On Mon, Aug 10, 2009 at 2:42 AM, Terry
Mandersonterry.mander...@icann.org wrote:
On 10/08/09 4:17 PM, Randy Bush ra...@psg.com wrote:
and this is difficult why?
Not saying its difficult. Saying its a block to deployment for a LIR who has
customers that originate the assigned prefix from
On Fri, Sep 11, 2009 at 5:53 PM, David Conrad d...@virtualized.org wrote:
On Sep 7, 2009, at 9:12 AM, Randy Bush wrote:
[1] - what i have seen in the sidr wg has driven me into the group which
is extremely concerned about the rirs controling routing given
their clear lack of altruism
On Mon, Sep 21, 2009 at 6:29 PM, Jeffrey I. Schiller j...@mit.edu wrote:
On Mon, Sep 21, 2009 at 08:41:36PM +0200, Robert Kisteleki wrote:
I'm sorry for pointing out the obvious, but in _any_ system where you
receive a certificate from someone else -- like it or not -- that someone
else will
On Mon, Sep 21, 2009 at 11:57 PM, Jeffrey I. Schiller j...@mit.edu wrote:
On Mon, Sep 21, 2009 at 06:49:26PM -0400, Christopher Morrow wrote:
sure, and as it happens you can also have more than one certificate
for mozilla.com which is 'bad'.
Exactly how is this bad? Sure for S/MIME
On Tue, Sep 22, 2009 at 11:27 AM, Smith, Donald donald.sm...@qwest.com wrote:
Difficult to sell is putting it mildly.
Most ISPs don't run CAs today nor do they have the infrastructure to do so.
Neither will they want to turn over any aspect of routing control to a 3rd
party.
As a small
On Fri, Mar 19, 2010 at 8:12 PM, Randy Bush ra...@psg.com wrote:
max-len is at the choice of the issuer of the roa. it is a macro so
they do not have to issue all the smaller roas. if they don't want the
longer prefixes announced, then they should not issue the roas, whether
as individual
On a serious note(s):
o what harm does it due to just not accept these routes (globally)
and force folks to actually do the proper thing with their routers?
o how would that change if these routes could not be validated and
just lived on in the 'unknown' state?
(regular-joe-hat)
-Chris
On Wed,
On Thu, Jul 29, 2010 at 4:14 AM, Robert Kisteleki rob...@ripe.net wrote:
On 2010.07.28. 17:54, Sandra Murphy wrote:
The problem is the possibility that not accommodating legitimate BGP
updates
might result in opportunities for bad guys to get around protections.
IMO that's not the problem.
On Thu, Jul 29, 2010 at 4:14 AM, Sriram, Kotikalapudi
kotikalapudi.sri...@nist.gov wrote:
The point of my presentation was that we can treat updates with AS_SETs
duly and in accordance with RFC 4271.
No protocol modification is required.
We need not look inside the AS_SET, and also we would
On Thu, Jul 29, 2010 at 5:41 AM, Sriram, Kotikalapudi
kotikalapudi.sri...@nist.gov wrote:
Thanks, Jeff.
One more clarification request:
What do you mean when you say first non-sequence AS?
Example:
AS path : ASN3 ASN2 ASN1 [ASN25, ASN26] AGGREGATOR: AS1
Here [ASN25, ASN26] is the AS_SET.
On Wed, Sep 8, 2010 at 10:04 AM, Rob Austein s...@isc.org wrote:
I don't see any locking strategy (either modifying rsync or creating a
new RPKI object to represent a lock) as likely to work. I can go into
details if necessary, but in short there are just too many different
ways that a
SIDR-WG Folks,
Hey, pulling up a note from the grave, this seems to have gotten no
dissent so, could the authors (and implementors) go scrub the stink of
tls off?
-Chris
(wg-chair-scarf on)
On Mon, Aug 30, 2010 at 11:25 AM, Warren Kumari war...@kumari.net wrote:
On Aug 25, 2010, at 4:18 AM,
It seems that the alt-doc has some revising to be done though adoption
by the WG seems like the right path here. Some author-author
discussion is being done, with some doc updates. I think the WG wants
this to be at LC in/before Bejing. We have a month to do that work.
