IETF Logo Mail Archive

Re: [GROW] draft-ss-grow-rpki-as-cones-00

Andrei Robachevsky <andrei.robachevsky@gmail.com> Wed, 04 July 2018 14:47 UTC

Return-Path: <andrei.robachevsky@gmail.com>
X-Original-To: grow@ietfa.amsl.com
Delivered-To: grow@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0554F126CC7 for <grow@ietfa.amsl.com>; Wed, 4 Jul 2018 07:47:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GJzr361Zs0mS for <grow@ietfa.amsl.com>; Wed, 4 Jul 2018 07:47:05 -0700 (PDT)
Received: from mail-ed1-x543.google.com (mail-ed1-x543.google.com [IPv6:2a00:1450:4864:20::543]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4EEC5127AC2 for <grow@ietf.org>; Wed, 4 Jul 2018 07:47:05 -0700 (PDT)
Received: by mail-ed1-x543.google.com with SMTP id b10-v6so4237321edi.2 for <grow@ietf.org>; Wed, 04 Jul 2018 07:47:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:openpgp:autocrypt:message-id:date :user-agent:mime-version:in-reply-to; bh=jnuwwVW9Vl4UolpwPue76rU4W3EylfjJwthEUXT9Vk8=; b=nIOGg2RCT/VsJ82Bbvq9mwjCv6O0YsJJWMhFEgO68ZrCtJLYgEMle6hu1ix8j1q1ni elJ6NOMszi588zK8q1XmtBXrSoFXvKdec+L5yx4WYhgUx4tx38SghwnzfGODKFAZ52Dq C0MgIjPO6myJxnaN+uhsdeL/WFh+qUQJOHT0FY5I4abC+ypX8m3rjxP1SP4fKiOwjs3y RlA8kReLneTBb9DeVrJqu8wWibKj8Nu+MGhLaoDHSry8g+JowUKSuxJmhFS/W9zpXy4I WtVCr3/qAiZDgMZQR5cw+wN0DONYTqEi+tAOSci+lJczm2+40UllnKXF5vLmCKzcdSiT YcTQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:openpgp:autocrypt :message-id:date:user-agent:mime-version:in-reply-to; bh=jnuwwVW9Vl4UolpwPue76rU4W3EylfjJwthEUXT9Vk8=; b=Yj8nCHXC0iGo8BWCNeudivbcF1ZlVGEx3gx/HWj8Vu1F2CUfVOSMzkrDaGLvPZ0q0s ZsOWQsRh8s+HsU+SQWxNitESIroITHK6klCuMpk4Mt4Cl4ufcLTB47yBKZURiq5siZNu y7/j5Wh+PsTS8iOZ4Me6lzYO9DegqPDG1DzGl+Fz+Ed57GZQarAvP8yEzqrylVEufEIo 4Cn/s6SO7lu17MKEcqm7pueilIRe/U+vQ//UqMbuQhnmvn9uElbVbtntAgxoWE7uiSmR jmMIZKc6YWORIvh+OLRZjjc9peL5GSpHDry+5QNiDX/EiTBsrZvCAfLZn7+As0Xvd8p1 3gaw==
X-Gm-Message-State: APt69E1Y36o+G0iNwRmawp7gU9q0F3dfNMfSFymNxbEuhk+NnCv73IGO r0wY3Qi5N9lKQWoJsNvGoGvEqw==
X-Google-Smtp-Source: AAOMgpdGTMvd2tKJtxAYuHf7D2CZRXYAdaNyXTbC9CX5r8rNN5xWIdoGBVoKqsw031SbUaCt8OJUxA==
X-Received: by 2002:a50:b8a4:: with SMTP id l33-v6mr3161491ede.273.1530715623838; Wed, 04 Jul 2018 07:47:03 -0700 (PDT)
Received: from admins-MacBook-Pro-2.local (dhcp-077-250-131-147.chello.nl. [77.250.131.147]) by smtp.googlemail.com with ESMTPSA id b8-v6sm1805141edd.13.2018.07.04.07.47.02 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 04 Jul 2018 07:47:02 -0700 (PDT)
To: Brian Dickson <brian.peter.dickson@gmail.com>, Job Snijders <job@ntt.net>
Cc: "grow@ietf.org" <grow@ietf.org>
References: <8c2da168-af67-9463-adbc-d6a0b778f24d@stucchi.ch> <m2tvr0eq0f.wl-randy@psg.com> <20180523134849.GV56139@hanna.meerval.net> <m2h8mybei6.wl-randy@psg.com> <20180523170728.GW73966@vurt.meerval.net> <CAH1iCir7_oddkaeJGJ-qNyUgwumd55R-0AC8CMPrKmNKGiaxqQ@mail.gmail.com> <CACWOCC8NvWZQYN9b1y65C_s4J8VATRWmUkKDR-n8CL9J1QY-_g@mail.gmail.com> <CAH1iCiq47xAr21EMa1Kf0shnEgn15Fxq7xDNEEP6-ckkyQacJQ@mail.gmail.com>
From: Andrei Robachevsky <andrei.robachevsky@gmail.com>
Openpgp: preference=signencrypt
