So, as stated in the meeting today, and in these slides:
http://www.ietf.org/proceedings/83/slides/slides-83-sidr-8.pdf
There is a proposal to schedule 5 future Interim Face to Face
(+virtual) meetings. The dates/locations are:
Mon Apr 30 - after ARIN (IAD)
Wed Jun 6 - NANOG (YVR)
Fri Jun 29 -
date may work out... would be good to discuss that though
after this set is settled/scheduled.
-chris
Regards,
.as
On 26 Mar 2012, at 16:43, Christopher Morrow wrote:
So, as stated in the meeting today, and in these slides:
http://www.ietf.org/proceedings/83/slides/slides-83-sidr-8.pdf
crickets
Hey folk,
Is this draft stating something obvious and doesn't need to be
documented? or are we in need of this doc to keep us all on the same
page (us == ops + vendors) as to getting a cert created and installed
on our lovely devices?
If people could take a few minutes to read the 4
[mailto:sidr-boun...@ietf.org] On Behalf Of
Christopher Morrow
Sent: Saturday, March 24, 2012 6:19 AM
To: Sean Turner
Cc: Murphy, Sandra; sidr@ietf.org
Subject: Re: [sidr] wg adoption call for
draft-ymbk-bgpsec-rtr-rekeying-00.txt
crickets
Hey folk,
Is this draft stating something obvious
be good.
thanks!
-chris
- Matt Lepinski
On 3/24/2012 9:42 AM, Christopher Morrow wrote:
On Sat, Mar 24, 2012 at 9:33 AM, George, Weswesley.geo...@twcable.com
wrote:
Yes, support. Anything that teaches router jockeys how to wrangle keys
and not compromise the security of the system
On Sat, Mar 24, 2012 at 10:05 AM, Christopher Morrow
morrowc.li...@gmail.com wrote:
On Sat, Mar 24, 2012 at 10:02 AM, Matt Lepinski mlepin...@bbn.com wrote:
Chris,
No, I believe Wes is talking about:
http://tools.ietf.org/html/draft-rogaglia-sidr-bgpsec-rollover-00
oh :) burried further
On Fri, Mar 23, 2012 at 6:30 AM, Robert Raszuk rob...@raszuk.net wrote:
Chris,
I am talking about inter-domain policy not intra-domain. ACHTUNG may not
help as folks around seem very reluctant to share their internal policies
outside.
sure, interdomain policies today differ between
On Fri, Mar 23, 2012 at 6:59 AM, Robert Raszuk rob...@raszuk.net wrote:
When compared to what is today I don't think folks are mandated by any
RFC
to make a choice between two attributes which carry the same metric to
decide which one should win on a per AS basis.
they are not, and in the
On Thu, Mar 22, 2012 at 10:57 AM, Murphy, Sandra
sandra.mur...@sparta.com wrote:
This has become a long and tortuous rat hole, leading off into branching rat
holes.
It all started with prospective text to the idr wg about the route leaks
problem.
The furor started over the suggested
On Thu, Mar 22, 2012 at 7:56 PM, Terry Manderson
terry.mander...@icann.org wrote:
I accept that the drivers/authors of the BGPSEC work along with chairs and
ADs want to maintain momentum - but given the importance of this topic and
the many many layers it crosses (in some cases without meaning
On Thu, Mar 22, 2012 at 7:28 PM, Robert Raszuk rob...@raszuk.net wrote:
By chaos I meant complete autonomous selection of what paths are preferred
to be chosen as best on an AS by AS basis. In the case of mixed SIGNED and
how is the above any different that what happens today? (inside a
single
On Thu, Mar 22, 2012 at 9:21 PM, Terry Manderson
terry.mander...@icann.org wrote:
Hi Chris,
On 23/03/12 11:05 AM, Christopher Morrow morrowc.li...@gmail.com wrote:
significant progress has been made on the topics here because of
frequent (monthly about) face-to-face meetings, focused
On Wed, Mar 21, 2012 at 7:46 AM, Russ White ru...@riw.us wrote:
i don't think the case you outline is one of actually telling the
remote-as that the path doesn't exist because of policy. the /fact of
policy/ can be inferred, and I outlined 3 (or more) places you could
infer at D that there
On Wed, Mar 21, 2012 at 9:43 AM, Russ White ru...@riw.us wrote:
The point is you've gone beyond the existence of the path here to the
rightful use of the path --and that is policy.
don't think so.
Yes, you have.
Because you've insisted on making the solution work per prefix, you've
moved
On Wed, Mar 21, 2012 at 10:08 AM, Russ White ru...@riw.us wrote:
The point is you've gone beyond the existence of the path here to the
rightful use of the path --and that is policy.
don't think so.
Yes, you have.
Because you've insisted on making the solution work per prefix, you've
On Wed, Mar 21, 2012 at 10:52 AM, Russ White ru...@riw.us wrote:
no, you never sent anything of this route to E so E never had anything
to pass along to C and then to D ... knowledge of this path is not
there, in both the SIDR and non-SIDR cases. All D knows in both SIDR
and non-SIDR cases
On Wed, Mar 21, 2012 at 11:50 AM, Brian Dickson
brian.peter.dick...@gmail.com wrote:
On Wed, Mar 21, 2012 at 11:37 AM, Montgomery, Douglas do...@nist.gov
wrote:
By we I assume you are asking the bigger question about what the broad
requirements / objectives should be.
The current BGPSEC
On Wed, Mar 21, 2012 at 12:36 PM, Brian Dickson
brian.peter.dick...@gmail.com wrote:
On Wed, Mar 21, 2012 at 12:10 PM, Christopher Morrow
morrowc.li...@gmail.com wrote:
On Wed, Mar 21, 2012 at 11:50 AM, Brian Dickson
brian.peter.dick...@gmail.com wrote:
On Wed, Mar 21, 2012 at 11:37
On Wed, Mar 21, 2012 at 3:19 PM, Eric Osterweil eosterw...@verisign.com wrote:
How about we turn this around with a simple question:
Suppose two different feasible paths are being evaluated for a single
prefix/origin pair and one was delivered via a signed bgpsec update, and the
other was
On Wed, Mar 21, 2012 at 3:40 PM, Eric Osterweil eosterw...@verisign.com wrote:
My input is that the current work that does not address the real route leak
threat, and it is therefore insufficient.
and many, many times ... 'how would you do this, really, show me the
math' has been asked. the
On Wed, Mar 21, 2012 at 5:04 PM, Eric Osterweil eosterw...@verisign.com wrote:
On Mar 21, 2012, at 4:57 PM, Christopher Morrow wrote:
On Wed, Mar 21, 2012 at 3:19 PM, Eric Osterweil eosterw...@verisign.com
wrote:
How about we turn this around with a simple question:
Suppose two different
On Wed, Mar 21, 2012 at 5:13 PM, Shane Amante sh...@castlepoint.net wrote:
On Mar 21, 2012, at 3:00 PM, Christopher Morrow wrote:
On Wed, Mar 21, 2012 at 3:40 PM, Eric Osterweil eosterw...@verisign.com
wrote:
My input is that the current work that does not address the real route leak
On Wed, Mar 21, 2012 at 5:26 PM, Shane Amante sh...@castlepoint.net wrote:
On Mar 21, 2012, at 3:21 PM, Christopher Morrow wrote:
On Wed, Mar 21, 2012 at 5:13 PM, Shane Amante sh...@castlepoint.net wrote:
On Mar 21, 2012, at 3:00 PM, Christopher Morrow wrote:
On Wed, Mar 21, 2012 at 3:40 PM
On Wed, Mar 21, 2012 at 5:19 PM, Robert Raszuk rob...@raszuk.net wrote:
Hi Chris,
In the end, I think 'bgpsec suggests' that the operator would make
some decision... ideally the same decision across the network.
Such decision is inherently per prefix. So even assuming ideal case and such
On Wed, Mar 21, 2012 at 5:17 PM, Eric Osterweil eosterw...@verisign.com wrote:
Hey Chris,
On Mar 21, 2012, at 5:06 PM, Christopher Morrow wrote:
On Wed, Mar 21, 2012 at 5:04 PM, Eric Osterweil eosterw...@verisign.com
wrote:
On Mar 21, 2012, at 4:57 PM, Christopher Morrow wrote:
On Wed
On Tue, Mar 20, 2012 at 11:24 AM, Peter Saint-Andre stpe...@stpeter.im wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 3/20/12 8:07 AM, David Harrington wrote:
Hi,
FYI. The IESG decided the SIDR Interim should be cancelled because
it didn't meet the deadlines.
The rules about
On Mon, Mar 19, 2012 at 6:20 PM, Robert Raszuk rob...@raszuk.net wrote:
Hi,
The virtual meeting agenda was supposed to take 6h (+2h lunch break).
May I ask how below proposed time slots will make up for the cancelled
virtual meeting if one is 2h and the other one is just 1h ?
gzip
On Tue, Mar 20, 2012 at 9:59 PM, Russ White ru...@riw.us wrote:
BGPSEC is not a new *routing* feature. It is protections for existing
routing features. BGPSEC eliminates certain *bad* routing behavior,
but it should not create *new* routing features.
The ability to restrict where a
(behind on my reading, but...)
On Fri, Mar 16, 2012 at 11:56 AM, Brian Dickson
brian.peter.dick...@gmail.com wrote:
On Thu, Mar 15, 2012 at 8:22 PM, Murphy, Sandra sandra.mur...@sparta.com
wrote:
speaking more as regular ol' member
On Wednesday, March 14, 2012 5:31 PM, Eric Osterweil said:
quick response to a single point... below.
On Fri, Mar 16, 2012 at 7:33 PM, Brian Dickson
brian.peter.dick...@gmail.com wrote:
On Fri, Mar 16, 2012 at 4:54 PM, Christopher Morrow
morrowc.li...@gmail.com wrote:
And, if we acknowledge that it is a new feature, it then is incumbent
on the WG
On Sat, Feb 4, 2012 at 1:01 PM, Wes Hardaker wjh...@hardakers.net wrote:
On Thu, 15 Dec 2011 15:56:44 -0800, Randy Bush ra...@psg.com said:
RB As you say, NetConf is for *configuring* routers. RPKI-rtr is not used
RB for router configuration, but rather dynamic data, a la IS-IS or BGP.
RB In
On Tue, Nov 29, 2011 at 10:27 AM, Stephen Kent k...@bbn.com wrote:
There are controls to allow RPs to ignore the expiration of the certs for
the widget maker, but that's not the best outcome. Ultimately the widget
maker
would like to have a new CA cert issued to it, and continue to manage the'
On Mon, Nov 21, 2011 at 6:08 PM, Shane Amante sh...@castlepoint.net wrote:
Hi Chris,
howdy!
On Nov 20, 2011, at 10:35 PM, Christopher Morrow wrote:
On Wed, Nov 16, 2011 at 11:23 PM, Danny McPherson da...@tcb.net wrote:
Team,
I've updated this draft based on some feedback received already
On Mon, Nov 21, 2011 at 11:15 PM, Terry Manderson te...@terrym.net wrote:
Speaking for myself on this one.
On 22/11/2011, at 12:47 PM, Christopher Morrow wrote:
ok, so if we step forward and ask for 'give me an attribute to
indicate customer/peer/other', would we then trust that? it'd
On Thu, Nov 17, 2011 at 12:50 PM, Brian Dickson
brian.peter.dick...@gmail.com wrote:
Here's the thing - if all-A chains continue to exist until Phase 4,
_and_ fallback to Suite A is required, this is a downgrade-attack
vulnerability.
It seems to me that as long as there are consumers of cert
On Wed, Nov 16, 2011 at 7:48 PM, Russ White ru...@riw.us wrote:
Does this now allow me to send passwords in the clear on the internet?
1. Protection means to know that the site you intend to get to is
actually the site you reach.
