Re: [Gen-art] Gen-ART telechat review of draft-ietf-sidr-roa-validation-10.txt
Geoff Huston <gih@apnic.net> Thu, 28 April 2011 05:14 UTC
Return-Path: <gih@apnic.net>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BD9B6E0682 for <gen-art@ietfa.amsl.com>; Wed, 27 Apr 2011 22:14:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.283
X-Spam-Level:
X-Spam-Status: No, score=-101.283 tagged_above=-999 required=5 tests=[AWL=-0.612, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_EQ_AU=0.377, RDNS_NONE=0.1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T0423BKO5YAp for <gen-art@ietfa.amsl.com>; Wed, 27 Apr 2011 22:14:03 -0700 (PDT)
Received: from asmtp.apnic.net (asmtp.apnic.net [IPv6:2001:dc0:2001:11::199]) by ietfa.amsl.com (Postfix) with ESMTP id BA9D1E0678 for <gen-art@ietf.org>; Wed, 27 Apr 2011 22:14:02 -0700 (PDT)
Received: from joan-vista.canberra.aarnet.edu.au (unknown [202.158.221.46]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by asmtp.apnic.net (Postfix) with ESMTP id 04CCCB681F; Thu, 28 Apr 2011 15:14:00 +1000 (EST)
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: text/plain; charset="us-ascii"
From: Geoff Huston <gih@apnic.net>
In-Reply-To: <4DB23084.4040500@gmail.com>
Date: Thu, 28 Apr 2011 15:13:55 +1000
Content-Transfer-Encoding: 7bit
Message-Id: <BA652851-23A1-4D74-A591-B1A6CB9CD153@apnic.net>
References: <4DB23084.4040500@gmail.com>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
X-Mailer: Apple Mail (2.1084)
Cc: draft-ietf-sidr-roa-validation.all@tools.ietf.org, General Area Review Team <gen-art@ietf.org>
Subject: Re: [Gen-art] Gen-ART telechat review of draft-ietf-sidr-roa-validation-10.txt
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/gen-art>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Apr 2011 05:14:03 -0000
On 23/04/2011, at 11:51 AM, Brian E Carpenter wrote: >> It is a matter of local routing policy as to the actions to be >> undertaken by a routing entity in processing those routes with >> "unknown" validity states. > > That leaves open the possibility that an AS_SET aggregated route (which > is by definition "unknown") would be rejected as part of a general policy > choice. At the least, it seems that this should be mentioned to ensure that > operators are aware of it. This is orthogonal to the fact that AS_SET > is intrinsically a security problem. > > Suggested sentence to add: > > Operators should be aware that a policy that rejects all "unknown" routes > will thereby reject any aggregated (AS_SET) route. Thanks for your review Brian. The draft already states "you really should not reject "unknown" routes": "Due to considerations of partial use of ROAs in heterogeneous environments, such as in the public Internet, it is advised that local policy settings should not result in "unknown" validity state outcomes being considered as sufficient grounds to reject a route outright from further consideration as a local "best" route." I believe that this is sufficient in terms of guidance for an informational document to say "please don't shoot your foot off!" :-) regards, Geoff
- [Gen-art] Gen-ART telechat review of draft-ietf-s… Brian E Carpenter
- Re: [Gen-art] Gen-ART telechat review of draft-ie… Chris Morrow
- Re: [Gen-art] Gen-ART telechat review of draft-ie… Geoff Huston
- Re: [Gen-art] Gen-ART telechat review of draft-ie… Brian E Carpenter