Re: [sidr] Protocol Action: 'BGP Prefix Origin Validation State Extended Community' to Proposed Standard (draft-ietf-sidr-origin-validation-signaling-11.txt)

"Jakob Heitz (jheitz)" <jheitz@cisco.com> Thu, 23 February 2017 21:26 UTC

Return-Path: <jheitz@cisco.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 56901129984; Thu, 23 Feb 2017 13:26:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.522
X-Spam-Level:
X-Spam-Status: No, score=-14.522 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kbYwHsIqCqR3; Thu, 23 Feb 2017 13:26:49 -0800 (PST)
Received: from alln-iport-7.cisco.com (alln-iport-7.cisco.com [173.37.142.94]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CE3E61297F1; Thu, 23 Feb 2017 13:26:48 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2341; q=dns/txt; s=iport; t=1487885209; x=1489094809; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=sy14eOyoEpaW+aIFz2DP1COn2SLh9no8g/pxq/qQ5OA=; b=KtBSLF/LXl6Xi8Sq9PG8tB1MsG2/f5yR00/PvdNFX94YdPzoZPbEtZw1 FULd+p3XAplXfGN87kphfzQsCScGL5SGLayPYzdcd8gmo56k25qXV2QjH q8lNh1zLGBj/9qBwguwrLSVK8woyD8dWjKQFoqlFgzk3my3ZZOKKWBDWp A=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0AVAQACU69Y/4ENJK1dGQEBAQEBAQEBA?= =?us-ascii?q?QEBBwEBAQEBg1BhgQkHjVyRXJU0gg0fDYV2AoMlPxgBAgEBAQEBAQFiKIRwAQE?= =?us-ascii?q?BBAEBODQLDAQCAQgRBAEBHwUEBycLFAkIAgQBDQUIDIlhDrBAi0QBAQEBAQEBA?= =?us-ascii?q?QEBAQEBAQEBAQEBAQEYBYZMhG+KOQWcFAGGc4snkRqTJwEfOFUrVBU+hQGBSHW?= =?us-ascii?q?JCyuBA4ENAQEB?=
X-IronPort-AV: E=Sophos;i="5.35,198,1484006400"; d="scan'208";a="389705986"
Received: from alln-core-9.cisco.com ([173.36.13.129]) by alln-iport-7.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 23 Feb 2017 21:26:47 +0000
Received: from XCH-ALN-015.cisco.com (xch-aln-015.cisco.com [173.36.7.25]) by alln-core-9.cisco.com (8.14.5/8.14.5) with ESMTP id v1NLQlFS002161 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 23 Feb 2017 21:26:47 GMT
Received: from xch-aln-014.cisco.com (173.36.7.24) by XCH-ALN-015.cisco.com (173.36.7.25) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Thu, 23 Feb 2017 15:26:47 -0600
Received: from xch-aln-014.cisco.com ([173.36.7.24]) by XCH-ALN-014.cisco.com ([173.36.7.24]) with mapi id 15.00.1210.000; Thu, 23 Feb 2017 15:26:47 -0600
From: "Jakob Heitz (jheitz)" <jheitz@cisco.com>
To: The IESG <iesg-secretary@ietf.org>, IETF-Announce <ietf-announce@ietf.org>
Thread-Topic: [sidr] Protocol Action: 'BGP Prefix Origin Validation State Extended Community' to Proposed Standard (draft-ietf-sidr-origin-validation-signaling-11.txt)
Thread-Index: AQHSbB8KL4goLDO+zUCyR+oqQEK9nqF2Wu8w
Date: Thu, 23 Feb 2017 21:26:47 +0000
Message-ID: <904eb4e5f3b54f8fb5eeddba482566c6@XCH-ALN-014.cisco.com>
References: <148414831932.11019.14685466226406323027.idtracker@ietfa.amsl.com>
In-Reply-To: <148414831932.11019.14685466226406323027.idtracker@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.82.178.245]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidr/BMi6u_lX-9scjh0LGSDgC9S_AKY>
Cc: "draft-ietf-sidr-origin-validation-signaling@ietf.org" <draft-ietf-sidr-origin-validation-signaling@ietf.org>, "sidr@ietf.org" <sidr@ietf.org>, "sidr-chairs@ietf.org" <sidr-chairs@ietf.org>, The IESG <iesg@ietf.org>, "sandy@tislabs.com" <sandy@tislabs.com>, "rfc-editor@rfc-editor.org" <rfc-editor@rfc-editor.org>
Subject: Re: [sidr] Protocol Action: 'BGP Prefix Origin Validation State Extended Community' to Proposed Standard (draft-ietf-sidr-origin-validation-signaling-11.txt)
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Feb 2017 21:26:50 -0000

What happens if a BGP speaker validates a route in its own RPKI database
and finds it to be either Valid or Invalid (not NotFound) and also receives
the extended community that specifies a different validation state?

I don't see that condition covered in the draft.
I would say to ignore the extended community.

Thanks,
Jakob.

> -----Original Message-----
> From: sidr [mailto:sidr-bounces@ietf.org] On Behalf Of The IESG
> Sent: Wednesday, January 11, 2017 7:25 AM
> To: IETF-Announce <ietf-announce@ietf.org>
> Cc: draft-ietf-sidr-origin-validation-signaling@ietf.org; sidr@ietf.org; sidr-chairs@ietf.org; The IESG
> <iesg@ietf.org>; sandy@tislabs.com; rfc-editor@rfc-editor.org
> Subject: [sidr] Protocol Action: 'BGP Prefix Origin Validation State Extended Community' to Proposed Standard
> (draft-ietf-sidr-origin-validation-signaling-11.txt)
> 
> The IESG has approved the following document:
> - 'BGP Prefix Origin Validation State Extended Community'
>   (draft-ietf-sidr-origin-validation-signaling-11.txt) as Proposed
> Standard
> 
> This document is the product of the Secure Inter-Domain Routing Working
> Group.
> 
> The IESG contact persons are Alvaro Retana, Alia Atlas and Deborah
> Brungard.
> 
> A URL of this Internet Draft is:
> https://datatracker.ietf.org/doc/draft-ietf-sidr-origin-validation-signaling/
> 
> 
> 
> 
> 
> Technical Summary
> 
>    This document defines a new BGP opaque extended community to carry
>    the origination AS validation state inside an autonomous system.
>    IBGP speakers that receive this validation state can configure local
>    policies allowing it to influence their decision process.
> 
> Working Group Summary
> 
>   This document has had consistent interest from the working group.
>   Because it defines a new BGP community, it was reviewed by the idr
>   working group as well.
> 
> Document Quality
> 
>   The document has been implemented by major router vendors.
>   It is known to be in use in two large IXPs, AMS-IX and DE-CIX.
> 
> Personnel
> 
>   Document Shepherd: Sandra Murphy
>   Responsible Area Director: Alvaro Retana
> 
> _______________________________________________
> sidr mailing list
> sidr@ietf.org
> https://www.ietf.org/mailman/listinfo/sidr