[sidr] discussion about mandatory-to-implement connection security (was WGLC draft-sidr-rpki-rtr - take 2?)

[Joe Touch <touch@isi.edu>]

Hi, all,

I've reviewed the discussion about mandatory-to-implement connection 
security that dates back to Morrow's post of 1 Apr:
http://www.ietf.org/mail-archive/web/sidr/current/msg02623.html

I'd like to note a few things:

1) ssh does not protect the transport connection
ssh is an application protocol, not a transport protocol

It provides privacy and authentication at the application layer, of the 
data over the TCP connection, but that connection can be interrupted by 
an attacker. This may not have the same impact as for vanilla BGP (where 
the connection disappearing causes routes to be removed), but should be 
a consideration in a "mandatory to implement" component, IMO.

2) TCP-AO was designed for BGP
TCP-AO was designed to get around concerns with the use of IPsec for BGP 
protection, and to correct for weaknesses in TCP MD5.

Any platform that is intended to use BGP in a protected way will need to 
implement TCP-AO anyway. Using that mechanism to protect other parts of 
BGP seems appropriate.

3) TCP-AO obsoletes TCP MD5
We did not deprecate TCP MD5 for legacy reasons only. It should not be 
recommended in any new cases.

4) a SIDR solution assuming TCP-AO isn't available on servers is an 
interim only

RFCs ought not focus on short term solutions, especially ones that are 
so easily corrected.

If the issue is the lack of a TCP-AO implementation in Linux and 
FreeBSD, it would be more productive to find the resources (6 man-months 
approx.) to just write this than even to discuss it on this list at 
length further.

If you do insist on including other alternatives, I would strongly 
suggest listing only IPsec; if you do include ssh (or, AFAICT, if you 
really want to get to servers, why not tls? surely servers are as likely 
if not more so to have HTTPS support) then you should note the lack of 
protection to the transport layer, and any implications that result.

Joe