IETF Logo Mail Archive

Re: [Sidrops] Making ASPA AFI-Agnostic - coordination

Alexander Azimov <a.e.azimov@gmail.com> Fri, 09 June 2023 15:16 UTC

Return-Path: <a.e.azimov@gmail.com>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E4CBDC14CE24 for <sidrops@ietfa.amsl.com>; Fri, 9 Jun 2023 08:16:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.094
X-Spam-Level:
X-Spam-Status: No, score=-2.094 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nQCBPMOl8_ki for <sidrops@ietfa.amsl.com>; Fri, 9 Jun 2023 08:16:12 -0700 (PDT)
Received: from mail-pf1-x434.google.com (mail-pf1-x434.google.com [IPv6:2607:f8b0:4864:20::434]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 21888C14F747 for <sidrops@ietf.org>; Fri, 9 Jun 2023 08:16:12 -0700 (PDT)
Received: by mail-pf1-x434.google.com with SMTP id d2e1a72fcca58-653bed78635so1389339b3a.0 for <sidrops@ietf.org>; Fri, 09 Jun 2023 08:16:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1686323771; x=1688915771; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=k4ZTjYL2npe9qtwe3ynWOkP6GlTINa3mAW/EMyRMNp4=; b=qJhxbc+dS2olePVpMlResGr2ukvbgMM0ByIRFG4bEfpMpNVkZF3dGHaVgMyuK/mqE5 i1NCtAEMUAwEbu4MhJ7ecUkINvi+DkgLb2ru/xoH8O8Eq9Ji22BRrE3BDKyXbucAuXrE 5QmBZE2CYTAo9/3Fr/UgMV8pfPN7nmmamqN94YloX8idie/659yjEnEzuIFU42QCzEvS UjEonvwUvcUnZFmDmhAbCFCF636JWNlgkko/Oz4m4hoTHwWliaqUzvR3sFUCkM45vJGZ LyZBCGAjJSD2PKmRwUeFd6Qiam1+wYYT+TRcDVjjIkjc3WXvdDXOZTtxzyT15o4HFzG8 DCNw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686323771; x=1688915771; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=k4ZTjYL2npe9qtwe3ynWOkP6GlTINa3mAW/EMyRMNp4=; b=MKiEnqn3WJeJoTa3FoNBds1AetuS1jU6KwDhhnqC8pdQypV0hRQjVFMwjelopx3S2G 5rg9x7PFQB87NACApA2EjIJD3RytxJdxcf/hyP2XXBvGolrGhEDSoAqML7LNykvQS5Nd wRjSP2YYLYl3CXk3Ludbvr7W1V23Rd8Gx20Pvna5L18nGXqUPkEDHufyA2z69NSMoOCO 9rw1FHOqSqb9NSkVVBYBZBwsrH+WUCVNER+xs+HayM/TtOPzyp5jZCzhnamP+BRO2aZD AId2zyoUwQv/ZOQ0y5c+6Zbrj037SA/5FvDKdpIyC0VVnQAbqnG7L8xfLFESCaVJwvjk gzwA==
X-Gm-Message-State: AC+VfDy95EZHTkiPmegTD+X6ultH194MotkGddLqXKcG7jY0gh71cf1O q3/tjaJwUc0WrE2BmGHsYpoMib+cRRaXCuL/EAI=
X-Google-Smtp-Source: ACHHUZ6vBWx4uMdCct68RgRNZDufV1IUtedkPb/DEuKSMTQqe0P7zM3A8ly1EKHoO5iesdpPNBo0KnVC5MP90S1fDTQ=
X-Received: by 2002:a17:903:228d:b0:1b0:56cf:b8c0 with SMTP id b13-20020a170903228d00b001b056cfb8c0mr2581879plh.13.1686323771093; Fri, 09 Jun 2023 08:16:11 -0700 (PDT)
MIME-Version: 1.0
References: <ZH+hdvAwuZ7nN3vK@snel> <4dbb0ef4-91fc-6bbd-d979-2d0b736295ac@tu-dresden.de> <ZIBJUycE10HjIfAP@diehard.n-r-g.com> <BLAPR09MB63226569F3349669ABBEA60D9853A@BLAPR09MB6322.namprd09.prod.outlook.com> <62C121A4-DD89-477A-98EC-4356420F4888@vigilsec.com> <BLAPR09MB63223FFA678A45B6530265B49853A@BLAPR09MB6322.namprd09.prod.outlook.com> <AEE28B86-CACA-4280-99C4-505EC4A16963@vigilsec.com> <20230607184927.56a48b58@glaurung.nlnetlabs.nl> <098E4295-F418-41AF-B84F-0F826EA5C477@vigilsec.com> <20230608181210.1f5e5fc4@glaurung.nlnetlabs.nl> <ZIIbxAe9UXVzsFY3@snel>
In-Reply-To: <ZIIbxAe9UXVzsFY3@snel>
From: Alexander Azimov <a.e.azimov@gmail.com>
Date: Fri, 09 Jun 2023 18:16:00 +0300
Message-ID: <CAEGSd=Dky1BbxNpsBnf60rbVi8rsK0m3J2n=Sq6rVQ0zmQHUZA@mail.gmail.com>
To: Job Snijders <job=40fastly.com@dmarc.ietf.org>
Cc: Martin Hoffmann <martin@nlnetlabs.nl>, Russ Housley <housley@vigilsec.com>, "sidrops@ietf.org" <sidrops@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000005a356605fdb3d9ef"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/8v67AeHyNc7k05qOIkzGiYZarpc>
Subject: Re: [Sidrops] Making ASPA AFI-Agnostic - coordination
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Jun 2023 15:16:13 -0000

