Re: [sidr] AD Review of sidr-origin-validation-signaling-09

Hi! Yes, the text below works for me. And I would assume it works for Tero as well. Thanks!! Alvaro. On 11/30/16, 11:20 AM, "John G. Scudder" > wrote: On Nov 30, 2016, at 9:18 AM, Randy Bush > wrote: section 4.5

Re: [sidr] AD Review of sidr-origin-validation-signaling-09

At Wed, 30 Nov 2016 05:37:24 -0800, Randy Bush wrote: > > >>> and stitching back together the tcp session... same effect. > >> > >> Not sure why you have to stitch back together the TCP session? I > >> thought you were supposing the "attacker" was the edge node, it can > >> just

Re: [sidr] AD Review of sidr-origin-validation-signaling-09

> ideally you also backstop that with some protections (tcp-ao, of > course!) and cash will fall from the sky ___ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr

Re: [sidr] AD Review of sidr-origin-validation-signaling-09

On Nov 30, 2016, at 9:18 AM, Randy Bush wrote: > section 4.5 of 4593 is relevant, or all of sec 4 Thanks, used in the text below. > i am kinda sad that 7132 is not too good on this I looked there first but it's a *path* security threat model so can't really be blamed for not

Re: [sidr] Current document status && directionz

And again, restarting... post meeting and post travel refocusing :) On Wed, Oct 26, 2016 at 11:35 AM, Christopher Morrow < morrowc.li...@gmail.com> wrote: > Restarting this thread, with some updates :) > > Preparing for Seoul in a few weeks time, with the intent that we do not > meet

[sidr] I-D Action: draft-ietf-sidr-origin-validation-signaling-10.txt

A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Secure Inter-Domain Routing of the IETF. Title : BGP Prefix Origin Validation State Extended Community Authors : Pradosh Mohapatra

Re: [sidr] I-D Action: draft-ietf-sidr-origin-validation-signaling-10.txt

Updated security section to reflect SecDir and AD review. --John > On Nov 30, 2016, at 12:32 PM, internet-dra...@ietf.org wrote: > > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the Secure Inter-Domain Routing of the IETF.

Re: [sidr] AD Review of sidr-origin-validation-signaling-09

>>> and stitching back together the tcp session... same effect. >> >> Not sure why you have to stitch back together the TCP session? I >> thought you were supposing the "attacker" was the edge node, it can >> just apply an export policy towards the core. > > say the case is inside your network,

Re: [sidr] Current document status && directionz

>> draft-ietf-sidr-bgpsec-ops waiting to rev when iesg and whomever reviews are in. if someone wants an earlier push, shout. >> draft-ietf-sidr-lta-use-cases i thought this was post last call >> draft-ietf-sidr-rtr-keying i thought this was done randy

Re: [sidr] Current document status && directionz

Chris, I would like to take this thread to request for comments on how to move on SLURM. During the Seoul meeting, Tim suggested moving it to SIDROPS since SIDR is being closed. Yet I had the impression that the AD hopes keeping the list/structure going until current work items are done.

Re: [sidr] AD Review of sidr-origin-validation-signaling-09

> I guess I will wait for Alvaro to answer, but so far I'm not seeing > the need for anything more than a couple lines that remind the reader > of the basic (in)security properties of BGP, maybe an RFC 4272 > reference. section 4.5 of 4593 is relevant, or all of sec 4 i am kinda sad that 7132 is

Re: [sidr] AD Review of sidr-origin-validation-signaling-09

On Nov 30, 2016, at 8:37 AM, Randy Bush wrote: > the point is the tcp 'stream' does not have to be hacked in any way. > the hack is at a layer above. I agree. I also agree with your earlier On Nov 29, 2016, at 8:40 PM, Randy Bush wrote: > none of this is new. I