[sidr] Question on draft-ietf-sidr-origin-ops-12

Danny McPherson <danny@tcb.net> Sat, 12 November 2011 17:21 UTC

Return-Path: <danny@tcb.net>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id C964521F8540 for <sidr@ietfa.amsl.com>; Sat, 12 Nov 2011 09:21:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.561
X-Spam-Status: No, score=-102.561 tagged_above=-999 required=5 tests=[AWL=0.038, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id p5ZKCXwIk3it for <sidr@ietfa.amsl.com>; Sat, 12 Nov 2011 09:21:02 -0800 (PST)
Received: from uu.ops-netman.net (morrowc-1-pt.tunnel.tserv13.ash1.ipv6.he.net [IPv6:2001:470:7:36e::2]) by ietfa.amsl.com (Postfix) with ESMTP id 3071521F8532 for <sidr@ietf.org>; Sat, 12 Nov 2011 09:21:02 -0800 (PST)
Received: from mailserver.ops-netman.net (mailserver.ops-netman.net []) by uu.ops-netman.net (Postfix) with ESMTP id D2E311900A1 for <sidr@ietf.org>; Sat, 12 Nov 2011 17:21:01 +0000 (UTC)
Received: from [] (unknown []) (Authenticated sender: danny@OPS-NETMAN.NET) by mailserver.ops-netman.net (Postfix) with ESMTPSA id 0197D320164 for <sidr@ietf.org>; Sat, 12 Nov 2011 17:21:00 +0000 (UTC)
From: Danny McPherson <danny@tcb.net>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Sat, 12 Nov 2011 12:20:58 -0500
Message-Id: <4F9F092F-2EF2-4B93-BD30-7BA8C6746B5C@tcb.net>
To: sidr wg list <sidr@ietf.org>
Mime-Version: 1.0 (Apple Message framework v1084)
X-Mailer: Apple Mail (2.1084)
Subject: [sidr] Question on draft-ietf-sidr-origin-ops-12
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 12 Nov 2011 17:21:02 -0000

Substantial comment similar to that made on pfx-validate:

We need to resolve the behavior for routes originated from the local AS
to find their way into a Valid state, as by current definition they can only be
"Not Found" or even "Invalid", even if ROAs exist in the mapping table for
the local AS.  The WG needs to agree on the proper accommodation  
and address it expressly in the text before this document is published.

Nits below:


Can you explain how it's "more likely to be noticed"?

"One advantage of minimal ROA length is that the forged origin attack
does not work for sub-prefixes that are not covered by overly long
max length.  E.g. if, instead of, one issues and, a forged origin attack can not succeed
against  They must attack the whole /16, which is more
likely to be noticed."

s/While an operator using RPKI data/An operator using RPKI data/


s/NotFound/Not Found/[g] throughout per the pfx-validate terminology.