IETF Logo Mail Archive

Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-verification - ENDS 03/22/2023 (Mar 22 2023)

"Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov> Mon, 01 May 2023 08:20 UTC

Return-Path: <kotikalapudi.sriram@nist.gov>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7D0F6C14CF0D; Mon, 1 May 2023 01:20:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FROM_GOV_DKIM_AU=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nist.gov
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9MZVqdUVg20h; Mon, 1 May 2023 01:20:23 -0700 (PDT)
Received: from GCC02-DM3-obe.outbound.protection.outlook.com (mail-dm3gcc02on2070b.outbound.protection.outlook.com [IPv6:2a01:111:f400:7d04::70b]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6CB11C1522B9; Mon, 1 May 2023 01:20:23 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=hDq9mISJfLbjC4pFcFBR8lGdgFU5AflPzaA7/iHZFxJ31zxZeKCvSnh0yK7224b4Uza3VpfP8U4GVQz5pQvGuHYOb5YeJhp3EEniVclzWRcZbXAq6TtWg6m45tH+/OOPsz5hGZoyEgMhwQ040qg60xmeEnURsfDlwb8dFlFLE6YwCD3LydYvHGQX2UeED/bSwJLzqcYhH0gPqI8fxYAH8SK1hZcGPOTHh4W6uIDjlLwIEmRdnDNSNv+0WoQQEott5ZIue0nUVNDd/gqpjclEt8QE5N6E2onD4hEihzN8X8R89LmIq6wFEs4p0p252FbmEJMb6EBUYhwNHjV7LEpaHw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=5dEonqH0/NKU573X5gg2K7TO5yEi2eoXmhFhMs1vjwk=; b=WobHcTXuaQiMAe32kLUYyoKfJk2sywHtg+7/kHka0DtzEH7iaEgX/DAMvd3fx/I1MDw5cMwGdW7GwzHSU+zZSRrpTZjcJJHJTLDaUkxpnWG3RgaiySvW9HRXCmVJudulAlzSN6+1LQbyMB0/5ghVdThk5g0KAxyj60eAGswz4x6snzcnN33NCLOvrPIuFsmyEgk9nS9fwG85P5rUY7BdPRv8AnP2SYS92kT3QHoP8txGiZIj3XQG4WvZS9JjwJeMdIwjRfewbO6ao3eooqCeRsmC9rBRo6g2RFHx6qjTch6m3KCuRz4mxng4BtZmWaBOg7ZRDNLiJRZWwfcnOC8HRg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nist.gov; dmarc=pass action=none header.from=nist.gov; dkim=pass header.d=nist.gov; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nist.gov; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=5dEonqH0/NKU573X5gg2K7TO5yEi2eoXmhFhMs1vjwk=; b=BagTW2gLAnP11PbUIpOWjjU20zD3Kd+wKGRqv+QDRQdirYUhud5bpQBMPkkf68JMw8Jc/ymm4dceQn5xQ3r8QvJUDm9JB3dUqtGJM77U+4Tg2SB1Dz5iR66PiAGkAHdRoclCErSbwca9qNE0H/YjpAynCwzjhF/yf3xUUTjV+8cuh82BhwZXOh0XYywDNCnTxCJZThWV+hC+yZNNMV4VbgsooiVUgGjR1myLYUEQgxmvSt9C5W0xNScA68PCUHZcfr4XNHOvYD+C7tg/I2WSGQ5EjFmEjmUNhFu0rXda3JgBvfTJwyghc4Vys88Bie32UVHkNUhlA+9Uez7wP2HTkw==
Received: from SA1PR09MB8142.namprd09.prod.outlook.com (2603:10b6:806:171::8) by SA9PR09MB6014.namprd09.prod.outlook.com (2603:10b6:806:4f::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6340.30; Mon, 1 May 2023 08:20:19 +0000
Received: from SA1PR09MB8142.namprd09.prod.outlook.com ([fe80::226a:790b:a85c:d03e]) by SA1PR09MB8142.namprd09.prod.outlook.com ([fe80::226a:790b:a85c:d03e%6]) with mapi id 15.20.6340.030; Mon, 1 May 2023 08:20:18 +0000
