Re: [sidr] Last Call: <draft-ietf-sidr-bgpsec-ops-12.txt> (BGPsec Operational Considerations) to Best Current Practice
Job Snijders <job@instituut.net> Sat, 17 December 2016 18:26 UTC
Return-Path: <job@instituut.net>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 78F4C129A60 for <sidr@ietfa.amsl.com>; Sat, 17 Dec 2016 10:26:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=instituut-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bYLefpjHYWJK for <sidr@ietfa.amsl.com>; Sat, 17 Dec 2016 10:26:16 -0800 (PST)
Received: from mail-wj0-x229.google.com (mail-wj0-x229.google.com [IPv6:2a00:1450:400c:c01::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 553F4129A5D for <sidr@ietf.org>; Sat, 17 Dec 2016 10:26:14 -0800 (PST)
Received: by mail-wj0-x229.google.com with SMTP id tk12so117941812wjb.3 for <sidr@ietf.org>; Sat, 17 Dec 2016 10:26:14 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=instituut-net.20150623.gappssmtp.com; s=20150623; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=bX6zBfD8iEqJ5BTfXYkKnl8L81443CaQcrUnHgzKrAY=; b=XuoriYQinS2g97v+Sa+JDi2kP2firFLukFU1Q/r/cOqqY9zCCjJ8dKCEZviaFv2S5S kaqMnLynrcqSx3zN5LJQy4hEl6UJ1l+aK7rATpevFBgt5+XqOtfGs2hzKqnhtzDjGfQw gAy7qPIeHapuuIf3x+wQIOvOfxvGNLFrMli3RV2GN3DX8OS9QXJL8hvpHr6eM8noQRDC Z5H+/HWTA6rMW6ilvbb56kQly0wSbap63xpTm3hxS24s/uf8zezLHFMrdaViNG7+otH+ f7Ezg/IG/osjbOJ3Aqyo2YDXou3fFJBXf5NlJbA2EnQVZcU9pLhfELUw0yczQJHGW04e 27Ww==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=bX6zBfD8iEqJ5BTfXYkKnl8L81443CaQcrUnHgzKrAY=; b=C1XmhpiOL+SS9CjHEzwywvAtf9FKmKcsJOTZbEsv5OAPZXHncz8GX2ukJJeWyKCJvn Wo5NaBKYgm5YfSqsUl+Al0zn3KuoOvhtpaDrAIFoJpHKlm5rIW5yaEFT7svceQA+Ncak 3f20txU+EUnjapVLXdnwTpfIU7hCq6ZRYZnb2Aj30Kvu9oY/psXUa8JRxAyi0uTk6v1J dAJw/Vbzmq293cAj77/ys4CNbIiqpU5tgysVw6rAe1+lwlAkD4JEyoAMvKyLQzmMuf2E AZW9HIUB0F2zheEWVAljundOHII6zgXjpXfUsq0iPhhBZ6Pj6CogpQrcWY1iSyCMOE19 c6Ww==
X-Gm-Message-State: AKaTC03eLFVl5+p27c8i5MIoV/l1yVf7i5F3fB0gyng9SZwwRzIb+zlGpCcB+ejSYhuVxw==
X-Received: by 10.194.146.131 with SMTP id tc3mr7781372wjb.129.1481999172649; Sat, 17 Dec 2016 10:26:12 -0800 (PST)
Received: from localhost ([2001:67c:208c:10:b591:3f29:3ca8:f0b9]) by smtp.gmail.com with ESMTPSA id jm6sm12471778wjb.27.2016.12.17.10.26.11 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 17 Dec 2016 10:26:12 -0800 (PST)
Date: Sat, 17 Dec 2016 19:26:10 +0100
From: Job Snijders <job@instituut.net>
To: ietf@ietf.org
Message-ID: <20161217182610.GE1554@Vurt.local>
References: <148112444860.13678.830966785604568036.idtracker@ietfa.amsl.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <148112444860.13678.830966785604568036.idtracker@ietfa.amsl.com>
X-Clacks-Overhead: GNU Terry Pratchett
User-Agent: Mutt/1.7.1 (2016-10-04)
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidr/4OQ9zuLWC0Q9lpIdGDru7l_7Ijg>
Cc: Chris Morrow <morrowc@ops-netman.net>, sidr-chairs@ietf.org, draft-ietf-sidr-bgpsec-ops@ietf.org, IETF-Announce <ietf-announce@ietf.org>, sidr@ietf.org
Subject: Re: [sidr] Last Call: <draft-ietf-sidr-bgpsec-ops-12.txt> (BGPsec Operational Considerations) to Best Current Practice
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 17 Dec 2016 18:26:17 -0000
Hi all,
This following paragraph looks somewhat awkward to me.
TEXT:
An edge site which does not provide transit and trusts its
upstream(s) SHOULD only originate a signed prefix announcement and
need not validate received announcements.
COMMENT:
If you are multihomed and receive full (or partial) tables, there is
benefit in validating the received routes, if not: why not? One
upstream might be poisoned while the other isn't? Mabye the text
should be amended to make it clear that this might apply if the stub
ASN only takes default-originates?
Kind regards,
Job
On Wed, Dec 07, 2016 at 07:27:28AM -0800, The IESG wrote:
>
> The IESG has received a request from the Secure Inter-Domain Routing WG
> (sidr) to consider the following document:
> - 'BGPsec Operational Considerations'
> <draft-ietf-sidr-bgpsec-ops-12.txt> as Best Current Practice
>
> The IESG plans to make a decision in the next few weeks, and solicits
> final comments on this action. Please send substantive comments to the
> ietf@ietf.org mailing lists by 2016-12-21. Exceptionally, comments may be
> sent to iesg@ietf.org instead. In either case, please retain the
> beginning of the Subject line to allow automated sorting.
>
> Abstract
>
>
> Deployment of the BGPsec architecture and protocols has many
> operational considerations. This document attempts to collect and
> present the most critical and universal. It is expected to evolve as
> BGPsec is formalized and initially deployed.
>
>
>
>
>
> The file can be obtained via
> https://datatracker.ietf.org/doc/draft-ietf-sidr-bgpsec-ops/
>
> IESG discussion can be tracked via
> https://datatracker.ietf.org/doc/draft-ietf-sidr-bgpsec-ops/ballot/
>
>
> No IPR declarations have been submitted directly on this I-D.
>
>
> The document contains these normative downward references.
> See RFC 3967 for additional information:
> rfc6811: BGP Prefix Origin Validation (Proposed Standard - IETF stream)
> draft-ietf-sidr-bgpsec-protocol: BGPsec Protocol Specification (None - IETF stream)
> rfc6493: The Resource Public Key Infrastructure (RPKI) Ghostbusters Record (Proposed Standard - IETF stream)
> Note that some of these references may already be listed in the acceptable Downref Registry.
>
>