IETF Logo Mail Archive

Re: [sidr] WGLC for draft-ietf-sidr-rpki-rtr-rfc6810-bis-03

David Mandelberg <david@mandelberg.org> Thu, 19 March 2015 03:10 UTC

Return-Path: <david@mandelberg.org>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 42C481A870E for <sidr@ietfa.amsl.com>; Wed, 18 Mar 2015 20:10:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.8
X-Spam-Level:
X-Spam-Status: No, score=0.8 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jQuKgK8LD_wM for <sidr@ietfa.amsl.com>; Wed, 18 Mar 2015 20:10:16 -0700 (PDT)
Received: from nm8-vm9.access.bullet.mail.gq1.yahoo.com (nm8-vm9.access.bullet.mail.gq1.yahoo.com [216.39.63.246]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D5CDF1A8701 for <sidr@ietf.org>; Wed, 18 Mar 2015 20:10:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1426734616; bh=L69BBhZpKWBGuTCWHi0eVYiMQORAvC89booO2WVgjSQ=; h=Date:From:To:Subject:In-Reply-To:References:From:Subject; b=ks5XJ1rSSKFaodrLNz4/JQGrX17+6/anf+HbT8Fl+Q6yLji6cH0KsLU6KDAFJwodQaWuJhn/frUMZFQuLxlE1ba1yV10Up+gBofEVPqOMChNBIh5sIARKXM2I7rBLkvdy3xwO7ndMnAUym4JQKG6FZCSMMxwmyAk1igEk/I6+6uZWxX9qUhJoLF1TAXTYKbWXQNzNJv4RWRgL9m54yuMKU6+Q379t7/Wx5tH+eHeebtk1i6yo60qULcu1ZwJEt1/iBO1+zF0k/M8TGCtUz/aEeeSMIt1VvRAOQ6d0eNQY574D0MgjiqXXFzpWoDvHywwXmVw5Hq7FYiMFLSIE9RR6g==
Received: from [216.39.60.171] by nm8.access.bullet.mail.gq1.yahoo.com with NNFMP; 19 Mar 2015 03:10:16 -0000
Received: from [98.138.104.97] by tm7.access.bullet.mail.gq1.yahoo.com with NNFMP; 19 Mar 2015 03:10:16 -0000
Received: from [127.0.0.1] by smtp117.sbc.mail.ne1.yahoo.com with NNFMP; 19 Mar 2015 03:10:16 -0000
X-Yahoo-Newman-Id: 346710.6887.bm@smtp117.sbc.mail.ne1.yahoo.com
X-Yahoo-Newman-Property: ymail-3
X-YMail-OSG: kghC4gkVM1n5CWnlmbz3wfNApVF.R6VZ5GP_RK_ouaAOTbN XmBme9WwjQ06x.oYU1P0HYGIhCrJ.5ZnQ6xfnYv.KDKep9ibcEVz2_7Noicx yi2IKGzMIYIF5koVgGfqfqLbPbhUPMCrKK_KkJ4OHA0CmmDmR3DcvKtYWMsO Vrd.eNSt7z8N4sQVpmB3mLXXd94dnFIJAyqPtKnYThp8MHeeWsGb.QI2TlDF 8LAHphDUy.13l8hI3Fg35v9wkCKZp2EB8e9F9sYBt8TAIxiYwOXPkN_KKrIX FLEMKtdPf7NqwBrrFBl3ioB9FE0XtDMH7AMqCZZamhRYXyZNyYqFELpneZjO T.qGvKxUCKK7RUXdiG7Y8xQbl.OMUtAsGaXNYzf72_ZZCpCUG_iG1lDbXvqY E8E3a5IB0GpA41tViUWdbreXXnK6.zGRq_nwAjXI0gTmTdHEcWsT3HaTef9z d_8I._Zl5PV4VBUoF1bnbo6KkzDdamsF2PB.OC1O.7dk5qLl4qmWmAuS_AGE KL3VBUNbu31QBic2i8O6CBQHeg4L35xQMA.2sd1DEMwpfDKPHodjoBf__K3w fcdVhTWpOsxg0_wzW7ex0L9fUZNVCiIwdvoySsIa1wTPqrwUtOeSfrPXs7_t e
X-Yahoo-SMTP: 4kJJK.qswBDPuwyc5wW.BPAQqNXdy5j09UNyeAS0pyOQ708-
Received: from secure.mandelberg.org (c-76-24-31-176.hsd1.ma.comcast.net [76.24.31.176]) by uriel.mandelberg.org (Postfix) with ESMTPSA id C1BAA1C6052 for <sidr@ietf.org>; Wed, 18 Mar 2015 23:10:14 -0400 (EDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Date: Wed, 18 Mar 2015 23:10:14 -0400
From: David Mandelberg <david@mandelberg.org>
To: sidr@ietf.org
In-Reply-To: <D12DE2D7.49276%wesley.george@twcable.com>
References: <A5144FF9-FD2A-4284-A8FE-E0CB89F1E00F@tislabs.com> <9D70CAEF-22F9-44FC-A429-9CBEBA9EAE6C@tislabs.com> <D12DE2D7.49276%wesley.george@twcable.com>
Message-ID: <d41965db5354db75ff2fe74ca2c2103b@mail.mandelberg.org>
X-Sender: david@mandelberg.org
User-Agent: Roundcube Webmail/0.7.2
Archived-At: <http://mailarchive.ietf.org/arch/msg/sidr/CfKRSdZov-ImI6RlsF-e9OPpsyA>
Subject: Re: [sidr] WGLC for draft-ietf-sidr-rpki-rtr-rfc6810-bis-03
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Mar 2015 03:10:18 -0000

On 2015-03-17 14:29, George, Wes wrote:
> This
> may be as simple as recommending that in the case where data from 
> multiple
> caches is held and specific entries conflict with one another, there
> SHOULD be an odd number of caches so that there is basis for 
> comparison to
> determine which cache is out of sync or providing incorrect info. 
> (i.e.
> Have 3 so that you can go with the 2/3 that agree)

Are you suggesting comparison of all the data from each single cache as 
an atomic entity, or comparison of individual IPvX and Router Key PDUs?

If the former, then I think that would work fine as long as a majority 
(or maybe even a plurality) of the caches has the exact same data. But 
what does the router do if this is not the case? If the caches all 
download from the RPKI at different times, then I would expect it to be 
common for no two caches to have the same data.

If the latter, then the semantics depend heavily on exactly how the 
comparison is done. Lets say a CA simultaneously issues one ROA for {AS 
65536, 10.0.0.0/8} and another for {AS 65537, 10.0.0.0/8}. Some of the 
caches see the publication point before both ROAs are issued; some see 
the pub point after both ROAs are issued and published. Can you 
guarantee that the voting mechanism will always result in either both 
ROA payloads, or neither, being used? (If a router ends up using one but 
not the other, then a previously unknown route becomes invalid.)

-- 
David Eric Mandelberg / dseomn
http://david.mandelberg.org/

v2.23.0 | Report a Bug | By Email