From: "Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov>
To: Martin Hoffmann <martin@nlnetlabs.nl>
CC: Claudio Jeker <cjeker@diehard.n-r-g.com>, "sidrops@ietf.org" <sidrops@ietf.org>, "draft-ietf-sidrops-8210bis@ietf.org" <draft-ietf-sidrops-8210bis@ietf.org>
Thread-Topic: [Sidrops] WGLC = draft-ietf-sidrops-aspa-verification - ENDS 03/22/2023 (Mar 22 2023)
Thread-Index: AQHZUV6mxB5bPFSj10Ch+S0fYxNY/K77vemAgAuycmCAB0/JAIAA8bzMgAAMfviAAPrBAIAANBelgABAVgCAIkGKEIAAs9QAgABXRuCAAB7WQIALAK2ngAEU6YCABLbBGQ==
Date: Mon, 01 May 2023 08:20:18 +0000
Message-ID: <SA1PR09MB8142DA858A2039F2ED7DAD2B846E9@SA1PR09MB8142.namprd09.prod.outlook.com>
References: <SA1PR09MB814241245D01E81BADE3ED0884CF9@SA1PR09MB8142.namprd09.prod.outlook.com> <ZBGqSVL9sSqnAiJc@diehard.n-r-g.com> <SA1PR09MB8142E9F71F250B83062C724884869@SA1PR09MB8142.namprd09.prod.outlook.com> <ZCGcYHJ9PyrjgR+V@diehard.n-r-g.com> <SA1PR09MB8142EA7F33880679E9B509D384889@SA1PR09MB8142.namprd09.prod.outlook.com> <SA1PR09MB81426E1BB66D6DF31860F26984889@SA1PR09MB8142.namprd09.prod.outlook.com> <ed0146b09da346b2b48cb9701240926c@akamai.com> <SA1PR09MB81427D28EF661F9DAB05FB9B84889@SA1PR09MB8142.namprd09.prod.outlook.com> <c62da49ce2a142999260371a0af7b673@akamai.com> <SA1PR09MB81428936A8B2BC30C04C4B2684629@SA1PR09MB8142.namprd09.prod.outlook.com> <88D8A314-0D17-4EA7-9E33-424021AF0FFF@vigilsec.com> <SA1PR09MB814232A57F80E8B92637ABF684639@SA1PR09MB8142.namprd09.prod.outlook.com> <SA1PR09MB8142A3F0D8E30F4F154863A084639@SA1PR09MB8142.namprd09.prod.outlook.com> <SA1PR09MB81427668A874A3EEFDE61DAE846A9@SA1PR09MB8142.namprd09.prod.outlook.com> <20230428100855.3450881e@glaurung.nlnetlabs.nl>
In-Reply-To: <20230428100855.3450881e@glaurung.nlnetlabs.nl>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nist.gov;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: SA1PR09MB8142:EE_|SA9PR09MB6014:EE_
x-ms-office365-filtering-correlation-id: bdb8387c-6577-44e1-fa6d-08db4a1ce65f
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: dxZBy5f/IxlRhzS8A5GS1Z2pXsamCWCwWEgt6sBxTTZ5bZn4bSCUna6i5nkruR7nwhlbG1DmMg0aJF03sjYMfx++WI4g50KIra2LG3obpp61QRscTsuie0XSyecGTAYx+SApw3cu/3ntntcwAztnwA53zMwbAm5R5co/qBhTzTA5+4EhOjl8wHboqJfRXvdJICXMpXHLVTNA/J3MPJl7Eb4yuUYx+4pyDZheIuhGU/t6a/KdGuDSfBIk5DKG8OxW7gUbJJX7SL+CGXyw5fPD+PF7lOc0uinL35WCIbMc65hl5Oim1m7RlGilHFz8gsIN/ZEo78J1CaDi3VjGrW5iwywwW4qqsk+/1+W4kduxp9QBNdUxz5OVuy30/N49dvuXCj/p1zyR8gHJkJlT9Fn8BrATIakl8m8z7MmSw5bh7qQLmZe7a+eY1n3gs5jWv9YKsAYxKUGgNaNzLICBhuHaflS+thB6/alXCAVwPvponxl4mNj6cvL6ncD55Cq5DmTywIB+vK3HSVT6YaWcJcOwX6y//ImmUr6oYVacbah3TnOmYOlmJD95FrdnSHPlkL1Hm8X/yflQAfsS4hF+IEPV5dupCSxJMQKfyDv5iS+QtPve2Zfj6/+W50nKVBUCRqmO
