Re: [sidr] Request for WG Last Call for draft-ietf-sidr-bogons-02.txt and draft-ietf-sidr-roa-validation-01.txt
Stephen Kent <kent@bbn.com> Mon, 01 December 2008 19:06 UTC
Return-Path: <sidr-bounces@ietf.org>
X-Original-To: sidr-archive@megatron.ietf.org
Delivered-To: ietfarch-sidr-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D7CBC3A6BA3; Mon, 1 Dec 2008 11:06:58 -0800 (PST)
X-Original-To: sidr@core3.amsl.com
Delivered-To: sidr@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 509AB3A6BA3 for <sidr@core3.amsl.com>; Mon, 1 Dec 2008 11:06:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.562
X-Spam-Level:
X-Spam-Status: No, score=-2.562 tagged_above=-999 required=5 tests=[AWL=0.038, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RZgGt+12v3Gp for <sidr@core3.amsl.com>; Mon, 1 Dec 2008 11:06:57 -0800 (PST)
Received: from mx11.bbn.com (mx11.bbn.com [128.33.0.80]) by core3.amsl.com (Postfix) with ESMTP id 6CB863A682B for <sidr@ietf.org>; Mon, 1 Dec 2008 11:06:57 -0800 (PST)
Received: from dommiel.bbn.com ([192.1.122.15] helo=[69.58.70.106]) by mx11.bbn.com with esmtp (Exim 4.60) (envelope-from <kent@bbn.com>) id 1L7E6e-0001BT-G1; Mon, 01 Dec 2008 14:06:53 -0500
Mime-Version: 1.0
Message-Id: <p06240500c559bde54579@[128.89.89.227]>
In-Reply-To: <AF626DBA-482A-4985-B149-F34450D25805@apnic.net>
References: <C542C40B.5166%andy@arin.net> <A3751517-D15C-45DD-B530-027758F36B04@apnic.net> <FC10BBCC-6144-4420-ACFC-9454F26444BE@tcb.net> <6F70023C-57B1-4C8D-8DDF-B9D7D8F139F9@apnic.net> <56AFA6B5-BCFB-4CDC-B921-3590F71CCBA0@tcb.net> <0072BC84-507D-497C-B8B6-0F26DE804316@apnic.net> <19318B76-0E1E-4DC5-8017-D2350352169C@tcb.net> <16C1A7B4-C46F-4354-B1F8-4AF8EB5249B9@apnic.net> <C4A37FE7-88F1-4DEC-AB81-CC2EC6A96C79@tcb.net> <AF626DBA-482A-4985-B149-F34450D25805@apnic.net>
Date: Mon, 01 Dec 2008 11:23:23 -0500
To: George Michaelson <ggm@apnic.net>
From: Stephen Kent <kent@bbn.com>
Cc: sidr@ietf.org
Subject: Re: [sidr] Request for WG Last Call for draft-ietf-sidr-bogons-02.txt and draft-ietf-sidr-roa-validation-01.txt
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Sender: sidr-bounces@ietf.org
Errors-To: sidr-bounces@ietf.org
At 6:12 PM -0600 11/24/08, George Michaelson wrote: >Some people now appear to want an *implicit* meaning of 'if not in >ROA, then excluded' -but, they also somehow want this to be >conditional. I an incremental deployment context, a context with which we will have to deal for several (many?) years, we can't reject all assertions that are not verifiable via use of ROAs. >Secondly, there is a semantic difference between 'all which is not >explicitly permitted is forbidden' and 'this is explicitly >forbidden'. ibid. >We have tried to make an explicit semantic around the word NOT: > > NOT prefix <x>/<y> > >ie do NOT accept <x>/<y> as a valid route. Thats what a BOA says. >its explicit what prefixes are being knocked out. > >Others seem to want an *implicit* NOT. But, it appears to be a >conditionally implicit NOT: how can you decide when it does, or does >not apply? > >This is of course two different problems: > >1) how do you conditionally flag it does or doesn't apply? The ROA >has no syntax for this >2) what is the scope of the "NOT" logic? > >in an explicit (BOA) world, the scope can be any prefix(s) you like: >its an explicit statement of intent around the NOT word. a BOA cannot make assertions about prefixes the issues does not control, so the statement above is not quite true. >in a world of ROA only, the only NOT you can have is "anything else" >so its demonstrably semantically weaker. I proposed issuing a ROA with an AS of 1, so that it would explicitly "trump" any non-authenticated assertions about the prefix(es) in question. That is a counter to the generally less-powerful ROA semantics, yet it requires no new processing by relying parties. That's why I prefer a ROA-based approach to a BOA-based approach. Steve _______________________________________________ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr
- [sidr] Request for WG Last Call for draft-ietf-si… Geoff Huston
- Re: [sidr] Request for WG Last Call for draft-iet… Randy Bush
- Re: [sidr] Request for WG Last Call for draft-iet… George Michaelson
- Re: [sidr] Request for WG Last Call for draft-iet… Randy Bush
- Re: [sidr] Request for WG Last Call for draft-iet… Geoff Huston
- Re: [sidr] Request for WG Last Call for draft-iet… Terry Manderson
- Re: [sidr] Request for WG Last Call for draft-iet… George Michaelson
- Re: [sidr] Request for WG Last Call for draft-iet… Andy Newton
- Re: [sidr] Request for WG Last Call for draft-iet… Geoff Huston
- Re: [sidr] Request for WG Last Call for draft-iet… Andy Newton
- Re: [sidr] Request for WG Last Call for draft-iet… Randy Bush
- Re: [sidr] Request for WG Last Call for draft-iet… Geoff Huston
- Re: [sidr] Request for WG Last Call for draft-iet… Geoff Huston
- Re: [sidr] Request for WG Last Call for draft-iet… Randy Bush
- Re: [sidr] Request for WG Last Call for draft-iet… Geoff Huston
- Re: [sidr] Request for WG Last Call for draft-iet… Danny McPherson
- Re: [sidr] Request for WG Last Call for draft-iet… Geoff Huston
- Re: [sidr] Request for WG Last Call for draft-iet… Samuel Weiler
- Re: [sidr] Request for WG Last Call for draft-iet… ksriram
- Re: [sidr] Request for WG Last Call for draft-iet… Geoff Huston
- Re: [sidr] Request for WG Last Call for draft-iet… Andy Newton
- Re: [sidr] Request for WG Last Call for draft-iet… ksriram
- Re: [sidr] Request for WG Last Call for draft-iet… Geoff Huston
- Re: [sidr] Request for WG Last Call for draft-iet… Randy Bush
- Re: [sidr] Request for WG Last Call for draft-iet… George Michaelson
- Re: [sidr] Request for WG Last Call for draft-iet… Roque Gagliano
- Re: [sidr] Request for WG Last Call for draft-iet… Randy Bush
- Re: [sidr] Request for WG Last Call for draft-iet… Sandra Murphy
- Re: [sidr] Request for WG Last Call for draft-iet… Geoff Huston
- Re: [sidr] Request for WG Last Call for draft-iet… Roque Gagliano
- Re: [sidr] Request for WG Last Call for draft-iet… Sandra Murphy
- Re: [sidr] Request for WG Last Call for draft-iet… Geoff Huston
- Re: [sidr] Request for WG Last Call for draft-iet… Danny McPherson
- Re: [sidr] Request for WG Last Call for draft-iet… Geoff Huston
- Re: [sidr] Request for WG Last Call for draft-iet… Danny McPherson
- Re: [sidr] Request for WG Last Call for draft-iet… Andy Newton
- Re: [sidr] Request for WG Last Call for draft-iet… Geoff Huston
- Re: [sidr] Request for WG Last Call for draft-iet… Danny McPherson
- Re: [sidr] Request for WG Last Call for draft-iet… Geoff Huston
- Re: [sidr] Request for WG Last Call for draft-iet… Danny McPherson
- Re: [sidr] Request for WG Last Call for draft-iet… George Michaelson
- Re: [sidr] Request for WG Last Call for draft-iet… Robert Loomans
- Re: [sidr] Request for WG Last Call for draft-iet… Geoff Huston
- Re: [sidr] Request for WG Last Call for draft-iet… Randy Bush
