IETF Logo Mail Archive

Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2?

Christopher Morrow <morrowc.lists@gmail.com> Sat, 04 June 2011 01:11 UTC

Return-Path: <christopher.morrow@gmail.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BF71DE06C7 for <sidr@ietfa.amsl.com>; Fri, 3 Jun 2011 18:11:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.599
X-Spam-Level:
X-Spam-Status: No, score=-103.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Zd7qCLyVKhWO for <sidr@ietfa.amsl.com>; Fri, 3 Jun 2011 18:11:31 -0700 (PDT)
Received: from mail-ey0-f172.google.com (mail-ey0-f172.google.com [209.85.215.172]) by ietfa.amsl.com (Postfix) with ESMTP id B56DCE06C4 for <sidr@ietf.org>; Fri, 3 Jun 2011 18:11:30 -0700 (PDT)
Received: by eye13 with SMTP id 13so1101100eye.31 for <sidr@ietf.org>; Fri, 03 Jun 2011 18:11:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=5sNVVaMnwvKQIy3uOjztmkAsHz/ClV7VMygY/A4XYKE=; b=htaUC3jOeGq7Em+TvQETbaqPFge6ORTxNs3Ba7B545fUX/EWc6vjXGqNB2lvWmQaCF Fg2HzjWN0MTruWJjNmE809KchGjUy/m3bJ9/iUltC4F2XOxgKRBcq13F5XKfp7TV77z8 QxAFsUfRgcd00ywkY6VbmeiO84DeAfBBqscU8=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type :content-transfer-encoding; b=AvGU7uzUmmqnejwE+XdfcjM7h9+GVdF6nfREuIwSbKemXQvZBeDRp+HiFdnZw8cp6L 8MP7sY+uJagQpqMCnnUFPC+LKbz7KIDwTahJ3SQdU/LgibjnK0zaZBHkJHZl9Ab2k8yZ hDBxz1fKyfoLlGNBBRXMm6CAHA2g+j21KARUs=
MIME-Version: 1.0
Received: by 10.213.26.82 with SMTP id d18mr984398ebc.123.1307149889584; Fri, 03 Jun 2011 18:11:29 -0700 (PDT)
Sender: christopher.morrow@gmail.com
Received: by 10.213.20.71 with HTTP; Fri, 3 Jun 2011 18:11:29 -0700 (PDT)
In-Reply-To: <D1D8138DDF34B34B8BC68A11262D10790F6233E04A@EUSAACMS0701.eamcs.ericsson.se>
References: <4DAF44AC.8060408@isi.edu> <E3076C4C-F27C-40A8-A033-2EBB8C39A3D2@cisco.com> <4DAF796C.7010807@isi.edu> <BANLkTi=Oc-fEKOYCRQqM97wPxSSXjrdTRw@mail.gmail.com> <409BDC5C-FE86-444A-BC0D-6DA00E7BF0F3@isi.edu> <BANLkTikLi2p7UipJ!TRSQqVOL6GkLn=j9iA@mail.gmail.com> <F0FABE61-FC1D-45ED-A21D-ED7A1228A997@isi.edu> <01eb01cc0325$6e4fd260$4001a8c0@gateway.2wire.net> <4DB592B3.3090805@isi.edu> <033e01cc05a8$0a82f160$4001a8c0@gateway.2wire.net> <4DB9A456.3060709@isi.edu> <BANLkTikg18FV5H0bOdOfWMzpTcm_B__EVQ@mail.gmail.com> <017b01cc13ff$0cb6da40$4001a8c0@gateway.2wire.net> <BANLkTink82qvhge6rRhqt5+h-2mEkKBMhA@mail.gmail.com> <m21uzwr3tw.wl%randy@psg.com> <BANLkTimPnMfE1ii=6uwAckoFY0yUU=w43g@mail.gmail.com> <BANLkTinu8pxxCj4cdJzbS3z5h=8=s+U3Gw@mail.gmail.com> <D1D8138DDF34B34B8BC68A11262D10790F6233E006@EUSAACMS0701.eamcs.ericsson.se> <Pine.WNT.4.64.1106031624560.2148@SMURPHY-LT.columbia.ads.sparta.com> <D1D8138DDF34B34B8BC68A11262D10790F6233E04A@EUSAACMS0701.eamcs.ericsson.se>
Date: Fri, 03 Jun 2011 21:11:29 -0400
X-Google-Sender-Auth: esj6wHmnWV7Qs9JFFlnaVtmZZDE
Message-ID: <BANLkTi=OcqYbBReP+F+6e+mdqySEWPkq4Q@mail.gmail.com>
From: Christopher Morrow <morrowc.lists@gmail.com>
To: Uma Chunduri <uma.chunduri@ericsson.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: "sidr@ietf.org" <sidr@ietf.org>, Sandra Murphy <Sandra.Murphy@sparta.com>, "stephen.farrell@cs.tcd.ie" <stephen.farrell@cs.tcd.ie>
Subject: Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2?
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 04 Jun 2011 01:11:31 -0000