Unless there are complaints
today is graveyard day...
Could the WG mailing-list folks discuss this for adoption please,
given no more discussion in the next 14 days we'll move ahead with
adopting it, I think.
-Chris
(wg-co-chair tie on)
On Sat, Jul 31, 2010 at 10:28 AM, Warren Kumari war...@kumari.net wrote:
Hi there
(moving this to the other thread as well, and i dont' see the
discussion on-list so .. thanks for the vote!)
-chris
On Tue, Sep 14, 2010 at 3:14 PM, Randy Bush ra...@psg.com wrote:
Could the WG mailing-list folks discuss this for adoption please,
i think we have been here before. but clearly
On Wed, Sep 15, 2010 at 9:40 AM, Andy Newton a...@arin.net wrote:
On Sep 14, 2010, at 3:09 PM, Christopher Morrow wrote:
today is graveyard day...
Since reanimation seems to be the theme, is draft-ietf-sidr-arch dead or
undead? Its status is marked as expired.
I think this fell down due
Hey, it was 14 days... (or more) no one dissented WG-item it is!
Sam, could you please spin a re-titled -00 into the process machine?
-Chris
(wg-co-chair-airplane-neck-pillow-on)
On Tue, Sep 14, 2010 at 3:14 PM, Christopher Morrow
morrowc.li...@gmail.com wrote:
(just a change in subject
SIDR Folk,
Please take 14 days (finishing 10/30/2010) to consider the subject
draft for WG LC. There was no chatter during it's last round of WG LC,
some final edits were done by the authors and ... it's time to decide.
-chris
(wg-co-chair-cycling-socks on)
This was sent along (the requested LC message) to the list today...
see you in 2 weeks (at decision time)
-chris
(wg-co-chair-cycling-shoes == on)
On Fri, Oct 15, 2010 at 1:38 AM, Geoff Huston g...@apnic.net wrote:
Let me try that once again!
The authors have revised the text relating to the
On Sun, Oct 17, 2010 at 5:01 PM, Geoff Huston g...@apnic.net wrote:
At the risk of repeating myself again, the sooner the IDR WG deprecates
AS_SETs in the BGP spec, the better!
So... without my co-chair items of clothes on (for sidr at least, and
grow) ... there isn't a reliable and simple
On Fri, Dec 3, 2010 at 1:14 PM, Christopher Morrow
morrowc.li...@gmail.com wrote:
On Fri, Dec 3, 2010 at 1:13 PM, Christopher Morrow
morrowc.li...@gmail.com wrote:
On Fri, Dec 3, 2010 at 12:03 PM, Karen Seo k...@bbn.com wrote:
Date: Fri, 3 Dec 2010 12:02:42 -0500
To: Andrei Robachevsky
On Thu, Feb 3, 2011 at 10:59 AM, Danny McPherson da...@tcb.net wrote:
On Feb 3, 2011, at 10:47 AM, Stephen Kent wrote:
I'm a bit puzzled by your final comment above.
Path secruity includes the origin AS, and the RPKI is the mechanism adopted
by SIDR to validate the origin AS assertion for
, Christopher Morrow
christopher.mor...@gmail.com wrote:
Howdy SIDR folk,
co-chair-underoos==on - spiderman!
So, apparently I (at least) had thought this was taken care of
sometime after the Maastricht in-person meeting where I believe Terry
said he'd write this doc, in that the WG had already decided
On Fri, Feb 11, 2011 at 11:41 AM, Tony Tauber ttau...@1-4-5.net wrote:
I'm also wondering on which provider routers Randy's seeing the need for
crypto and other HW upgrades.
If it's every router that carries full routes or terminates an external BGP
session, that can be a pretty big nut to
On Fri, Feb 11, 2011 at 12:21 PM, Smith, Donald donald.sm...@qwest.com wrote:
Route filters in many ISPs are created and validated nightly and pushed to
routers if a filter change is needed.