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SA1PR09MB8142.namprd09.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230028)(4636009)(366004)(451199021)(86362001)(33656002)(38070700005)(82960400001)(122000001)(38100700002)(8676002)(52536014)(5660300002)(6916009)(4326008)(66946007)(66476007)(66556008)(91956017)(76116006)(8936002)(66446008)(64756008)(55016003)(15650500001)(2906002)(83380400001)(66574015)(71200400001)(7696005)(54906003)(498600001)(53546011)(9686003)(6506007)(26005)(186003); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: ud/XxaDxVxZAewpR/pmF4k4Pc6uj560zN4NWu/YORMlz8leV79zqDfg9AMO/sTQlNiM5Ksoiq88ea9AiuJrGXr/AXgfqLtMyQUGcdHjbW6hoMvrarUsOK9za8FK7ARWaf4Nxv4tdtQHuwJqYA041HGQKeyYkZBcQ5DcyPNCz7QoM5ljEIo+fWAfwjXx/NQnSoAqh89Y7jU9dito39SLRIwWBls31oHTUWYVXL2j81s5HmJixWlAdISvDcAvLOq80bQqvn79Q9EjT9tZjTvzMbRm2jZEF8V6hRiy3aQhTrhA/2jlfKbUDXK/ANHm1eGSJ5TFfuSyF6sSdOHLE11yaAf4XfU1aS6CtPeBwldEIIUtiJsBFu7XpzGphNdmWuDkph1RS1hnOGxhAylS7dnQCZtSHi8aryS9L2pMKYuq+eUthlCTkCcmDIn23V4Ug2U4iF4E4/cbvAvm1ZoOxixa7zx/Y3XKOxCiKI8FfJFyGATM2PzlJmAKzUk05k1AnA9pqGuoF33XGRf9hhoAv91GVqA+BB/Al5gH5iG3HyMTNmsGOkwnlMqtSLCG2kH8/Tl+dyyqditrlDW/DFWq1IjScxwnRFjwMrRlG+VNrPr6YD5yXXOUV5wcIXqd5wBM3ISSAU2OdfBoLc9tUMXwSaAvt6yE8F0IrKeB+DcxFdq9mYC5LElyIUG/6yLtzUS6dIBMYeUHswYfThTYDGFUHwQzxn23CaxSJR8NuYZaBxVbK6uDN88r8YTVsttjztac958llyu448qr/b0trJfHLRCJa4kDa4yjjbhEHai52zh9Gyl11ESaBfTIwBwA588MLHoVlafAzeqg4+ELcKy0znJ/x7QE3P6boZDTnKuhv8XpKManNFN8UJq1w+B3/vlSvPrslUCV20FwJWv+JPKAq+/FQfN2dSXsBJ096/DrHPR2PH/scCVrDkTi8jZs+Y4lOBLLuacSqgRkvlRqLH3jSfQ0YYPYf1l1rU2/TD95qd33lG/WoSXZbzhvhw6C4rNevy+tmLJYunBGKxEdnF3gOk9oPe0jmnxyK9uEpDSA1rp2V5+p3ItxizTm4faQKXn44bgZhhx7GeU2nhR8OHJBXd38iJNFRnjgJCqsOTuJf6+AJMAfSt8q1tjJcsrOLaHoDaHmQ7Ju039eLqbLeBa8zFrpxHym3UzOCLVtbXyZodtrkkI2wjGlpVJP6fBwuslihMujIR0i9neTYkzK3ORXLVA4Z0QODGAoy4P57ttkuZArch4TSB4x43EHdxWSGjt7y3QNWlYLLyUbA6CSDqz4mxll4ZpoxhJKnsAcgQV9bBGRoNfL17qtfL6+U61SvKN319PwFDB8ioYA6Ea6KgyXnewo4cL6zD+drenyFgYu+Q5Vcz0oCcMy7Unmx3ngazskKF8fpK4xLJc+J9hjK2oBZ/ey9i3dZrSUF9fQMdHFSHRhFlh4tRnopF02DVF9a+x565STWiQyagobKgTVyfdd9Twtu4qYN0Kw+jiKWx/+Ik1sTAA8C449+9+uzJfJYO3gOprMYSVGaJCSEFs8xmMC+or/iNAWhA7HkWo59bpLmcZRW8jU=
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SA1PR09MB8142.namprd09.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: bdb8387c-6577-44e1-fa6d-08db4a1ce65f
X-MS-Exchange-CrossTenant-originalarrivaltime: 01 May 2023 08:20:18.7063 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA9PR09MB6014
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/5EjVl-tpoyAnCrJP6zwsmx_CUhM>
Subject: Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-verification - ENDS 03/22/2023 (Mar 22 2023)
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 May 2023 08:20:27 -0000

