[Sidrops] draft-spaghetti-sidrops-rpki-prefixlist-00 (chapter #2 of what does IRR have that RPKI doesn't?)
Job Snijders <job@fastly.com> Thu, 30 March 2023 08:26 UTC
Return-Path: <job@fastly.com>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A57FBC151B0A for <sidrops@ietfa.amsl.com>; Thu, 30 Mar 2023 01:26:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.094
X-Spam-Level:
X-Spam-Status: No, score=-2.094 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=fastly.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s2Hv51_1xcA5 for <sidrops@ietfa.amsl.com>; Thu, 30 Mar 2023 01:26:09 -0700 (PDT)
Received: from mail-pl1-x62a.google.com (mail-pl1-x62a.google.com [IPv6:2607:f8b0:4864:20::62a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2398DC14CE4A for <sidrops@ietf.org>; Thu, 30 Mar 2023 01:26:09 -0700 (PDT)
Received: by mail-pl1-x62a.google.com with SMTP id o11so17422474ple.1 for <sidrops@ietf.org>; Thu, 30 Mar 2023 01:26:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastly.com; s=google; t=1680164768; x=1682756768; h=content-disposition:mime-version:message-id:subject:to:from:date :from:to:cc:subject:date:message-id:reply-to; bh=0qdKg7moJm392vbU1AuWKvTTzCKGTvYlzTGLti/MU+I=; b=dNCFD+Mzo3j6pNiO+OxHE5YJnUtdnIn+rkZ2JER/vIw3FdBFXkgrDBmlnH+lhfn+aa Dd8SUJYAaG/nRK1WPKifvvz9QHMymCCAxpVbYk3k8261SMvGSSOSzf4KHfqp1xWNUCBT aL49iQJ9wls8G/NliIAgWk8R7ZcbLsa48OjHc=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1680164768; x=1682756768; h=content-disposition:mime-version:message-id:subject:to:from:date :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=0qdKg7moJm392vbU1AuWKvTTzCKGTvYlzTGLti/MU+I=; b=dGwn25WscmaPfVX3S3nEw5IJt1KOBDvbn9AW6RHp72wTNbPHJ9dxtwpKajXTS/8VJ8 nIwOxg9Di9NES7WTHcjPHgHo6MrfR0p96p3YfApc0+39ntHDxjfqK4rwPRnOBp9CFuff wUTBN+NZ58rwfgla1n2Xm/2H6w93xGz2O92yHd0zBss23qRGReW7C5yxYhCpEQwmnGL2 rnY3gRYFqRiXiGYqSho2YnX2ZFp5TPT2d10z94NeKuHkXF0OXerix70VzHUzSmnz9DE4 MlJ917Rpc3mNDqukEEVI7NgoTBDQKq5MDL5zLilbl8tZyjorLmfV8Lq/bMX61G9znD3i 1APQ==
X-Gm-Message-State: AAQBX9fzeljqexYbN9pGE+tLUExiGRaliX8j4Wy+Hwb5wIssxlWKYcyL Om47cwKwOqamyzdJOi/W/8s8bHlbbBgv3cvc+/rgzA+nDcScSZAimeAUM/TvfuPedWuu4i5Jrza IjMrch4FGgq8yTt8am+nfbd6kK4ueOWRIZQygeMI4HfdOdYPKrm2xixfs4aHChLs/0g==
X-Google-Smtp-Source: AKy350bgFck79JY8PUXrYmPlM/K3vcoBux4Cm89BrGQ4BGwO5emBABtOd21dMi3If2rbiyXqXWepmg==
X-Received: by 2002:a17:90b:1d0b:b0:23f:2661:f94c with SMTP id on11-20020a17090b1d0b00b0023f2661f94cmr25683679pjb.47.1680164767816; Thu, 30 Mar 2023 01:26:07 -0700 (PDT)
Received: from feather.sobornost.net (dhcp-93c1.meeting.ietf.org. [31.133.147.193]) by smtp.gmail.com with ESMTPSA id pj7-20020a17090b4f4700b00231227781d5sm2715084pjb.2.2023.03.30.01.26.06 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 30 Mar 2023 01:26:07 -0700 (PDT)
Date: Thu, 30 Mar 2023 08:26:04 +0000
From: Job Snijders <job@fastly.com>
To: sidrops@ietf.org
Message-ID: <ZCVHnAWWUuDJOPRX@feather.sobornost.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/8sFbwizKFYJaow8p3UIMJ3Qchik>
Subject: [Sidrops] draft-spaghetti-sidrops-rpki-prefixlist-00 (chapter #2 of what does IRR have that RPKI doesn't?)
