IETF Logo Mail Archive

[Sidrops] draft-spaghetti-sidrops-rpki-prefixlist-00 (chapter #2 of what does IRR have that RPKI doesn't?)

Job Snijders <job@fastly.com> Thu, 30 March 2023 08:26 UTC

Return-Path: <job@fastly.com>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A57FBC151B0A for <sidrops@ietfa.amsl.com>; Thu, 30 Mar 2023 01:26:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.094
X-Spam-Level:
X-Spam-Status: No, score=-2.094 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=fastly.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s2Hv51_1xcA5 for <sidrops@ietfa.amsl.com>; Thu, 30 Mar 2023 01:26:09 -0700 (PDT)
Received: from mail-pl1-x62a.google.com (mail-pl1-x62a.google.com [IPv6:2607:f8b0:4864:20::62a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2398DC14CE4A for <sidrops@ietf.org>; Thu, 30 Mar 2023 01:26:09 -0700 (PDT)
Received: by mail-pl1-x62a.google.com with SMTP id o11so17422474ple.1 for <sidrops@ietf.org>; Thu, 30 Mar 2023 01:26:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastly.com; s=google; t=1680164768; x=1682756768; h=content-disposition:mime-version:message-id:subject:to:from:date :from:to:cc:subject:date:message-id:reply-to; bh=0qdKg7moJm392vbU1AuWKvTTzCKGTvYlzTGLti/MU+I=; b=dNCFD+Mzo3j6pNiO+OxHE5YJnUtdnIn+rkZ2JER/vIw3FdBFXkgrDBmlnH+lhfn+aa Dd8SUJYAaG/nRK1WPKifvvz9QHMymCCAxpVbYk3k8261SMvGSSOSzf4KHfqp1xWNUCBT aL49iQJ9wls8G/NliIAgWk8R7ZcbLsa48OjHc=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1680164768; x=1682756768; h=content-disposition:mime-version:message-id:subject:to:from:date :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=0qdKg7moJm392vbU1AuWKvTTzCKGTvYlzTGLti/MU+I=; b=dGwn25WscmaPfVX3S3nEw5IJt1KOBDvbn9AW6RHp72wTNbPHJ9dxtwpKajXTS/8VJ8 nIwOxg9Di9NES7WTHcjPHgHo6MrfR0p96p3YfApc0+39ntHDxjfqK4rwPRnOBp9CFuff wUTBN+NZ58rwfgla1n2Xm/2H6w93xGz2O92yHd0zBss23qRGReW7C5yxYhCpEQwmnGL2 rnY3gRYFqRiXiGYqSho2YnX2ZFp5TPT2d10z94NeKuHkXF0OXerix70VzHUzSmnz9DE4 MlJ917Rpc3mNDqukEEVI7NgoTBDQKq5MDL5zLilbl8tZyjorLmfV8Lq/bMX61G9znD3i 1APQ==
X-Gm-Message-State: AAQBX9fzeljqexYbN9pGE+tLUExiGRaliX8j4Wy+Hwb5wIssxlWKYcyL Om47cwKwOqamyzdJOi/W/8s8bHlbbBgv3cvc+/rgzA+nDcScSZAimeAUM/TvfuPedWuu4i5Jrza IjMrch4FGgq8yTt8am+nfbd6kK4ueOWRIZQygeMI4HfdOdYPKrm2xixfs4aHChLs/0g==
X-Google-Smtp-Source: AKy350bgFck79JY8PUXrYmPlM/K3vcoBux4Cm89BrGQ4BGwO5emBABtOd21dMi3If2rbiyXqXWepmg==
X-Received: by 2002:a17:90b:1d0b:b0:23f:2661:f94c with SMTP id on11-20020a17090b1d0b00b0023f2661f94cmr25683679pjb.47.1680164767816; Thu, 30 Mar 2023 01:26:07 -0700 (PDT)
Received: from feather.sobornost.net (dhcp-93c1.meeting.ietf.org. [31.133.147.193]) by smtp.gmail.com with ESMTPSA id pj7-20020a17090b4f4700b00231227781d5sm2715084pjb.2.2023.03.30.01.26.06 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 30 Mar 2023 01:26:07 -0700 (PDT)
Date: Thu, 30 Mar 2023 08:26:04 +0000
From: Job Snijders <job@fastly.com>
To: sidrops@ietf.org
Message-ID: <ZCVHnAWWUuDJOPRX@feather.sobornost.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/8sFbwizKFYJaow8p3UIMJ3Qchik>
Subject: [Sidrops] draft-spaghetti-sidrops-rpki-prefixlist-00 (chapter #2 of what does IRR have that RPKI doesn't?)
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Mar 2023 08:26:12 -0000

