-----Original Message----- From: Randy Bush [mailto:[email protected]] Sent: Wednesday, June 29, 2011 4:35 PM To: George, Wesley Cc: [email protected] Subject: Re: [sidr] I-D Action: draft-ietf-sidr-rpki-rtr-13.txt
> I think we're a little light on text in 7 now that we've added so many > options. I think it would be helpful to provide some rationale as to > why AO is preferred over the other methods, why they are considered a > secondary option, etc. > > IOW, why *shouldn't* I just keep using TLS or SSH transport? Why is AO > actually better/eventually mandatory to implement? Multiple members of > this WG had strong opinions, we should be documenting our > reasoning. Convince the reader that they should be yelling at YFV for > AO support... > > 7.3 regarding MD5. At the very least, there should be a note that > TCP-MD5 has been obsoleted by TCP-AO. this is all covered in the transport area. do we really want this routing security doc to get into the transport wars? where's the win? Like it or not, it's already in the middle of it - the additions to this section are a direct result of feedback that it would not be approved if it only used MD5 and a lack of support for AO. You're welcome to cite sections of other drafts or RFCs from transport that cover this, I'm not asking specifically for new text unless none exists that is adequate. The win is completeness for the audience beyond the current participants in this WG. I've been party to the discussions because I've been following the list, and it still brought up the question in my mind. What happens when people who aren't on SIDR and/or are not familiar with the transport area start reading this and are looking for some rationale and guidance? As I've said in earlier messages, you have to remember that the folks implementing this in networks are the routing folks. They're not necessarily the same folks as the security folks, and so you have to assume slightly less background knowledge when it comes to the nuances of the security considerations of this implementation. Wes This E-mail and any of its attachments may contain Time Warner Cable proprietary information, which is privileged, confidential, or subject to copyright belonging to Time Warner Cable. This E-mail is intended solely for the use of the individual or entity to which it is addressed. If you are not the intended recipient of this E-mail, you are hereby notified that any dissemination, distribution, copying, or action taken in relation to the contents of and attachments to this E-mail is strictly prohibited and may be unlawful. If you have received this E-mail in error, please notify the sender immediately and permanently delete the original and any copy of this E-mail and any printout. _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
