Re: [sidr] revision to draft-ietf-sidr-roa-validation
Terry Manderson <terry@terrym.net> Tue, 26 May 2009 23:39 UTC
Return-Path: <terry.mndrsn@gmail.com>
X-Original-To: sidr@core3.amsl.com
Delivered-To: sidr@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3B3783A69EB for <sidr@core3.amsl.com>; Tue, 26 May 2009 16:39:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7t-xM0GZlqv5 for <sidr@core3.amsl.com>; Tue, 26 May 2009 16:39:36 -0700 (PDT)
Received: from fg-out-1718.google.com (fg-out-1718.google.com [72.14.220.158]) by core3.amsl.com (Postfix) with ESMTP id E93E23A6822 for <sidr@ietf.org>; Tue, 26 May 2009 16:39:35 -0700 (PDT)
Received: by fg-out-1718.google.com with SMTP id 13so1214322fge.18 for <sidr@ietf.org>; Tue, 26 May 2009 16:40:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:sender:cc:message-id:from:to :in-reply-to:content-type:content-transfer-encoding:mime-version :subject:date:references:x-mailer; bh=AUbnO4GhP8Un5QIfWSkQ5VsiCxenK0lZ+iTv8Vv518w=; b=eRv3sanEvJNefsAdWEyzfIip0ZKfTmjAPAnPeZXp7BqwTmW+AKkAEktwcu4c0O2Xum lA6QGbK3LiYOA3EYtWnIR6Fwk7xvQSz2VxiezBiobzzxA61pHuNazOpBlPj5S4n8oURS 3SW8F2E+XSMBRNdgho37bNiplpPNU77w/sUcU=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=sender:cc:message-id:from:to:in-reply-to:content-type :content-transfer-encoding:mime-version:subject:date:references :x-mailer; b=jZtb8/SAab7TWYahLzWpLF1l/timpc/cY1fhxOroHIR6lOvG1E2s6bkoEBh5PuuDYf q0hlJnafy5IS2Q086NjYyMY1Uz31UctrM/Uuj4w26WMdKequ7EZasO7wpYPSwfuwEzGL RLLvyOePL3N2usixzq/PJpUaeUhCaFiUkZ4KI=
Received: by 10.86.4.7 with SMTP id 7mr7562683fgd.46.1243381259110; Tue, 26 May 2009 16:40:59 -0700 (PDT)
Received: from ?192.168.1.101? ([114.77.128.245]) by mx.google.com with ESMTPS id d6sm14322989fga.17.2009.05.26.16.40.55 (version=TLSv1/SSLv3 cipher=RC4-MD5); Tue, 26 May 2009 16:40:57 -0700 (PDT)
Sender: Terry Manderson <terry.mndrsn@gmail.com>
Message-Id: <BDB8E8C2-0141-40F0-9471-1343D6ACB10E@terrym.net>
From: Terry Manderson <terry@terrym.net>
To: Geoff Huston <gih@apnic.net>
In-Reply-To: <561CF52A-FFDE-409A-81B4-0A68F5C73718@apnic.net>
Content-Type: text/plain; charset="US-ASCII"; format="flowed"; delsp="yes"
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v930.3)
Date: Wed, 27 May 2009 09:40:49 +1000
References: <561CF52A-FFDE-409A-81B4-0A68F5C73718@apnic.net>
X-Mailer: Apple Mail (2.930.3)
Cc: sidr@ietf.org, Sandy Murphy <sandy@tislabs.com>
Subject: Re: [sidr] revision to draft-ietf-sidr-roa-validation
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 May 2009 23:39:37 -0000
On 27/05/2009, at 6:39 AM, Geoff Huston wrote: > Hi Sandy, > > WG co-chair hat OFF. > > Following the WG discussion on the topic of ROA validation at IETF > 74 the draft's authors gained the > impression that the rough consensus position from the last SIDR WG > meeting was to drop to drop the concept of BOAs and use only ROAs. Please be clear that impression is only that of the authors of the ROA validation draft and any others that may be against the idea of saying "no, this resource may not be routed". I don't recall a 'raise hands' or 'hum' call for dropping the BOA idea at the WG. Perhaps that question can be asked at Stockholm, however I think the observation raised in IETF 74, that without well defined use cases which would lead to what objects (and functions) are appropriate, it is amazingly premature to drop the BOA concept midway. Fine to suggest it - but understand the reasons why. My personal observation of IETF 74 was a glaring misunderstanding of the concept of negative attestation versus contradictory attestation. A negative attestation like that provided by a BOA is a perfectly valid and well used security construct. In fact, every security product in existence uses it. Should RPKI not have such an ability leaves it bereft of the expected controls that a resource holder may need. An additional (personal) observation is that the BOA in its original form was far reaching and usurped the make before break concept. This is rectified in the latest revision draft-ietf-sidr-bogons-03.txt to allow only the valid resource holder to make such statements. > The authors have prepared a revision to the WG document that > reflects that understanding. However, the authors would like to > confirm that impression with yourself as the relevant co-chair and > with the WG, via this note, before submitting this document as draft- > ietf-sidr-roa-validation-02.txt. You, and WG members of course, can > review the proposed revisions to the WG document that reflect what > the authors believe is the WG's rough consensus position on this > topic at draft-huston-sidr-roa-validation-01.txt However - that said, I think untangling the BOA from ROA validation is the right thing to do, just not for the reasons you state. ROAs are the higher order object, any other RPKI object in a make before break paradigm must be in deference to the ROA. Terry