2. Part of this protection requires protecting the routing
On Wed, Nov 16, 2011 at 12:29 AM, Brian Dickson
brian.peter.dick...@gmail.com wrote:
Understanding the real threats, and worked, real-world examples, is
important.
I cannot believe anyone in this WG would be ignorant of things like this:
On Wed, Nov 16, 2011 at 12:56 AM, Brian Dickson
brian.peter.dick...@gmail.com wrote:
On Wed, Nov 16, 2011 at 12:35 AM, Christopher Morrow
morrowc.li...@gmail.com wrote:
you may be willing to do same, you may also be willing to do this in
the case of internal services routes that you don't
in the case you missed the note at the beginning, a nice gentleman
from Orange is going to videotape the entire slide-sets being
presented. Be aware of this when you walk to the mic/etc.
(If you have a problem with it, speak up first and he'll be nice)
thanks!
-chris
Elisa,
In the meeting you noted that:
Some route servers don't have an ASN, some use a private-asn
Do you have some examples of these? Some quick doc searching (not by
me) noted that all docs point to using a public-ASN... Err, so
confusion reigns, could you help here?
-chris
Checking back on this... I see that Randy had rev'd the document since
this last conversation-set ... Danny has 2 editorial changes and 1
'large' comment... I don't yet see any feedback on those, but the
previous set of comments/requests are taken care of to the original
peoples' satsifaction?
I
On Mon, Nov 14, 2011 at 1:24 AM, Danny McPherson da...@tcb.net wrote:
On Nov 13, 2011, at 11:03 PM, Christopher Morrow wrote:
I suspect some feedback to Danny will come soonish, but can we close
out the other set of requests?
Chris,
I'm not sure I understand the request, can you clarify
On Mon, Nov 14, 2011 at 1:41 AM, George, Wes wesley.geo...@twcable.com wrote:
From: christopher.mor...@gmail.com
there were a slew of changes (or a slew of comments made) requested, a
document update happened ~13 days ago, did the changes account for the
comments/requests or not?
[WEG] I
be different, of
course.
-chris
-Original Message-
From: sidr-boun...@ietf.org [mailto:sidr-boun...@ietf.org] On Behalf
Of Eric Osterweil
Sent: Thursday, November 10, 2011 10:46 AM
To: Christopher Morrow
Cc: Sriram, Kotikalapudi; sidr wg list
Subject: Re: [sidr] WGLC: draft-ietf-sidr
On Fri, Nov 11, 2011 at 8:49 AM, Danny McPherson da...@tcb.net wrote:
On Nov 11, 2011, at 8:19 AM, Christopher Morrow wrote:
There's actually some research on this, I recall the number 'globally'
as 1.2 avg packing... but internally, that may be different, of
course.
I'd be interested
-
From: Jakob Heitz [mailto:jakob.he...@ericsson.com]
Sent: Tuesday, November 08, 2011 12:09 PM
To: Sriram, Kotikalapudi
Cc: Christopher Morrow; Eric Osterweil; sidr wg list
Subject: Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs
Proposal was 24 hour beacon timeout and 3 beacons per timeout
On Fri, Nov 4, 2011 at 9:29 PM, Eric Osterweil eosterw...@verisign.com wrote:
As for Pakistan, iirc that was an origin hijack. In this case, the origin
authenticity was the issue, and that problem should be solved through
resource certification.
or by simply applying a filter to your
On Fri, Nov 4, 2011 at 10:39 PM, Shane Amante sh...@castlepoint.net wrote:
Hi Chris,
chello!
On Nov 4, 2011, at 3:07 PM, Christopher Morrow wrote:
On Fri, Nov 4, 2011 at 3:05 PM, Eric Osterweil eosterw...@verisign.com
wrote:
This is a list of three questions. Until there is discussion
On Fri, Nov 4, 2011 at 11:12 PM, Shane Amante sh...@castlepoint.net wrote:
agreed, some manner of prefix + as-path seems like it'd sure solve
this problem. :(
Please note that, for the specific case above, I did not mention
complicated burdensome prefix-list filtering … just AS_PATH sanity
Two folks seem to have given this a read-through, is that all the
interest that exists? is documenting how originators of routes ought
to think/use/abuse RPKI not something we should do here?
please chime in if you've given this a read and are onboard with it
moving forward.