On Fri, Jun 3, 2011 at 5:28 PM, Uma Chunduri <uma.chunduri@ericsson.com> wrote:
>
>
> -----Original Message-----
> From: Sandra Murphy [mailto:Sandra.Murphy@sparta.com]
> Sent: Friday, June 03, 2011 1:43 PM
> To: Uma Chunduri
> Cc: sidr@ietf.org; Sean Turner; stephen.farrell@cs.tcd.ie
> Subject: Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2?
>
>
> On Fri, 3 Jun 2011, Uma Chunduri wrote:
>
>>
>>
> ....
>
>>
>> True, privacy through SSH is overkill but strong AUTH is *critical*, I feel:
>>   - TCP-MD5 should not be considered (as it is any ways deprecated and it's MD5)
>>   - TCP-AO has only slight advantage as it has less overhead than ipsec-AH even when
>>     deployed with manual keys
>>   - but it's better if it is "MUST support authentication of nodes
>> with TCP-AO or ipsec-AH" because
>
> Just to be sure:
>
> Did you understand the part about implementations of TCP-AO and ipsec-AH not being available at present?
>
> I.e., you recognize this forces a delay in implementation of the protocol (and accept the consequent impact on deployment of the RPKI)?
>
> [Uma] Yes, I did. Even though operators don't like  ipsec-AH today, it is still deployed for OSPFv3 protection as that
> (of course now there are other drafts to mitigate complexity with reasonable trade-off).
>

So, speaking as just another guy on the bus here... it's not about
'dont like it' it's about "THE CODE ON THE ROUTER DOES NOT DO IPSEC"

Keep in mind that a router is not a generic CPU + intel ethernet PCI
card, and often the OS on it is optomized for a particular duty, in
large iron routers it's NOT ipsec.

> Problem with MD5 is, it can present the *weakest* link for the whole RPKI infa.
> At least new infrastructure like RPKI should avoid deprecated  stuff.

exactly how is MD5 the weakest link here? some particular words about
the threat model + ability to subvert a running session which ships a
few megabytes/minute around would be in order here.

-chris
<just a guy>

> -Uma
>
>
> --Sandy, speaking as wg co-chair
>
>
>>     as both support
>>           - strong auth algos
>>           - algo agility
>>           - can be deployed with manual and auto key management
>>            (auto key probably required eventually, once with lot of connections at
>>             cache/global RPKI/server side and for automatic key
>>             changes periodically)
>>           - key changes for existing sessions
>>
>>    One would get flexibility with this.
>>    Also Section 7 (page 16)
>>    "It is assumed that the router and cache have exchanged keys out of band by some reasonably secured means"
>>    This will be still applicable but only if TCP-AO/ipsce-AH are deployed with manual keys.
>>
>> 2 cents,
>> -Uma
>>
>>
>> _______________________________________________
>> sidr mailing list
>> sidr@ietf.org
>> https://www.ietf.org/mailman/listinfo/sidr
>>
> _______________________________________________
> sidr mailing list
> sidr@ietf.org
> https://www.ietf.org/mailman/listinfo/sidr
>

v2.23.0 | Report a Bug | By Email