That isn't usually done in real time. It is almost always done on COTS
hardware (not on the router
On Sat, Feb 12, 2011 at 6:19 AM, Randy Bush ra...@psg.com wrote:
Route filters in many ISPs are created and validated nightly and
pushed to routers if a filter change is needed.
That isn't usually done in real time. It is almost always done on
COTS hardware (not on the router it's self).
On Sun, Feb 13, 2011 at 7:49 AM, Russ White r...@cisco.com wrote:
I think, that today you receive a route in BGP, you believe it's
proper and pass it on. you have no real way to tell if the route was
Isn't this what NO_EXPORT is for? Is the entire point of this exercise
to encrypt one
On Sun, Feb 13, 2011 at 1:01 PM, Christopher Morrow
morrowc.li...@gmail.com wrote:
referencing all of the messages I've sent on this topic
(bgpsec-reqs-00 draft discussions) ... all said purely as a reader of
the draft and participant in the sidr wg...
co-chair-snuggie == off
thnx
On Sun, Feb 13, 2011 at 2:13 PM, Russ White r...@cisco.com wrote:
I think, that today you receive a route in BGP, you believe it's
proper and pass it on. you have no real way to tell if the route was
Isn't this what NO_EXPORT is for? Is the entire point of this exercise
to encrypt one
11, 2011, at 13:37 MST, Christopher Morrow wrote:
On Fri, Feb 11, 2011 at 10:51 AM, Shane Amante sh...@castlepoint.net wrote:
Randy,
On Jan 30, 2011, at 20:40 MST, Randy Bush wrote:
3.3 As cryptographic payloads and loading on routers are likely to
seriously increase, a BGPsec design may
On Tue, Feb 15, 2011 at 10:50 PM, Terry Manderson
terry.mander...@icann.org wrote:
Rev'd at the WG Co-Chair's request. Contains agreed fixes during last call
so that the chairs can progress shepherding using IETF tools.
thanks much!
-chris
Cheers
Terry
On 16/02/11 1:45 PM,
This is off to the IESG... or to Adrian/Stewart at least.
-Chris
co-chair-jammies == off
___
sidr mailing list
sidr@ietf.org
https://www.ietf.org/mailman/listinfo/sidr
Howdy, as mentioned a few weeks back we need to re-charter the WG in
order to move on from simply validating origination of routing
information to possibly validating path information as well, here's a
strawman charter re-work, how about we discuss some on the list and
have some more chat about it
Ok folk,
The rpki-rtr document:
http://tools.ietf.org/wg/sidr/draft-ietf-sidr-rpki-rtr
went through WGLC on version ~02, it's since had a slight mod (added a
Cache-nonce added) which is here in section 4.1:
The Cache Nonce reassures the router that the serial numbers are
comensurate, i.e.
State changed to Last Call Requested from Publication Requested.
ID Tracker URL: http://datatracker.ietf.org/doc/draft-ietf-sidr-iana-objects/
___
sidr mailing list
sidr@ietf.org
https://www.ietf.org/mailman/listinfo/sidr
On Fri, Feb 18, 2011 at 9:54 AM, Sandra Murphy sandra.mur...@sparta.com wrote:
I am speaking here as co-chair, but without a coordinated position with my
co-chair, so take this as a personal position.
i agree with the below...
