Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> (The RPKI/Router Protocol) to Proposed Standard

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



>> I'm kinda surprised the security ADs are OK with this in a brand new
>> connection-oriented protocol meant to increase security of the
>> network:
> 
> Me too. I didn't even know I'd read that draft yet:-)
> 
> When I do read it then I'll be ok with it or will not be ok with it.
> Neither applies yet.

this was discussed with HO in helpful secdir review:

    there is no reasonable (integrity and authentication, we do not care
    about privacy) protocol X implemented on all servers (unix, linux,
    solaris) and routers (cisco, juniper, ...).  AO, $diety's gift to
    the wire, is on none of them.  there are routers which have an ssh
    server built into the cli but which do not have an ssh library
    available to new hacks such as rpki-rtr.  freebsd can generate md5
    but does not check it on receipt.  and so on.  ground truth is very
    uuuuugly.

for when this was discussed in wg last call, see

    http://www.ietf.org/mail-archive/web/sidr/current/msg02899.html
    http://www.ietf.org/mail-archive/web/sidr/current/msg03186.html
    http://www.ietf.org/mail-archive/web/sidr/current/msg02694.html

a bunch security folk probably remember the discussion then, amusingly
some folk seem not to.

randy
_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf


[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]