We (authors) have made significant changes/updates in this new version-05 of the individual I-D. draft-sriram-replay-protection-design-discussion. The draft had been in keep-alive mode. But now that there is renewal of interest in this topic with the revised/updated versions of [draft-ietf-sidr-bgpsec-rollover] in March and July 2015, we decided to update the replay-protection design discussion draft as well.
In private emails to the authors (back in October, November 2013), Steve Kent had given us extensive comments and suggestions on version-02 of the draft. [Sorry, Steve, for postponing it until now but we had never forgotten it. And thank you once again.] We have incorporated most of Steve's comments/suggestions in this new version. He suggested changing the "replay attack" name to something better that recognizes that it is actually withdrawal suppression more often than replay. So in this new version, we have coined a new name and acronym that covers both: Replay Attack and Withdrawal Suppression (RAWS) That name seems to have served the purpose well in this revised doc. We feel that the document now has good clarity and presentation due to Steve's suggestions as well as some of our own rethinking. Feedback, comments are welcome on the updated draft. Thank you. Sriram -----Original Message----- From: internet-dra...@ietf.org [mailto:internet-dra...@ietf.org] Sent: Monday, October 19, 2015 7:45 PM To: Montgomery, Douglas <do...@nist.gov>; Sriram, Kotikalapudi <kotikalapudi.sri...@nist.gov> Subject: New Version Notification for draft-sriram-replay-protection-design-discussion-05.txt A new version of I-D, draft-sriram-replay-protection-design-discussion-05.txt has been successfully submitted by Kotikalapudi Sriram and posted to the IETF repository. Name: draft-sriram-replay-protection-design-discussion Revision: 05 Title: Design Discussion and Comparison of Protection Mechanisms for Replay Attack and Withdrawal Suppression in BGPsec Document date: 2015-10-19 Group: Individual Submission Pages: 17 URL: https://www.ietf.org/internet-drafts/draft-sriram-replay-protection-design-discussion-05.txt Status: https://datatracker.ietf.org/doc/draft-sriram-replay-protection-design-discussion/ Htmlized: https://tools.ietf.org/html/draft-sriram-replay-protection-design-discussion-05 Diff: https://www.ietf.org/rfcdiff?url2=draft-sriram-replay-protection-design-discussion-05 Abstract: In the context of BGPsec, a withdrawal suppression occurs when an adversary AS suppresses a prefix withdrawal with the intension of continuing to attract traffic for that prefix based on a previous (signed and valid) BGPsec announcement that was earlier propagated. Subsequently if the adversary AS had a BGPsec session reset with a neighboring BGPsec speaker and when the session is restored, the AS replays said previous BGPsec announcement (even though it was withdrawn), then such a replay action is called a replay attack. The BGPsec protocol should incorporate a method for protection from Replay Attack and Withdrawal Suppression (RAWS), at least to control the window of exposure. This informational document provides design discussion and comparison of multiple alternative RAWS protection mechanisms weighing their pros and cons. This is meant to be a companion document to the standards track I-D.-ietf-sidr-bgpsec- rollover that will specify a method to be used with BGPsec for RAWS protection. _______________________________________________ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr