Re: [sidr] Request for WG Last Call for draft-ietf-sidr-bogons-02.txt and draft-ietf-sidr-roa-validation-01.txt
Danny McPherson <danny@tcb.net> Tue, 02 December 2008 02:30 UTC
Return-Path: <sidr-bounces@ietf.org>
X-Original-To: sidr-archive@megatron.ietf.org
Delivered-To: ietfarch-sidr-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0B4183A6AA7; Mon, 1 Dec 2008 18:30:01 -0800 (PST)
X-Original-To: sidr@core3.amsl.com
Delivered-To: sidr@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5272E3A6AA7 for <sidr@core3.amsl.com>; Mon, 1 Dec 2008 18:29:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.066
X-Spam-Level:
X-Spam-Status: No, score=-1.066 tagged_above=-999 required=5 tests=[AWL=0.051, BAYES_00=-2.599, DNS_FROM_RFC_BOGUSMX=1.482]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2kI7md2wl3o7 for <sidr@core3.amsl.com>; Mon, 1 Dec 2008 18:29:58 -0800 (PST)
Received: from dog.tcb.net (dog.tcb.net [64.78.150.133]) by core3.amsl.com (Postfix) with ESMTP id 72F8F3A689F for <sidr@ietf.org>; Mon, 1 Dec 2008 18:29:58 -0800 (PST)
Received: by dog.tcb.net (Postfix, from userid 0) id CDC27268766; Mon, 1 Dec 2008 19:29:54 -0700 (MST)
Received: from [192.168.0.100] (97-122-99-176.hlrn.qwest.net [97.122.99.176]) (authenticated-user danny) (TLSv1/SSLv3 AES128-SHA 128/128) by dog.tcb.net with SMTP; Mon, 01 Dec 2008 19:29:54 -0700 (MST) (envelope-from danny@tcb.net)
X-Avenger: version=0.7.8; receiver=dog.tcb.net; client-ip=97.122.99.176; client-port=52242; syn-fingerprint=65535:55:1:64:M1316,N,W3,N,N,T,S; data-bytes=0
Message-Id: <4A1F98FD-F5A8-4294-8D9F-A414DBBD9613@tcb.net>
From: Danny McPherson <danny@tcb.net>
To: Geoff Huston <gih@apnic.net>
In-Reply-To: <76720B94-5516-48BB-9D83-F3182969A6DE@apnic.net>
Mime-Version: 1.0 (Apple Message framework v929.2)
Date: Mon, 01 Dec 2008 19:29:53 -0700
References: <C542C40B.5166%andy@arin.net> <A3751517-D15C-45DD-B530-027758F36B04@apnic.net> <FC10BBCC-6144-4420-ACFC-9454F26444BE@tcb.net> <6F70023C-57B1-4C8D-8DDF-B9D7D8F139F9@apnic.net> <56AFA6B5-BCFB-4CDC-B921-3590F71CCBA0@tcb.net> <0072BC84-507D-497C-B8B6-0F26DE804316@apnic.net> <19318B76-0E1E-4DC5-8017-D2350352169C@tcb.net> <16C1A7B4-C46F-4354-B1F8-4AF8EB5249B9@apnic.net> <C4A37FE7-88F1-4DEC-AB81-CC2EC6A96C79@tcb.net> <D1AE3911-CBB9-451A-AE47-CB254E403DED@apnic.net> <EC1B7F06-4137-4F97-8EE5-7676DB0E7155@tcb.net> <BD48FF05-04D0-4B71-AF1B-F074E0199202@apnic.net> <A09B46E4-02B0-4825-888C-CA24CD68EF50@tcb.net> <CB9CD7AF-8CD3-4636-8D64-E876B9216B47@apnic.net> <264FCEF8-3DD1-49AB-B41F-56FD0A1B2870@tcb.net> <76720B94-5516-48BB-9D83-F3182969A6DE@apnic.net>
X-Mailer: Apple Mail (2.929.2)
Cc: sidr@ietf.org
Subject: Re: [sidr] Request for WG Last Call for draft-ietf-sidr-bogons-02.txt and draft-ietf-sidr-roa-validation-01.txt
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"; DelSp="yes"
Sender: sidr-bounces@ietf.org
Errors-To: sidr-bounces@ietf.org
On Dec 1, 2008, at 4:00 PM, Geoff Huston wrote: > I'm sorry, but I cannot see any logic in that response. If I do not > give my authorization and I would like to inform everyone else that > any use of this address, or this AS is an instance of a hijack A hijack, that's new.. So, publish a BOA for each professed hijack, so that when it's picked up 24 hours later folks can filter based on a BOA? It'll be interested to project how folks would automate such a BOA publication model. > then your response seems to be saying to me that I should not do > anything. If that is what you are saying then it seems to be a > totally ineffectual course of action in my opinion. No, you're saying you're doing this to support incremental deployment, I'm saying that capability doesn't exist today and will clearly only complicate things down the road - e.g., who's ever going to remove a BOA - sound familiar (e.g., who ever removes a stale IRR object, which is a positive thing)? What existing capability are you adapting to RPKI? > My apologies - we are not allowed to talk about