[Sidrops] Re: WG Adoption call for draft-sriram-sidrops-spl-verification - ENDS 06/03/2024 (June 3 2024)

"Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov> Sat, 01 June 2024 20:04 UTC

Return-Path: <kotikalapudi.sriram@nist.gov>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 52F2EC14F5F9; Sat, 1 Jun 2024 13:04:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.1
X-Spam-Level:
X-Spam-Status: No, score=-7.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FROM_GOV_DKIM_AU=-0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nist.gov
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qVbu9vjB5eRa; Sat, 1 Jun 2024 13:04:17 -0700 (PDT)
Received: from BY5PR09CU001.outbound.protection.outlook.com (mail-westusazon11012009.outbound.protection.outlook.com [52.101.85.9]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1C51EC14F5F4; Sat, 1 Jun 2024 13:04:17 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=MQVHO/Jxunhp6HlVluvVIcvsSlx7gIGyM6ux701klNT1ftJNIoAKfh/jIitRp2wjz0OMdJIfokwMNBXelAtymOLMPte5AP8QWrFpzfCThR9llnUzbsJUPPC7rcTCJpVyMkSpQdv4DrLcmP3DRiC9vfcmWH4L6c4Pe6MhKq1H57qJe4rXqgRo6y3R2Xhk3uyRECRf/ZVMkFI9LycnQL3OVBPauQeT5LWKFgRvILcelkBl33kIs/b14ZZNLIuSJBF2YPRgS2uR5v7mQyzcS/4e5/BzUm+pjiySPQaHrp9qX1HyH2uHmV1uAmQdj1LvAPCZl2kJeTgF/SBL97tAFZMWcQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ddsHv6xiPMGTTVvF77blGz8BYPEu7xSJug1krY97mLU=; b=P/bxHfJq16DoBs93iqQmRij3ncRQq7vxWH4zwurLQs0bAC5KCEFgyS+74rTodChYOdTIa8Uczg2t051tZKTcInwpU1movLa3OwpTmp0fSJhgAfKuMBnZs06FVgiKosKG/JzQ5wYsxTr5R/N9dYzfSk+5uDu25olG2bHtvxoVJ/mKkVBlbWsw3NLg65DM8uopuONGh5Y6yEPoUTq8+rMyWPQ1lV5RDRU733I5Krtn+hvTjyr2LwS6TRB3qOUlSyllanW0emI9gS6mrUziwQUKmqdCIiUlM9sMgGYvPeK6GWCoOsjpIGzzxwVo57KJUN2640PrykJ7APUNUchXtQpylg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nist.gov; dmarc=pass action=none header.from=nist.gov; dkim=pass header.d=nist.gov; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nist.gov; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ddsHv6xiPMGTTVvF77blGz8BYPEu7xSJug1krY97mLU=; b=QT9Q2WRzysLhCsKED5lHW7U6fPBpvDSVzo0swTZgMLHZTBQnv7Hc5UPAehxXNsa2ioJq95F0ekePEw9zMV0LZlYZ395jEEbWsMmMhADFkxGydLnKJ1X6JHrfxB5WEHlEHcUtnafGnV4f2HE1iBkc+4QHQkrP5qfNYD9dAzpaHEgj5BS8of+aZj597UfYV2nybF9ApHO4Q0Op7xmAEFjJH0MyDYBWSbe47BENTTBVuskEuZeHnV+5jWcw1kDLXYDvb1AvOPmxq5swTnv11Lja2aS3TXLbn4Be/No5aqGDOcm1WOJ8YJTTYo2TbqYPl2CT90/9ZLEZ5AH+XwGVdRC8KQ==
Received: from SA1PR09MB8142.namprd09.prod.outlook.com (2603:10b6:806:171::8) by SA1PR09MB10302.namprd09.prod.outlook.com (2603:10b6:806:276::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7633.27; Sat, 1 Jun 2024 20:04:14 +0000
