IETF Logo Mail Archive

Re: [sidr] Request for WG Last Call fordraft-ietf-sidr-bogons-02.txt anddraft-ietf-sidr-roa-validation-01.txt

Geoff Huston <gih@apnic.net> Tue, 02 December 2008 08:44 UTC

Return-Path: <sidr-bounces@ietf.org>
X-Original-To: sidr-archive@megatron.ietf.org
Delivered-To: ietfarch-sidr-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DECB43A6829; Tue, 2 Dec 2008 00:44:05 -0800 (PST)
X-Original-To: sidr@core3.amsl.com
Delivered-To: sidr@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 487F83A6829 for <sidr@core3.amsl.com>; Tue, 2 Dec 2008 00:44:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.657
X-Spam-Level:
X-Spam-Status: No, score=-2.657 tagged_above=-999 required=5 tests=[AWL=-0.058, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K5l8+Xmb-SQE for <sidr@core3.amsl.com>; Tue, 2 Dec 2008 00:44:03 -0800 (PST)
Received: from asmtp.apnic.net (asmtp.apnic.net [202.12.29.51]) by core3.amsl.com (Postfix) with ESMTP id 2B68D3A67CC for <sidr@ietf.org>; Tue, 2 Dec 2008 00:44:03 -0800 (PST)
Received: from dhcp20.potaroo.net (dhcp20.potaroo.net [203.10.60.20]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by asmtp.apnic.net (Postfix) with ESMTP id E37EE11006A; Tue, 2 Dec 2008 18:43:56 +1000 (EST)
Message-Id: <18FA6812-803A-455F-A29D-B5728C72BEE8@apnic.net>
From: Geoff Huston <gih@apnic.net>
To: Pradosh Mohapatra <pmohapat@cisco.com>
In-Reply-To: <04CAD96D4C5A3D48B1919248A8FE0D5408358AA0@xmb-sjc-215.amer.cisco.com>
Mime-Version: 1.0 (Apple Message framework v929.2)
Date: Tue, 02 Dec 2008 19:43:50 +1100
References: <C542C40B.5166%andy@arin.net><A3751517-D15C-45DD-B530-027758F36B04@apnic.net><FC10BBCC-6144-4420-ACFC-9454F26444BE@tcb.net><6F70023C-57B1-4C8D-8DDF-B9D7D8F139F9@apnic.net><56AFA6B5-BCFB-4CDC-B921-3590F71CCBA0@tcb.net><0072BC84-507D-497C-B8B6-0F26DE804316@apnic.net><19318B76-0E1E-4DC5-8017-D2350352169C@tcb.net><16C1A7B4-C46F-4354-B1F8-4AF8EB5249B9@apnic.net><C4A37FE7-88F1-4DEC-AB81-CC2EC6A96C79@tcb.net><D1AE3911-CBB9-451A-AE47-CB254E403DED@apnic.net><EC1B7F06-4137-4F97-8EE5-7676DB0E7155@tcb.net><BD48FF05-04D0-4B71-AF1B-F074E0199202@apnic.net><A09B46E4-02B0-4825-888C-CA24CD68EF50@tcb.net><CB9CD7AF-8CD3-4636-8D64-E876B9216B47@apnic.net><264FCEF8-3DD1-49AB-B41F-56FD0A1B2870@tcb.net> <76720B94-5516-48BB-9D83-F3182969A6DE@apnic.net> <04CAD96D4C5A3D48B1919248A8FE0D540835895A@xmb-sjc-215.amer.cisco.com> <3C4C05F3-8554-4F68-9508-F6B1E3E20660@apnic.net> <04CAD96D4C5A3D48B1919248A8FE0D5408358A48@xmb-sjc-215.amer.cisco.com> <FFDEAEB4-9A07-4F69-B632-2263A548DECF@apnic.net> <04 CAD96D4C5A3D48B1919248A8FE0D5408358AA0@xmb-sjc-215.amer.cisco.com>
X-Mailer: Apple Mail (2.929.2)
Cc: sidr@ietf.org
Subject: Re: [sidr] Request for WG Last Call fordraft-ietf-sidr-bogons-02.txt anddraft-ietf-sidr-roa-validation-01.txt
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"; DelSp="yes"
Sender: sidr-bounces@ietf.org
Errors-To: sidr-bounces@ietf.org

On 02/12/2008, at 5:52 PM, Pradosh Mohapatra (pmohapat) wrote:

> | > | > As others have suggested, when "I have been allocated
> | > | 203.10.60.0/22",
> | > | > I issue an ROA for 203.10.60.0/22-22. That automatically means
> | > that
> | > | > there can't be any other advertisements for this prefix or its
> | > more
> | > | > specifics (unless I suballocate a more specific block and a  
> new
> | > ROA
> | > | > gets added to the repository for that]. Is there any case
> | > | that's not
> | > | > handled by doing this?
> | > | >
> | > |
> | > | That's your _assumption_ of the sematics of a ROA. What  
> reference
> | > | material or working group draft can you cite for semantic
> | > | interpretation of a ROA?
> | > | draft-ieft-sidr-roa-validation? I don't think so. The
> | point of hte
> | > | BOA draft it that it challenges this assumption by taking the
> | > | position that such route aorigination authorities are explicitly
> | > | scoped to the authority described in the object, without the
> | > | implicit inclusion of any other authority or denial.
> | >
> | > So are you saying that an entity who is not owner of prefix
> | 10/8 can
> | > issue an ROA for it and it would be present in/added to the RPKI
> | > repository?
> | >
> |
> | The best answer I can give here is please read the sidr
> | drafts. Your question really makes me suspect that you have
> | not done so.
>
> I have. Your response above prompted the question.


WG Chair Hat OFF.

Good to hear. In which case you would be well aware that a person who  
is not the current right of use holder of an address prefix cannot  
generate a valid RPKI object of any form and sign the object with an  
RPKI signature using that prefix. So I fail to understand how an an  
entity who is not owner of prefix 10/8 can issue an ROA for it that  
would be considered valid in the RPKI, and if its invalidly signed  
then whether it is in an RPKI repository publication point or not is  
irrelevant. But as we've all read the drafts we all knew that anyway.  
So I'm not sure why its worth repeating here.







_______________________________________________
sidr mailing list
sidr@ietf.org
https://www.ietf.org/mailman/listinfo/sidr

v2.23.0 | Report a Bug | By Email