-chris
On Sat, Oct
On Thu, Oct 20, 2011 at 10:50 AM, Sandra Murphy
sandra.mur...@sparta.com wrote:
The authors have requested a WG LC for draft Algorithm Agility Procedure
for RPKI.
The document and the draft version history are available at
http://tools.ietf.org/html/draft-ietf-sidr-algorithm-agility-03
The
Seems that the authors, at least, expect this doc to be prepared for
WGLC, could we do that concluding 11/11/11 please?
Draft link: http://tools.ietf.org/wg/sidr/draft-ietf-sidr-bgpsec-reqs/
01 link: http://tools.ietf.org/html/draft-ietf-sidr-bgpsec-reqs
diff link:
On Sun, Oct 9, 2011 at 10:10 AM, Randy Bush ra...@psg.com wrote:
could the chairs please pass $subject to the iesg? i am only aware of
one possible issue raised in wglc, tp asked for a hyphen somewhere but
did not respond to my asking him to be specific where. if this mystery
is solved, i
On Fri, Oct 14, 2011 at 12:52 PM, t.petch ie...@btconnect.com wrote:
- Original Message -
From: Christopher Morrow morrowc.li...@gmail.com
To: Randy Bush ra...@psg.com; t.petch ie...@btconnect.com; Samuel
Weiler wei...@watson.org
Cc: sidr wg list sidr@ietf.org
Sent: Friday, October
On Wed, Aug 24, 2011 at 8:07 PM, Joe Touch to...@isi.edu wrote:
On 8/24/2011 3:57 PM, Paul Hoffman wrote:
On Aug 24, 2011, at 2:45 PM, Joe Touch wrote:
On 8/24/2011 1:27 PM, Paul Hoffman wrote:
On Aug 24, 2011, at 12:19 PM, Joe Touch wrote:
Is there ever a reason that this service
On Mon, Sep 12, 2011 at 2:28 PM, George, Wesley
wesley.geo...@twcable.com wrote:
-Original Message-
From: christopher.mor...@gmail.com [mailto:christopher.mor...@gmail.com] On
Behalf Of Christopher Morrow
Sent: Sunday, September 11, 2011 11:26 PM
To: Randy Bush; George, Wesley
Cc
On Fri, Sep 9, 2011 at 12:19 PM, Randy Bush ra...@psg.com wrote:
as a vendor friend says, if ipv6 deploys, insha allah, we're gonna
be upgrading those routers to do real v6 forwarding. if it does not
deploy, you will be deploying massively bigger boxes to nat your ass
into
We seem to have sat on this a bit and cogitated... are we prepared to
call -02 'good enough to progress' and ask for WGLC??
-Chris
On Wed, Jun 22, 2011 at 5:14 AM, Terry Manderson
terry.mander...@icann.org wrote:
The second ROA (ROA 2) below would of course be address 10.1.0.0/20
maxlength
, Christopher Morrow morrowc.li...@gmail.com wrote:
We seem to have sat on this a bit and cogitated... are we prepared to
call -02 'good enough to progress' and ask for WGLC??
-Chris
On Wed, Jun 22, 2011 at 5:14 AM, Terry Manderson
terry.mander...@icann.org wrote:
The second ROA (ROA 2) below would
Hello work-group-readers,
The authors did some significant work on this doc, it seems to have
settled into a groove, could we get some input on where this stands?
This is a WGLC for the document which should end: 09/22/2011 (Sept 22,
2011 for those with the other flavor of clocks).
document link:
Oopsy, Sandy asked that someone (and pointed at me) call some sort of
consensus on this doc and move it along (or punt it to the authors for
more work).
It seems there were a few folks willing to read the doc (and comment),
some further work was done and we have a version 8 now:
a kind reader thunked me on the noggin'...