Autocrypt: addr=andrei.robachevsky@gmail.com; prefer-encrypt=mutual; keydata= xsDiBD8L4TQRBACI+LX/GwEK23h5OXLU7iPeZc8FJ0ywH1vVqY/gT8VCs7YzbG4GNV6omEqa 0sDBF/eYKzLC5PfaKkHeAJ51eVIcDqYDhqYNlaxr5XPWWYjOIGvVRDmp4RKxhhDgXgKMmisW RrMCCP1njNQEWYtuB64UUNit1VXbQXn2FBpEXisqxwCg6hZK7Seg5md07iu9lYQx5rng+C0D /2TkPt4t80x3Iw8WV7TSLKdEQMRG42FMIFbaZIKbiEwvfaZYNrOckxdTr8l8LvwxNxHePsVi 1sqjBR8iwtogvLhSudqXxXsj2BiYfGSpTJoiVRPKdlEzo3i1mFPV/dNTSjovzWz5c21nW9kK fUIY43sLD5aynB9WITl9O6iawOrxA/0cOwOOVrpwHdLg+Uxb9y8C/1mx3o307hZDbn84Zare aiQNOn+ETI45ucON72OoMnuaBs3fJOoreXoaOSIxuM5gSQDY/SyDqncPhZmQX8yA52fuc3Ol 8qBjEomymafFymRUFvphEr/KD9BpyBZqM41zrT5VEu2tk/ga5T+bC79W780xQW5kcmVpIFJv YmFjaGV2c2t5IDxhbmRyZWkucm9iYWNoZXZza3lAZ21haWwuY29tPsJ5BBMRCgA5AhsjBgsJ CAcDAgYVCAIJCgsEFgIDAQIeAQIXgBYhBGtZeFNYETVQoSYbeZY8+bWZrYo/BQJadGb/AAoJ EJY8+bWZrYo/pGgAoNlUk0Nu3km8dAtzOlrN5bveacodAJ4jwG65QN2EhvnTgHGQEybn9IjN 0M7ATQQ/C+E1EAQAvRN7YTDiGXS9OPLX5yDKBtvjQaR38t5zpi0ltuC5JITDKZdM6/9PCfJq QnMy+ngrI3VQdhxbduFrC5fBszo1vVMTwKrTD6D7BEsEgC3wNE5NzfzE/fjl0LkQMEf5Vxns jvbtYw2jfoyJFig2gdW4ojmBCge16RZwx7vK7Pn0z6MAAwYEAJ7zZZCCU2DZ/gPdfB3xPZVm 7XSMpG6GBz4mFGgJW/QeC2quqoKBeAEgf0icEM8ykEAPmpy8f6j0Fwe/qz/SgxOXfTlvH8O7 md6rx2t2D+1PM2PlYzwO37U5fqnPuzp5KMXlPPryuTWZmObgZMHHsko9BbpIcqNHqUNXzNwk +gjkwkYEGBECAAYFAj8L4TUACgkQljz5tZmtij/lFQCdGIvMimtJEiYiPIZYSvXI6hx8WOQA oMj/ni+WopJxWu947/5RyWR6AUpH
Message-ID: <635055e2-1f4e-b69d-ed11-b9d750bb851c@gmail.com>
Date: Wed, 04 Jul 2018 16:46:37 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0) Gecko/20100101 Thunderbird/52.8.0
MIME-Version: 1.0
In-Reply-To: <CAH1iCiq47xAr21EMa1Kf0shnEgn15Fxq7xDNEEP6-ckkyQacJQ@mail.gmail.com>
Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="WtuUQDDUhnCS93Bd73bzZl0D2oNYPV0ew"
Archived-At: <https://mailarchive.ietf.org/arch/msg/grow/FikbIuYTpymTtTvZKJFHaldKyg4>
Subject: Re: [GROW] draft-ss-grow-rpki-as-cones-00
X-BeenThere: grow@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: Grow Working Group Mailing List <grow.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/grow>, <mailto:grow-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/grow/>
List-Post: <mailto:grow@ietf.org>
List-Help: <mailto:grow-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/grow>, <mailto:grow-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Jul 2018 14:47:09 -0000

Hi Brian,

Brian Dickson wrote on 24/05/2018 01:40:
>   * Are there limitations on the semantics of as-sets, that prevent the
>     generation of filters that can stop all classes of route-leaks?

IMHO, the answer is maybe. As far as I understand the draft facilitates
generation of prefix filters and does not validate the relationships. If
everyone in the cone has constructed their policy correctly, leaks won't
happen. But as far as I can see nothing will prevent a downstream to
include their peer-AS's cone in their own.

I think the prevention of leaks is addressed in a different specification.


> The "cone" draft allows an AS to assert the "customer-of" relationship
> to its transit provider(s). 

It allows to assert the "Provider-for". The one you are referring to is
https://datatracker.ietf.org/doc/draft-azimov-sidrops-aspa-verification

Andrei

v2.23.0 | Report a Bug | By Email