Re: [Sidrops] WG Adoption call for draft-borchert-sidrops-bgpsec-validation-signaling-01 (9/16-9/30)

"Jakob Heitz (jheitz)" <jheitz@cisco.com> Wed, 25 September 2019 15:57 UTC

Return-Path: <jheitz@cisco.com>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E4685120800 for <sidrops@ietfa.amsl.com>; Wed, 25 Sep 2019 08:57:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.501
X-Spam-Level:
X-Spam-Status: No, score=-14.501 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=PGKqH6d2; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=S4NvoM2J
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6Ur2r3-Kpb4p for <sidrops@ietfa.amsl.com>; Wed, 25 Sep 2019 08:57:28 -0700 (PDT)
Received: from alln-iport-1.cisco.com (alln-iport-1.cisco.com [173.37.142.88]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D22F1120806 for <sidrops@ietf.org>; Wed, 25 Sep 2019 08:57:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=6700; q=dns/txt; s=iport; t=1569427047; x=1570636647; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=ebphaKpdiQ2ox3dVr+gpSkUpCSiXXCQgBpiaZBI7uvI=; b=PGKqH6d2aEdhE3+KBB77DBhf5Sk5P/h8+5Z1LUTxkHS3ePcn7CIwGSzh OEmEJxUDbLNNgClSmf4xD++XwSNKrv3Z5a+lxcf54NSnrpA9NBwfee9HO gQud/AW77vKp9ZN+zDKD1uh0jtZRIBOLV8Ygfn3gSJgYHgQgFBiu7OxQw A=;
IronPort-PHdr: =?us-ascii?q?9a23=3AMj+nLh8UWGccjf9uRHGN82YQeigqvan1NQcJ65?= =?us-ascii?q?0hzqhDabmn44+/bR7E/fs4iljPUM2b8P9Ch+fM+4HYEW0bqdfk0jgZdYBUER?= =?us-ascii?q?oMiMEYhQslVcyFBEznPtbhbjcxG4JJU1o2t3w=3D?=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0AJAAD7jYtd/4oNJK1lGgEBAQEBAgE?= =?us-ascii?q?BAQEMAgEBAQGBUwUBAQEBCwGBSlADbVYgBAsWFIQig0cDhFKGJoJcl3SBLoE?= =?us-ascii?q?kA1QJAQEBDAEBGAsKAgEBg3pFAheDEyM0CQ4CAwkBAQQBAQECAQUEbYUtDIV?= =?us-ascii?q?KAQEBAQIBAQEQCwYRDAEBLAsBBAcEAgEIEQQBAQECAh8HAgICJQsVCAgCBA4?= =?us-ascii?q?FFAcHgwABgWoDDg8BAgykXQKBOIhhc4Eygn0BAQWFExiCFwMGgQwoAYwLGIF?= =?us-ascii?q?AP4ERJx+CTD6CYQEBAoFfF4J0MoImjGsKDoJXh2CVWgqCIpUKG4I2lnWPV5d?= =?us-ascii?q?ZAgQCBAUCDgEBBYFSOA2BS3AVOyoBgkFQEBSBTjiDOoUUhT9zAQGBJ4wGK4I?= =?us-ascii?q?nAQE?=
X-IronPort-AV: E=Sophos;i="5.64,548,1559520000"; d="scan'208";a="332643716"
Received: from alln-core-5.cisco.com ([173.36.13.138]) by alln-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 25 Sep 2019 15:57:27 +0000
Received: from XCH-ALN-004.cisco.com (xch-aln-004.cisco.com [173.36.7.14]) by alln-core-5.cisco.com (8.15.2/8.15.2) with ESMTPS id x8PFvQ3I005537 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 25 Sep 2019 15:57:26 GMT
Received: from xhs-rtp-002.cisco.com (64.101.210.229) by XCH-ALN-004.cisco.com (173.36.7.14) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Wed, 25 Sep 2019 10:57:26 -0500
Received: from xhs-rcd-001.cisco.com (173.37.227.246) by xhs-rtp-002.cisco.com (64.101.210.229) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Wed, 25 Sep 2019 11:57:25 -0400
