Re: [Sidrops] Which 8210-bis error code should be used?
Claudio Jeker <cjeker@diehard.n-r-g.com> Mon, 22 May 2023 09:32 UTC
Return-Path: <cjeker@diehard.n-r-g.com>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0400AC151554 for <sidrops@ietfa.amsl.com>; Mon, 22 May 2023 02:32:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.895
X-Spam-Level:
X-Spam-Status: No, score=-6.895 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ll3q-kmk1SNn for <sidrops@ietfa.amsl.com>; Mon, 22 May 2023 02:32:07 -0700 (PDT)
Received: from diehard.n-r-g.com (diehard.n-r-g.com [62.48.3.9]) (using TLSv1.3 with cipher TLS_CHACHA20_POLY1305_SHA256 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA512) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DF040C1519A6 for <sidrops@ietf.org>; Mon, 22 May 2023 02:32:05 -0700 (PDT)
Received: (qmail 34265 invoked by uid 1000); 22 May 2023 09:32:02 -0000
Date: Mon, 22 May 2023 11:32:02 +0200
From: Claudio Jeker <cjeker@diehard.n-r-g.com>
To: "Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov>
Cc: "Borchert, Oliver (Fed)" <oliver.borchert@nist.gov>, "sidrops@ietf.org" <sidrops@ietf.org>, "draft-ietf-sidrops-8210bis@ietf.org" <draft-ietf-sidrops-8210bis@ietf.org>
Message-ID: <ZGs2kn4mKli29tAb@diehard.n-r-g.com>
References: <SA1PR09MB8142523FA03AC4EA6E0E014E847C9@SA1PR09MB8142.namprd09.prod.outlook.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <SA1PR09MB8142523FA03AC4EA6E0E014E847C9@SA1PR09MB8142.namprd09.prod.outlook.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/4AXzSTs_GZMPfKI_0vNZ-QQ5yoU>
Subject: Re: [Sidrops] Which 8210-bis error code should be used?
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 May 2023 09:32:12 -0000
On Fri, May 19, 2023 at 02:26:09PM +0000, Sriram, Kotikalapudi (Fed) wrote: > Claudio, Oliver, and all: > > > > How does this change in the verification draft (Section 4) sound to you? > > This is the change you seem to be saying will fix the issue (eliminate the possibility of implementation error). > We'll also reference this (or state it) in the main body (not appendix) of the profile draft. > > > > OLD text: > > > If, despite the above recommendations, the ASPA(s) of a CAS includes > SPAS for one AFI but not for the other AFI (not even an AS 0), the > ASPA SHALL NOT be rejected just for that reason. However, such an > ASPA(s) will be presumed to imply that the CAS has no providers > (equivalent to AS 0 SPAS) for the AFI that they neglected to include. > > > > NEW text: > > > If, despite the above recommendations, the ASPA(s) of a CAS includes > SPAS for one AFI but not for the other AFI (not even an AS 0), a SPAS > containing only AS 0 MUST be included in the VAP-SPAS for the > neglected AFI for the CAS. In this case, later if the ASPA(s) in > consideration is withdrawn and given no other ASPA changes for the > CAS, said SPAS containing only AS 0 MUST be removed from the VAP-SPAS > list, resulting in no entry in the list for the CAS (for both AFIs). > > -------- > > Claudio: You were suggesting the following in your reply to Oliver: > > >So you should not error out if an AFI object is missing instead an implicit > >AS 0 entry for the missing AFI should be inserted. How this is done is up > >to the implementation. > > Would you say the need for new error code is obviated with the above change in text? > > Do you see a need for any other changes in the profile or verification > drafts on this issue? I really deslike this change. It makes the current version even more brittle and confusing. What about ASAP records that use an explicit AS0 entry. Do these now need to be removed? I think all of this can be fixed by walking back and adjusting the hop-check function and Section 5. Which