IETF Logo Mail Archive

Re: [Sidrops] draft-spaghetti-sidrops-rpki-prefixlist-00 (chapter #2 of what does IRR have that RPKI doesn't?)

Geoff Huston <gih@apnic.net> Thu, 30 March 2023 09:32 UTC

Return-Path: <gih@apnic.net>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7508AC15C523 for <sidrops@ietfa.amsl.com>; Thu, 30 Mar 2023 02:32:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=apnic.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 37YQG3Q8IAAs for <sidrops@ietfa.amsl.com>; Thu, 30 Mar 2023 02:32:30 -0700 (PDT)
Received: from AUS01-ME3-obe.outbound.protection.outlook.com (mail-me3aus01on20614.outbound.protection.outlook.com [IPv6:2a01:111:f403:7004::614]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D64A1C15C528 for <sidrops@ietf.org>; Thu, 30 Mar 2023 02:32:29 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=P1GaCRnsMnm6YjuTek8B9LOG29USA+5ax1bXHKMGHXQY5Dynze3+kzSCYKRS4d3Jud+0oSRjnJWo6suAU16/wBA+1E8xWlR3JMZn8wjS0zwi47/G3QfNCvbROjaVr0xXGAUDXGxIKY9nsWlmhWDYYAOb3Y/n4p0MzbzGgZhR+7a4aiORYWX9NK/bj9Sz741MOnqu7xWddheyapeVpc5tS+aZd7RJ8gTTkckPb4hxjhgJhB7P7tNtSf5c/dGOmptnbyb4zabRNp6L3/fzdcm/Tqs5Sm5xVPQSZRqycb9trO/FQmjcKuYCSdCOT6X64e1a4/I3QfHh9gmRaYPLYiMydA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=/TtDz/rLsIBOfNJV7yUvLWRnO8r8iNlT0uz1J7Nh7I0=; b=m3QA3n4hgE+CB6ofTyvFjkB1GT3Ex0NFxbsOj7d1aPKdGcMLAtr3+I5DxQ8xOAbbeGb8tvaHe//cL+V3s6bBvhQpxt9+YmSV3znaLlJHq9odm95k0RB2l/ss8Al+iRZYHK2gZXEoTDHCKQsyJqER7o+ewCs3r2rrVrsrjL4wVduDU7nVJMSPKa+ODK/WEDsTOuQpMkNP5sRx24LNrcjCCUjoUSxpdIZb73x+fSqNI3Fu5N9W7jGTrHL4aJ2p7sJpqQAIhYMykwzXRrlfZEgutSHY5KYzZWDimsEirPKq6efmj5A23GKGxolMxYjvQ9azKj8nkFLZYsOPcLx71UMyfQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=apnic.net; dmarc=pass action=none header.from=apnic.net; dkim=pass header.d=apnic.net; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=apnic.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/TtDz/rLsIBOfNJV7yUvLWRnO8r8iNlT0uz1J7Nh7I0=; b=hh//lJbyfnxuJTCxNQP0QcB+KGcVG6usNYpvOF9+81vHg1Fk93l0oS8oK2uYLc+JPcSugmJiw7Mzsn+sBvnIS01MIoCnxyHZ6MOU8IiVWrTOssSQAxr0faEyDri8y6x23nqsUxINGaJk4bqs4sGMbK9TJdg4zCqstop37LGkx/E=
Received: from SYZP282MB3169.AUSP282.PROD.OUTLOOK.COM (2603:10c6:10:176::18) by ME2P282MB0034.AUSP282.PROD.OUTLOOK.COM (2603:10c6:220:5b::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6254.18; Thu, 30 Mar 2023 09:32:20 +0000
Received: from SYZP282MB3169.AUSP282.PROD.OUTLOOK.COM ([fe80::984:387f:3dcc:8273]) by SYZP282MB3169.AUSP282.PROD.OUTLOOK.COM ([fe80::984:387f:3dcc:8273%3]) with mapi id 15.20.6277.012; Thu, 30 Mar 2023 09:32:20 +0000