Received: from SA1PR09MB8142.namprd09.prod.outlook.com ([fe80::504f:d20c:9137:39a7]) by SA1PR09MB8142.namprd09.prod.outlook.com ([fe80::504f:d20c:9137:39a7%5]) with mapi id 15.20.7633.021; Sat, 1 Jun 2024 20:04:14 +0000
From: "Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov>
To: gengnan <gengnan@huawei.com>
Thread-Topic: WG Adoption call for draft-sriram-sidrops-spl-verification - ENDS 06/03/2024 (June 3 2024)
Thread-Index: AQHaqm7YngWOUGzeEUmaVQKZf+T99bGyzsvggACZD+A=
Date: Sat, 01 Jun 2024 20:04:14 +0000
Message-ID: <SA1PR09MB8142AE7282AAC8F2D865F55584FD2@SA1PR09MB8142.namprd09.prod.outlook.com>
References: <D20B81DD-3BAB-41F2-A1B5-5EE9553820E7@arrcus.com> <c7a0349b084445e2ab5ce381f9706396@huawei.com>
In-Reply-To: <c7a0349b084445e2ab5ce381f9706396@huawei.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nist.gov;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: SA1PR09MB8142:EE_|SA1PR09MB10302:EE_
x-ms-office365-filtering-correlation-id: d0682271-1da6-4216-86d7-08dc827602be
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230031|1800799015|366007|38070700009;
x-microsoft-antispam-message-info: enWRLmd/29cXO72glpB2PNHiUvnn4AKiboaDe5W++evoTkK/6piLSzD5gxJ0QKWKwsDyM7gSHVGIv9NddOF5CREzN5QEbWQNfX7w3cLXIusZQ9b9UMCHKz0kiuv3dPGsSZ+w2b/LOviHHQiZSPAAefCyCb8oSCADCy2OnaEo+Gnl21XFjnuTr3083R/In88E5dwKQrU8p0J2o71NGiAlkOQ/0DN/hKMn5W+m/nFvSI6EefMu5mQeVbHQJK+HUm9Ce+13uap2Mqhd0W/Luoli91CIVJPthhn479zfDtg8jxPNtzsIBQC8IcWiY2xpeZEWvLnJfj7IowyPjCqCX8m2bmcXmnrUlfAVo8esDvJ4O+L6aPLW/4x4MwRADuJv0htV8O+tnBAwlEqQ9mrfcu5ipIkQ7hrpQe9DlzOBYhSjobmyKUbL1/eq9hzzY9ZveiDOtTz0fkn5aoLW/74GY2lWc3uYTKL+BqkCk7ULtHfYiXXY43mLDv86Abs6lg0ZzdvK/PAJ8e+KhpfSDBENd7bTUNkdRPgZQFyexaDpGuuMRc6x3dA4PymKYz78H7YpZ5Sf8rW/a8wvHQ8E+yk5WVND4N1+xNvizfQ6DT6WsRi5cgUUPMdnynzeadhpkdQSOReFdz+8G5p8f/LWeN11x/OuuXHoc/ry4aHaC3vdABE3LQGseDn9XBzcuBEsVkXx1pLmCIW7zyP74hEUDEI78GhMVGq3TC4/RunfkTGULyuFGKN/RsIfuyvISOuq6v4g90qMvxtAnx/44kyq0jYiWEGf4u95lgN/JiPTt+R0RrtZytP/p3dH++KGeETS72Gx88S+aIkdj9FBYOWeTOiDrHP53vLn2DZyJfcDbnNXOqe/X8ZDlUoKrDXS9b+tscut7bY6vzGD4qvMY8V347PayDky/pt/qKcOv5iqYY/eBNLTNcB73Kjavgrp7wJaG9aNbrz5lo+JrBvprSf3FRWD9eRdS4EPNYrOQz6SB0n9/Vi5ZoL5wA75Yw7PnC/G4XqzIo4zvs/PlkcowwFvjA9uFPxKnk+GbMy0itUG1Nuv3NH4i7Av1WTc2sSvmozOhNEkKIK2iSiKnSNZIc+YN3sO5aslJyMqX6HZ1zIYJMMjPsVWLK8UdsYO9yA5v+a/GiBu22ZbWJuUlFAug3n3ftPdiL8wYXjIrgwj4A3/dFYJNZzifYstC/yKGCj22P1j1iQ7ygc7c6BN10AicVYAMrN3r64Z7PahaWw4chYmuquenME0jzmOOkoAspltE7ZXVp+q7rRZyt94Q85AvEsPo0NgsAPIuw==
