Re: [Sidrops] Reason for Outage report (was: Re: ARIN RPKI Service Impact - 12 August 2020 - manifest issue - resolved)

Mikael Abrahamsson <swmike@swm.pp.se> Thu, 27 August 2020 12:30 UTC

Return-Path: <swmike@swm.pp.se>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 85FBF3A0C8E for <sidrops@ietfa.amsl.com>; Thu, 27 Aug 2020 05:30:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=swm.pp.se
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PAZ_iTjtfNeF for <sidrops@ietfa.amsl.com>; Thu, 27 Aug 2020 05:30:18 -0700 (PDT)
Received: from uplift.swm.pp.se (swm.pp.se [212.247.200.143]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 58CFF3A0C90 for <sidrops@ietf.org>; Thu, 27 Aug 2020 05:30:17 -0700 (PDT)
Received: by uplift.swm.pp.se (Postfix, from userid 501) id E75EAB1; Thu, 27 Aug 2020 14:30:13 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=swm.pp.se; s=mail; t=1598531413; bh=7CDR93SmCAUx6MZBS5WVXFAYahMCkbvSttO/gz6z39Y=; h=Date:From:To:cc:Subject:In-Reply-To:References:From; b=0AKimR1tvA8RHPAYTkIEg0721aNIfJVk64+3zxEfuNty0IzGeIVFx4fwS/vipnGaT ra52IxqMPkOCIXEBzfEgfpRzwwUCCHXol1+N9JM76GRDJQxfQ8dOKLbiu6KPu6QcaX 33NI33FtN/qsKd+7McoOIoib8T12LRwbGzmkPpM0=
Received: from localhost (localhost [127.0.0.1]) by uplift.swm.pp.se (Postfix) with ESMTP id E3625B0; Thu, 27 Aug 2020 14:30:13 +0200 (CEST)
Date: Thu, 27 Aug 2020 14:30:13 +0200
From: Mikael Abrahamsson <swmike@swm.pp.se>
To: Martin Hoffmann <martin@opennetlabs.com>
cc: Job Snijders <job@ntt.net>, John Curran <jcurran@arin.net>, "sidrops@ietf.org" <sidrops@ietf.org>
In-Reply-To: <20200826202442.232829fc@grisu.home.partim.org>
Message-ID: <alpine.DEB.2.20.2008271422560.11025@uplift.swm.pp.se>
References: <DE33EFAE-FBD2-478F-92A9-1FBD81CCC43F@arin.net> <727F6FBD-F73C-4F58-AE2D-0276B2A183A3@arin.net> <20200826160001.GF95612@bench.sobornost.net> <20200826202442.232829fc@grisu.home.partim.org>
User-Agent: Alpine 2.20 (DEB 67 2015-01-07)
Organization: People's Front Against WWW
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/CLPb7xihblBDFuW04f63SC76lr4>
Subject: Re: [Sidrops] Reason for Outage report (was: Re: ARIN RPKI Service Impact - 12 August 2020 - manifest issue - resolved)
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Aug 2020 12:30:21 -0000

On Wed, 26 Aug 2020, Martin Hoffmann wrote:

> To the best of my knowledge, Routinator and the RIPE NCC RPKI Validator 
> handle manifests according to the specifications laid out in the 
> relevant standards track IETF documents. I assume that you are referring 
> to your assessment that all objects published by a CA should be 
> discarded if any inconsistencies are discovered. While such behaviour is 
> certainly acceptable under the current specification, not doing so does 
> not constitute incorrect handling of manifests.

At this point in time, everybody I am aware of who are implementing RPKI 
in the routing system are doing invalid=drop, and nothing else.

The overall goal right now is to make sure the ROA is correctly validated, 
all the way. If a ROA is gone, it doesn't cause an outage. It causes lack 
of protection. It's not a competition which validator can validate the 
most ROAs, the competition should be to get things *right*.

If something doesn't validate correctly, drop it. Drop all it depends on. 
If all ROAs from a RIR are gone for an hour or a day, it's not the end of 
the world. It's not an outage.

We need to make sure the entire ecosystem gets things right, correct, and 
have procedures in place to do things right, all the time. Other parts of 
the Internet ecosystem had teething problems in the beginning, but they 
worked it out. RPKI ecosystem needs to do the same.

The goal of the validator should be to validate. It should be picky. It 
should throw things away that doesn't look right. You're advocating for 
something else, and I don't understand why.

-- 
Mikael Abrahamsson    email: swmike@swm.pp.se