transit yet as its > not an agreed requirement coming out of RSPSEC. So if I remove "nor > as a transit AS" and sundry words then I trust that the point I was > making is amply clear. I don't consider it "sundry", it's a very important distinction, and suggesting that BOAs add some capability that ROAs or SIDR can't help with along the lines of looking for potential bogon ASNs in a is misleading at best. >> I still don't by it.. As an operator, you tell me who is authorized >> to originate and that's the only origin AS I accept. That's easier >> to >> configure in a router, requires less objects in the RPKI, and makes >> life >> much simpler. > > No security at all makes like enormously simpler. At some point it > is necessary to understand what makes a robust security environemnt > even in a world of partial use and piecemeal adoptions and then work > through the issues related to operational deployment. But you appear > to have some other approach in mind. Right, and adding new capabilities (e.g., telling everyone via means that are clearly not real time, and may be delayed for a day or more, via a global RPKI, that your route has been hijacked and should NOT be advertised by Miguel in Mexico, it just doesn't seem like a clean way to build this architecture to me - especially when you're asking folks to configure routers or implement control plane state and memory based on the contents of this RPKI. -danny _______________________________________________ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr
- [sidr] Request for WG Last Call for draft-ietf-si… Geoff Huston
- Re: [sidr] Request for WG Last Call for draft-iet… Randy Bush
- Re: [sidr] Request for WG Last Call for draft-iet… George Michaelson
- Re: [sidr] Request for WG Last Call for draft-iet… Randy Bush
- Re: [sidr] Request for WG Last Call for draft-iet… Geoff Huston
- Re: [sidr] Request for WG Last Call for draft-iet… Terry Manderson
- Re: [sidr] Request for WG Last Call for draft-iet… George Michaelson
- Re: [sidr] Request for WG Last Call for draft-iet… Andy Newton
- Re: [sidr] Request for WG Last Call for draft-iet… Geoff Huston
- Re: [sidr] Request for WG Last Call for draft-iet… Andy Newton
- Re: [sidr] Request for WG Last Call for draft-iet… Randy Bush
- Re: [sidr] Request for WG Last Call for draft-iet… Geoff Huston
- Re: [sidr] Request for WG Last Call for draft-iet… Geoff Huston
- Re: [sidr] Request for WG Last Call for draft-iet… Randy Bush
- Re: [sidr] Request for WG Last Call for draft-iet… Geoff Huston
- Re: [sidr] Request for WG Last Call for draft-iet… Danny McPherson
- Re: [sidr] Request for WG Last Call for draft-iet… Geoff Huston
- Re: [sidr] Request for WG Last Call for draft-iet… Samuel Weiler
- Re: [sidr] Request for WG Last Call for draft-iet… ksriram
- Re: [sidr] Request for WG Last Call for draft-iet… Geoff Huston
- Re: [sidr] Request for WG Last Call for draft-iet… Andy Newton
- Re: [sidr] Request for WG Last Call for draft-iet… ksriram
- Re: [sidr] Request for WG Last Call for draft-iet… Geoff Huston
- Re: [sidr] Request for WG Last Call for draft-iet… Randy Bush
- Re: [sidr] Request for WG Last Call for draft-iet… George Michaelson
- Re: [sidr] Request for WG Last Call for draft-iet… Roque Gagliano
- Re: [sidr] Request for WG Last Call for draft-iet… Randy Bush
- Re: [sidr] Request for WG Last Call for draft-iet… Sandra Murphy
- Re: [sidr] Request for WG Last Call for draft-iet… Geoff Huston
- Re: [sidr] Request for WG Last Call for draft-iet… Roque Gagliano
- Re: [sidr] Request for WG Last Call for draft-iet… Sandra Murphy
- Re: [sidr] Request for WG Last Call for draft-iet… Geoff Huston
- Re: [sidr] Request for WG Last Call for draft-iet… Danny McPherson
- Re: [sidr] Request for WG Last Call for draft-iet… Geoff Huston
- Re: [sidr] Request for WG Last Call for draft-iet… Danny McPherson
- Re: [sidr] Request for WG Last Call for draft-iet… Andy Newton
- Re: [sidr] Request for WG Last Call for draft-iet… Geoff Huston