- Re: [sidr] Request for WG Last Call for draft-iet… Geoff Huston
- Re: [sidr] Request for WG Last Call for draft-iet… Randy Bush
- Re: [sidr] Request for WG Last Call for draft-iet… Danny McPherson
- Re: [sidr] Request for WG Last Call for draft-iet… Sandra Murphy
- Re: [sidr] Request for WG Last Call for draft-iet… Terry Manderson
- Re: [sidr] Request for WG Last Call for draft-iet… Geoff Huston
- Re: [sidr] Request for WG Last Call for draft-iet… Geoff Huston
- Re: [sidr] Request for WG Last Call for draft-iet… Andrew Partan
- Re: [sidr] Request for WG Last Call for draft-iet… Randy Bush
- Re: [sidr] Request for WG Last Call for draft-iet… Randy Bush
- Re: [sidr] Request for WG Last Call for draft-iet… Randy Bush
- Re: [sidr] Request for WG Last Call for draft-iet… Terry Manderson
- Re: [sidr] Request for WG Last Call for draft-iet… George Michaelson
- Re: [sidr] Request for WG Last Call for draft-iet… Randy Bush
- Re: [sidr] Request for WG Last Call for draft-iet… Randy Bush
- Re: [sidr] Request for WG Last Call for draft-iet… George Michaelson
- Re: [sidr] Request for WG Last Call for draft-iet… Randy Bush
- Re: [sidr] Request for WG Last Call for draft-iet… George Michaelson
- Re: [sidr] Request for WG Last Call for draft-iet… Terry Manderson
- Re: [sidr] Request for WG Last Call for draft-iet… Randy Bush
- Re: [sidr] Request for WG Last Call for draft-iet… Terry Manderson
- Re: [sidr] Request for WG Last Call for draft-iet… Sandra Murphy
- Re: [sidr] Request for WG Last Call for draft-iet… George Michaelson
- Re: [sidr] Request for WG Last Call for draft-iet… Stephen Kent
- Re: [sidr] Request for WG Last Call for draft-iet… Stephen Kent
- Re: [sidr] Request for WG Last Call for draft-iet… Geoff Huston
- Re: [sidr] Request for WG Last Call for draft-iet… Danny McPherson
- Re: [sidr] Request for WG Last Call for draft-iet… Danny McPherson
- Re: [sidr] Request for WG Last Call for draft-iet… Geoff Huston
- Re: [sidr] Request for WG Last Call for draft-iet… Sandra Murphy
- Re: [sidr] Request for WG Last Call for draft-iet… Randy Bush
- Re: [sidr] Request for WG Last Call fordraft-ietf… Pradosh Mohapatra (pmohapat)
- Re: [sidr] Request for WG Last Call fordraft-ietf… Randy Bush
- Re: [sidr] Request for WG Last Call fordraft-ietf… Pradosh Mohapatra (pmohapat)
- Re: [sidr] Request for WG Last Call fordraft-ietf… Randy Bush
- Re: [sidr] Request for WG Last Call fordraft-ietf… Geoff Huston
- Re: [sidr] Request for WG Last Call for draft-iet… Danny McPherson
- Re: [sidr] Request for WG Last Call for draft-iet… Danny McPherson
- Re: [sidr] Request for WG Last Call fordraft-ietf… Danny McPherson
- Re: [sidr] Request for WG Last Call fordraft-ietf… Pradosh Mohapatra (pmohapat)
- Re: [sidr] Request for WG Last Call fordraft-ietf… Geoff Huston
- Re: [sidr] Request for WG Last Call fordraft-ietf… Pradosh Mohapatra (pmohapat)
- Re: [sidr] Request for WG Last Call fordraft-ietf… Geoff Huston
- Re: [sidr] Request for WG Last Call for draft-iet… Sandra Murphy
- Re: [sidr] Request for WG Last Call fordraft-ietf… Sandra Murphy
- Re: [sidr] Request for WG Last Call fordraft-ietf… Sandra Murphy
- Re: [sidr] Request for WG Last Call for draft-iet… Stephen Kent
- Re: [sidr] Request for WG Last Call for draft-iet… Andrew Newton
- Re: [sidr] Request for WG Last Call for draft-iet… Stephen Kent
- Re: [sidr] Request for WG Last Call for draft-iet… Andrew Newton
- Re: [sidr] Request for WG Last Call for draft-iet… Stephen Kent