On Fri, Jun 3, 2011 at 2:06 AM, Christopher Morrow
morrowc.li...@gmail.com wrote:
Security-AD folks,
Over here in the SIDR WG we've been batting around a problem related
to secure authentication of TCP endpoints, essentially how can we
specify TODAY
On Fri, Jun 3, 2011 at 5:33 PM, Uma Chunduri uma.chund...@ericsson.com wrote:
-Original Message-
From: John Scudder [mailto:j...@juniper.net]
Sent: Friday, June 03, 2011 1:53 PM
To: Uma Chunduri
Cc: Christopher Morrow; sidr@ietf.org; sidr-cha...@ietf.org; Sean Turner;
stephen.farr
On Fri, Jun 3, 2011 at 10:15 PM, Uma Chunduri uma.chund...@ericsson.com wrote:
-Original Message-
From: christopher.mor...@gmail.com [mailto:christopher.mor...@gmail.com] On
Behalf Of Christopher Morrow
Sent: Friday, June 03, 2011 6:11 PM
To: Uma Chunduri
Cc: Sandra Murphy
On Tue, May 31, 2011 at 1:29 PM, Randy Bush ra...@psg.com wrote:
Not at all. What I'm trying to say is that the IPv6 RIB is already
growing at about 60% y/y. Further, the transition to IPv6 _may_
trigger de-aggregation within the IPv4 RIB, as we maximize the
utilization of the v4 address
On Tue, May 31, 2011 at 1:44 PM, Randy Bush ra...@psg.com wrote:
sriram was working on the effects of bgpsec on the growth rate, not
every other game being played in town. give the man a break.
to be fair to both parties... the excel can be adjusted if you so
desire.
true. and we could
like ... 1 month ago, and I forgot to post a note to the list.
sorry!
-chris
/wg-co-chair-finger-cot off
___
sidr mailing list
sidr@ietf.org
https://www.ietf.org/mailman/listinfo/sidr
this sort of thing
inside a single ASN (or single administrative domain) is this
something that's less critical?
Just my 0.02£
Tom Petch
- Original Message -
From: Christopher Morrow morrowc.li...@gmail.com
To: Joe Touch to...@isi.edu
Cc: t.petch ie...@btconnect.com; sidr wg list sidr
According to: http://www.ietf.org/mail-archive/web/idr/current/msg05298.html
There's a last-call ending tomorrow (perhaps?) which SIDR folk may
want to review/etc, sorry for the late notice on this.
-chris
___
sidr mailing list
sidr@ietf.org
(hate to jump into the fray, but...)
On Tue, Apr 26, 2011 at 1:30 AM, Randy Bush ra...@psg.com wrote:
so, i have hacked
As a router must evaluate certificates and ROAs which are time
dependent, routers' clocks MUST be correct to a tolerance of
approximately an hour.