Part of doing the shepherding document writeup for a publication
(my originaly wouldn't have made it to the list... so here it is again
from the right src-addr)
On Fri, Feb 18, 2011 at 12:20 PM, Chris Morrow morr...@ops-netman.net wrote:
On 02/18/11 12:11, John Leslie wrote:
Russ White r...@cisco.com wrote:
To: Christopher Morrow christopher.mor
On Fri, Feb 18, 2011 at 1:06 PM, Russ White r...@cisco.com wrote:
Let me ask you something --does IPsec try to verify the path the packet
takes, or the contents of the packet? If the right solution for IPsec is
to validate the content of the packet, then why is the right solution
for BGP to
On Mon, Feb 7, 2011 at 8:46 PM, Terry Manderson
terry.mander...@icann.org wrote:
All,
I have uploaded a new draft at
http://www.ietf.org/id/draft-manderson-sidr-geo-00.txt
The co-authors and I would appreciate your review and feedback. I expect to
be able to present this document in Prague
On Mon, Feb 21, 2011 at 11:02 AM, Jason Schiller schil...@uu.net wrote:
On Mon, 21 Feb 2011, Russ White wrote:
|So the only security problem anyone faces, currently, is people cheating
|on the AS Path length?
I thougth my previous post (as well as other) have been pretty clear on
this
On Wed, Feb 23, 2011 at 9:01 PM, Geoff Huston g...@apnic.net wrote:
Andrew,
I hope I was neutral in neither agreeing or disagreeing as to its utility in
my comment.
I was simply checking your assertion that it would be useful to have a
relationship object and gently trying to understand
On Mon, Feb 28, 2011 at 11:28 PM, Andrew Lange
andrew.la...@alcatel-lucent.com wrote:
If that is the case, having a set of policy objects expressing AS
relationship should do the same
thing and more with less overhead? (yes, I know that data integrity becomes
an issue, but data
integrity
Ok, so a lot (102 messages on-list) was said about the recharter text here:
= = = = = = = = =
Description of Working Group:
The purpose of the SIDR working group is to reduce vulnerabilities in
the inter-domain routing system. The two vulnerabilities that will be
addressed are:
* Is an
On Sat, Mar 5, 2011 at 10:39 AM, Russ White r...@cisco.com wrote:
The purpose of the SIDR working group is to reduce vulnerabilities in
the inter-domain routing system. The two vulnerabilities that will be
addressed are:
* Is an Autonomous System (AS) authorized to originate an IP prefix
easy enough to add. thanks! (notethat I hadn't heard back from either
of the ADs yet, I expect they'll say something in the next few days)
-Chris
___
From: sidr-boun...@ietf.org [sidr-boun...@ietf.org] On Behalf Of Christopher
Morrow [christopher.mor...@gmail.com
On Mon, Mar 7, 2011 at 8:58 AM, John G. Scudder j...@bgp.nu wrote:
On Mar 4, 2011, at 5:39 AM, Christopher Morrow wrote:
...
A few folks noted that perhaps 'route' was not the right word here,
perhaps NLRI is. Using a wikipedia definition:
I love Wikipedia, but the quoted definition is wrong
Howdy AD folk,
Please re-charter sidr with the new text included below. Some 103+
messages on-list boiled the original into what is now a more cogent
charter.
thanks!
-Chris
co-chair-weeble-wobble
included text goes here
(note fix to Roque's doc - algorithm-agility)
On Mon, Mar 7, 2011 at 9:18 PM, Christopher Morrow
christopher.mor...@gmail.com wrote:
Howdy AD folk,
Please re-charter sidr with the new text included below. Some 103+
messages on-list boiled the original into what is now a more cogent
charter
On Wed, Mar 9, 2011 at 6:22 PM, Randy Bush ra...@psg.com wrote:
I'm personally a fan of keeping things simple what's the beef
with tcp/22 here?
The set of source IPs needing access to tcp/22 for mgmt may not be the
same as the set of IPs needing access to tcp/22 for the rpki service
the
On Thu, Mar 31, 2011 at 11:33 AM, Randy Bush ra...@psg.com wrote:
It seems you are confirming that RPKI origin validation may very well
turn Internet into a swiss cheese with transient short lived holes in
it.
no, it will maintain the bgp swiss cheese. i have a tee shirt which
says bgp
On Thu, Mar 31, 2011 at 11:49 AM, Randy Bush ra...@psg.com wrote:
this also seems (to me) to imply that 'invalid == drop' policy is
global, no? I suspect for a great long while 'invalid == lowered pref'
will predominate. Hopefully when we get more comfortable and more
reasonable with
for the record, this concluded with a single set of comments that the
authors addressed... so it's falling to the next line of process
stakes: iesg review.