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SA1PR09MB8142.namprd09.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230031)(1800799015)(366007)(38070700009);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: VZHk5Ahc8+U6HRF5RzR1J8ySMqSIYkCwp0X45ltoy8tui0FqBjjYbsgIV62s3LA8Pp7vyWPOeaK+H2CQ2lkIjw//Hk8oEhJ5th3kW4JVwGJkkNvugXVyD/K+OkAZhmhP6I5jSLFeP6uJTL22kdsOXMK5g5A5feuiCHcLRRcZVNiAoSYmo+mUcVLdgCAGRuiYbRB43N8QJ7qHXYM2C+wkLdWpx6cUJ6K3gUfr84tYE3bbDzfN4FeFBCwnZbRiHwCDT8pjU/Dj+xn89Fd1kioCwUw4aNjFJqEnzt3jH5Id+ri31qs3syujWS1YZrq64I8MY8UTM1E1l+rsy3mEb8OS51buQ2LJTJwA9gVaL5pRoxuRmAGwRstH3cptlOTnXQoLxt8pdBujBUqkngioXVkZIRQNWUG/7/XtP23ch78QYmEYYzekeCtxQz0YAr3X96TjEF1DghGdcF6ptipgH8kofIwYAE/aJxWw33tPDqtk9Oe0MR0v7XWccO6nqkCXbGI7iItA9h9Pb9ujCPGGHic1Du0JLECfVDidbQVumCT8D5ecn43fZKUwnVptV7jMRns2pk0h4fNAQD7U124AMA2XxMuykq4BAFSO+pzA7OgHVQrNmzoa0xY2PXiZJs3YAMf72dScmyyCBg0OUfYD0PlJlvxMF/F5y/AHndp0y7BWA9wwP4Je7w+v6yNDrakE7cQUjHKUoDcSx21YeZ+5yhDU8yte+BU6N801n3i17UJfBqJnYileD8A3jHaD8+EfTFlDJc4Rd+U3JeMJY5OODXoQ79UFRNZErX9XkoCKJhrjyW/rDPRrEdZyV7a3WUUiEBot3AC8g/WrmJp8EPheLHhsL4d4ZSExQHvIzl5Ve2tOjl4hazaTiCYh3jCuptJIqfPwwiCnc12qpDphZfuLbM/rj8YJJojHKWCAhquYwdUqkhp1271sMcJCGDBhIZ6pGEqg62QJEptyJT2sil48bvV3cX7jv8hOABDGku5uPh6WugKcueUddFRaDxZYtKIvjc9Pa2Lu3GM+m5EHqrhXIYhYgN1f6lsdEa0ZQ3Lr72NhEvOxCv3WkJKN2uCdUG4IzsS6WR0gjbTpq7SFo6UjOx73OU1ympmmlQl7hrZROWyFqeAVJi+PpIAZe6/nd+KB5P+Nhz7WuFN+8Vwbh7Eku825oflo3NbWXZNLOS9Viey57856HnW6a5SWuRGCnZdRjaQ+AhIZArhKwsRwbKbG9lVA6vOOWJs6tXMCZlUp5wPgfOoID8rPFDCNTMFr35szw83o0x38f8J/PSgT1xy66aeGWM3bCW/kTg62en2AChZQIZX9qAmhtEjkiGtfaePBqau8NSVnY4MoNT7xmo4lhNHfDxAuF5/rhdPsb0cRbdx2XmqG5lsUHZkxQ6HnLmqGt6Go3IunJRhTlyMXp7+YjIaTScQPLuzWKtQaacnMMiGZ2jGOpA1onDWU1rv6MABfKCo0PGCiayHofaStR7zVmZ5ONtgdH8Aen/kqgC7+ROrLOmG4eq0Gg7XStJvdbl8aZ57oR/JGfi9pa2C8T49mQBDZC+FBOrVLu/VoNpJIp32o9Qo=
Content-Type: multipart/alternative; boundary="_000_SA1PR09MB8142AE7282AAC8F2D865F55584FD2SA1PR09MB8142namp_"
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SA1PR09MB8142.namprd09.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: d0682271-1da6-4216-86d7-08dc827602be
X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Jun 2024 20:04:14.3072 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA1PR09MB10302
Message-ID-Hash: S2UEQ6BJE3JXCJCTPBPVQHW3BX75ZJBL
X-Message-ID-Hash: S2UEQ6BJE3JXCJCTPBPVQHW3BX75ZJBL
X-MailFrom: kotikalapudi.sriram@nist.gov
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-sidrops.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "sidrops@ietf.org" <sidrops@ietf.org>, "draft-sriram-sidrops-spl-verification@ietf.org" <draft-sriram-sidrops-spl-verification@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [Sidrops] Re: WG Adoption call for draft-sriram-sidrops-spl-verification - ENDS 06/03/2024 (June 3 2024)
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/7M76oTSVbhnfBz51BtHlP6Z2viM>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Owner: <mailto:sidrops-owner@ietf.org>
List-Post: <mailto:sidrops@ietf.org>
List-Subscribe: <mailto:sidrops-join@ietf.org>
List-Unsubscribe: <mailto:sidrops-leave@ietf.org>