Received: from NAM04-BN3-obe.outbound.protection.outlook.com (72.163.14.9) by xhs-rcd-001.cisco.com (173.37.227.246) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Wed, 25 Sep 2019 10:57:25 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=d5zoDAeJixx7FaNc/KdTVJy4bQfX7RpavsT/9pxR6RDb3PZ4HilsgGnsIVi3kdkDaE6PfRLgeg5xAMPpFeGD5pUAleX+jilqluAvpzuw4fLuSHzZzx1G5d05bGieZzpTFxn1lU8CR3L/Ht4iWyrf71qKNRc4hsFLeaYA2honJVtk9nr10cHFWxXYpWvn5tvtUC0HP5noUtmUmLue0xGLPwubL0nZpaRB1fuH9ENdyrpsYAqBQUqsp9pXKVRto5HZEOe1dbdRSdBW992df4NTlcEMLseMAXmiFtMcSU2F10ZR21EniwswpbVdD54UqcEF7/syXbUCJJzKc/nqt7Wynw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ebphaKpdiQ2ox3dVr+gpSkUpCSiXXCQgBpiaZBI7uvI=; b=IhROGlcTJ6AbA36uMIFQ51kUVOoDrWSb9tapkpjVkcJTIVYnaWCy0UXjf+46S/IfpIdaqMv5dn/8wqEBF+nTdKtpkbQl3BdafgXBjCT+fOdfArXcKzLtnv47jkW/QZ6NxbN36b0uipemNKYFlvnCI39MyGTH6/Co/UxPWL/j882y4guJMjJzXjpcxUR9PXUdxl1UKsMQtPDdrOFtDyYMCFCLEw4SaQ937BXR3ukTOJ0X2lsTS4sAgeqc/yhtHjp2dQ4DTsFI2avYOAHA0YFcHxoQwep1/kamdcgI94mVoiCrz0mfsne1Lp7vYswQ1Z0aK4KRIBwEbWRj3I4e8oqVSg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ebphaKpdiQ2ox3dVr+gpSkUpCSiXXCQgBpiaZBI7uvI=; b=S4NvoM2Jj1JNDt71yYc21TUS21gSwdDi/JfFRT10EudiaAgQEp3T+5pY/q8x6hUxmNPnpp/ONZC1SoVhz1u1gTYglwLo8WIBCpvHBthRTlRCXqTQC/vd5GoXLICA4nAbb/Aci4o6WN+F3x5624Zk88kJO57/VKs0FVW+t/6Un0k=
Received: from BYAPR11MB3751.namprd11.prod.outlook.com (20.178.238.144) by BYAPR11MB2904.namprd11.prod.outlook.com (20.177.225.225) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2284.26; Wed, 25 Sep 2019 15:57:24 +0000
Received: from BYAPR11MB3751.namprd11.prod.outlook.com ([fe80::cea:a502:d9b:9e11]) by BYAPR11MB3751.namprd11.prod.outlook.com ([fe80::cea:a502:d9b:9e11%7]) with mapi id 15.20.2284.023; Wed, 25 Sep 2019 15:57:24 +0000
From: "Jakob Heitz (jheitz)" <jheitz@cisco.com>
To: "Roque Gagliano (rogaglia)" <rogaglia@cisco.com>
CC: "Borchert, Oliver (Fed)" <oliver.borchert=40nist.gov@dmarc.ietf.org>, "Montgomery, Douglas (Fed)" <dougm=40nist.gov@dmarc.ietf.org>, Randy Bush <randy@psg.com>, Keyur Patel <keyur@arrcus.com>, "sidrops@ietf.org" <sidrops@ietf.org>, "Borchert, Oliver (Fed)" <oliver.borchert@nist.gov>
Thread-Topic: [Sidrops] WG Adoption call for draft-borchert-sidrops-bgpsec-validation-signaling-01 (9/16-9/30)
Thread-Index: AQHVbMKiBubipeZ/d0GMV+4UPfWKYKcuza8A///bQYCADJgpcIABQZkAgAAsPYD//+tjkw==
Date: Wed, 25 Sep 2019 15:57:23 +0000
Message-ID: <FD786FF8-E95C-49F1-AC19-A81C0F1680EB@cisco.com>
References: <0BBFA8C1-A13D-4CC9-A72D-ABAE797F2E4F@arrcus.com> <m28sqouepr.wl-randy@psg.com> <875A2007-9546-4CE3-AD32-15D4E7F7C29E@nist.gov> <BN8PR11MB3746439C06B460A7BD009758C0840@BN8PR11MB3746.namprd11.prod.outlook.com> <DM6PR09MB3019425FBE11F93DF9747CD898870@DM6PR09MB3019.namprd09.prod.outlook.com>, <C026C2CA-F091-4B87-B7DF-2C3461A465F7@cisco.com>
In-Reply-To: <C026C2CA-F091-4B87-B7DF-2C3461A465F7@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=jheitz@cisco.com;
x-originating-ip: [2601:647:4481:7260:5d71:7417:ce86:227e]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 679ae04c-7e96-4ea8-b556-08d741d10e66
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600167)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:BYAPR11MB2904;