Hi Martin,

Thanks. Just trying to close the loop. 

>My observation was mostly about the fact that this is (now: was) rather
>quite hidden in the somewhat complex document structure. Calling it out
>in the profile draft should be good enough for RP implementers to at
>least be aware of something going on and having to read up on it some more.

Just to be sure, would you be fine now with the proposed copying
of the ASPA registration related sections (Sec. 2 and Sec. 4) 
from the verification draft into the profile draft?

Sriram  

________________________________________
From: Martin Hoffmann <martin@nlnetlabs.nl>
Sent: Friday, April 28, 2023 1:38 PM
To: Sriram, Kotikalapudi (Fed)
Cc: draft-ietf-sidrops-8210bis@ietf.org; sidrops@ietf.org; Claudio Jeker
Subject: Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-verification - ENDS 03/22/2023 (Mar 22 2023)

Hi Sriram!

Sriram, Kotikalapudi (Fed) wrote:
> Hi Martin,
>
> >Now, from the split into two documents, I conclude that as someone
> >implementing an RPKI relying party software, you aren’t expected to
> >read the verfication draft -- and will likely miss this subtlety. So,
> >presumably, the conversion rules should be in the profile draft.
>
> We'll make sure that it is clear in the verification draft, and
> also, some sections related to ASPA registration and VAP-SPAS
> creation will be repeated in the profile draft so that
> the latter is self-contained.
>
> Regarding augmentation of VAP-SPAS with AS 0 SPAS for
> the case of a CAS that has neglected to include one of the
> AFIs in the ASPA, that is a thing that concerns the
> verification algorithm. Keeping that in mind, do you feel that
> it might be OK if we simply take care of it on the router side
> after the RTR ASPA PDUs have been received? Details follow.

I don’t think that’s a good solution. The RTR payload format is as it
is now to make things as easy as possible for routers that implement
the most simple data structure. The RP software has to do merging of
multiple ASPAs, anyway, so it is quite easy for it to convert an empty
set into an AS0-only set.

My observation was mostly about the fact that this is (now: was) rather
quite hidden in the somewhat complex document structure. Calling it out
in the profile draft should be good enough for RP implementers to at
least be aware of something going on and having to read up on it some
more.

> If not, then we need to talk about changing the processing
> on the RTR cache server side or changing the RTR ASPA PDU format
> (like what Claudio has been talking about). That would call
> for a change in 8210-bis.

While I think that redesigning the ASPA RTR PDU would be a good idea --
if there’s always one PDU per address family they might as well be
merged into one --, that draft is already in the publishing queue and
there is at least one released real world implementations (and someone
would need to yell “stop” real soon to avoid a second one), so I
suspect that ship has sailed.

  -- Martin

v2.23.0 | Report a Bug | By Email