-Chris
On Wed, Feb 16, 2011 at 7:39 PM, Christopher Morrow
christopher.mor...@gmail.com wrote:
Ok folk,
The rpki-rtr document:
http
31, 2011 at 5:18 PM, Christopher Morrow
christopher.mor...@gmail.com wrote:
for the record, this concluded with a single set of comments that the
authors addressed... so it's falling to the next line of process
stakes: iesg review.
-Chris
On Wed, Feb 16, 2011 at 7:39 PM, Christopher Morrow
On Fri, Apr 1, 2011 at 11:05 PM, Hannes Gredler han...@juniper.net wrote:
On Fri, Apr 01, 2011 at 10:17:44PM +0200, Matthias Waehlisch wrote:
| Hi John,
|
| On Fri, 1 Apr 2011, John Scudder wrote:
|
| i propose that i rev the doc to say
| o the transport must provide authentication and
On Mon, Apr 4, 2011 at 8:50 AM, Hannes Gredler han...@juniper.net wrote:
On Mon, Apr 04, 2011 at 08:22:42AM -0400, Danny McPherson wrote:
|
| On Apr 4, 2011, at 4:32 AM, Hannes Gredler wrote:
|
|
| so my question is: why do we need to solve the same problem
| (= protecting message
On Thu, Apr 7, 2011 at 12:30 AM, Brian Weis b...@cisco.com wrote:
On Apr 6, 2011, at 5:46 PM, Randy Bush wrote:
Getting a new application (such as the rtr protocol) specifying
hmac-md5 mandatory to implement through a Secdir review and then the
Security ADs just won't happen. The only
On Thu, Apr 7, 2011 at 6:44 PM, Randy Bush ra...@psg.com wrote:
Possibly the use of md5 would be more palatable to the security area
if the protocol were Experimental rather than Standards-Track. If the
authors and chairs would be willing to make that change
not a chance in hell. the
On Fri, Apr 8, 2011 at 12:20 AM, Pradosh Mohapatra pmoha...@cisco.com wrote:
We seem to be in a bit of a jam :( I don't think SIDR is going to be
able to, by declaration, get opensource implementations of AO to
appear. I don't see non-open-source implementations on the server side
for tcp-md5
So.. round and round the rosemary bush we go, still we have no actual
things that run actual tcp-ao, so given that can we either:
1) use md5 (as a MUST, with ssh as a MAY) and rev the doc at a later
point to say that AO is a MUST and remove md5
2) move this doc along the path
3) get
first, thanks! :)
On Wed, Apr 20, 2011 at 4:29 PM, Joe Touch to...@isi.edu wrote:
Hi, all,
I've reviewed the discussion about mandatory-to-implement connection
security that dates back to Morrow's post of 1 Apr:
http://www.ietf.org/mail-archive/web/sidr/current/msg02623.html
I'd like to
(hate to jump into the fray, but...)
On Tue, Apr 26, 2011 at 1:30 AM, Randy Bush ra...@psg.com wrote:
so, i have hacked
As a router must evaluate certificates and ROAs which are time
dependent, routers' clocks MUST be correct to a tolerance of
approximately an hour.
does there need
According to: http://www.ietf.org/mail-archive/web/idr/current/msg05298.html
There's a last-call ending tomorrow (perhaps?) which SIDR folk may
want to review/etc, sorry for the late notice on this.
-chris
___
sidr mailing list
sidr@ietf.org
like ... 1 month ago, and I forgot to post a note to the list.
sorry!
-chris
/wg-co-chair-finger-cot off
___
sidr mailing list
sidr@ietf.org
https://www.ietf.org/mailman/listinfo/sidr
this sort of thing
inside a single ASN (or single administrative domain) is this
something that's less critical?
