[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[RPSEC] Follow-up on discussion on BGP session security draft

To: rpsec at ietf.org
Subject: [RPSEC] Follow-up on discussion on BGP session security draft
From: "Michael H. Behringer" <mbehring at cisco.com>
Date: Thu, 26 Jul 2007 18:28:31 -0500
Authentication-results: ams-dkim-1; header.From=mbehring@cisco.com; dkim=pass ( sig from cisco.com/amsdkim1002 verified; );
Dkim-signature: v=0.5; a=rsa-sha256; q=dns/txt; l=4819; t=1185543964; x=1186407964; c=relaxed/simple; s=amsdkim1002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=mbehring@cisco.com; z=From:=20=22Michael=20H.=20Behringer=22=20<mbehring@cisco.com> |Subject:=20Follow-up=20on=20discussion=20on=20BGP=20session=20security=2 0draft |Sender:=20; bh=UO/f4PPccCau9nusAhAShL5lzuGsEjTeHLA7kMhl+Oc=; b=H+eVniCROtFg9kl6ij7HshBlnZSFZ41OD8iws3wQ2/iwUjZgDJjS1nKKfFUiwgKR4OUAcHm+ v28RBFcBxgIzmHZuKbLxce7T5eu8OSWMDFgKK+5BHhfkeQxg4U/sAfEQ;
List-archive: <http://www1.ietf.org/pipermail/rpsec>
List-help: <mailto:rpsec-request@ietf.org?subject=help>
List-id: Routing Protocol Security Requirements <rpsec.ietf.org>
List-post: <mailto:rpsec@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/rpsec>, <mailto:rpsec-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/rpsec>, <mailto:rpsec-request@ietf.org?subject=unsubscribe>

Following up on the discussion we had in the WG meeting, on draft-behringer-bgp-session-sec-req-01.txt. [Thanks for the excellent minutes, Geoff!]

The key issue as I see it is the scope of the document and the potential overlap with

draft-bellovin-tcpsec-01.txt. (The other issues are
comparatively minor, and will be addressed after we clarified the scope
of the doc.) Let me try to address those here.

- Scope of the document.

Strictly speaking the WG is focusing on *protocol* security requirements, ie, the BGP protocol specific security stuff. Right now my doc addresses a wider scope, namely all the security mechanisms that a BGP speaker should implement to secure a BGP peering. This includes mechanisms on several layers. So strictly speaking the doc is out of scope. However, if we are that strict, *nothing* is going to be in scope for BGP, not even the bellovin draft, since tcpsec is not part of the BGP protocol either. ;-)

It was also pointed out that the document is a mix between operational requirements, and implementation requirements. That needs to be clarified as well. (At least what the intention is.)

My goal was to address real, practical requirements (leave out detailed discussion here, there is still a lot of work to be done). I agree the scope needs refining, along what I wrote above, and I'll give it a try. I am open for suggestions.

But having discussed with various people, I think, assuming the fixes above, we are in agreement that this scope is correct, and fits into the WG charter. Is this correct?

- Overlap with

draft-bellovin-tcpsec-01.txt

I *had* actually read the -00 draft, but forgot to add the reference. I think that the two documents address a different problem space. The Bellovin draft is TCP specific, not focused on BGP. However, it is an excellent analysis of the security requirements for this space. It is clear that my document must reference the Bellovin draft, and must also explain how the two documents fit together. This will also be addressed.
Can we have a vote: With those clarifications, does the document fit into the WG charter?

[If there is consensus, I will address the other points raised in version -02]

Thanks for your feedback!
Michael

_______________________________________________
RPSEC mailing list
RPSEC at ietf.org
https://www1.ietf.org/mailman/listinfo/rpsec

Follow-Ups:
- Re: [RPSEC] Follow-up on discussion on BGP session security draft
  - From: Sandy Murphy
- Re: [RPSEC] Follow-up on discussion on BGP session security draft
  - From: Geoff Huston

Prev by Date: Re: [RPSEC] Change to Consensus statement in BGP Sec Reqs -08
Next by Date: Re: [RPSEC] Follow-up on discussion on BGP session security draft
Previous by thread: [RPSEC] Change to Consensus statement in BGP Sec Reqs -08
Next by thread: Re: [RPSEC] Follow-up on discussion on BGP session security draft
Index(es):
- Date
- Thread