- Re: [sidr] Request for WG Last Call for draft-iet… Danny McPherson
- Re: [sidr] Request for WG Last Call for draft-iet… Geoff Huston
- Re: [sidr] Request for WG Last Call for draft-iet… Danny McPherson
- Re: [sidr] Request for WG Last Call for draft-iet… George Michaelson
- Re: [sidr] Request for WG Last Call for draft-iet… Robert Loomans
- Re: [sidr] Request for WG Last Call for draft-iet… Geoff Huston
- Re: [sidr] Request for WG Last Call for draft-iet… Randy Bush
- Re: [sidr] Request for WG Last Call for draft-iet… Geoff Huston
- Re: [sidr] Request for WG Last Call for draft-iet… Randy Bush
- Re: [sidr] Request for WG Last Call for draft-iet… Danny McPherson
- Re: [sidr] Request for WG Last Call for draft-iet… Sandra Murphy
- Re: [sidr] Request for WG Last Call for draft-iet… Terry Manderson
- Re: [sidr] Request for WG Last Call for draft-iet… Geoff Huston
- Re: [sidr] Request for WG Last Call for draft-iet… Geoff Huston
- Re: [sidr] Request for WG Last Call for draft-iet… Andrew Partan
- Re: [sidr] Request for WG Last Call for draft-iet… Randy Bush
- Re: [sidr] Request for WG Last Call for draft-iet… Randy Bush
- Re: [sidr] Request for WG Last Call for draft-iet… Randy Bush
- Re: [sidr] Request for WG Last Call for draft-iet… Terry Manderson
- Re: [sidr] Request for WG Last Call for draft-iet… George Michaelson
- Re: [sidr] Request for WG Last Call for draft-iet… Randy Bush
- Re: [sidr] Request for WG Last Call for draft-iet… Randy Bush
- Re: [sidr] Request for WG Last Call for draft-iet… George Michaelson
- Re: [sidr] Request for WG Last Call for draft-iet… Randy Bush
- Re: [sidr] Request for WG Last Call for draft-iet… George Michaelson
- Re: [sidr] Request for WG Last Call for draft-iet… Terry Manderson
- Re: [sidr] Request for WG Last Call for draft-iet… Randy Bush
- Re: [sidr] Request for WG Last Call for draft-iet… Terry Manderson
- Re: [sidr] Request for WG Last Call for draft-iet… Sandra Murphy
- Re: [sidr] Request for WG Last Call for draft-iet… George Michaelson
- Re: [sidr] Request for WG Last Call for draft-iet… Stephen Kent
- Re: [sidr] Request for WG Last Call for draft-iet… Stephen Kent
- Re: [sidr] Request for WG Last Call for draft-iet… Geoff Huston
- Re: [sidr] Request for WG Last Call for draft-iet… Danny McPherson
- Re: [sidr] Request for WG Last Call for draft-iet… Danny McPherson
- Re: [sidr] Request for WG Last Call for draft-iet… Geoff Huston
- Re: [sidr] Request for WG Last Call for draft-iet… Sandra Murphy
- Re: [sidr] Request for WG Last Call for draft-iet… Randy Bush
- Re: [sidr] Request for WG Last Call fordraft-ietf… Pradosh Mohapatra (pmohapat)
- Re: [sidr] Request for WG Last Call fordraft-ietf… Randy Bush
- Re: [sidr] Request for WG Last Call fordraft-ietf… Pradosh Mohapatra (pmohapat)
- Re: [sidr] Request for WG Last Call fordraft-ietf… Randy Bush
- Re: [sidr] Request for WG Last Call fordraft-ietf… Geoff Huston
- Re: [sidr] Request for WG Last Call for draft-iet… Danny McPherson
- Re: [sidr] Request for WG Last Call for draft-iet… Danny McPherson
- Re: [sidr] Request for WG Last Call fordraft-ietf… Danny McPherson
- Re: [sidr] Request for WG Last Call fordraft-ietf… Pradosh Mohapatra (pmohapat)
- Re: [sidr] Request for WG Last Call fordraft-ietf… Geoff Huston
- Re: [sidr] Request for WG Last Call fordraft-ietf… Pradosh Mohapatra (pmohapat)
- Re: [sidr] Request for WG Last Call fordraft-ietf… Geoff Huston
- Re: [sidr] Request for WG Last Call for draft-iet… Sandra Murphy
- Re: [sidr] Request for WG Last Call fordraft-ietf… Sandra Murphy
- Re: [sidr] Request for WG Last Call fordraft-ietf… Sandra Murphy
- Re: [sidr] Request for WG Last Call for draft-iet… Stephen Kent
- Re: [sidr] Request for WG Last Call for draft-iet… Andrew Newton
- Re: [sidr] Request for WG Last Call for draft-iet… Stephen Kent
- Re: [sidr] Request for WG Last Call for draft-iet… Andrew Newton
- Re: [sidr] Request for WG Last Call for draft-iet… Stephen Kent