Just my 0.02£
Tom Petch
- Original Message -
From: Christopher Morrow morrowc.li...@gmail.com
To: Joe Touch to...@isi.edu
Cc: t.petch ie...@btconnect.com; sidr wg list sidr
On Tue, May 31, 2011 at 1:29 PM, Randy Bush ra...@psg.com wrote:
Not at all. What I'm trying to say is that the IPv6 RIB is already
growing at about 60% y/y. Further, the transition to IPv6 _may_
trigger de-aggregation within the IPv4 RIB, as we maximize the
utilization of the v4 address
On Tue, May 31, 2011 at 1:44 PM, Randy Bush ra...@psg.com wrote:
sriram was working on the effects of bgpsec on the growth rate, not
every other game being played in town. give the man a break.
to be fair to both parties... the excel can be adjusted if you so
desire.
true. and we could
a kind reader thunked me on the noggin'...
On Fri, Jun 3, 2011 at 2:06 AM, Christopher Morrow
morrowc.li...@gmail.com wrote:
Security-AD folks,
Over here in the SIDR WG we've been batting around a problem related
to secure authentication of TCP endpoints, essentially how can we
specify TODAY
On Fri, Jun 3, 2011 at 5:33 PM, Uma Chunduri uma.chund...@ericsson.com wrote:
-Original Message-
From: John Scudder [mailto:j...@juniper.net]
Sent: Friday, June 03, 2011 1:53 PM
To: Uma Chunduri
Cc: Christopher Morrow; sidr@ietf.org; sidr-cha...@ietf.org; Sean Turner;
stephen.farr
On Fri, Jun 3, 2011 at 10:15 PM, Uma Chunduri uma.chund...@ericsson.com wrote:
-Original Message-
From: christopher.mor...@gmail.com [mailto:christopher.mor...@gmail.com] On
Behalf Of Christopher Morrow
Sent: Friday, June 03, 2011 6:11 PM
To: Uma Chunduri
Cc: Sandra Murphy
Oopsy, Sandy asked that someone (and pointed at me) call some sort of
consensus on this doc and move it along (or punt it to the authors for
more work).
It seems there were a few folks willing to read the doc (and comment),
some further work was done and we have a version 8 now:
We seem to have sat on this a bit and cogitated... are we prepared to
call -02 'good enough to progress' and ask for WGLC??
-Chris
On Wed, Jun 22, 2011 at 5:14 AM, Terry Manderson
terry.mander...@icann.org wrote:
The second ROA (ROA 2) below would of course be address 10.1.0.0/20
maxlength
, Christopher Morrow morrowc.li...@gmail.com wrote:
We seem to have sat on this a bit and cogitated... are we prepared to
call -02 'good enough to progress' and ask for WGLC??
-Chris
On Wed, Jun 22, 2011 at 5:14 AM, Terry Manderson
terry.mander...@icann.org wrote:
The second ROA (ROA 2) below would
Hello work-group-readers,
The authors did some significant work on this doc, it seems to have
settled into a groove, could we get some input on where this stands?
This is a WGLC for the document which should end: 09/22/2011 (Sept 22,
2011 for those with the other flavor of clocks).
document link:
On Fri, Sep 9, 2011 at 12:19 PM, Randy Bush ra...@psg.com wrote:
as a vendor friend says, if ipv6 deploys, insha allah, we're gonna
be upgrading those routers to do real v6 forwarding. if it does not
deploy, you will be deploying massively bigger boxes to nat your ass
into
On Mon, Sep 12, 2011 at 2:28 PM, George, Wesley
wesley.geo...@twcable.com wrote:
-Original Message-
From: christopher.mor...@gmail.com [mailto:christopher.mor...@gmail.com] On
Behalf Of Christopher Morrow
Sent: Sunday, September 11, 2011 11:26 PM
To: Randy Bush; George, Wesley
Cc
On Wed, Aug 24, 2011 at 8:07 PM, Joe Touch to...@isi.edu wrote:
On 8/24/2011 3:57 PM, Paul Hoffman wrote:
On Aug 24, 2011, at 2:45 PM, Joe Touch wrote:
On 8/24/2011 1:27 PM, Paul Hoffman wrote:
On Aug 24, 2011, at 12:19 PM, Joe Touch wrote:
Is there ever a reason that this service
On Sun, Oct 9, 2011 at 10:10 AM, Randy Bush ra...@psg.com wrote:
could the chairs please pass $subject to the iesg? i am only aware of
one possible issue raised in wglc, tp asked for a hyphen somewhere but
did not respond to my asking him to be specific where. if this mystery
is solved, i
On Fri, Oct 14, 2011 at 12:52 PM, t.petch ie...@btconnect.com wrote:
- Original Message -
From: Christopher Morrow morrowc.li...@gmail.com
To: Randy Bush ra...@psg.com; t.petch ie...@btconnect.com; Samuel
Weiler wei...@watson.org
Cc: sidr wg list sidr@ietf.org
Sent: Friday, October
Two folks seem to have given this a read-through, is that all the
interest that exists? is documenting how originators of routes ought
to think/use/abuse RPKI not something we should do here?
please chime in if you've given this a read and are onboard with it
moving forward.
-chris
On Sat, Oct
On Thu, Oct 20, 2011 at 10:50 AM, Sandra Murphy
sandra.mur...@sparta.com wrote:
The authors have requested a WG LC for draft Algorithm Agility Procedure
for RPKI.
The document and the draft version history are available at
http://tools.ietf.org/html/draft-ietf-sidr-algorithm-agility-03
The
Seems that the authors, at least, expect this doc to be prepared for
WGLC, could we do that concluding 11/11/11 please?
Draft link: http://tools.ietf.org/wg/sidr/draft-ietf-sidr-bgpsec-reqs/
01 link: http://tools.ietf.org/html/draft-ietf-sidr-bgpsec-reqs
diff link:
On Fri, Nov 4, 2011 at 9:29 PM, Eric Osterweil eosterw...@verisign.com wrote:
As for Pakistan, iirc that was an origin hijack. In this case, the origin
authenticity was the issue, and that problem should be solved through
resource certification.
or by simply applying a filter to your
On Fri, Nov 4, 2011 at 10:39 PM, Shane Amante sh...@castlepoint.net wrote:
Hi Chris,
chello!
On Nov 4, 2011, at 3:07 PM, Christopher Morrow wrote:
On Fri, Nov 4, 2011 at 3:05 PM, Eric Osterweil eosterw...@verisign.com
wrote:
This is a list of three questions. Until there is discussion
On Fri, Nov 4, 2011 at 11:12 PM, Shane Amante sh...@castlepoint.net wrote:
agreed, some manner of prefix + as-path seems like it'd sure solve
this problem. :(
Please note that, for the specific case above, I did not mention
complicated burdensome prefix-list filtering … just AS_PATH sanity
-
From: Jakob Heitz [mailto:jakob.he...@ericsson.com]
Sent: Tuesday, November 08, 2011 12:09 PM
To: Sriram, Kotikalapudi
Cc: Christopher Morrow; Eric Osterweil; sidr wg list
Subject: Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-reqs
Proposal was 24 hour beacon timeout and 3 beacons per timeout
be different, of
course.
-chris
-Original Message-
From: sidr-boun...@ietf.org [mailto:sidr-boun...@ietf.org] On Behalf
Of Eric Osterweil
Sent: Thursday, November 10, 2011 10:46 AM
To: Christopher Morrow
Cc: Sriram, Kotikalapudi; sidr wg list
Subject: Re: [sidr] WGLC: draft-ietf-sidr
On Fri, Nov 11, 2011 at 8:49 AM, Danny McPherson da...@tcb.net wrote:
On Nov 11, 2011, at 8:19 AM, Christopher Morrow wrote:
There's actually some research on this, I recall the number 'globally'
as 1.2 avg packing... but internally, that may be different, of
course.
I'd be interested
Checking back on this... I see that Randy had rev'd the document since
this last conversation-set ... Danny has 2 editorial changes and 1
'large' comment... I don't yet see any feedback on those, but the
previous set of comments/requests are taken care of to the original
peoples' satsifaction?
I
On Mon, Nov 14, 2011 at 1:24 AM, Danny McPherson da...@tcb.net wrote:
On Nov 13, 2011, at 11:03 PM, Christopher Morrow wrote:
I suspect some feedback to Danny will come soonish, but can we close
out the other set of requests?
Chris,
I'm not sure I understand the request, can you clarify
On Mon, Nov 14, 2011 at 1:41 AM, George, Wes wesley.geo...@twcable.com wrote:
From: christopher.mor...@gmail.com
there were a slew of changes (or a slew of comments made) requested, a
document update happened ~13 days ago, did the changes account for the
comments/requests or not?
[WEG] I
in the case you missed the note at the beginning, a nice gentleman
from Orange is going to videotape the entire slide-sets being
presented. Be aware of this when you walk to the mic/etc.
(If you have a problem with it, speak up first and he'll be nice)
thanks!
-chris
Elisa,
In the meeting you noted that:
Some route servers don't have an ASN, some use a private-asn
Do you have some examples of these? Some quick doc searching (not by
me) noted that all docs point to using a public-ASN... Err, so
confusion reigns, could you help here?
-chris
On Wed, Nov 16, 2011 at 12:29 AM, Brian Dickson
brian.peter.dick...@gmail.com wrote:
Understanding the real threats, and worked, real-world examples, is
important.
I cannot believe anyone in this WG would be ignorant of things like this:
On Wed, Nov 16, 2011 at 12:56 AM, Brian Dickson
brian.peter.dick...@gmail.com wrote:
On Wed, Nov 16, 2011 at 12:35 AM, Christopher Morrow
morrowc.li...@gmail.com wrote:
you may be willing to do same, you may also be willing to do this in
the case of internal services routes that you don't
On Wed, Nov 16, 2011 at 7:48 PM, Russ White ru...@riw.us wrote:
Does this now allow me to send passwords in the clear on the internet?
1. Protection means to know that the site you intend to get to is
actually the site you reach.
2. Part of this protection requires protecting the routing
On Thu, Nov 17, 2011 at 12:50 PM, Brian Dickson
brian.peter.dick...@gmail.com wrote:
Here's the thing - if all-A chains continue to exist until Phase 4,
_and_ fallback to Suite A is required, this is a downgrade-attack
vulnerability.
It seems to me that as long as there are consumers of cert
On Mon, Nov 21, 2011 at 6:08 PM, Shane Amante sh...@castlepoint.net wrote:
Hi Chris,
howdy!
On Nov 20, 2011, at 10:35 PM, Christopher Morrow wrote:
On Wed, Nov 16, 2011 at 11:23 PM, Danny McPherson da...@tcb.net wrote:
Team,
I've updated this draft based on some feedback received already
On Mon, Nov 21, 2011 at 11:15 PM, Terry Manderson te...@terrym.net wrote:
Speaking for myself on this one.
On 22/11/2011, at 12:47 PM, Christopher Morrow wrote:
ok, so if we step forward and ask for 'give me an attribute to
indicate customer/peer/other', would we then trust that? it'd
On Tue, Nov 29, 2011 at 10:27 AM, Stephen Kent k...@bbn.com wrote:
There are controls to allow RPs to ignore the expiration of the certs for
the widget maker, but that's not the best outcome. Ultimately the widget
maker
would like to have a new CA cert issued to it, and continue to manage the'
On Sat, Feb 4, 2012 at 1:01 PM, Wes Hardaker wjh...@hardakers.net wrote:
On Thu, 15 Dec 2011 15:56:44 -0800, Randy Bush ra...@psg.com said:
RB As you say, NetConf is for *configuring* routers. RPKI-rtr is not used
RB for router configuration, but rather dynamic data, a la IS-IS or BGP.
RB In
1 - 100 of 330 matches
Mail list logo