Re: [sidr] WGLC: draft-ietf-sidr-rpsl-sig - End Jul 02 2015

[Sandra Murphy]

The authors submitted a revision 
https://tools.ietf.org/html/draft-ietf-sidr-rpsl-sig-08 last week.

It would be awesome to receive confirmation from the commenters that their 
comments have been adequately addressed.

If no confirmations are received, the chairs will make their own determination.

Please confirm by Friday 23 Oct.

—Sandy, speaking as one of the co-chairs

On Sep 10, 2015, at 1:44 PM, Christopher Morrow  wrote:

> On Thu, Sep 10, 2015 at 1:15 PM, Stephen Kent  wrote:
>> Chris,
>> 
>> Since I was just a person offering suggested edits, I presume this message
>> is really directed to the doc authors, right?
>> 
> 
> yes indeed... to the authors and other folk who offered suggested
> edits (if they did hear back that'd be good to know)
> 
> -chris
> 
>> Steve
>> 
>> 
>> 
>>> Howdy!
>>> there was a flurry of activity, some comments that seemed useful I
>>> didn't see an update to the doc though yet?
>>> 
>>> It's cool if that's waiting in the wings behind other work, just
>>> checking on status though.
>>> 
>>> On Tue, Jun 30, 2015 at 3:42 PM, Stephen Kent  wrote:
 
 I made a few edits to correct spelling errors. I also have some questions
 about
 ambiguities in the text and some suggestions for adding text to warn
 relying
 parties
 about the danger of assuming that all signed attributes in an RPSL object
 are
 trustworthy/valid.
 
 I have attached a PDF of the MS Word reviewed text.
 
 Steve
 
 
 
 
 ___
 sidr mailing list
 sidr@ietf.org
 https://www.ietf.org/mailman/listinfo/sidr
 
>> 
> 
> ___
> sidr mailing list
> sidr@ietf.org
> https://www.ietf.org/mailman/listinfo/sidr



signature.asc
Description: Message signed with OpenPGP using GPGMail
___
sidr mailing list
sidr@ietf.org
https://www.ietf.org/mailman/listinfo/sidr

[sidr] as-migration nit in bgpsec-protocol-13

[George, Wes]

I just made another pass through sidr-as-migration and bgpsec-protocol-13
back to back to make sure that they are in sync, and I only found one
sentence in the security considerations (7.4) that probably needs to be
changed:

Current:
However, entities other than route servers could
   conceivably use this mechanism (set the pCount to zero) to attract
   traffic (by reducing the effective length of the AS-PATH)
   illegitimately.  This risk is largely mitigated if every BGPsec
   speaker drops incoming update messages that set pCount to zero but
   come from a peer that is not a route server.


Proposed:
... if every BGPsec
speaker drops incoming update messages that set pCount to zero unless
explicitly configured to accept them from a specific peer where pCount=0
messages are expected, such as a route server.

Thanks,

Wes


On 7/6/15, 7:21 PM, "sidr on behalf of internet-dra...@ietf.org"
 wrote:

>
>A New Internet-Draft is available from the on-line Internet-Drafts
>directories.
> This draft is a work item of the Secure Inter-Domain Routing Working
>Group of the IETF.
>
>Title   : BGPsec Protocol Specification
>Author  : Matthew Lepinski
>Filename: draft-ietf-sidr-bgpsec-protocol-13.txt
>Pages   : 39
>Date: 2015-07-06
>
>Abstract:
>   This document describes BGPsec, an extension to the Border Gateway
>   Protocol (BGP) that provides security for the path of autonomous
>   systems through which a BGP update message passes.  BGPsec is
>   implemented via a new optional non-transitive BGP path attribute that
>   carries a digital signature produced by each autonomous system that
>   propagates the update message.
>
>
>
>The IETF datatracker status page for this draft is:
>https://datatracker.ietf.org/doc/draft-ietf-sidr-bgpsec-protocol/
>
>There's also a htmlized version available at:
>https://tools.ietf.org/html/draft-ietf-sidr-bgpsec-protocol-13
>
>A diff from the previous version is available at:
>https://www.ietf.org/rfcdiff?url2=draft-ietf-sidr-bgpsec-protocol-13
>
>
>Please note that it may take a couple of minutes from the time of
>submission
>until the htmlized version and diff are available at tools.ietf.org.
>
>Internet-Drafts are also available by anonymous FTP at:
>ftp://ftp.ietf.org/internet-drafts/
>
>___
>sidr mailing list
>sidr@ietf.org
>https://www.ietf.org/mailman/listinfo/sidr




