Re: [sidr] Reboot: questions regarding WG acceptance of draft-ymbk-rpki-grandparenting-02
Christopher Morrow <morrowc.lists@gmail.com> Fri, 07 December 2012 22:17 UTC
Return-Path: <christopher.morrow@gmail.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0D7B821F8BC1 for <sidr@ietfa.amsl.com>; Fri, 7 Dec 2012 14:17:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.599
X-Spam-Level:
X-Spam-Status: No, score=-103.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D5mpZsAs6oqH for <sidr@ietfa.amsl.com>; Fri, 7 Dec 2012 14:17:57 -0800 (PST)
Received: from mail-ea0-f172.google.com (mail-ea0-f172.google.com [209.85.215.172]) by ietfa.amsl.com (Postfix) with ESMTP id 3BFDF21F8706 for <sidr@ietf.org>; Fri, 7 Dec 2012 14:17:56 -0800 (PST)
Received: by mail-ea0-f172.google.com with SMTP id a1so377875eaa.31 for <sidr@ietf.org>; Fri, 07 Dec 2012 14:17:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type; bh=45d0VS+N2S3lSY1WWC3K7wJKPrUmOGwtmtwEvB1ywMs=; b=SaA3SEfiugrYV/Eubwb/6SpUnNZLab50228xmDkZ/CLTxjRm2/+J1Ji6Y5vbcSAbo9 fxfurt3jLoWOmEfzAA/5WY9/S9NNRdoQx2QwhmqF2hljkdQfsNGrLKBpoAuUjT/gWpzJ fqomtbGL0Xm1y6WQg4pBMlS5MngqA2hqeAH0wlsRvy0WWqdwKiB3e+XGwPfMjrHDtuqH BZHsdsm1+btPk5BCbItmNQoSu8TL4kKWCybrCjITchfEoaBeTxeBsf4RBP+ppm/++THS 5TCHtDueXypv81SKQwZXd2W2kimigE8doGXD0hD8xT98o68QRrqzWVs17/tdcr8MlMz9 /1XQ==
MIME-Version: 1.0
Received: by 10.14.202.3 with SMTP id c3mr21710739eeo.4.1354918674263; Fri, 07 Dec 2012 14:17:54 -0800 (PST)
Sender: christopher.morrow@gmail.com
Received: by 10.223.177.5 with HTTP; Fri, 7 Dec 2012 14:17:54 -0800 (PST)
In-Reply-To: <CAH1iCirPGUgJUu0M5Tb-OHzhYbVntk-R5-r_hm-7EMvYM7y0SQ@mail.gmail.com>
References: <50C21F2E.6000708@isode.com> <CAH1iCirPGUgJUu0M5Tb-OHzhYbVntk-R5-r_hm-7EMvYM7y0SQ@mail.gmail.com>
Date: Fri, 07 Dec 2012 17:17:54 -0500
X-Google-Sender-Auth: RXl22lcAUBSxO8vs5jFK38-6qe4
Message-ID: <CAL9jLabzRW6DUB0KCN=xWsj1SmYfgJOOr2PZGoopoTQ4gQTttA@mail.gmail.com>
From: Christopher Morrow <morrowc.lists@gmail.com>
To: Brian Dickson <brian.peter.dickson@gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"
Cc: sidr wg <sidr@ietf.org>
Subject: Re: [sidr] Reboot: questions regarding WG acceptance of draft-ymbk-rpki-grandparenting-02
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Dec 2012 22:17:58 -0000
clarifying question in your example... On Fri, Dec 7, 2012 at 12:32 PM, Brian Dickson <brian.peter.dickson@gmail.com> wrote: > P.S. Here is a worked example to illustrate this concept: > > Suppose the initial state of affairs is as follows: > 10.0.0.0/8 is delegated by IANA to RIR "A". RIR "A" does not route any > portion of this block, but only doles out portions of it. > 10.1.0.0/16 is delegated by RIR "A" to LIR "A1". Again, not routed. > 10.1.0.0/20 is delegated by LIR "A1" to ISP "B". ISP B routes this prefix. > 10.1.15.0/24 is delegated by ISP "B" to customer "C". C routes this prefix, > which is more-specific and preferred over 10.1.0.0/20. > > Now add to the above, that ISP "B" goes out of business. > > The proposed way of directly assigning the 10.1.15.0/24 to "C" would be to > have the delegation done directly to "C" by RIR "A", or by LIR "A1". > (Or by IANA, only included for completeness, i.e. this would likely never > happen.) > > And, in order to continue to assure the uniqueness of the assignment, the > corresponding delegations would need to explicitly call out the > NON-delegation of 10.1.15.0/24, attached to the delegation chain starting > wherever the fork occurred. you mean a CRL would be updated with the previous certificate for 10.1.15.0/24 ? So, you are essentially saying: "Grandparenting == re-delegation + break-old-delegation-cert" ? (seems ok to me...) > So, if the direct delegation is done by LIR "A1", the new delegations by A1 > would be: > 10.1.0.0/20 minus 10.1.15.0/24 (from LIR "A1" to ISP "B" (which is defunct, > presumably, but whose assets might be sold to another party)) > 10.1.15.0/24 (to "C" directly) > > Or if the direct delegation is done by RIR "A", the delegations would be: > 10.1.0.0/16 minus 10.1.15.0/24 (from RIR "A" to LIR "A1") > 10.1.15.0/24 (from RIR "A" to end-user "C") > 10.1.0.0/20 minus 10.1.15.0/24 (from LIR "A1" to ISP "B") > > The "minus foo" would need to be attached to any delegation covering "foo", > throughout the delegation hierarchy, once such a "fork" occurs. > ROA validation would need to check this, but the logic is quite simple. or just adhere to the crl, right? > On Fri, Dec 7, 2012 at 11:54 AM, Alexey Melnikov <alexey.melnikov@isode.com> > wrote: >> >> Hi, >> Sorry for procrastinating on this for so long. >> >> Here are questions I would like to ask WG participants. At this point I >> would like to ask people to review the questions and let me know if you >> think they are contradictory. If they are clear, I will poll the WG early >> next week. Comments on the mailing list or sent directly to WG chairs >> <sidr-chairs@tools.ietf.org> are welcome. >> >> ---------------- >> >> 1) Is the problem described/solved by draft-ymbk-rpki-grandparenting-02 >> actually a problem that the WG needs to address? (Answer: yes or no. >> Additional information is welcomed, but I don't want people to repeat the >> whole discussion.) >> >> 2) If you answered "yes" to the question #1, please also answer the >> following question: >> >> Is draft-ymbk-rpki-grandparenting-02 a reasonable starting point to become >> a WG document? Please choose one of the following: >> >> >> a) Ready for Adoption (whether or not you have some specific issues with >> it. Also, this answer is unrelated to whether this should be a separate >> draft or a part of an existing draft). >> >> b) Needs more work BEFORE Adoption >> >> c) Should not be adopted. In particular this mean that you don't believe >> any amount of work on the proposed draft will address your issues. So any >> solution to this problem should be a new draft written from scratch. >> >> d) Abstain/don't care >> >> >> 3) If you answered "a" or "b" above, please also answer the following >> question: >> >> Does this need to be in a standalone draft, or can it be incorporated into >> another existing WG draft? When answering this question please only base >> your answer on technical reasons, in particular please leave the decision on >> who is going to edit the document (if it is standalone) to WG chairs. >> >> >> _______________________________________________ >> sidr mailing list >> sidr@ietf.org >> https://www.ietf.org/mailman/listinfo/sidr > > > > _______________________________________________ > sidr mailing list > sidr@ietf.org > https://www.ietf.org/mailman/listinfo/sidr >
- [sidr] Reboot: questions regarding WG acceptance … Alexey Melnikov
- Re: [sidr] Reboot: questions regarding WG accepta… Brian Dickson
- Re: [sidr] Reboot: questions regarding WG accepta… Christopher Morrow
- Re: [sidr] Reboot: questions regarding WG accepta… Byron Ellacott