Re: [sidr] Mirja Kühlewind's No Objection on draft-ietf-sidr-bgpsec-ops-12: (with COMMENT)

2017-01-04 Thread Christopher Morrow
On Tue, Jan 3, 2017 at 6:31 PM, Randy Bush wrote: > >> ok, i have had coffee. > >> > >> as a bif gedanken experiment, posit a global registry where r0 can say > >> "i can speak bgpsec." i am a distant r1 and receive an unsigned path > >> with r0 in it. > >> o did someone before

Re: [sidr] Mirja Kühlewind's No Objection on draft-ietf-sidr-bgpsec-ops-12: (with COMMENT)

2017-01-03 Thread Randy Bush
> Agreed. I guess you could in addition be very clear that a router that > once negotiated (and/or send) BGPsec (attributes) should not be > expected to always do so. whoops! that'll be in -14. thanks. randy ___ sidr mailing list sidr@ietf.org

Re: [sidr] Mirja Kühlewind's No Objection on draft-ietf-sidr-bgpsec-ops-12: (with COMMENT)

2017-01-03 Thread Randy Bush
>> ok, i have had coffee. >> >> as a bif gedanken experiment, posit a global registry where r0 can say >> "i can speak bgpsec." i am a distant r1 and receive an unsigned path >> with r0 in it. >> o did someone before r0 on the path not speak bgpsec, so the path was >> never signed? >> o

Re: [sidr] Mirja Kühlewind's No Objection on draft-ietf-sidr-bgpsec-ops-12: (with COMMENT)

2017-01-03 Thread Sriram, Kotikalapudi (Fed)
Hi Peter, >At Tue, 3 Jan 2017 09:39:07 +0100, >Peter Hessler wrote: >> >> I'm currently not using bgpsec (or rpki for that matter). BUT, if there >> was no path to go back, I would never ever use it. Destroying my ASN >> because I wasn't ready to migrate is a straight-up

Re: [sidr] Mirja Kühlewind's No Objection on draft-ietf-sidr-bgpsec-ops-12: (with COMMENT)

2017-01-03 Thread Sriram, Kotikalapudi (Fed)
Hi Mirja, >I actually might be mixing this up with some discussion about DNSsec a while >ago, where the problem was that once enable others will remember that it was >supported and will not accept non secured requests anymore. >But as we are talking about this, could there be a similar case

Re: [sidr] Mirja Kühlewind's No Objection on draft-ietf-sidr-bgpsec-ops-12: (with COMMENT)

2017-01-03 Thread Mirja Kuehlewind (IETF)
Agreed. I guess you could in addition be very clear that a router that once negotiated (and/or send) BGPsec (attributes) should not be expected to always do so. This is implicitly said already, so please decide on your own if you’d like to add anymore text. Thanks! Mirja > Am 03.01.2017 um

Re: [sidr] Mirja Kühlewind's No Objection on draft-ietf-sidr-bgpsec-ops-12: (with COMMENT)

2017-01-03 Thread Chris Morrow
At Tue, 3 Jan 2017 09:39:07 +0100, Peter Hessler wrote: > > I'm currently not using bgpsec (or rpki for that matter). BUT, if there > was no path to go back, I would never ever use it. Destroying my ASN > because I wasn't ready to migrate is a straight-up No Go(tm). yup,

Re: [sidr] Mirja Kühlewind's No Objection on draft-ietf-sidr-bgpsec-ops-12: (with COMMENT)

2017-01-03 Thread Peter Hessler
On 2017 Jan 03 (Tue) at 10:37:38 +0900 (+0900), Randy Bush wrote: :ok, i have had coffee. : :as a bif gedanken experiment, posit a global registry where r0 can say :"i can speak bgpsec." i am a distant r1 and receive an unsigned path :with r0 in it. : o did someone before r0 on the path not

Re: [sidr] Mirja Kühlewind's No Objection on draft-ietf-sidr-bgpsec-ops-12: (with COMMENT)

2017-01-02 Thread Randy Bush
ok, i have had coffee. as a bif gedanken experiment, posit a global registry where r0 can say "i can speak bgpsec." i am a distant r1 and receive an unsigned path with r0 in it. o did someone before r0 on the path not speak bgpsec, so the path was never signed? o did someone between us

Re: [sidr] Mirja Kühlewind's No Objection on draft-ietf-sidr-bgpsec-ops-12: (with COMMENT)

2017-01-02 Thread Chris Morrow
At Tue, 03 Jan 2017 00:33:49 +0900, Randy Bush wrote: > > hi mirja, > > > could there be a similar case here, where a router is known to support > > BGPsec and others would ignore/drop non-signed announcements? > > h. as far as i can remember, this has not actually been

Re: [sidr] Mirja Kühlewind's No Objection on draft-ietf-sidr-bgpsec-ops-12: (with COMMENT)

2017-01-02 Thread Randy Bush
hi mirja, > could there be a similar case here, where a router is known to support > BGPsec and others would ignore/drop non-signed announcements? h. as far as i can remember, this has not actually been discussed. how would a router be known to support bgpsec? well, if i saw it on a

Re: [sidr] Mirja Kühlewind's No Objection on draft-ietf-sidr-bgpsec-ops-12: (with COMMENT)

2017-01-02 Thread Mirja Kuehlewind (IETF)
Hi Randy, thanks for you quick reply. I actually might be mixing this up with some discussion about DNSsec a while ago, where the problem was that once enable others will remember that it was supported and will not accept non secured requests anymore. But as we are talking about this, could

Re: [sidr] Mirja Kühlewind's No Objection on draft-ietf-sidr-bgpsec-ops-12: (with COMMENT)

2017-01-02 Thread Randy Bush
> Quick question: I'm by far not an expert here, but I remember that > there used to be some concerns that it is practical not possible to > disable BGPsec once enabled. If that's (still) true, should this be > mentioned here? i am not sure what you mean, so let me guess. an established bgp

[sidr] Mirja Kühlewind's No Objection on draft-ietf-sidr-bgpsec-ops-12: (with COMMENT)

2017-01-02 Thread Mirja Kuehlewind
Mirja Kühlewind has entered the following ballot position for draft-ietf-sidr-bgpsec-ops-12: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer