Re: [sidr] New Version Notification for draft-kklf-sidr-route-server-rpki-light-00.txt
"Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov> Mon, 28 March 2016 20:14 UTC
Return-Path: <kotikalapudi.sriram@nist.gov>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 489F912D0BC for <sidr@ietfa.amsl.com>; Mon, 28 Mar 2016 13:14:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nistgov.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Dvpv7BuE4aNO for <sidr@ietfa.amsl.com>; Mon, 28 Mar 2016 13:14:13 -0700 (PDT)
Received: from gcc01-dm2-obe.outbound.protection.outlook.com (mail-dm2gcc01on0127.outbound.protection.outlook.com [23.103.201.127]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4446A12DB93 for <sidr@ietf.org>; Mon, 28 Mar 2016 13:14:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nistgov.onmicrosoft.com; s=selector1-nist-gov; h=From:To:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=pW322NrRNbjiAEXkgOVVzPkOxerqcA/c6c4dUy7vrRw=; b=VtnvvL1YofuGwXhbblg0ZJbu+LwT2sgLOetcRiImVHWEAa4BZAUuURVYx7yFpl4yCVbXsKtC129xac0p+HDoBW+/CIIrFW9ceOKWhwKQDoihuoNA3M4qzHmui4834d7umIMFBnyB6laoBTGO3VjJi9L/3HAxT1HL5HKYcsdaZ2c=
Received: from CY1PR09MB0793.namprd09.prod.outlook.com (10.163.43.143) by CY1PR09MB0795.namprd09.prod.outlook.com (10.163.43.145) with Microsoft SMTP Server (TLS) id 15.1.447.15; Mon, 28 Mar 2016 20:14:12 +0000
Received: from CY1PR09MB0793.namprd09.prod.outlook.com ([10.163.43.143]) by CY1PR09MB0793.namprd09.prod.outlook.com ([10.163.43.143]) with mapi id 15.01.0447.023; Mon, 28 Mar 2016 20:14:12 +0000
From: "Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov>
To: Thomas King <thomas.king@de-cix.net>, "sidr@ietf.org" <sidr@ietf.org>
Thread-Topic: New Version Notification for draft-kklf-sidr-route-server-rpki-light-00.txt
Thread-Index: AQHRNnoeBTQtz7wo5UuIHjaJS1blSp9v6Szw
Date: Mon, 28 Mar 2016 20:14:11 +0000
Message-ID: <CY1PR09MB07936F92A7528605204D152C84860@CY1PR09MB0793.namprd09.prod.outlook.com>
References: <20151214141704.6060.4078.idtracker@ietfa.amsl.com> <91A4DE37-13EF-4E45-9D7D-49C1D271D6A9@de-cix.net>
In-Reply-To: <91A4DE37-13EF-4E45-9D7D-49C1D271D6A9@de-cix.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: de-cix.net; dkim=none (message not signed) header.d=none;de-cix.net; dmarc=none action=none header.from=nist.gov;
x-originating-ip: [129.6.140.122]
x-ms-office365-filtering-correlation-id: 4fa5b42c-95b0-403d-ef53-08d357458724
x-microsoft-exchange-diagnostics: 1; CY1PR09MB0795; 5:LarWvdyGNCp7QQRdoLqM+LyO/FOWRW/UCqawEcBSG4mnZI6obvHoKTS1wnj6X1l8NHHswMhBn0JgEOMAf42+pmzr/SJqdB/jqJJrgo5jPi/zfeNb3PRgmveQ85OT0KxEer/nR4R8ksSvZdxf6HsHtA==; 24:kD4qF644/GC80z3qndWS79KrGEpTiAgc/aNAKoK9kE6jhdYtD1K6PkCbkHuI+nO0zZkAEpgsWfAlJjieskG9GLlBxwZNT8bOyRlgDjhOC2s=
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:CY1PR09MB0795;
x-microsoft-antispam-prvs: <CY1PR09MB0795735682F71A18920F162884860@CY1PR09MB0795.namprd09.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(2401047)(8121501046)(5005006)(3002001)(10201501046); SRVR:CY1PR09MB0795; BCL:0; PCL:0; RULEID:; SRVR:CY1PR09MB0795;
x-forefront-prvs: 0895DF8FFD
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(2906002)(66066001)(10400500002)(2900100001)(87936001)(77096005)(2950100001)(11100500001)(5008740100001)(5002640100001)(74316001)(76576001)(2501003)(5003600100002)(3280700002)(3660700001)(81166005)(15650500001)(122556002)(107886002)(76176999)(50986999)(33656002)(189998001)(99286002)(5001770100001)(54356999)(586003)(102836003)(92566002)(1096002)(3846002)(86362001)(6116002)(230783001)(106116001)(5004730100002)(1220700001); DIR:OUT; SFP:1102; SCL:1; SRVR:CY1PR09MB0795; H:CY1PR09MB0793.namprd09.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Mar 2016 20:14:11.6682 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR09MB0795
Archived-At: <http://mailarchive.ietf.org/arch/msg/sidr/aUkPvzRNJ_2yYme62bmHW7QPFa4>
Subject: Re: [sidr] New Version Notification for draft-kklf-sidr-route-server-rpki-light-00.txt
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Mar 2016 20:14:15 -0000
I read the draft. A few comments: 1. RPKI validation refers to checking cryptographic integrity of the RPKI objects such as certs, ROAs, etc. What you intend to signal from RS to peers is prefix-origin validation results (RFC 6811). s/RPKI validation results/ prefix-origin validation results/g 2. "Route-servers providing RPKI-based route origin validation set the validation state according to the RPKI validation result (see [I-D.ietf-sidr-rpki-validation-reconsidered])." (in Section 2) The reference cited here is incorrect. It should be RFC 6811. RFC 6811 defines the prefix-origin validation states and also provides the validation algorithm. 3. How do you signal that the RS did not perform validation on an update (for whatever reason). Is that implicitly conveyed when the "Prefix Origin Validation State Extended Community" is absent in the update forwarded to peers? May be it needs to be said in the draft. For instance, 'Not Found' should not be used as default value in the extended community. 'Did not perform validation' should not be equated to 'Not Found'. Sriram
- [sidr] Fwd: New Version Notification for draft-kk… Thomas King
- Re: [sidr] New Version Notification for draft-kkl… Sriram, Kotikalapudi (Fed)
- Re: [sidr] New Version Notification for draft-kkl… Thomas King
- Re: [sidr] New Version Notification for draft-kkl… Thomas King
- Re: [sidr] New Version Notification for draft-kkl… Matthias Waehlisch
- Re: [sidr] New Version Notification for draft-kkl… Thomas King
- Re: [sidr] New Version Notification for draft-kkl… Randy Bush
- Re: [sidr] New Version Notification for draft-kkl… Thomas King