Hi Nan,



>Another option is to use SPL to explicitly state DSR prefixes.



IMO, the DSR use case of SPL is straight forward.  Looking at Fig. 1 in the BAR-SAV draft ( https://datatracker.ietf.org/doc/html/draft-ietf-sidrops-bar-sav-03#name-considerations-for-the-cdn- ), the CDN is the owner of the anycast prefix (P3) and the ASes involved, i.e., AS2 (DSR AS) and AS3. So, including the prefix P3 in the ROAs (with AS2 and AS3), not announcing P3 from AS2, and not including P3 in the SPL of AS2 are all actions under the control of one entity (the CDN).  Even if the CDN enterprise does not own AS2, the CDN operator will not make a request to the AS2 operator to announce P3, hence no modification of the SPL of AS2 is required.



Sriram

=================



-----Original Message-----
From: gengnan gengnan=40huawei.com@dmarc.ietf.org<mailto:gengnan=40huawei.com@dmarc.ietf.org>
Sent: Saturday, June 1, 2024 6:51 AM
To: Tim Bruijnzeels tbruijnzeels@ripe.net<mailto:tbruijnzeels@ripe.net>; Sriram, Kotikalapudi (Fed) kotikalapudi.sriram@nist.gov<mailto:kotikalapudi.sriram@nist.gov>
Cc: Amir Herzberg amir.lists@gmail.com<mailto:amir.lists@gmail.com>; sidrops@ietf.org<mailto:sidrops@ietf.org>; draft-sriram-sidrops-spl-verification@ietf.org<mailto:draft-sriram-sidrops-spl-verification@ietf.org>
Subject: RE: [Sidrops] Re: WG Adoption call for draft-sriram-sidrops-spl-verification - ENDS 06/03/2024 (June 3 2024)



Hi,



> I think new semantics are generally best done as separate, explicit, complementary types.

Agreed.



A new object for DSR prefixes is an optional solution. BAR-SAV can use BGP, ASPA, ROA, and DSR data to generate SAV rules.



Another option is to use SPL to explicitly state DSR prefixes.



"Implicit method" may induce some security risks and operational complexity.



Best,

Nan