headers
Tony Tauber | 25 Jul 2007 23:15

Change to Consensus statement in BGP Sec Reqs -08

As was noted during yesterday's meeting, I'm proposing changing part of
Sec 7 from:

"The AS_PATH for specific prefixes may be protected in any proposed
security system in four ways, outlined below. Special Note: On the first
two categories below, the community has reached consensus; on the latter
two (AS_PATH Feasibility Check and Update Transit Check), the community
has not reached consensus."

to

"The AS_PATH for specific prefixes may be protected in any proposed
security system in four ways, outlined below. Special Note: On the
latter two categories below (AS_PATH Feasibility Check and Update
Transit Check), the requirement will be revisited in the future once
more experience has been garnered."

There was support in the room including from Dave Ward who is our
shepherding AD who indicated publishing a consensus document which
states a lack of consensus is contradictory.

The SIDR Co-Chairs also applauded this move as it allows them to
progress their work.

Please send your comments and statements of support for or opposition to
this change to the text.

Thanks,

Tony
(Continue reading)

Permalink | Reply |
headers
Sandy Murphy | 26 Jul 2007 00:48

Re: Change to Consensus statement in BGP Sec Reqs -08

>As was noted during yesterday's meeting, I'm proposing changing part of
>Sec 7 from:
>
>"The AS_PATH for specific prefixes
>...
>to
>
>"The AS_PATH for specific prefixes

There was also a suggestion that the MUST/SHOULD language of "the latter
two categories below" be changed so they don't look like RFC2119 statements.

--Sandy
Permalink | Reply |
headers
Geoff Huston | 25 Jul 2007 23:34
Favicon

Re: Change to Consensus statement in BGP Sec Reqs -08

whoops - also a change to the next para

   The results of the first two checks SHOULD be made available to
   network operators. Each network operator will decide, on a local
   basis, which of these checks to enable

Geoff

Tony Tauber wrote:
> As was noted during yesterday's meeting, I'm proposing changing part of
> Sec 7 from:
> 
> "The AS_PATH for specific prefixes may be protected in any proposed
> security system in four ways, outlined below. Special Note: On the first
> two categories below, the community has reached consensus; on the latter
> two (AS_PATH Feasibility Check and Update Transit Check), the community
> has not reached consensus."
> 
> to
> 
> "The AS_PATH for specific prefixes may be protected in any proposed
> security system in four ways, outlined below. Special Note: On the
> latter two categories below (AS_PATH Feasibility Check and Update
> Transit Check), the requirement will be revisited in the future once
> more experience has been garnered."
> 
> There was support in the room including from Dave Ward who is our
> shepherding AD who indicated publishing a consensus document which
> states a lack of consensus is contradictory.
>
(Continue reading)

Permalink | Reply |
headers
Geoff Huston | 25 Jul 2007 23:32
Favicon

Re: Change to Consensus statement in BGP Sec Reqs -08

I support this change and would also advise you to change the normative 
MUST and SHOULD in the latter two sections to non-normative text so that 
there is no confusion here.

Here is an example of such a change to the text

   o  AS_PATH Feasibility Check: The AS_PATH list may correspond to a
       valid list of autonomous systems according to the first
       verification category listed in the "Areas to Secure" Section
       above. Further study will determine the extent to which this
       is a security requirement.

    o  Update Transit Check: Routing information carried through BGP
       may include information that can be used to verify the re-
       advertisement or modification by each autonomous system through
       which the UPDATE has passed.  This check is more rigorous than the
       "valid list of autonomous systems" above. Further study will
       determine the extent to which this is a security requirement.

Geoff

Tony Tauber wrote:
> As was noted during yesterday's meeting, I'm proposing changing part of
> Sec 7 from:
> 
> "The AS_PATH for specific prefixes may be protected in any proposed
> security system in four ways, outlined below. Special Note: On the first
> two categories below, the community has reached consensus; on the latter
> two (AS_PATH Feasibility Check and Update Transit Check), the community
> has not reached consensus."
(Continue reading)

Permalink | Reply |
headers
Russ White | 26 Jul 2007 03:44
Picon
Favicon

Re: Change to Consensus statement in BGP Sec Reqs -08


This wording looks fine to me....

:-)

Russ

Geoff Huston wrote:
> I support this change and would also advise you to change the normative
> MUST and SHOULD in the latter two sections to non-normative text so that
> there is no confusion here.
> 
> Here is an example of such a change to the text
> 
> 
>   o  AS_PATH Feasibility Check: The AS_PATH list may correspond to a
>       valid list of autonomous systems according to the first
>       verification category listed in the "Areas to Secure" Section
>       above. Further study will determine the extent to which this
>       is a security requirement.
> 
>    o  Update Transit Check: Routing information carried through BGP
>       may include information that can be used to verify the re-
>       advertisement or modification by each autonomous system through
>       which the UPDATE has passed.  This check is more rigorous than the
>       "valid list of autonomous systems" above. Further study will
>       determine the extent to which this is a security requirement.
> 
> 
>
(Continue reading)

Permalink | Reply |

Gmane