On 07/10/2008, at 2:15 PM, Vishwas Manral wrote:
I had raised issues about SIDR and we had a long healthy discussion on
it in February on the SIDR as well as the OPSEC lists.
I had written a draft too but I guess it did not get promoted enough.
Do have a look at :
www.archivum.info/[EMAIL PROTECTED]/2008-02/msg00035.html and let me know
what you think about the ideas of the draft.
Thanks,
Vishwas
WG Chair HAT *ON*
Vishwas,
Thanks for your pointer and the reference you the draft you had
written earlier this year.
The charter of the SIDR working group (http://www.ietf.org/html.charters/sidr-charter.html
) includes the following:
"Document specific routing functionality modules within this
architecture that are designed to address specific secure routing
requirements as they are determined by the RPSEC Working Group"
To date, the RPSEC Working Group has concluded that securing the
origination of routing advertisements IS a secure routing requirement,
and on that basis the SIDR Working Group has been working on
mechanisms that will allow the origination of route objects to be
secured. The work on ROAs in precisely focused on this requirement.
The comments you reference, and the draft you cite, appear to point to
a requirement relating to AS path security, and the specification of
mechanisms that would allow relying parties to detect efforts by third
parties to place false information into the AS Path of a routing
advertisement. This precise nature of this requirement has been the
subject of an extended study in the RPSEC Working Group, and the
precise security requirements arising from that study are still
somewhat unclear at the moment. I refer you to the RPSEC Working Group
and its drafts and mailing list archives for more details on this
study. At this stage it is my understanding, as a co-chair of the SIDR
Working Group, that the general subject of AS Path validation has not
yet been passed over to SIDR as a well-defined security requirement
from the RPSEC Working Group, or from the Area Director in the form of
a revised charter for this Working Group.
At some stage its likely that this will be part of the SIDR WG
activities, and your contributions regarding effective and secure
mechanism to safeguard the AS Path from various forms of unauthorized
alteration would be welcome. However, before you brush up your
previous draft and resubmit it, you may find some broad background
reading on this topic to be helpful to your contribution, as the topic
of securing the inter-domain routing system is one that has been the
subject of a considerable number of research and operational papers as
well as the subject of various efforts in the IETF and elsewhere over
the past decade or so.
kind regards,
Geoff Huston
This time speaking as the co-chair of this Working Group
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