does there need
first, thanks! :)
On Wed, Apr 20, 2011 at 4:29 PM, Joe Touch to...@isi.edu wrote:
Hi, all,
I've reviewed the discussion about mandatory-to-implement connection
security that dates back to Morrow's post of 1 Apr:
http://www.ietf.org/mail-archive/web/sidr/current/msg02623.html
I'd like to
So.. round and round the rosemary bush we go, still we have no actual
things that run actual tcp-ao, so given that can we either:
1) use md5 (as a MUST, with ssh as a MAY) and rev the doc at a later
point to say that AO is a MUST and remove md5
2) move this doc along the path
3) get
On Thu, Apr 7, 2011 at 12:30 AM, Brian Weis b...@cisco.com wrote:
On Apr 6, 2011, at 5:46 PM, Randy Bush wrote:
Getting a new application (such as the rtr protocol) specifying
hmac-md5 mandatory to implement through a Secdir review and then the
Security ADs just won't happen. The only
On Thu, Apr 7, 2011 at 6:44 PM, Randy Bush ra...@psg.com wrote:
Possibly the use of md5 would be more palatable to the security area
if the protocol were Experimental rather than Standards-Track. If the
authors and chairs would be willing to make that change
not a chance in hell. the
On Fri, Apr 8, 2011 at 12:20 AM, Pradosh Mohapatra pmoha...@cisco.com wrote:
We seem to be in a bit of a jam :( I don't think SIDR is going to be
able to, by declaration, get opensource implementations of AO to
appear. I don't see non-open-source implementations on the server side
for tcp-md5
On Mon, Apr 4, 2011 at 8:50 AM, Hannes Gredler han...@juniper.net wrote:
On Mon, Apr 04, 2011 at 08:22:42AM -0400, Danny McPherson wrote:
|
| On Apr 4, 2011, at 4:32 AM, Hannes Gredler wrote:
|
|
| so my question is: why do we need to solve the same problem
| (= protecting message
On Fri, Apr 1, 2011 at 11:05 PM, Hannes Gredler han...@juniper.net wrote:
On Fri, Apr 01, 2011 at 10:17:44PM +0200, Matthias Waehlisch wrote:
| Hi John,
|
| On Fri, 1 Apr 2011, John Scudder wrote:
|
| i propose that i rev the doc to say
| o the transport must provide authentication and
On Thu, Mar 31, 2011 at 11:33 AM, Randy Bush ra...@psg.com wrote:
It seems you are confirming that RPKI origin validation may very well
turn Internet into a swiss cheese with transient short lived holes in
it.
no, it will maintain the bgp swiss cheese. i have a tee shirt which
says bgp
On Thu, Mar 31, 2011 at 11:49 AM, Randy Bush ra...@psg.com wrote:
this also seems (to me) to imply that 'invalid == drop' policy is
global, no? I suspect for a great long while 'invalid == lowered pref'
will predominate. Hopefully when we get more comfortable and more
reasonable with
for the record, this concluded with a single set of comments that the
authors addressed... so it's falling to the next line of process
stakes: iesg review.
-Chris
On Wed, Feb 16, 2011 at 7:39 PM, Christopher Morrow
christopher.mor...@gmail.com wrote:
Ok folk,
The rpki-rtr document:
http
31, 2011 at 5:18 PM, Christopher Morrow
christopher.mor...@gmail.com wrote:
for the record, this concluded with a single set of comments that the
authors addressed... so it's falling to the next line of process
stakes: iesg review.
-Chris
On Wed, Feb 16, 2011 at 7:39 PM, Christopher Morrow
On Wed, Mar 9, 2011 at 6:22 PM, Randy Bush ra...@psg.com wrote:
I'm personally a fan of keeping things simple what's the beef
with tcp/22 here?
The set of source IPs needing access to tcp/22 for mgmt may not be the
same as the set of IPs needing access to tcp/22 for the rpki service
the
On Mon, Mar 7, 2011 at 8:58 AM, John G. Scudder j...@bgp.nu wrote:
On Mar 4, 2011, at 5:39 AM, Christopher Morrow wrote:
...
A few folks noted that perhaps 'route' was not the right word here,
perhaps NLRI is. Using a wikipedia definition:
I love Wikipedia, but the quoted definition is wrong
Howdy AD folk,
Please re-charter sidr with the new text included below. Some 103+
messages on-list boiled the original into what is now a more cogent
charter.
thanks!
