Re: [Sidrops] Block ROA creation for AS23456?
"Carlos M. Martinez" <carlosm3011@gmail.com> Thu, 18 May 2017 13:57 UTC
Return-Path: <carlosm3011@gmail.com>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 84E2F12EB03 for <sidrops@ietfa.amsl.com>; Thu, 18 May 2017 06:57:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.749
X-Spam-Level:
X-Spam-Status: No, score=-1.749 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6ogE_cqJz2-z for <sidrops@ietfa.amsl.com>; Thu, 18 May 2017 06:57:31 -0700 (PDT)
Received: from mail-qt0-x22b.google.com (mail-qt0-x22b.google.com [IPv6:2607:f8b0:400d:c0d::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 538D3129BD7 for <sidrops@ietf.org>; Thu, 18 May 2017 06:51:50 -0700 (PDT)
Received: by mail-qt0-x22b.google.com with SMTP id t26so34397869qtg.0 for <sidrops@ietf.org>; Thu, 18 May 2017 06:51:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=zPmF6ePf54eTjmzwtZVGyoRyIvmD4wD/WRJ6XwuWaMo=; b=H+Yj00Xl24hZor/PI/Ao/+Vu1VT0lQrIjboiSFtVpq3Z/ZscNBWbu2eBy5LlRaRfJt m9my8r1wuDg7NWBIxHLDqTAVcH86aYR1QRuo6HciZAjDHpZJHYMYYiPlRkzelQ5SRy1B dN4UVKXQ8lXYD9wAmAWq0ANopcy7f+mXRTNMea/QLNJt8j9wEB5P3rYPRyOsX8zKkCE6 cq+P4OLCI3MTAJ8Mnl6e61iT53+2SfOnYIUXzSa202Tf90J/94DH8xEpuP7+Oq8Qtrno XZP/WEzxvCXwm7zNYzoGIBHvbrDTMsTAfFHfP8G/24eea0X4a82Wmd3ItURWxkvylTyT supA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=zPmF6ePf54eTjmzwtZVGyoRyIvmD4wD/WRJ6XwuWaMo=; b=Uz06eNSzpBYzlYCdsSa33wIASrU+6/g7Ig8m7UEP2qqnRYIsUKGg+n2zzBF6lcJjYf q8u8QIjYnr0bXcqDGXORMSvflZSIlyHPrYjBqSVOEcf/JLa7XtQKh0QaBwwkunFdedxW sdWMAaF1NsaQGxh8Pytlc1rBT/KaEPVfcy9z3b/SnlR9yjWsN3CuNToiMdC+/wJaGW2Z VuPNqahYv7sycFcW0sqez8dppLFUFwVaNpQHnJ/m4Xmp4+9C2YrGUcV4xWTphC1urUO9 GLUxolqjZR8rf/J2lVr6mokNa42NosdnoCsaq3+Om8BZQ0lEhdJWxRzhYhjO9+lCz1d0 laZg==
X-Gm-Message-State: AODbwcAWLuWT2NOBHcFbXdMJ9RA+swN/X4yS3G7Z2jXpI5KxubI8ljYS GDA4iW0uRKn45A==
X-Received: by 10.200.34.109 with SMTP id p42mr4182940qtp.17.1495115509515; Thu, 18 May 2017 06:51:49 -0700 (PDT)
Received: from [200.7.87.72] ([200.7.87.72]) by smtp.gmail.com with ESMTPSA id x31sm3757651qtx.12.2017.05.18.06.51.47 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 18 May 2017 06:51:48 -0700 (PDT)
From: "Carlos M. Martinez" <carlosm3011@gmail.com>
To: Roque Gagliano <rogaglia@cisco.com>
Cc: Alex Band <alexb@ripe.net>, "sidrops@ietf.org" <sidrops@ietf.org>
Date: Thu, 18 May 2017 10:51:43 -0300
Message-ID: <4CB56A31-0242-4F2B-89C0-F216571E815E@gmail.com>
In-Reply-To: <C083CBCB-3FB5-4934-9BA0-22F02D15016D@cisco.com>
References: <m2o9uq4jb6.wl-randy@psg.com> <9C01478A-B764-48C4-AB93-4DEACB229A09@ripe.net> <06d5677bff924ad0b23e56c685369fc1@XCH-RTP-011.cisco.com> <E0567D84-4C4D-4D15-BBE4-2124155BC791@ripe.net> <C083CBCB-3FB5-4934-9BA0-22F02D15016D@cisco.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: quoted-printable
X-Mailer: MailMate (1.9.6r5347)
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/Aew3SdXGB0DSXihQXG3-i2X1mJs>
Subject: Re: [Sidrops] Block ROA creation for AS23456?
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 May 2017 13:57:32 -0000
Indeed. This should be an RP’s call to make IMO. On 18 May 2017, at 9:51, Roque Gagliano (rogaglia) wrote: > Hi, > > I would be more inclined to let the RP to solve it. Maybe with a > switch to “ignore-roas-with-reserved-asn-other-than-0” and let > that to be a SP decision to turn it ON/OFF with maybe the default to > be to ignore them. > > Regards, > Roque > > > > — > Roque Gagliano > Tail-f Solutions Architect Southern Europe > +41 76 449 8867 > > > On 18/05/17 14:31, "Alex Band" <alexb@ripe.net> wrote: > > Hi Roque, > > We’re only talking about actively preventing creation of the ROA > under the CA. > > Cheers, > > Alex > > > > On 18 May 2017, at 14:25, Roque Gagliano (rogaglia) > <rogaglia@cisco.com> wrote: > > > > Hi Alex, > > > > Are we talking about the CA should prevent creation and/or the > RP should ignore it when validating? > > > > Roque > > > > ----- Reply message ----- > > From: "Alex Band" <alexb@ripe.net> > > To: "sidrops@ietf.org" <sidrops@ietf.org> > > Subject: [Sidrops] Block ROA creation for AS23456? > > Date: Thu, May 18, 2017 13:42 > > > > Hello SidrOps folks, > > > > One of our members argues that we should be preventing that ROAs > are created which authorise AS23456, as referred to in RFC6793 [1]. It > would allegedly open up possibilities for abuse. You could make the > same argument for several other special registry AS Numbers [2]. > > > > I’m curious to hear if you think this argument holds any > truth, and if we should be thinking about such measures. > > > > Cheers, > > > > Alex Band > > Product Manager > > RIPE NCC > > > > [1] https://tools.ietf.org/html/rfc6793 > > [2] > https://www.iana.org/assignments/iana-as-numbers-special-registry/iana-as-numbers-special-registry.xhtml > > > > _______________________________________________ > Sidrops mailing list > Sidrops@ietf.org > https://www.ietf.org/mailman/listinfo/sidrops
- Re: [Sidrops] Block ROA creation for AS23456? Roque Gagliano (rogaglia)
- [Sidrops] Block ROA creation for AS23456? Alex Band
- Re: [Sidrops] Block ROA creation for AS23456? Roque Gagliano (rogaglia)
- Re: [Sidrops] Block ROA creation for AS23456? Alex Band
- Re: [Sidrops] Block ROA creation for AS23456? Job Snijders
- Re: [Sidrops] Block ROA creation for AS23456? Dickinson, Ian
- Re: [Sidrops] Block ROA creation for AS23456? Carlos M. Martinez
- Re: [Sidrops] Block ROA creation for AS23456? Yang Yu
- Re: [Sidrops] Block ROA creation for AS23456? Randy Bush