On Wed, Mar 21, 2012 at 1:40 PM, Stephen Kent <[email protected]> wrote: > ** > At 11:50 AM -0400 3/21/12, Brian Dickson wrote: > > On Wed, Mar 21, 2012 at 11:37 AM, Montgomery, Douglas <[email protected]> > wrote: > > By "we" I assume you are asking the bigger question about what the broad > requirements / objectives should be. > > The current BGPSEC design, chooses to only focus on the protocol on the > wire, and starts with the attributes that had both an identified threat > and a existence proof of a reasonable mechanism to address that threat. > > > If that statement were true, I think there would be much more support and > progress > for the bgpsec-protocol component of the SIDR WG. > > However, the current interpretation (by whom, is not clear) seems to be, > > that only certain attributes (AS-path and nothing else?) are included in > what is protected. > > > The WG charter states which BGP vulnerabilities are to be addressed. The > choice of which attributes need to be protected is, I believe, consistent > with the charter. > > > I disagree (vehemently, I might add.)
Here's the charter: *The purpose of the SIDR working group is to reduce vulnerabilities in * * the inter-domain routing system.* The two vulnerabilities that will be addressed are: * Is an Autonomous System (AS) authorized to originate an IP prefix * Is the AS-Path represented in the route the same as the path through which the NLRI traveled *The SIDR working group will take practical deployability into consideration. * Building upon the already completed and implemented framework: * Resource Public Key Infrastructure (RPKI) * Distribution of RPKI data to routing devices and its use in operational networks * Document the use of certification objects within the secure routing architecture *This working group will specify security enhancements for inter-domain * * routing protocols. * I have added emphasis (bold) to illustrate that the charter does not _exhaustively_ state which vulnerabilities are to be addressed. It does mandate two specific required vulnerabilities, but does not exclude anything. In fact, and I believe I am far from alone in this regard, the bold items in the charter give license to address other vulnerabilities. I would also opine, that _not_ addressing other, identifiable and identified vulnerabilities, would be seen by the rest of the IETF and by the "users" of BGP (operators of the >>30k ASNs) as a massive #FAIL. This can be reduced to english semantics: "The two vulnerabilities", is semantically distinct from "The _only_ two vulnerabilities". You (SK) seem to be arguing that the latter is the case. The charter says the former. If someone (e.g. the AD) is exercising some authority over the WG to restrict us to the latter, I believe the appropriate way to resolve this is to re-charter to remove all ambiguity in the matter, one way or the other. That is, unless it is merely a matter of interpreting the words of the charter incorrectly, in which case, let's just get on with updating the threat model and finding solutions. Brian
_______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
