Thanks for the response. I have one remaining comment, below. I removed
sections that I think are resolved.
Thanks!
Ben.
On 14 Jan 2017, at 11:23, Sriram, Kotikalapudi (Fed) wrote:
- 8.4, last paragraph: The text describes a replay attack, and
delegates
the mitigation solution to. This is an
informational reference; it draft-ietf-sidr-bgpsec-rollover
seems like it should be normative.
The solution for mitigation of replay attacks is out of band
(in relation to the BGPsec protocol).
As I see it, draft-ietf-sidr-bgpsec-rollover proposes 'a way'
of replay attack mitigation. Techniques for key rollover /
replay attack mitigation are expected to continue to evolve.
There are various variants of the basic key rollover technique that
are discussed in this informational draft:
https://tools.ietf.org/html/draft-sriram-replay-protection-design-discussion-07
What needs to be pointed out in the BGPsec specification is that
there are solutions available for replay attack mitigation.
The above are the reasons why
draft-ietf-sidr-bgpsec-rollover is included in informational
references.
That is a reasonable response, if you think it is realistic that people
would implement solutions other than the one in the reference. It would
help if the text were more clear that draft-ietf-sider-bgpsec rollover
is an example of a possible solutions, and other solutions are possible.
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
