Re: [sidr] pCNT & prepending

Geoff Huston <> Fri, 29 July 2011 00:54 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 74FAF11E8116 for <>; Thu, 28 Jul 2011 17:54:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -102.154
X-Spam-Status: No, score=-102.154 tagged_above=-999 required=5 tests=[AWL=0.445, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id kIsi47SXNkHw for <>; Thu, 28 Jul 2011 17:54:26 -0700 (PDT)
Received: from ( [IPv6:2001:dc0:2001:11::199]) by (Postfix) with ESMTP id 5896811E80C7 for <>; Thu, 28 Jul 2011 17:54:25 -0700 (PDT)
Received: from ( []) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTP id 79E85B673D; Fri, 29 Jul 2011 10:54:22 +1000 (EST)
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: text/plain; charset="us-ascii"
From: Geoff Huston <>
In-Reply-To: <>
Date: Fri, 29 Jul 2011 10:53:03 +1000
Content-Transfer-Encoding: quoted-printable
Message-Id: <>
References: <> <p0624080fca572d4618ba@[]> <>
To: Roque Gagliano <>
X-Mailer: Apple Mail (2.1084)
Cc: sidr wg list <>
Subject: Re: [sidr] pCNT & prepending
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 29 Jul 2011 00:54:26 -0000

On 29/07/2011, at 8:21 AM, Roque Gagliano wrote:

>> I think Roque's suggestion of an EKU to mark an EE cert as being associated with a route server is helpful here.  Yes, this is a self-assertion, and thus not authoritative.
>> But, it could be a convenient mechanism to assist in configuration for checking when it's OK to receive an update with a 0 pCNT value. Specifically, if we agree that an ISP knows when a configured peer is an RS, then we can mandate that an ISP check to make sure that an update received from a peer with a 0 pCNT is, in fact, coming from what it believes is an RS. Having a marker in a cert that says "HI, I'm an RS" at least makes this intent clear.  (One also could imagine that, since IXPs are well known and the route servers at IXPs are known, a third party could scan the RPKI looking for certs that claim to be associated with RSes, and checking to see if they appear to be legit.)
> About this last statement, the RIRs keep a list of IP Addresses for the IXPs, we could ask them to sign that list and include their ASN to increase the "confidence" that they really are RS. This could be checked by the validator.

I am not sure that the RIRs really are appropriate reference points as to the _purpose_ to which ASes are put to use from day to day, and much the same applies to the purpose of the use of IP addresses in routing.

I suggest that if would be perhaps better to look elsewhere and even to examine the validity of the assumed need for the injection of additional mechanisms of confidence into what I would phrase as a "policy conformance" issue rather than a "detection of lying in routing" issue.