mail.gmail.com> <m28uqggnel.wl%randy@psg.com> <m2bnuseevv.wl%randy@psg.com> <CAL9jLaa+fM9WDQOpbszZPZqducSaFUbhF_d4S1Ntg0P3gvG+1Q@mail.gmail.com> <m2zjiccy71.wl%randy@psg.com>
Date: Tue, 20 May 2014 11:46:04 -0400
X-Google-Sender-Auth: iOKlImBqBaVkyOf7q1nW21NsK2M
Message-ID: <CAL9jLaa2eDTvV6yzaukSztiKbCqPbbvqOZnHLdmKMJ=+FTg+MQ@mail.gmail.com>
From: Christopher Morrow <morrowc.lists@gmail.com>
To: Randy Bush <randy@psg.com>, Roque Gagliano <rogaglia@cisco.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/sidr/q_nd8VdCMFb2-lHxvdEF9myK4Lg
Cc: sidr wg list <sidr@ietf.org>
Subject: Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 May 2014 15:46:09 -0000

On Tue, May 20, 2014 at 10:38 AM, Randy Bush <randy@psg.com> wrote:
>> i didn't update the tracker... (i hadn't ever in the past).
>
> uh, that is between you and the datawhacker
>
>> Did we circle down on an answer for the leak/persay language that
>> everyone's happy with? If so I'd like to push out a pub request today.
>
> as far as i am aware, there is no issue with leak language.  we got past
> folk looking up 'per se' in their dictionaries.  the one open issue is
>
>     >>>>>   3.14  While the trust level of a route should be determined by the
>     >>>>>         BGPsec protocol, local routing preference and policy MUST then
>     >>>>>         be applied to best path and other routing decisions.  Such
>     >>>>>         mechanisms SHOULD conform with [I-D.ietf-sidr-ltamgmt].
>     >>>>> ...
>     >>>>>   3.17  If a BGPsec design makes use of a security infrastructure, that
>     >>>>>         infrastructure SHOULD enable each network operator to select
>     >>>>>         the entities it will trust when authenticating data in the
>     >>>>>         security infrastructure.  See, for example,
>     >>>>>         [I-D.ietf-sidr-ltamgmt].
>     >>>
>     >>> What about adding that "the connection to this security infrastructure
>     >>> MUST be through a secure channel"?
>     >
>     > it's done via rcynic and/or rpki-to-rtr, right? depending on where in
>     > the process you are... presuming the process looks like:
>     >   publication-point - gatherer - cache - router
>     >                       (rcynic)     (rcynic)   (rpki-rtr)
>
>     apologies to roque.  some external data were indeed what was meant (an
>     rpki-like thing is an example), and was inteneded by "security
>     infrastructure."
>
>     the authenticity of those data is an issue.  we might say so in sec
>     cons.
>
> and i am waiting for wglc to close so i can make the hack once.

Roque, is the change/text ok? or ?

v2.23.0 | Report a Bug | By Email