IETF Logo Mail Archive

Re: [sidr] RPKI <-> allocation consistency

Brian Dickson <brian.peter.dickson@gmail.com> Fri, 31 August 2012 14:13 UTC

Return-Path: <brian.peter.dickson@gmail.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4299621F8459 for <sidr@ietfa.amsl.com>; Fri, 31 Aug 2012 07:13:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.369
X-Spam-Level:
X-Spam-Status: No, score=-3.369 tagged_above=-999 required=5 tests=[AWL=0.229, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3uzLHGB6YLnC for <sidr@ietfa.amsl.com>; Fri, 31 Aug 2012 07:12:59 -0700 (PDT)
Received: from mail-we0-f172.google.com (mail-we0-f172.google.com [74.125.82.172]) by ietfa.amsl.com (Postfix) with ESMTP id 012A121F8458 for <sidr@ietf.org>; Fri, 31 Aug 2012 07:12:58 -0700 (PDT)
Received: by weyu54 with SMTP id u54so1817643wey.31 for <sidr@ietf.org>; Fri, 31 Aug 2012 07:12:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=iPLUjzeSsAYXD5pWyuyn3v0Pon/78DYG6Xlr+OVMnGk=; b=z1qnXTyPb89F2thff2UdXGKuEUeLzo0iC8YGA+rWC8nPkEla/C++cp87z5ARZNa4a9 gd6W9SN3eOCgjr5+EkiVvrVf47t5J4UH16Y8avLUQbpe7j9Vwy7BoMUb6iNOuscytV6T kvaN2WRRkhDRF9etd+AuX96j5jxWbvwmom06MxJE02dFOwMvBbg7DGHNzao9tW1IznWZ AX7an/YmppViRrMCrLCZBEaV3X/Dh75/QtqN62W0ZL4LKcIgKDwO5venDSTvk7oWfzWh x0ulvrww6rXvESMB2Vq5kyvhDSXp22B/1pNRCLtuh0v0Q8P/AqVk8uYlQ1WkX3VmdoVR X4YQ==
MIME-Version: 1.0
Received: by 10.216.245.70 with SMTP id n48mr4584707wer.139.1346422378106; Fri, 31 Aug 2012 07:12:58 -0700 (PDT)
Received: by 10.223.61.12 with HTTP; Fri, 31 Aug 2012 07:12:57 -0700 (PDT)
In-Reply-To: <40FB7E48-E808-4FC7-9458-E236FB356EC7@ripe.net>
References: <24B20D14B2CD29478C8D5D6E9CBB29F625F555CB@Hermes.columbia.ads.sparta.com> <D857A4BB-E484-45A4-A09F-FB8FAF2215AC@tcb.net> <C5B88834-3A10-41F7-A4F3-2B7C9B540197@verisign.com> <50389897.3040503@bbn.com> <97856400-9F70-4AEC-AF91-A0673A6D716D@verisign.com> <503C47A8.7030700@bbn.com> <303C576D-D1F8-4F62-8E0E-0D74A28B2771@verisign.com> <503D141F.1060404@bbn.com> <3A791D9E-4F16-4481-94AE-BD38A5389593@verisign.com> <CAL9jLaaew6HLdHK4=UrsUF2JKsRRV=sbXzCOFiDnLRKtVSK1tw@mail.gmail.com> <CAH1iCirWo+JYOpFjVhtxXYKGB86nLhcogC20bEy0-Ldkp7Oc8A@mail.gmail.com> <CAL9jLaY3JLBf7H5H2zWvxv2T=9ZsSQbOAxM+mTixefZkF8oVFw@mail.gmail.com> <CAH1iCiqScOwzcAWEuFfHKH4kP6gj45fKqs6rdPq97PsYO+uEMQ@mail.gmail.com> <40FB7E48-E808-4FC7-9458-E236FB356EC7@ripe.net>
Date: Fri, 31 Aug 2012 10:12:57 -0400
Message-ID: <CAH1iCiptuK5M9BQvnCaXs-MvoVDHqS1RHc6+o=XreJLMXx9-Rg@mail.gmail.com>
From: Brian Dickson <brian.peter.dickson@gmail.com>
To: Tim Bruijnzeels <tim@ripe.net>
Content-Type: multipart/alternative; boundary="e0cb4e43d033908e6104c890634a"
Cc: sidr@ietf.org
Subject: Re: [sidr] RPKI <-> allocation consistency
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 31 Aug 2012 14:13:00 -0000

On Fri, Aug 31, 2012 at 9:24 AM, Tim Bruijnzeels <tim@ripe.net> wrote:

> Hi,
>
> On 31 Aug 2012, at 14:34, Brian Dickson wrote:
>
> So, does it not make sense that the RPKI, meaning its design,
> architecture, procedures, etc., should actually enforce exclulsivity?
>
>
> I think that INRs appearing on certs in multiple locations, different TAs,
> or different branches, are not really a *technical* problem. Meaning that
> if these certs are used to sign objects they are just complementary. It
> doesn't matter whether one CA signs a set of objects or the same set
> (content) is signed by multiple CAs. Plus, this feature is actually needed
> when doing make-before-break transfers of live networks.
>
>
I think maybe it would help to do a worked example (straw man), on an
example where a live network would be transitioned from one CA to another
(versus one ASN to another).

Do you have an example in mind?

I think distinguishing PI vs PA (semantic attributes, but necessarily
something to consider) in detailing the straw man would help.

Are you thinking of situations where the owner (organization) changes but
the announcing ASN does not?
Or where the ASN changes but the owner (organization) does not?
Or where both owner and ASN change?

Thanks,
Brian




> Of course it's important that information is correct. But the notion that
> uniqueness of resources in the tree guarantees correctness seems
> fundamentally flawed to me. Correctness is assumed by transitive trust
> placed in the TA(s), and can only be manually verified by comparing certs
> to public registration databases.
>

If correctness cannot be confirmed via automated mechanism, this is a fatal
scaling flaw.

Or do you mean that this is a corollary of the uniqueness? In which case, I
don't see how you reach that conclusion, and it would be helpful to show
the steps in getting there.

Brian

P.S. I'm arguing not only uniqueness, but completeness, i.e. that the
entire number space must be enumerated, where the state of every number or
block in the space is well defined, and no overlaps occur. Enumeration
would need to occur at each "manifest" level, as either "ROA", "used but no
ROA", "reserved (bogon)", "unassigned", or "delegated", with corresponding
references to actual signed objects. And enumeration must be specifically
possible with minimal cost/effort, so that RPs can confirm the uniqueness
(via the ROA validation prior to rpki-rtr).

v2.23.0 | Report a Bug | By Email