-Chris
co-chair-weeble-wobble
included text goes here
(note fix to Roque's doc - algorithm-agility)
On Mon, Mar 7, 2011 at 9:18 PM, Christopher Morrow
christopher.mor...@gmail.com wrote:
Howdy AD folk,
Please re-charter sidr with the new text included below. Some 103+
messages on-list boiled the original into what is now a more cogent
charter
easy enough to add. thanks! (notethat I hadn't heard back from either
of the ADs yet, I expect they'll say something in the next few days)
-Chris
___
From: sidr-boun...@ietf.org [sidr-boun...@ietf.org] On Behalf Of Christopher
Morrow [christopher.mor...@gmail.com
On Sat, Mar 5, 2011 at 10:39 AM, Russ White r...@cisco.com wrote:
The purpose of the SIDR working group is to reduce vulnerabilities in
the inter-domain routing system. The two vulnerabilities that will be
addressed are:
* Is an Autonomous System (AS) authorized to originate an IP prefix
Ok, so a lot (102 messages on-list) was said about the recharter text here:
= = = = = = = = =
Description of Working Group:
The purpose of the SIDR working group is to reduce vulnerabilities in
the inter-domain routing system. The two vulnerabilities that will be
addressed are:
* Is an
On Mon, Feb 28, 2011 at 11:28 PM, Andrew Lange
andrew.la...@alcatel-lucent.com wrote:
If that is the case, having a set of policy objects expressing AS
relationship should do the same
thing and more with less overhead? (yes, I know that data integrity becomes
an issue, but data
integrity
On Wed, Feb 23, 2011 at 9:01 PM, Geoff Huston g...@apnic.net wrote:
Andrew,
I hope I was neutral in neither agreeing or disagreeing as to its utility in
my comment.
I was simply checking your assertion that it would be useful to have a
relationship object and gently trying to understand
On Mon, Feb 21, 2011 at 11:02 AM, Jason Schiller schil...@uu.net wrote:
On Mon, 21 Feb 2011, Russ White wrote:
|So the only security problem anyone faces, currently, is people cheating
|on the AS Path length?
I thougth my previous post (as well as other) have been pretty clear on
this
On Fri, Feb 18, 2011 at 9:54 AM, Sandra Murphy sandra.mur...@sparta.com wrote:
I am speaking here as co-chair, but without a coordinated position with my
co-chair, so take this as a personal position.
i agree with the below...
Part of doing the shepherding document writeup for a publication
(my originaly wouldn't have made it to the list... so here it is again
from the right src-addr)
On Fri, Feb 18, 2011 at 12:20 PM, Chris Morrow morr...@ops-netman.net wrote:
On 02/18/11 12:11, John Leslie wrote:
Russ White r...@cisco.com wrote:
To: Christopher Morrow christopher.mor
On Fri, Feb 18, 2011 at 1:06 PM, Russ White r...@cisco.com wrote:
Let me ask you something --does IPsec try to verify the path the packet
takes, or the contents of the packet? If the right solution for IPsec is
to validate the content of the packet, then why is the right solution
for BGP to
On Mon, Feb 7, 2011 at 8:46 PM, Terry Manderson
terry.mander...@icann.org wrote:
All,
I have uploaded a new draft at
http://www.ietf.org/id/draft-manderson-sidr-geo-00.txt
The co-authors and I would appreciate your review and feedback. I expect to
be able to present this document in Prague
State changed to Last Call Requested from Publication Requested.
ID Tracker URL: http://datatracker.ietf.org/doc/draft-ietf-sidr-iana-objects/
___
sidr mailing list
sidr@ietf.org
https://www.ietf.org/mailman/listinfo/sidr
Howdy, as mentioned a few weeks back we need to re-charter the WG in
order to move on from simply validating origination of routing
information to possibly validating path information as well, here's a
strawman charter re-work, how about we discuss some on the list and
have some more chat about it
Ok folk,
The rpki-rtr document:
http://tools.ietf.org/wg/sidr/draft-ietf-sidr-rpki-rtr
went through WGLC on version ~02, it's since had a slight mod (added a
Cache-nonce added) which is here in section 4.1:
The Cache Nonce reassures the router that the serial numbers are
comensurate, i.e.
On Tue, Feb 15, 2011 at 10:50 PM, Terry Manderson
terry.mander...@icann.org wrote:
Rev'd at the WG Co-Chair's request. Contains agreed fixes during last call
so that the chairs can progress shepherding using IETF tools.
thanks much!
-chris
Cheers
Terry
On 16/02/11 1:45 PM,
This is off to the IESG... or to Adrian/Stewart at least.
-Chris
co-chair-jammies == off
___
sidr mailing list
sidr@ietf.org
https://www.ietf.org/mailman/listinfo/sidr
201 - 300 of 330 matches
Mail list logo