I suggested some time ago. There is no need for implicit AS0 entries if the hop-check function definition is: / | "No Attestation" if there is no entry | in VAP-SPAS table for CAS = AS(i) | for all possible AFI values | hop(AS(i), AS(j), AFI) = / Else, "Provider+" if VAP-SPAS entry for \ CAS = AS(i) for the mentioned AFI includes | | Else, "Not Provider+" \ Additionally the following text can be added to Section 5: The hop-check function MUST only return "No Attestation" if for all possible AFI values the result of the hop-check function (with equal AS(i) and AS(j)) is "No Attestation", if for any possible AFI value a different value is returned the result MUST be "Not Provider+". With this in a lot of the confusing text in Section 4 can be removed. Especially: If, despite the above recommendations, the ASPA(s) of a CAS includes SPAS for one AFI but not for the other AFI (not even an AS 0), the ASPA SHALL NOT be rejected just for that reason. However, such an ASPA(s) will be presumed to imply that the CAS has no providers (equivalent to AS 0 SPAS) for the AFI that they neglected to include. Since these extra AS0 entries were only added to work around the underspecified definition of the hop-check function. -- :wq Claudio
- [Sidrops] Which 8210-bis error code should be use… Borchert, Oliver (Fed)
- Re: [Sidrops] Which 8210-bis error code should be… Randy Bush
- Re: [Sidrops] Which 8210-bis error code should be… Claudio Jeker
- Re: [Sidrops] Which 8210-bis error code should be… Claudio Jeker
- Re: [Sidrops] Which 8210-bis error code should be… Borchert, Oliver (Fed)
- Re: [Sidrops] Which 8210-bis error code should be… Borchert, Oliver (Fed)
- Re: [Sidrops] Which 8210-bis error code should be… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] Which 8210-bis error code should be… Borchert, Oliver (Fed)
- Re: [Sidrops] Which 8210-bis error code should be… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] Which 8210-bis error code should be… Claudio Jeker
- Re: [Sidrops] Which 8210-bis error code should be… Claudio Jeker
- Re: [Sidrops] Which 8210-bis error code should be… Claudio Jeker
- [Sidrops] some wording improvements in draft-ietf… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] some wording improvements in draft-… Borchert, Oliver (Fed)
- Re: [Sidrops] Which 8210-bis error code should be… Jay Borkenhagen
- Re: [Sidrops] Which 8210-bis error code should be… Claudio Jeker
- Re: [Sidrops] Which 8210-bis error code should be… Martin Hoffmann
- Re: [Sidrops] Which 8210-bis error code should be… Claudio Jeker
- Re: [Sidrops] Which 8210-bis error code should be… Job Snijders
- Re: [Sidrops] Which 8210-bis error code should be… Randy Bush
- Re: [Sidrops] Which 8210-bis error code should be… Martin Hoffmann
- Re: [Sidrops] Which 8210-bis error code should be… Tim Bruijnzeels
- Re: [Sidrops] Which 8210-bis error code should be… Tim Bruijnzeels
- Re: [Sidrops] Which 8210-bis error code should be… Borchert, Oliver (Fed)
- Re: [Sidrops] Which 8210-bis error code should be… Jay Borkenhagen
- Re: [Sidrops] Which 8210-bis error code should be… Hollyman, Michael
- Re: [Sidrops] Which 8210-bis error code should be… Mikael Abrahamsson
- Re: [Sidrops] Which 8210-bis error code should be… Tony Tauber
- Re: [Sidrops] Which 8210-bis error code should be… Yangyang Wang
- Re: [Sidrops] Which 8210-bis error code should be… Tim Bruijnzeels
- Re: [Sidrops] Which 8210-bis error code should be… Claudio Jeker
- Re: [Sidrops] Which 8210-bis error code should be… Tim Bruijnzeels
- Re: [Sidrops] Which 8210-bis error code should be… gengnan
- Re: [Sidrops] Which 8210-bis error code should be… Claudio Jeker
- Re: [Sidrops] Which 8210-bis error code should be… Borchert, Oliver (Fed)