From: Geoff Huston <gih@apnic.net>
To: Job Snijders <job=40fastly.com@dmarc.ietf.org>
CC: "sidrops@ietf.org" <sidrops@ietf.org>
Thread-Topic: [Sidrops] draft-spaghetti-sidrops-rpki-prefixlist-00 (chapter #2 of what does IRR have that RPKI doesn't?)
Thread-Index: AQHZYuFOtC1ddlNS1UCb7AQRNZ0svq8TDzyA
Date: Thu, 30 Mar 2023 09:32:20 +0000
Message-ID: <2A883945-4482-4BF2-8959-5DA6F30CF503@apnic.net>
References: <ZCVHnAWWUuDJOPRX@feather.sobornost.net>
In-Reply-To: <ZCVHnAWWUuDJOPRX@feather.sobornost.net>
Accept-Language: en-AU, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3731.500.231)
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=apnic.net;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: SYZP282MB3169:EE_|ME2P282MB0034:EE_
x-ms-office365-filtering-correlation-id: d16794e1-6fe2-4681-f6ce-08db3101a949
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: rdAsg7aKQSe8fRQjOZ4BHbYsHbbxPOOPUO36ipV4MfPfbnA+5HU5JIZHoUIzZi2yVLLsY5kgKrrAvOz+AZhf265wvtZgOOBL/vtgH/I8LaeX0x6OH3q/oSD3kuoHDvElOrjTBO0d1nfHrPZifkP3pC+IAeJq2KFbJxV42Gi3KMLfK0hZw4J7PdBB2dFzMhMxVNGPZgwe08reP2BowJp3lMjnP2/R4dh3VuA6B8BFnfM4gdIT47nzP/UIipf7D3FAA2/BygVwSp9M7+SQIpRkpPnkW9vrhS93Xgpvm+HUAWQk7IUA2hlRzDuwQpfC+Mh0GjXsIYqwiBgUvY13j+phOuVgSjOBw4FYDXKT42gE/MkQqc/oS7eM6R8o3soVWCHC9ams2mZ1+CtLff9B0pYH7gKo5aWtcyqHpRX5BhzocpoGETco6E2FCruNUoh3iM2xy4irXWw9/aG+QGvkyHpgPBu4+K6P1LplloK9EPM6eb0WFIUIURmEWEX4Iat0FCqzuIUXE2e9mHinadqxCSangLYDPuMI2smsSSRCabnEG8I4d491TZQl9E6wovPHAPrFyYPy2OhDQdh2olVGD5adwCdBVyYXZeGsu4feIIXuvnRuEdO7sqFsKIxhs3KEKvj1n5njz4N9zQVwCjcKTazbn0wZIbfPOeDcO50Dew91B0A=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SYZP282MB3169.AUSP282.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230028)(4636009)(376002)(39840400004)(346002)(136003)(396003)(366004)(451199021)(8936002)(66446008)(38070700005)(2906002)(38100700002)(6486002)(71200400001)(966005)(86362001)(478600001)(5660300002)(66476007)(66946007)(122000001)(66556008)(91956017)(316002)(76116006)(64756008)(41300700001)(4326008)(8676002)(53546011)(6506007)(66574015)(36756003)(186003)(33656002)(6512007)(83380400001)(2616005)(45980500001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: zr1WvaOGriQrwaADeIABn4/rh6B3t0j1U4sJqMjOwg0arx17qEg3CYPG4Zg/KHUYvB675gvfcpAyrTJfZR5jwqqASuUu0V+uxiSxVcKbBwaZ6UcVPN/vy7IgHPznSnN7jLDBa2FI6zpqnf62UE/dFuQg1/oRF9gk1SZ8otkJaVxqGRBgkJV0n7lvbSJFC2/azYUQCufdoMT3LUNPm3i2bwG/2ZIr2eAvfha9vaB0/6ZnlTPz6oui1brw3O8NPZzBhMCtsdcQlbZi7cGXs6ifS4KDCZzVbxsJuxa5BpR7hs56kXSd4ffdN7EViNuZIz63/kndnDTYHy0R/HR8mw78OiveZuc4lEZ0Bsfhwk2ptAV4VIznfPXo4j8h5OjKA1RkHimufdYbMiTA+dJtz1U2vIi4AWljo51CdB8rIp/2pXwWLC5VtZDftNvv8uR6W7jlZv4DQ2qCe9hKe7anTZFrJ6pG+ZgJKr3gfInO7sa0jkUe2xupKGxNQhkTTWye+zPpRnu4FZkJmuFwWn30I0LkxBFS6HhHtNTVurrM9d5dbtNibIG+VPFsb/0RbNbgpg1nskqbg0B9xgoMItMK+hQxyGUhj0zjcY7mIF2RtyEuSFDibu7u3k2EstO6Bo7G1bAm3ToUQrL4OrKq/neYdJSjT6t39+h6Qc6uyY+P9Vk16oXadoR/NoIdwJZd2GLBX1p1xk+B27Blrag8HHsgPMvXtUqLq/yq4cjp5J2lncQLH3OsDMKUSTpShOmjBzApAKDWuZc2+n3BpRR4tPzyHpUDKzA8Y7CkXKyUS/cLr5G1D6Vu4q58hsRUC4qutFH6rZdO7/8qg9HRRFrb2JyD/foTC7BAYbOhjWqYcKfSuT6pPglF796Kt4DY4/96UjTF2n5lfpRqIgxQ3Pknssemg0x8QfrGcqMMqyCm7qGoxqqG/JI4HqrE5U1xrH/kUlMeLaO1gkInlwD6yw7wWX5+cm9rRvWcue95xerQj3WH+gv1RNXxgxHXSzSRtgbW8XNJSAqT8kjXo57YuwjcVvKc5ycyquA/Vm2nLLepuENmbX/S8MNIkZhnbY4QVW+DSP9fqUHvq3Yzc1rQrWxIp4g2PYSDbXt1UZNv6ud+21RjYf06+o76LC1jN5m0/RRnyKbNOhSK4Sq9jvhqWr8tNsNMnZFxR45nvpg0JggC2HeOO2F62n8SwZAN/FNl4WNCbKTRJnyeqUKAb6KPLIGinlAFLBY2OIs26nO92UDRkcaWmjj4Tb3unPJKegwa0+iBznTGuHx9IU1C4Sw2sOQ1fL9qg9AQ45YKM3SpSHqLALmqRgb/hxn81JA+GryKmVg18QMpUP+CMagmhOFk/1YwA4Z+xRIa4tPD3FULjKyh3YGhNRaqcmCxJibuJMH4PP8rgVLqTIeILQLigcjPDtq/Bx7Cna6VVsI8PhLeymu+7dMX4AF6mPa4w7lgatJ6E1r1U4Xk1ZtI7jtqaGsZkmQRC6rpS0sbm6ES6k3UjaxnxFf6glk9PbeDbYwmRBDtIJyb0EPkcrsAvYJlfZwWu+vfF2/XmWHfyDppE4V6orSWwy2Og8w1n+4lUuAYFsYQZhy1chpXfN1aTitCs9igC0p2Zje+ckC5ymA3r0cCbYSmhu/nS91yVDq9fSmuAC/hx6JejbKwGXTR
Content-Type: text/plain; charset="utf-8"
Content-ID: <66088C1D91ACD24F9BC3E3CD517E4F29@AUSP282.PROD.OUTLOOK.COM>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: apnic.net
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SYZP282MB3169.AUSP282.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: d16794e1-6fe2-4681-f6ce-08db3101a949
X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Mar 2023 09:32:20.7740 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 127d8d0d-7ccf-473d-ab09-6e44ad752ded
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: uMUUNQWJopzY95HdiRH9Y8UwJ7+SbMjLe58ifhyTjODPGdqBFsat5ObWphqlauwI
X-MS-Exchange-Transport-CrossTenantHeadersStamped: ME2P282MB0034
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/1nNMfYeC26m2ancZ5k_NJj09Bao>
Subject: Re: [Sidrops] draft-spaghetti-sidrops-rpki-prefixlist-00 (chapter #2 of what does IRR have that RPKI doesn't?)
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Mar 2023 09:32:34 -0000

