IETF Logo Mail Archive

Re: [sidr] draft-ymbk-rpki-grandparenting-00.txt

Terry Manderson <terry.manderson@icann.org> Tue, 12 June 2012 23:29 UTC

Return-Path: <terry.manderson@icann.org>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C6AEB21F86E0 for <sidr@ietfa.amsl.com>; Tue, 12 Jun 2012 16:29:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.534
X-Spam-Level:
X-Spam-Status: No, score=-106.534 tagged_above=-999 required=5 tests=[AWL=-0.065, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, SARE_RMML_Stock10=0.13, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5V6zhEZDhtiY for <sidr@ietfa.amsl.com>; Tue, 12 Jun 2012 16:29:35 -0700 (PDT)
Received: from EXPFE100-1.exc.icann.org (expfe100-1.exc.icann.org [64.78.22.236]) by ietfa.amsl.com (Postfix) with ESMTP id 65EE521F86C9 for <sidr@ietf.org>; Tue, 12 Jun 2012 16:29:35 -0700 (PDT)
Received: from EXVPMBX100-1.exc.icann.org ([64.78.22.232]) by EXPFE100-1.exc.icann.org ([64.78.22.236]) with mapi; Tue, 12 Jun 2012 16:29:34 -0700
From: Terry Manderson <terry.manderson@icann.org>
To: "Murphy, Sandra" <Sandra.Murphy@sparta.com>, "Roque Gagliano (rogaglia)" <rogaglia@cisco.com>
Date: Tue, 12 Jun 2012 16:29:33 -0700
Thread-Topic: [sidr] draft-ymbk-rpki-grandparenting-00.txt
Thread-Index: AQHNQ+zWiDAxYMZ0Bkmzxjjf+kJXoZbunymAgAAhOYCAARaigIAA1EwAgAV0bQCAAMR0YYAAemas
Message-ID: <CBFE0DFD.26A45%terry.manderson@icann.org>
In-Reply-To: <24B20D14B2CD29478C8D5D6E9CBB29F625F1A278@Hermes.columbia.ads.sparta.com>
Accept-Language: en-US
Content-Language: en
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha1"; boundary="B_3422424573_37799957"
MIME-Version: 1.0
Cc: sidr wg list <sidr@ietf.org>
Subject: Re: [sidr] draft-ymbk-rpki-grandparenting-00.txt
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Jun 2012 23:29:35 -0000

Hi Sandy,


On 13/06/12 2:25 AM, "Murphy, Sandra" <Sandra.Murphy@sparta.com> wrote:

> Speaking as a regular ol' wg member:
> 
> wrt:
> 
>> So if both AS 'C' and AS 'G' originate the 10.42.2.0/23 route and
>> both ROAs may exist, then you have a MOAS event.
> 
> The architecture specifically allows there to be multiple ROAs for a single
> prefix.  That was a deliberate choice from long, long ago.

Yes, I understand that - my interpretation and underlying assumption is that
MOAS still exist at the desire of a single resource holder.

While doing what Randy has documented is certainly possible with the current
architecture, I not sure if that in allowing parents and grandparents to be
able to assert a security condition of a MOAS without the full buy-in of the
resource holder is something that should be recommended.

T.

v2.23.0 | Report a Bug | By Email