Gentlmen,

Thank you for your patience.

I believe we are at an important point when the number of prototypes
related to ASPA objects is not high and we can still change the object
structure.
But it should not be done in rush. We are already facing compatibility
issues with the RTR protocol, let's not make the same mistake twice.

I've made several measurements to find out if it is safe to drop AFI flag
in ASPA object.
The idea behind lays in the assumption that IPv4 and IPv6 connectivity is
merging with the growing adoption of IPv6.

With that in mind, the set of IPv6 c2p pairs should be included in the set
of IPv4 pairs.
So, I measured the difference: the number of c2p pairs, where the customer
supports both v4 and v6 but the selected pair is not visible in v4.

I've got 4149 c2p pairs that are visible only IPv6 from overall 43470 such
pairs (9.5%).
This affects 3516 unique ASNs from overall 24286 ASNs with dual stack (11%).

The biggest input comes from HE operations, which acts as a provider for
1242 ASNs only in v6 while running open peering policy in v4.


чт, 8 июн. 2023 г. в 21:20, Job Snijders <job=40fastly.com@dmarc.ietf.org>:

> On Thu, Jun 08, 2023 at 06:12:10PM +0200, Martin Hoffmann wrote:
> > Russ Housley wrote:
> > >
> > > In CMS, the version number indicates which alternatives are possible
> > > in some CHOICEs.  The point is to ensure that the ASN,1 decode
> > > operation will work if you recognize the version number.
> >
> > But, crucially, the overall structure remains the same. The new version
> > of the draft changes the structure of the ProviderASSet which I think
> > warrants to treat this as an entirely new definition and use a new
> > content type OID.
>
> Another relevant question is whether we want to have a 'grace period' in
> which both formats are valid. I myself would prefer to make this is a
> 'hard cut', simply a breaking change to avoid the complications of
> supporting both profiles in my RP implementation.
>
> As far as I know there is only one ASPA verifying deployment (YYCIX),
> and the few already-existing ASPA objects can probably easily be updated
> through a software update.
>
> If the group accepts it as a 'breaking change' and commits to work to
> migrate the tiny ASPA ecosystem in the span of a few weeks, I see less
> of a need to get a new content-type OID. Technically if 'breaking
> change' is the choosen path forward, there wouldn't even be a need to
> bump the version of contained in the eContent.
>
> However, bumping the version contained in the eContent is be a novelty
> in the RPKI ecosystem, so keep things as-is (profile-15) might have some
> value as a learning experience for this community.
>
> In this situation I suspect there aren't objectively right or wrong
> choices, but in the interest of time we should converge and agree rather
> sooner than later on one of the options.
>
> For previous ASPA profile changes no new OID were requested.
>
> Kind regards,
>
> Job
>
> _______________________________________________
> Sidrops mailing list
> Sidrops@ietf.org
> https://www.ietf.org/mailman/listinfo/sidrops
>


-- 
Best regards,
Alexander Azimov

v2.23.0 | Report a Bug | By Email