IETF Logo Mail Archive

Re: [sidr] [Idr] Levels of BGPsec/RPKI validation, was: Re: wglc for draft-ietf-sidr-bgpsec-protocol-11

Jared Mauch <jared@puck.nether.net> Wed, 29 April 2015 19:46 UTC

Return-Path: <jared@puck.nether.net>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8AFD01A00C8; Wed, 29 Apr 2015 12:46:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.912
X-Spam-Level:
X-Spam-Status: No, score=-1.912 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UNMJasPW9raP; Wed, 29 Apr 2015 12:46:49 -0700 (PDT)
Received: from puck.nether.net (puck.nether.net [IPv6:2001:418:3f4::5]) by ietfa.amsl.com (Postfix) with ESMTP id 89C5A1A0033; Wed, 29 Apr 2015 12:46:49 -0700 (PDT)
Received: from [165.254.18.222] (unknown [165.254.18.222]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by puck.nether.net (Postfix) with ESMTPSA id E706A540633; Wed, 29 Apr 2015 15:46:47 -0400 (EDT)
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2098\))
Content-Type: text/plain; charset="us-ascii"
From: Jared Mauch <jared@puck.nether.net>
In-Reply-To: <m2ioceg332.wl%randy@psg.com>
Date: Wed, 29 Apr 2015 15:46:46 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <E9BABB8D-B2E3-4AB2-BABD-4C21A83F4905@puck.nether.net>
References: <4C184296-F426-40EF-9DB6-3AE87C42B516@tislabs.com> <91148102-DADB-42E8-96A0-E89120642894@tislabs.com> <ECDAD8F2-1C27-4494-887C-59280D7FF973@muada.com> <EF4348D391D0334996EE9681630C83F02D173BEB@xmb-rcd-x02.cisco.com> <B1EDF7B6-1E42-440E-BD3F-29723AD7E4A4@muada.com> <986c7f50a5300c46ad05afb643be3a1d@mail.mandelberg.org> <4C80F9CE-06F9-4FB7-852B-BF1B205738FC@muada.com> <CY1PR09MB079302CC52C7791F3C0C512984D70@CY1PR09MB0793.namprd09.prod.outlook.com> <m2ioceg332.wl%randy@psg.com>
To: Randy Bush <randy@psg.com>
X-Mailer: Apple Mail (2.2098)
Archived-At: <http://mailarchive.ietf.org/arch/msg/sidr/9_4wmtVbFTYoa4nf49662nWNnkY>
Cc: idr wg list <idr@ietf.org>, Kotikalapudi Sriram <kotikalapudi.sriram@nist.gov>, sidr wg list <sidr@ietf.org>
Subject: Re: [sidr] [Idr] Levels of BGPsec/RPKI validation, was: Re: wglc for draft-ietf-sidr-bgpsec-protocol-11
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Apr 2015 19:46:50 -0000

> On Apr 29, 2015, at 3:13 PM, Randy Bush <randy@psg.com> wrote:
> 
> this is deja vu all over again
> 
> path validation has three possible results
>  o a signed path validated
>  o a signed path could not be validated
>  o the path was unsigned

I will add one more thing, the path was was signed/validated when it was checked.  Some prefixes are stable for very long periods of time and therefore the validation may not occur until after the expiration.

I generally dislike systems that self-destruct.

- Jared

v2.23.0 | Report a Bug | By Email