x-ms-traffictypediagnostic: BYAPR11MB2904:
x-ms-exchange-purlcount: 1
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <BYAPR11MB29043A85D12A710327136AEEC0870@BYAPR11MB2904.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 01713B2841
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(136003)(396003)(39860400002)(376002)(366004)(346002)(199004)(189003)(13464003)(66574012)(81166006)(966005)(81156014)(76116006)(66476007)(66556008)(66946007)(66446008)(64756008)(6116002)(37006003)(86362001)(478600001)(2906002)(316002)(54906003)(45080400002)(8936002)(14454004)(25786009)(6506007)(53546011)(102836004)(476003)(5660300002)(6636002)(2616005)(446003)(8676002)(4326008)(46003)(6436002)(6246003)(186003)(561944003)(11346002)(76176011)(256004)(7736002)(229853002)(71190400001)(99286004)(36756003)(486006)(14444005)(6486002)(305945005)(6306002)(6512007)(6862004)(71200400001)(33656002); DIR:OUT; SFP:1101; SCL:1; SRVR:BYAPR11MB2904; H:BYAPR11MB3751.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: iGH6xcfutce+LgKyHX+9484lIsqWVTYDvCJ2CubAgpyGQnD7EWiOj3wZ3OPYEj6ftlcOfTObR/n+5uwqgjUbKHo1MFoITqfnxHnOvfrLcKAL6GLm7OksQHhPL9xAQ6delBECgKu3eVXix9fueR5m+QFwKwS7s1P39SPGWGUducY/eCdtJUfOio9XYxsWCE+s8zCeoPd6jVNNR58iBnNePaIWfPIfwIzU5c05g4v6egzMf+JAOJABnm9kBUGdjjA5FoXGFnqsgHIo3MVqiO+6rA0nfq5M7RgQkQZqQFdfnq7TIxpeCFWUAUK0pYo+SylOBV+ZS37U2VSnXM1UZqOFnbq9QfTZE2kuURPZjPmljSwRe03s7e2a56dNoWD+Dw9DtzRxdI1R7nE/TcV0gKOSG/lPLPmEcUyEdKjoEcjCfXEYfEUfw+oD2Bvg5gJFXd8pQjzebfEI2N5kD+QiYUDGZQ==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 679ae04c-7e96-4ea8-b556-08d741d10e66
X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Sep 2019 15:57:24.0087 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: V5DUXmQ64a85SwurHQOVSfO3mG4FYqx3dxiIJCkiH62h3JGvxhfyz9evZvKymcDJFNmYrSXRJuddTXzO0rGEnA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR11MB2904
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.14, xch-aln-004.cisco.com
X-Outbound-Node: alln-core-5.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/2-lWx0xrC0vseC6p_ixg0etfrBU>
Subject: Re: [Sidrops] WG Adoption call for draft-borchert-sidrops-bgpsec-validation-signaling-01 (9/16-9/30)
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Sep 2019 15:57:42 -0000

To solve your problem with too much information, I advise you to treat it the same as unverified in your route-policy.

Thanks,
Jakob.


> On Sep 25, 2019, at 8:11 AM, Roque Gagliano (rogaglia) <rogaglia@cisco.com> wrote:
> 
> Hi,
> 
> I do not believe your proposal of a new state is adequate:
>   |   3   | Lookup result = "BGPSec attribute not present or in error"
> 
> Looks to me that you want to add more context on the reasons for invalidating an update but that should not be in the "validation state":
>    - You could be in "unverified" state because the attribute was not present. 
>    - Independently if there was an "error" (whatever it means), the state will still be "invalid" as validation was tried and failed.
