IETF Logo Mail Archive

Re: [Sidrops] [WGLC] draft-ietf-sidrops-roa-considerations-01 - Ends 10/March/2022

Christopher Morrow <christopher.morrow@gmail.com> Fri, 22 April 2022 14:56 UTC

Return-Path: <christopher.morrow@gmail.com>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5EAE63A16F8 for <sidrops@ietfa.amsl.com>; Fri, 22 Apr 2022 07:56:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3Z3joV0p2vX0 for <sidrops@ietfa.amsl.com>; Fri, 22 Apr 2022 07:56:27 -0700 (PDT)
Received: from mail-qk1-x736.google.com (mail-qk1-x736.google.com [IPv6:2607:f8b0:4864:20::736]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7FBB73A16ED for <sidrops@ietf.org>; Fri, 22 Apr 2022 07:56:27 -0700 (PDT)
Received: by mail-qk1-x736.google.com with SMTP id d19so5967477qko.3 for <sidrops@ietf.org>; Fri, 22 Apr 2022 07:56:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=CFZ4j/S/ssCEJFeoAONGwOF+r2klIBEFg5utEeL59X0=; b=e6v7fifbnrI9xmsS0EsueTP4OhyCzCFfKnVlOMDXMYj31iiWEyV64hCbGNduRPkbHF EtDJ6/hu2f0it1f5+1NWUFJVmi5A6hMtHis2eK0ooyzPd/IvTWvUuTV0bw6MfYKz1Zbu 8G5ALZ/W+IC/18NQe5dnb5dYgjT+l456bvZevFXgUIRjOSE++ZITwpGWx7DEut5zFnMk LERcTsDuU5WP4jmps86IarZt5trxtmBAWk+qjwr1mPwZGXRtgaacM3/FYOB1Ptc3jgD6 wy/lrzRyq3Kfn7tN/O9gVENDfGfGboE7N/5nqgH+ijaTc1xHkuC5spykvf295KCmOH8x 3TJw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=CFZ4j/S/ssCEJFeoAONGwOF+r2klIBEFg5utEeL59X0=; b=IbzV1dcF1v7gLF+qKgQ424kLkGHwjx4urDT2Yl+aWs61sAE4vbsJpEhAQqbhv4GMq/ y5L333rm2eV62yNHbRDbOTlYHrEOszJMWgH6KVFUC5dVa9SS5KwDYTNeNXiRAXT7L7Z7 MzCylE+pbYaZGBSTfMdteneESt2QFbFN9llHwAS0yepH78JzbYdwBBiYdL5IYycErcoN zT/oQFrq83hQ1pcBuu6pcXNItZSPh2Fu7Qu4N+kRKASpc/lyy5VQ/0cRZQK4nI9lgw/e tvsMXxatYrE9GXlDTIYZvI+sc/4xZ7pjb3vpTYFlLaVCpWsasdm0uwalZrxydYf8s6xL 3fHw==
X-Gm-Message-State: AOAM5318zemyuIPoUlHRrOY1XVbJhI87TarfVqFsCdtJSa2U2pqgspaa aeDYK8PEG4sMr5uV8jrrj2kF2YxC6EZCsS9Rr58gFA8pBBE=
X-Google-Smtp-Source: ABdhPJxQs2sKOQLP7OxD1RMR45Y09278FPnTm1nRe1zbnr37krJjwQm6E1ChEGw4TJrbho5TKg+2RXrRxo9YjW8+vOc=
X-Received: by 2002:a37:664f:0:b0:69c:81ae:a293 with SMTP id a76-20020a37664f000000b0069c81aea293mr2966209qkc.614.1650639386208; Fri, 22 Apr 2022 07:56:26 -0700 (PDT)
MIME-Version: 1.0
References: <BYAPR18MB26961DE9F15501CCA12ECCF1C13D9@BYAPR18MB2696.namprd18.prod.outlook.com> <20220307010632.8FFE72EA00F6@minas-ithil.hactrn.net> <202204181052163056836@cnnic.cn>
In-Reply-To: <202204181052163056836@cnnic.cn>
From: Christopher Morrow <christopher.morrow@gmail.com>
Date: Fri, 22 Apr 2022 10:56:15 -0400
Message-ID: <CAL9jLaaXJt9heaPKs7HEWeqcVTcDCEYwgouCghceavABeTMkTw@mail.gmail.com>
To: YAN Zhiwei <yanzhiwei@cnnic.cn>
Cc: Rob Austein <sra@hactrn.net>, keyur <keyur@arrcus.com>, sidrops <sidrops@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000044701905dd3f6e9a"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/2McZ9mRShReeKZmxas3lh2VBF0I>
Subject: Re: [Sidrops] [WGLC] draft-ietf-sidrops-roa-considerations-01 - Ends 10/March/2022
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Apr 2022 14:56:33 -0000

On Sun, Apr 17, 2022 at 10:52 PM YAN Zhiwei <yanzhiwei@cnnic.cn> wrote:

> Hello, guys,
>
> As Rob, George, Di and others mentioned, there are two sides to
> everything. Especially for a security service, the basic motivation of RPKI
> is for more secured routing system, while it will surely introduce other
> new risks. We want to optimize it during its designing, but it’s more
> important to deploy and test it with a more simple logic. I totally agree
> with Tim, there are some specific situations (…AS0 ROAs for unallocated
> space that some RIRs publish…) where the resources are more stable and with
> low risk wrt overclaim, it’s worthy to pack the ROAs together to improve
> the RP’s efficiency. Then if we have rough consensus about this principles,
> what we need to do are:
>
> 1) Describe the one-prefix-per-ROA as a basic advice of CA operation;
>
> 2) List the specific scenarios which have low risk wrt overclaim as the
> optimization situations CA may consider.
>
>
sounds like your advice is: "largely do 1 / prefix", with guidance on when
to expand that, perhaps an algorithm even...
Is it worth noting that at the top levels there may be more skew toward
aggregating  vs singular records? (or would that fall out of the research
being done perhaps?)
I'm pretty sure a 'one size fits all' will not work :) so your plan seems
reasonable to me.


> BR,
>
> ------------------------------
> YAN Zhiwei
>
>
> *From:* Rob Austein <sra@hactrn.net>
> *Date:* 2022-03-07 09:06
> *To:* Keyur Patel <keyur@arrcus.com>
> *CC:* sidrops@ietf.org
> *Subject:* Re: [Sidrops] [WGLC] draft-ietf-sidrops-roa-considerations-01
> - Ends 10/March/2022
> I support publication of this draft.
>
> Two comments, for whatever they're worth:
>
> 1) In retrospect, the ability to specify multiple prefixes in a single
>    ROA seems like premature optimization: it's solving a problem I'm
>    not convinced we really have, at the expense of creating a new one.
>
> 2) I tend to think about the multiple-prefix ROA problem in terms of
>    "fate sharing": unless all the prefixes involved are in some way so
>    closely tied to each other that there will never be a change to one
>    of them that isn't a change to all, they should be separate ROAs.
>
>
>
> _______________________________________________
> Sidrops mailing list
> Sidrops@ietf.org
> https://www.ietf.org/mailman/listinfo/sidrops
>

v2.23.0 | Report a Bug | By Email