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Mar 2023 08:26:12 -0000
Hi folks, Following my presentation "ASGroups (or, exploring sunsetting IRR?)" [1] Geoff commented along the lines of "porting IRR as-sets is the wrong way to go about it, you should port IRR route-sets!" Geoff's proposal is that Autonomous System resource holders should publish a self-asserted list of IP prefixes the subject ASN MAY originate. Then remote peers can then use this list to construct filters for various purposes. [ Note: this is not a replacement for RPKI-ROV! Operationally I think along the the lines of: reject RPKI-ROV invalid routes and additionally reject routes not listed in the RPKI-PrefixList (in addition to rejecting ASPA-invalid routes, bogon ASNs, etc, etc) ] So, to progress the conversation about "what would it take to sunset IRR/RPSL; what features or properties does IRR have that are missing in one form or another in the RPKI?" - we authored the below draft for your consideration. I consider both ASGroups & PrefixList steps in an exploratory study, and I fully anticipate that by shaking this tree more ideas will fall into our laps. I'm very open to hear from the community what they perceive as valuable properties of IRR/RPSL, and I am happy to collaborate (read: I'm happy to do the required ASN.1 work and write running code, even if its for ideas we abandon down the road). Let me hear your thoughts on what's beautiful about IRR! Kind regards, Job / Geoff [1]: https://datatracker.ietf.org/meeting/116/materials/slides-116-sidrops-asgroups-thoughts-about-irr-rpki-feature-parity-sunsetting-irr-00 ----- Forwarded message from internet-drafts@ietf.org ----- Date: Thu, 30 Mar 2023 01:01:56 -0700 From: internet-drafts@ietf.org To: Geoff Huston <gih@apnic.net>, Job Snijders <job@fastly.com> Subject: New Version Notification for draft-spaghetti-sidrops-rpki-prefixlist-00.txt A new version of I-D, draft-spaghetti-sidrops-rpki-prefixlist-00.txt has been successfully submitted by Job Snijders and posted to the IETF repository. Name: draft-spaghetti-sidrops-rpki-prefixlist Revision: 00 Title: A profile for RPKI Signed Lists of Prefixes Document date: 2023-03-30 Group: Individual Submission Pages: 13 URL: https://www.ietf.org/archive/id/draft-spaghetti-sidrops-rpki-prefixlist-00.txt Status: https://datatracker.ietf.org/doc/draft-spaghetti-sidrops-rpki-prefixlist/ Html: https://www.ietf.org/archive/id/draft-spaghetti-sidrops-rpki-prefixlist-00.html Htmlized: https://datatracker.ietf.org/doc/html/draft-spaghetti-sidrops-rpki-prefixlist Abstract: This document defines a "RPKI Prefix List", a Cryptographic Message Syntax (CMS) protected content type for use with the Resource Public Key Infrastructure (RPKI) to carry the complete list of prefixes which an Autonomous System (AS) may originate to all or any of its routing peers. The validation of a RPKI Prefix List confirms that the holder of the listed ASN produced the object, and that this list is a current, accurate and complete description of address prefixes that may be announced into the routing system originated by this AS. The IETF Secretariat ----- End forwarded message -----
- [Sidrops] draft-spaghetti-sidrops-rpki-prefixlist… Job Snijders
- Re: [Sidrops] draft-spaghetti-sidrops-rpki-prefix… Geoff Huston
- Re: [Sidrops] draft-spaghetti-sidrops-rpki-prefix… gengnan
- Re: [Sidrops] draft-spaghetti-sidrops-rpki-prefix… Dale W. Carder
- Re: [Sidrops] draft-spaghetti-sidrops-rpki-prefix… Job Snijders
- Re: [Sidrops] draft-spaghetti-sidrops-rpki-prefix… Geoff Huston
- Re: [Sidrops] draft-spaghetti-sidrops-rpki-prefix… Tim Bruijnzeels
- Re: [Sidrops] draft-spaghetti-sidrops-rpki-prefix… Tony Tauber
- Re: [Sidrops] draft-spaghetti-sidrops-rpki-prefix… Job Snijders
- Re: [Sidrops] draft-spaghetti-sidrops-rpki-prefix… Tim Bruijnzeels
- Re: [Sidrops] draft-spaghetti-sidrops-rpki-prefix… Dale W. Carder
- Re: [Sidrops] draft-spaghetti-sidrops-rpki-prefix… Job Snijders
- Re: [Sidrops] draft-spaghetti-sidrops-rpki-prefix… Geoff Huston