Hi folks,

Following my presentation "ASGroups (or, exploring sunsetting IRR?)" [1]
Geoff commented along the lines of "porting IRR as-sets is the wrong way
to go about it, you should port IRR route-sets!"

Geoff's proposal is that Autonomous System resource holders should
publish a self-asserted list of IP prefixes the subject ASN MAY
originate. Then remote peers can then use this list to construct filters
for various purposes.

 [ Note: this is not a replacement for RPKI-ROV! Operationally I think
   along the the lines of: reject RPKI-ROV invalid routes and
   additionally reject routes not listed in the RPKI-PrefixList (in
   addition to rejecting ASPA-invalid routes, bogon ASNs, etc, etc) ]

So, to progress the conversation about "what would it take to sunset
IRR/RPSL; what features or properties does IRR have that are missing in
one form or another in the RPKI?" - we authored the below draft for your
consideration.

I consider both ASGroups & PrefixList steps in an exploratory study, and
I fully anticipate that by shaking this tree more ideas will fall into
our laps.

I'm very open to hear from the community what they perceive as valuable
properties of IRR/RPSL, and I am happy to collaborate (read: I'm happy
to do the required ASN.1 work and write running code, even if its for
ideas we abandon down the road). Let me hear your thoughts on what's
beautiful about IRR!

Kind regards,

Job / Geoff


[1]: https://datatracker.ietf.org/meeting/116/materials/slides-116-sidrops-asgroups-thoughts-about-irr-rpki-feature-parity-sunsetting-irr-00



----- Forwarded message from internet-drafts@ietf.org -----

Date: Thu, 30 Mar 2023 01:01:56 -0700
From: internet-drafts@ietf.org
To: Geoff Huston <gih@apnic.net>, Job Snijders <job@fastly.com>
Subject: New Version Notification for
	draft-spaghetti-sidrops-rpki-prefixlist-00.txt


A new version of I-D, draft-spaghetti-sidrops-rpki-prefixlist-00.txt
has been successfully submitted by Job Snijders and posted to the
IETF repository.

Name:		draft-spaghetti-sidrops-rpki-prefixlist
Revision:	00
Title:		A profile for RPKI Signed Lists of Prefixes
Document date:	2023-03-30
Group:		Individual Submission
Pages:		13
URL:            https://www.ietf.org/archive/id/draft-spaghetti-sidrops-rpki-prefixlist-00.txt
Status:         https://datatracker.ietf.org/doc/draft-spaghetti-sidrops-rpki-prefixlist/
Html:           https://www.ietf.org/archive/id/draft-spaghetti-sidrops-rpki-prefixlist-00.html
Htmlized:       https://datatracker.ietf.org/doc/html/draft-spaghetti-sidrops-rpki-prefixlist


Abstract:
   This document defines a "RPKI Prefix List", a Cryptographic Message
   Syntax (CMS) protected content type for use with the Resource Public
   Key Infrastructure (RPKI) to carry the complete list of prefixes
   which an Autonomous System (AS) may originate to all or any of its
   routing peers.  The validation of a RPKI Prefix List confirms that
   the holder of the listed ASN produced the object, and that this list
   is a current, accurate and complete description of address prefixes
   that may be announced into the routing system originated by this AS.

                                                                                  


The IETF Secretariat



----- End forwarded message -----

v2.23.0 | Report a Bug | By Email