Re: [sidr] I-D Action: draft-ietf-sidr-rpki-validation-reconsidered-00.txt
Sandra Murphy <sandy@tislabs.com> Mon, 04 August 2014 21:47 UTC
Return-Path: <sandy@tislabs.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DB3DF1A0342 for <sidr@ietfa.amsl.com>; Mon, 4 Aug 2014 14:47:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cEFO66WdfR5M for <sidr@ietfa.amsl.com>; Mon, 4 Aug 2014 14:47:43 -0700 (PDT)
Received: from walnut.tislabs.com (walnut.tislabs.com [192.94.214.200]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 646B31A0343 for <sidr@ietf.org>; Mon, 4 Aug 2014 14:47:43 -0700 (PDT)
Received: from nova.tislabs.com (unknown [10.66.1.77]) by walnut.tislabs.com (Postfix) with ESMTP id 8DB9D28B0072; Mon, 4 Aug 2014 17:47:42 -0400 (EDT)
Received: from [127.0.0.1] (localhost.localdomain [127.0.0.1]) by nova.tislabs.com (Postfix) with ESMTP id 85A091F8032; Mon, 4 Aug 2014 17:47:42 -0400 (EDT)
Content-Type: multipart/signed; boundary="Apple-Mail=_3B1CB4A0-3B76-4477-811B-53DFBA956D30"; protocol="application/pgp-signature"; micalg="pgp-sha512"
Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\))
From: Sandra Murphy <sandy@tislabs.com>
In-Reply-To: <D00562F3.2A8A4%wesley.george@twcable.com>
Date: Mon, 04 Aug 2014 17:47:42 -0400
Message-Id: <BEF3BAD0-7180-4433-B0FB-75CD83853D82@tislabs.com>
References: <20140702012717.18291.24295.idtracker@ietfa.amsl.com> <415BB336-1A6C-48DD-BD0F-BC9EB0C3506F@ripe.net> <53CFFF3C.2040406@bbn.com> <BB01407F-A226-4531-9FDD-50E1B0A238F0@ripe.net> <53D151F0.80808@bbn.com> <C838412C-D16C-4C88-B022-85484789444A@ripe.net> <53D178A6.7060502@bbn.com> <CFF7CDF2.4AB4B%bje@apnic.net> <65886423-144A-48B5-A0EF-D35D4A4FE890@ripe.net> <CA+z-_EUXA0TWDqHV-9sFbgS2vyXiKE9EKBae6K0eihuhKTsm2A@mail.gmail.com> <53DAA101.8020305@bbn.com> <D00562F3.2A8A4%wesley.george@twcable.com>
To: "George, Wes" <wesley.george@twcable.com>
X-Mailer: Apple Mail (2.1510)
Archived-At: http://mailarchive.ietf.org/arch/msg/sidr/qqD-fevuYtEeEiFvq6y0qDasTx4
Cc: "sidr@ietf.org" <sidr@ietf.org>, Sandra Murphy <sandy@tislabs.com>
Subject: Re: [sidr] I-D Action: draft-ietf-sidr-rpki-validation-reconsidered-00.txt
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Aug 2014 21:47:45 -0000
speaking as a regular ol' member On Aug 4, 2014, at 4:42 PM, "George, Wes" <wesley.george@twcable.com> wrote: > Late to the discussion because I needed to have cycles to read and think > about this draft... > > > On 7/31/14, 4:03 PM, "Stephen Kent" <kent@bbn.com> wrote: > > This is probably true for routes that transition from > Valid to Unknown, but not if they are actually found to be Invalid, which > is what I understand would be the result of the problem discussed in this > draft - invalid certs = invalid routes. Well…. invalid EE certs = invalid ROA (for the most part - there's operational consideration about not removing an EE cert if a repository is unavailable, I suppose) An invalid ROA does not necessarily mean an invalid route. If there is no other covering ROA, then a BGP route for that prefix becomes unknown, as Terry pointed out. If there is another ROA which covers the same prefix, then a route may be invalid -- if no covering ROA authorizes the ASN that the invalidated ROA mentions. --Sandy, speaking as a regular ol' member
- [sidr] I-D Action: draft-ietf-sidr-rpki-validatio… internet-drafts
- Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Byron Ellacott
- Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Tim Bruijnzeels
- Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Carlos M. Martinez
- Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Stephen Kent
- Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Stephen Kent
- Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Russ Housley
- Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Sandra Murphy
- Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Tim Bruijnzeels
- Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Tim Bruijnzeels
- Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Stephen Kent
- Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Sandra Murphy
- Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Stephen Kent
- Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Stephen Kent
- Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Stephen Kent
- Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Rob Austein
- Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Tim Bruijnzeels
- Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Stephen Kent
- Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Byron Ellacott
- Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Stephen Kent
- Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Tim Bruijnzeels
- Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Carlos Martinez-Cagnazzo
- Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Stephen Kent
- Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… George, Wes
- Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Sandra Murphy
- Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… George, Wes
- Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Carlos M. Martinez
- Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Tim Bruijnzeels
- Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Stephen Kent
- Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Carlos M. Martinez
- Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Stephen Kent
- Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Andy Newton
- Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Sandra Murphy
- Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Randy Bush
- Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Andy Newton
- Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Andy Newton
- Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Carlos M. Martinez
- Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Sandra Murphy
- Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Carlos M. Martinez
- Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Andy Newton
- Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Sandra Murphy
- Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Randy Bush
- Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Randy Bush
- Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Carlos M. Martinez
- Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Carlos M. Martinez
- Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… George, Wes
- Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Roque Gagliano (rogaglia)
- Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Tim Bruijnzeels
- Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Andy Newton
- Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Andy Newton
- Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Byron Ellacott
- Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… John Curran
- Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Carlos M. Martinez
- Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Geoff Huston
- Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Tim Bruijnzeels
- Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Sandra Murphy
- Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Sandra Murphy
- Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Geoff Huston