ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> (The RPKI/Router Protocol) to Proposed Standard

2011-12-21 07:02:26
from [Russ Housley] [Permanent Link] 
Danny:


I'm kinda surprised the security ADs are OK with this in a brand new 
connection-oriented protocol meant to increase security of the network:

S.7:

"Caches and routers MUST implement unprotected transport 
over TCP using a port, rpki-rtr, to be assigned, see Section 12.
Operators SHOULD use procedural means, ACLs, ... to reduce 
the exposure to authentication issues."

-danny



Since all of the objects that are transferred over this protocol are digitally 
signed, I do not see a security issue.  I think the Security Considerations 
section (Section 11) does a good job explaining the situation

Russ

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: I-D Action: draft-arkko-iesg-crossarea-00.txt, Thomas Narten
Next by Date:  Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> (The RPKI/Router Protocol) to Proposed Standard, Stephane Bortzmeyer
Previous by Thread:  Re: [IETF] Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> (The RPKI/Router Protocol) to Proposed Standard, Danny McPherson
Next by Thread:  Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> (The RPKI/Router Protocol) to Proposed Standard, Stephane Bortzmeyer
Indexes:  [Date] [Thread] [Top] [All Lists]