This E-mail and any of its attachments may contain Time Warner Cable 
proprietary information, which is privileged, confidential, or subject to 
copyright belonging to Time Warner Cable. This E-mail is intended solely for 
the use of the individual or entity to which it is addressed. If you are not 
the intended recipient of this E-mail, you are hereby notified that any 
dissemination, distribution, copying, or action taken in relation to the 
contents of and attachments to this E-mail is strictly prohibited and may be 
unlawful. If you have received this E-mail in error, please notify the sender 
immediately and permanently delete the original and any copy of this E-mail and 
any printout.
___
sidr mailing list
sidr@ietf.org
https://www.ietf.org/mailman/listinfo/sidr

[sidr] I-D Action: draft-ietf-sidr-as-migration-04.txt

[internet-drafts]

A New Internet-Draft is available from the on-line Internet-Drafts directories.
 This draft is a work item of the Secure Inter-Domain Routing Working Group of 
the IETF.

Title   : BGPSec Considerations for AS Migration
Authors : Wesley George
  Sandy Murphy
Filename: draft-ietf-sidr-as-migration-04.txt
Pages   : 15
Date: 2015-10-16

Abstract:
   This document discusses considerations and methods for supporting and
   securing a common method for AS-Migration within the BGPSec protocol.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-sidr-as-migration/

There's also a htmlized version available at:
https://tools.ietf.org/html/draft-ietf-sidr-as-migration-04

A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-sidr-as-migration-04


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

___
sidr mailing list
sidr@ietf.org
https://www.ietf.org/mailman/listinfo/sidr

Re: [sidr] I-D Action: draft-ietf-sidr-as-migration-04.txt

[George, Wes]

I believe that this draft is complete and ready to move forward. This
version addresses AD-review comments received at WGLC, so I think we're
just waiting for it to be resubmitted to IESG for IETF LC, as the changes
made were likely not substantive enough to require a new WGLC. I do *not*
need time to discuss this during the meeting either.

Thanks,

Wes




On 10/16/15, 11:53 AM, "sidr on behalf of internet-dra...@ietf.org"
 wrote:

>
>A New Internet-Draft is available from the on-line Internet-Drafts
>directories.
> This draft is a work item of the Secure Inter-Domain Routing Working
>Group of the IETF.
>
>Title   : BGPSec Considerations for AS Migration
>Authors : Wesley George
>  Sandy Murphy
>Filename: draft-ietf-sidr-as-migration-04.txt
>Pages   : 15
>Date: 2015-10-16
>
>Abstract:
>   This document discusses considerations and methods for supporting and
>   securing a common method for AS-Migration within the BGPSec protocol.
>
>
>The IETF datatracker status page for this draft is:
>https://datatracker.ietf.org/doc/draft-ietf-sidr-as-migration/
>
>There's also a htmlized version available at:
>https://tools.ietf.org/html/draft-ietf-sidr-as-migration-04
>
>A diff from the previous version is available at:
>https://www.ietf.org/rfcdiff?url2=draft-ietf-sidr-as-migration-04
>
>
>Please note that it may take a couple of minutes from the time of
>submission
>until the htmlized version and diff are available at tools.ietf.org.
>
>Internet-Drafts are also available by anonymous FTP at:
>ftp://ftp.ietf.org/internet-drafts/
>
>___
>sidr mailing list
>sidr@ietf.org
>https://www.ietf.org/mailman/listinfo/sidr




This E-mail and any of its attachments may contain Time Warner Cable 
proprietary information, which is privileged, confidential, or subject to 
copyright belonging to Time Warner Cable. This E-mail is intended solely for 
the use of the individual or entity to which it is addressed. If you are not 
the intended recipient of this E-mail, you are hereby notified that any 
dissemination, distribution, copying, or action taken in relation to the 
contents of and attachments to this E-mail is strictly prohibited and may be 
unlawful. If you have received this E-mail in error, please notify the sender 
immediately and permanently delete the original and any copy of this E-mail and 
any printout.
___
sidr mailing list
sidr@ietf.org
https://www.ietf.org/mailman/listinfo/sidr

Re: [sidr] I-D Action: draft-ietf-sidr-bgpsec-protocol-13.txt

[Sriram, Kotikalapudi]

Hi Matt,


A few notes below (one editorial and one substantive).
There is a typo in this sentence (page 11):
In particular, the BGPsec
   attribute SHOULD NOT be removed even in the case where the BGPsec
   update message *has not* been that *has not* successfully validated.
Repeat of 'has not' above. May be the sentence was meant to read as follows?
In particular, the BGPsec
   attribute SHOULD NOT be removed even in the case where the BGPsec
   update message has not been validated (not attempted) or has not been 
successfully validated.
Substantive comment 
Looking at this on page 23,
"BGPsec update messages do not contain an AS_PATH attribute.
   Therefore, a BGPsec speaker MUST utilize the AS path information in
   the BGPsec_Path attribute in all cases where it would otherwise use
   the AS path information in the AS_PATH attribute.  The only exception
   to this rule is when AS path information must be updated in order to
   propagate a route to a peer (in which case the BGPsec speaker follows
   the instructions in Section 
4)."
What is being said in the second sentence above is not clear.
No exception applies if the peer is BGPsec capable and negotiated BGPsec.
So is the exception for the case when the peer is non-BGPsec?
May the fix is to replace this (current):
"The only exception
   to this rule is when AS path information must be updated in order to
   propagate a route to a peer (in which case the BGPsec speaker follows
   the instructions in Section 
4)."
with the following (proposed):
The only exception
   to this rule is when AS path information must be re-formatted to AS_PATH in 
order to
   propagate a route to a non-BGPsec peer (in which case the BGPsec speaker 
follows
   the instructions in Section 4.4).
Sriram


___
sidr mailing list
sidr@ietf.org
https://www.ietf.org/mailman/listinfo/sidr

[sidr] I-D Action: draft-ietf-sidr-rpki-oob-setup-02.txt

[internet-drafts]

A New Internet-Draft is available from the on-line Internet-Drafts directories.
 This draft is a work item of the Secure Inter-Domain Routing Working Group of 
the IETF.

Title   : An Out-Of-Band Setup Protocol For RPKI Production 
Services
Author  : Rob Austein
Filename: draft-ietf-sidr-rpki-oob-setup-02.txt
Pages   : 19
Date: 2015-10-16

Abstract:
   This note describes a simple out-of-band protocol to ease setup of
   the RPKI provisioning and publication protocols between two parties.
   The protocol is encoded in a small number of XML messages, which can
   be passed back and forth by any mutually agreeable secure means.

   This setup protocol is not part of the provisioning or publication
   protocol, rather, it is intended to simplify configuration of these
   protocols by setting up relationships and exchanging BPKI keying
   material.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-sidr-rpki-oob-setup/

There's also a htmlized version available at:
https://tools.ietf.org/html/draft-ietf-sidr-rpki-oob-setup-02

A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-sidr-rpki-oob-setup-02


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

___
sidr mailing list
sidr@ietf.org
https://www.ietf.org/mailman/listinfo/sidr

Re: [sidr] I-D Action: draft-ietf-sidr-rpki-oob-setup-02.txt

[Rob Austein]

Refresh of an old draft with one minor substantive change: -02 adds
RRDP support.

___
sidr mailing list
sidr@ietf.org
https://www.ietf.org/mailman/listinfo/sidr

[sidr] WGLC on draft-ietf-sidr-bgpsec-algs-11 (ENDS 30-Oct-2015)

[Sandra Murphy]

The chairs and the authors believe that draft-ietf-sidr-bgpsec-algs-11 is 
mature and has stabilized.

This message starts a WGLC for  draft-ietf-sidr-bgpsec-algs-11, which will end 
30-October-2015.

Please review the draft and send comments to the list, and say whether you 
believe it is ready for publication.

http://tools.ietf.org/html/draft-ietf-sidr-bgpsec-algs

  BGPsec Algorithms, Key Formats, & Signature Formats

Abstract

   This document specifies the algorithms, algorithms' parameters,
   asymmetric key formats, asymmetric key size and signature format used
   in BGPsec (Border Gateway Protocol Security).  This document updates
   the Profile for Algorithms and Key Sizes for use in the Resource
   Public Key Infrastructure (draft-ietf-sidr-rfc6485bis).

—Sandy, speaking as one of the wg co-chairs





signature.asc
Description: Message signed with OpenPGP using GPGMail
___
sidr mailing list
sidr@ietf.org
https://www.ietf.org/mailman/listinfo/sidr