- [sidr] revision to draft-ietf-sidr-roa-validation Geoff Huston
- Re: [sidr] revision to draft-ietf-sidr-roa-valida… Rob Austein
- Re: [sidr] revision to draft-ietf-sidr-roa-valida… Terry Manderson
- Re: [sidr] revision to draft-ietf-sidr-roa-valida… Geoff Huston
- Re: [sidr] revision to draft-ietf-sidr-roa-valida… Rob Austein
- Re: [sidr] revision to draft-ietf-sidr-roa-valida… Geoff Huston
- Re: [sidr] revision to draft-ietf-sidr-roa-valida… Terry Manderson
- Re: [sidr] revision to draft-ietf-sidr-roa-valida… Geoff Huston
- Re: [sidr] revision to draft-ietf-sidr-roa-valida… Terry Manderson
- Re: [sidr] revision to draft-ietf-sidr-roa-valida… George Michaelson
- Re: [sidr] revision to draft-ietf-sidr-roa-valida… Terry Manderson
- Re: [sidr] revision to draft-ietf-sidr-roa-valida… Rob Austein
- Re: [sidr] revision to draft-ietf-sidr-roa-valida… Sandra Murphy
- Re: [sidr] revision to draft-ietf-sidr-roa-valida… Pradosh Mohapatra (pmohapat)
- Re: [sidr] revision to draft-ietf-sidr-roa-valida… Rob Austein
- Re: [sidr] revision to draft-ietf-sidr-roa-valida… Terry Manderson
- Re: [sidr] revision to draft-ietf-sidr-roa-valida… Terry Manderson
- Re: [sidr] revision to draft-ietf-sidr-roa-valida… Rob Austein
- Re: [sidr] revision to draft-ietf-sidr-roa-valida… Terry Manderson
- Re: [sidr] revision to draft-ietf-sidr-roa-valida… Rob Austein
- Re: [sidr] revision to draft-ietf-sidr-roa-valida… Terry Manderson
- Re: [sidr] revision to draft-ietf-sidr-roa-valida… Stephen Kent
- Re: [sidr] revision to draft-ietf-sidr-roa-valida… Stephen Kent
- [sidr] Soft Decision during Incremental Adoption Sriram, Kotikalapudi
- Re: [sidr] revision to draft-ietf-sidr-roa-valida… Geoff Huston
- Re: [sidr] revision to draft-ietf-sidr-roa-valida… Terry Manderson
- Re: [sidr] Soft Decision during Incremental Adopt… Larry Blunk
- Re: [sidr] Soft Decision during Incremental Adopt… Sriram, Kotikalapudi
- Re: [sidr] revision to draft-ietf-sidr-roa-valida… Stephen Kent
- Re: [sidr] revision to draft-ietf-sidr-roa-valida… George Michaelson
- Re: [sidr] revision to draft-ietf-sidr-roa-valida… Geoff Huston
- Re: [sidr] revision to draft-ietf-sidr-roa-valida… Basil Dolmatov
- Re: [sidr] revision to draft-ietf-sidr-roa-valida… Robert Kisteleki
- Re: [sidr] revision to draft-ietf-sidr-roa-valida… Terry Manderson
- Re: [sidr] revision to draft-ietf-sidr-roa-valida… Andy Newton
- Re: [sidr] Soft Decision during Incremental Adopt… Larry Blunk
- Re: [sidr] Soft Decision during Incremental Adopt… Robert Kisteleki
- Re: [sidr] Soft Decision during Incremental Adopt… Larry Blunk
- Re: [sidr] Soft Decision during Incremental Adopt… Tony Tauber
- Re: [sidr] revision to draft-ietf-sidr-roa-valida… Randy Bush
- Re: [sidr] revision to draft-ietf-sidr-roa-valida… Randy Bush
- Re: [sidr] revision to draft-ietf-sidr-roa-valida… Randy Bush
- Re: [sidr] revision to draft-ietf-sidr-roa-valida… Terry Manderson
- Re: [sidr] revision to draft-ietf-sidr-roa-valida… Randy Bush
- Re: [sidr] revision to draft-ietf-sidr-roa-valida… Terry Manderson
- Re: [sidr] revision to draft-ietf-sidr-roa-valida… Randy Bush
- Re: [sidr] revision to draft-ietf-sidr-roa-valida… Terry Manderson
- Re: [sidr] revision to draft-ietf-sidr-roa-valida… Christopher Morrow
- Re: [sidr] revision to draft-ietf-sidr-roa-valida… Sandy Murphy
- Re: [sidr] revision to draft-ietf-sidr-roa-valida… Sandy Murphy
- Re: [sidr] revision to draft-ietf-sidr-roa-valida… Sandy Murphy
- Re: [sidr] revision to draft-ietf-sidr-roa-valida… Sriram, Kotikalapudi
- Re: [sidr] revision to draft-ietf-sidr-roa-valida… Pradosh Mohapatra (pmohapat)
- Re: [sidr] revision to draft-ietf-sidr-roa-valida… Pradosh Mohapatra (pmohapat)
- Re: [sidr] revision to draft-ietf-sidr-roa-valida… Sriram, Kotikalapudi
- Re: [sidr] revision to draft-ietf-sidr-roa-valida… Randy Bush
- Re: [sidr] revision to draft-ietf-sidr-roa-valida… Randy Bush
- Re: [sidr] revision to draft-ietf-sidr-roa-valida… bmanning
- Re: [sidr] revision to draft-ietf-sidr-roa-valida… Randy Bush
- Re: [sidr] revision to draft-ietf-sidr-roa-valida… Randy Bush
- Re: [sidr] revision to draft-ietf-sidr-roa-valida… Terry Manderson
- Re: [sidr] revision to draft-ietf-sidr-roa-valida… Sriram, Kotikalapudi