> 
> Regards,
> Roque
> 
> 
> On 25.09.19, 17:01, "Sidrops on behalf of Borchert, Oliver (Fed)" <sidrops-bounces@ietf.org on behalf of oliver.borchert=40nist.gov@dmarc.ietf.org> wrote:
> 
>    Jakob, 
> 
>    I agree, adding the BGPsec information into the RFC 8097 communities "reserved" field 
>    seems definitely be a good solution and I can easily modify the proposed draft to do that.  
> 
>    Oliver
> 
>    -----Original Message-----
>    From: Sidrops <sidrops-bounces@ietf.org> On Behalf Of Jakob Heitz (jheitz)
>    Sent: Tuesday, September 24, 2019 3:32 PM
>    To: Montgomery, Douglas (Fed) <dougm=40nist.gov@dmarc.ietf.org>rg>; Randy Bush <randy@psg.com>om>; Keyur Patel <keyur@arrcus.com>
>    Cc: sidrops@ietf.org
>    Subject: Re: [Sidrops] WG Adoption call for draft-borchert-sidrops-bgpsec-validation-signaling-01 (9/16-9/30)
> 
>    I would be in favor of carving off another byte from the reserved field.
>    Redefining the validation state to add the new information instead would confuse older receivers that do not understand the new code points.
> 
>    In addition, I would add another point to the BGPSec validation state: BGPSec attribute not present or in error.
> 
>       +-------+------------------------------+
>       | Value | Meaning                      |
>       +-------+------------------------------+
>       |   0   | Lookup result = "Unverified" |
>       |   1   | Lookup result = "Valid"      |
>       |   2   | Lookup result = "Not valid"  |
>       |   3   | Lookup result = "BGPSec attribute not present or in error"
>       +-------+------------------------------+
> 
>    If it were to use a reserved byte of the RFC8097 community, 0 for unverified would work, I think.
> 
>    Regards,
>    Jakob.
> 
>    -----Original Message-----
>    From: Sidrops <sidrops-bounces@ietf.org> On Behalf Of Montgomery, Douglas (Fed)
>    Sent: Monday, September 16, 2019 4:02 PM
>    To: Randy Bush <randy@psg.com>om>; Keyur Patel <keyur@arrcus.com>
>    Cc: sidrops@ietf.org
>    Subject: Re: [Sidrops] WG Adoption call for draft-borchert-sidrops-bgpsec-validation-signaling-01 (9/16-9/30)
> 
>    Randy,
> 
>    Are you suggesting keeping the 0x43 0x00 code point, but redefining its validation state byte with additional values and meanings for path validation?
> 
>    Or carving off another byte from reserved?
> 
>    Either of those sounds fine and save bits.   
> 
>    Clearly there would need to be a new spec that that adds the words to do that.
> 
>    dougm
>    --
>    Doug Montgomery, Manager Internet  & Scalable Systems Research @ NIST
> 
> 
>    On 9/16/19, 5:13 PM, "Sidrops on behalf of Randy Bush" <sidrops-bounces@ietf.org on behalf of randy@psg.com> wrote:
> 
>        "This document defines a new BGP non-transitive extended community to
>        carry the BGPsec path validation state inside an autonomous system."
> 
>        given the one in RFC 8097, we need a new one because?
> 
>        randy
> 
>        _______________________________________________
> 
> 
>    _______________________________________________
>    Sidrops mailing list
>    Sidrops@ietf.org
>    https://gcc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fsidrops&amp;data=02%7C01%7Coliver.borchert%40nist.gov%7C43f29b9643dc4705595508d74125f6d5%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C1%7C637049503640406944&amp;sdata=N1%2ByCkKcQD4zf6sbr9%2B7e5QnwB6wq%2BRIcaHUvYhSLW4%3D&amp;reserved=0
>    _______________________________________________
>    Sidrops mailing list
>    Sidrops@ietf.org
>    https://gcc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fsidrops&amp;data=02%7C01%7Coliver.borchert%40nist.gov%7C43f29b9643dc4705595508d74125f6d5%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C1%7C637049503640406944&amp;sdata=N1%2ByCkKcQD4zf6sbr9%2B7e5QnwB6wq%2BRIcaHUvYhSLW4%3D&amp;reserved=0
>    _______________________________________________
>    Sidrops mailing list
>    Sidrops@ietf.org
>    https://www.ietf.org/mailman/listinfo/sidrops
> 
>