IETF Logo Mail Archive

Re: [sidr] draft-ietf-sidr-origin-ops-19

Arturo Servin <aservin@lacnic.net> Wed, 05 September 2012 13:34 UTC

Return-Path: <aservin@lacnic.net>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 862DC21F8433 for <sidr@ietfa.amsl.com>; Wed, 5 Sep 2012 06:34:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.672
X-Spam-Level:
X-Spam-Status: No, score=-0.672 tagged_above=-999 required=5 tests=[AWL=-0.225, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HTML_MESSAGE=0.001, J_CHICKENPOX_14=0.6, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U5jk+H4xNykp for <sidr@ietfa.amsl.com>; Wed, 5 Sep 2012 06:33:59 -0700 (PDT)
Received: from mail.lacnic.net.uy (mail.lacnic.net.uy [IPv6:2001:13c7:7001:4000::3]) by ietfa.amsl.com (Postfix) with ESMTP id 82FD221F841C for <sidr@ietf.org>; Wed, 5 Sep 2012 06:33:59 -0700 (PDT)
Received: from 85-7-200.lacnic.net.uy (unknown [200.7.85.90]) by mail.lacnic.net.uy (Postfix) with ESMTP id E459A30844E; Wed, 5 Sep 2012 10:33:49 -0300 (UYT)
Mime-Version: 1.0 (Apple Message framework v1278)
Content-Type: multipart/alternative; boundary="Apple-Mail=_5CFE713D-EFCF-48BD-A7C3-AA00548941F1"
From: Arturo Servin <aservin@lacnic.net>
In-Reply-To: <5046DD23.7080501@mesh.ad.jp>
Date: Wed, 05 Sep 2012 14:33:41 +0100
Message-Id: <BBBD6B8D-8406-4994-A49A-2F8DE9CC920D@lacnic.net>
References: <5046DD23.7080501@mesh.ad.jp>
To: Seiichi Kawamura <kawamucho@mesh.ad.jp>
X-Mailer: Apple Mail (2.1278)
X-LACNIC.uy-MailScanner-Information: Please contact the ISP for more information
X-LACNIC.uy-MailScanner: Found to be clean
X-LACNIC.uy-MailScanner-SpamCheck:
X-LACNIC.uy-MailScanner-From: aservin@lacnic.net
Cc: sidr@ietf.org
Subject: Re: [sidr] draft-ietf-sidr-origin-ops-19
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Sep 2012 13:34:00 -0000

	Today it appears that people make their ROAs incorrectly:

	- bad origin ASN (the ASN used in the route is different from the ROAs but both are registered to the ROA/Certificate issuer)
	- wrong max prefix length (people make their ROAs using their aggregates but they announce smaller prefixes)

	http://www.labs.lacnic.net/rpkitools/looking_glass/rest/invalid/cidr/0.0.0.0/0/

Regards,
as

On 5 Sep 2012, at 06:03, Seiichi Kawamura wrote:

> Q:What are the possible causes of invalid origins? I guess pointers
> to documents would be helpful here, but unfortunately I don't know of any...
> 
> A. mis-origination, ROA publishing mistake, etc...

v2.23.0 | Report a Bug | By Email