Hi,

I see the Prefix List as completing a “hankshake”. The ROA is a declaration
by a prefix holder that does not necessarily have the acknowledgement of the
AS holder, and the Prefix List is a declaracter by the AS that does not
necessarily have the acknowledgement of the prefix holder(s). But when
looked at together then it is possible to infer an agreement between 
the two parties/roles.

thanks

Geoff


> On 30 Mar 2023, at 5:26 pm, Job Snijders <job=40fastly.com@dmarc.ietf.org> wrote:
> 
> Hi folks,
> 
> Following my presentation "ASGroups (or, exploring sunsetting IRR?)" [1]
> Geoff commented along the lines of "porting IRR as-sets is the wrong way
> to go about it, you should port IRR route-sets!"
> 
> Geoff's proposal is that Autonomous System resource holders should
> publish a self-asserted list of IP prefixes the subject ASN MAY
> originate. Then remote peers can then use this list to construct filters
> for various purposes.
> 
> [ Note: this is not a replacement for RPKI-ROV! Operationally I think
>   along the the lines of: reject RPKI-ROV invalid routes and
>   additionally reject routes not listed in the RPKI-PrefixList (in
>   addition to rejecting ASPA-invalid routes, bogon ASNs, etc, etc) ]
> 
> So, to progress the conversation about "what would it take to sunset
> IRR/RPSL; what features or properties does IRR have that are missing in
> one form or another in the RPKI?" - we authored the below draft for your
> consideration.
> 
> I consider both ASGroups & PrefixList steps in an exploratory study, and
> I fully anticipate that by shaking this tree more ideas will fall into
> our laps.
> 
> I'm very open to hear from the community what they perceive as valuable
> properties of IRR/RPSL, and I am happy to collaborate (read: I'm happy
> to do the required ASN.1 work and write running code, even if its for
> ideas we abandon down the road). Let me hear your thoughts on what's
> beautiful about IRR!
> 
> Kind regards,
> 
> Job / Geoff
> 
> 
> [1]: https://datatracker.ietf.org/meeting/116/materials/slides-116-sidrops-asgroups-thoughts-about-irr-rpki-feature-parity-sunsetting-irr-00
> 
> 
> 
> ----- Forwarded message from internet-drafts@ietf.org -----
> 
> Date: Thu, 30 Mar 2023 01:01:56 -0700
> From: internet-drafts@ietf.org
> To: Geoff Huston <gih@apnic.net>, Job Snijders <job@fastly.com>
> Subject: New Version Notification for
> draft-spaghetti-sidrops-rpki-prefixlist-00.txt
> 
> 
> A new version of I-D, draft-spaghetti-sidrops-rpki-prefixlist-00.txt
> has been successfully submitted by Job Snijders and posted to the
> IETF repository.
> 
> Name: draft-spaghetti-sidrops-rpki-prefixlist
> Revision: 00
> Title: A profile for RPKI Signed Lists of Prefixes
> Document date: 2023-03-30
> Group: Individual Submission
> Pages: 13
> URL:            https://www.ietf.org/archive/id/draft-spaghetti-sidrops-rpki-prefixlist-00.txt
> Status:         https://datatracker.ietf.org/doc/draft-spaghetti-sidrops-rpki-prefixlist/
> Html:           https://www.ietf.org/archive/id/draft-spaghetti-sidrops-rpki-prefixlist-00.html
> Htmlized:       https://datatracker.ietf.org/doc/html/draft-spaghetti-sidrops-rpki-prefixlist
> 
> 
> Abstract:
>   This document defines a "RPKI Prefix List", a Cryptographic Message
>   Syntax (CMS) protected content type for use with the Resource Public
>   Key Infrastructure (RPKI) to carry the complete list of prefixes
>   which an Autonomous System (AS) may originate to all or any of its
>   routing peers.  The validation of a RPKI Prefix List confirms that
>   the holder of the listed ASN produced the object, and that this list
>   is a current, accurate and complete description of address prefixes
>   that may be announced into the routing system originated by this AS.
> 
> 
> 
> 
> The IETF Secretariat
> 
> 
> 
> ----- End forwarded message -----
> 
> _______________________________________________
> Sidrops mailing list
> Sidrops@ietf.org
> https://www.ietf.org/mailman/listinfo/sidrops

v2.23.0 | Report a Bug | By Email