ietf
[Top] [All Lists]

Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> (The RPKI/Router Protocol) to Proposed Standard

2011-12-21 05:45:03
I'm kinda surprised the security ADs are OK with this in a brand new
connection-oriented protocol meant to increase security of the
network:

Me too. I didn't even know I'd read that draft yet:-)

When I do read it then I'll be ok with it or will not be ok with it.
Neither applies yet.

this was discussed with HO in helpful secdir review:

    there is no reasonable (integrity and authentication, we do not care
    about privacy) protocol X implemented on all servers (unix, linux,
    solaris) and routers (cisco, juniper, ...).  AO, $diety's gift to
    the wire, is on none of them.  there are routers which have an ssh
    server built into the cli but which do not have an ssh library
    available to new hacks such as rpki-rtr.  freebsd can generate md5
    but does not check it on receipt.  and so on.  ground truth is very
    uuuuugly.

for when this was discussed in wg last call, see

    http://www.ietf.org/mail-archive/web/sidr/current/msg02899.html
    http://www.ietf.org/mail-archive/web/sidr/current/msg03186.html
    http://www.ietf.org/mail-archive/web/sidr/current/msg02694.html

a bunch security folk probably remember the discussion then, amusingly
some folk seem not to.

randy
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf

<Prev in Thread] Current Thread [Next in Thread>