[sidr] BGPSec RFC status
I didn't attend the IETF meeting, but I did listen to the Wednesday SIDR session, at which the issue was raised as to whether the BGPSec RFC should be standards track or experimental. I believe standards track is the right approach here. This document has been viewed as standards track since we began work on it long ago. It is the successor to the origin validation standards, addressing the residual vulnerabilities that persist based on that use of the RPKI. From the perspective of promoting adoption it is critical that this remain a standards track document; router vendors will be unlikely to devote resources to design and implementation if BGPsec is labeled experimental. I agree that this is new technology, but I heard that we already have a couple of implementations already, and we may discourage others from continuing to work on BGPSec implementations if we downgrade the status of the RFC. The design has evolved to accommodate real-world routing deployment topics such as the role of IXPs and AS migration. In my long experience in the IETF experience, the level of attention to these an analogous details makes BGPsec a very solid candidate for standards track publication. Steve ___ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr
Re: [sidr] BGPSec RFC status
I didn't attend the IETF meeting because I as chairing another session in another room at the same time. During that session the issue was raised as to whether the BGPSec RFC should be standards track or experimental. I strongly support publication on the standards track. There are already two interoperable implementations, so I think that all of the criteria for advancement on the standards track have been met before we even get published at the proposed standard. I believe that publication as experimental will greatly delay deployment, which will already take a very long time. Let’s mover forward on this journey and get some real experience. Russ ___ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr
[sidr] I-D Action: draft-ietf-sidr-slurm-01.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Secure Inter-Domain Routing of the IETF. Title : Simplified Local internet nUmber Resource Management with the RPKI Author : David Mandelberg Filename: draft-ietf-sidr-slurm-01.txt Pages : 11 Date: 2016-04-13 Abstract: The Resource Public Key Infrastructure (RPKI) is a global authorization infrastructure that allows the holder of Internet Number Resources (INRs) to make verifiable statements about those resources. Network operators, e.g., Internet Service Providers (ISPs), can use the RPKI to validate BGP route origination assertions. In the future, ISPs also will be able to use the RPKI to validate the path of a BGP route. Some ISPs locally use BGP with private address space or private AS numbers (see RFC6890). These local BGP routes cannot be verified by the global RPKI, and SHOULD be considered invalid based on the global RPKI (see RFC6491). The mechanisms described below provide ISPs with a way to make local assertions about private (reserved) INRs while using the RPKI's assertions about all other INRs. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-sidr-slurm/ There's also a htmlized version available at: https://tools.ietf.org/html/draft-ietf-sidr-slurm-01 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-sidr-slurm-01 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr
Re: [sidr] I-D Action: draft-ietf-sidr-slurm-01.txt
Hi all, I believe this draft addresses all of the comments I've received so far, and is ready for WGLC. Chairs, please consider this a formal request. Here's a summary of changes from the previous version: * In Validation Output Filtering, an origin validation assertion where the prefix covers the locally reserved prefix, is no longer removed from the RP's output. For private-use prefixes, this change shouldn't be significant because there are no public covering routes. For other prefixes (e.g., stolen/borrowed public ones), this reduces the likelihood of accidentally invalidating an important covering route. * The document is now more clear and consistent about use of SLURM with non-private INRs. * The intended status is now STD instead of BCP. (I think it was BCP by mistake.) * I removed references to LTAM because LTAM is now dead. * I removed references to Suspenders because I think SLURM is ready for WGLC and Suspenders is still an individual draft. On 2016-04-13 17:09, internet-dra...@ietf.org wrote: A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Secure Inter-Domain Routing of the IETF. Title : Simplified Local internet nUmber Resource Management with the RPKI Author : David Mandelberg Filename: draft-ietf-sidr-slurm-01.txt Pages : 11 Date: 2016-04-13 Abstract: The Resource Public Key Infrastructure (RPKI) is a global authorization infrastructure that allows the holder of Internet Number Resources (INRs) to make verifiable statements about those resources. Network operators, e.g., Internet Service Providers (ISPs), can use the RPKI to validate BGP route origination assertions. In the future, ISPs also will be able to use the RPKI to validate the path of a BGP route. Some ISPs locally use BGP with private address space or private AS numbers (see RFC6890). These local BGP routes cannot be verified by the global RPKI, and SHOULD be considered invalid based on the global RPKI (see RFC6491). The mechanisms described below provide ISPs with a way to make local assertions about private (reserved) INRs while using the RPKI's assertions about all other INRs. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-sidr-slurm/ There's also a htmlized version available at: https://tools.ietf.org/html/draft-ietf-sidr-slurm-01 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-sidr-slurm-01 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr -- David Eric Mandelberg / dseomn http://david.mandelberg.org/ ___ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr
Re: [sidr] BGPSec RFC status
I think BGPsec should be Standards Track. ISPs and router vendors won’t take BGPsec seriously if it is published as an Experimental RFC. We came a long way here from S-BGP and so much time and so many efforts by many have been spent on BGPsec. The community need some real experience. Di ZDNS ___ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr
