Re: [Sidrops] draft-sidrops-rpkimaxlen

"Jakob Heitz (jheitz)" <jheitz@cisco.com> Wed, 10 March 2021 13:08 UTC

Return-Path: <jheitz@cisco.com>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 11D023A0B68 for <sidrops@ietfa.amsl.com>; Wed, 10 Mar 2021 05:08:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.62
X-Spam-Level:
X-Spam-Status: No, score=-9.62 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=IPX9qsXd; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=Z8LbeEmk
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LmaaiLTDZC7y for <sidrops@ietfa.amsl.com>; Wed, 10 Mar 2021 05:08:16 -0800 (PST)
Received: from rcdn-iport-2.cisco.com (rcdn-iport-2.cisco.com [173.37.86.73]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 841323A0B62 for <sidrops@ietf.org>; Wed, 10 Mar 2021 05:08:16 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1368; q=dns/txt; s=iport; t=1615381696; x=1616591296; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=tF2j64zhIGT5GdyzoX4E/5ny0Dce9K7cQKZMpyrP8Qw=; b=IPX9qsXdtFtXG1k8DNXNbrsC7PRLyoLf24NWJdb3mb2aYiSXlq+4YUQz 0qeMnfgFoePTDVKPE24/za5jUiCukNG0sSRCPi2TYcnWF/3qztPzHXxgE XVZAnUgnjAgw09BrxV40aCCbulu9TnIgLY23cEIE0PtDA4XaHAxDBKPBf U=;
IronPort-PHdr: =?us-ascii?q?9a23=3Aqgx/Th/9DlKtof9uRHGN82YQeigqvan1NQcJ65?= =?us-ascii?q?0hzqhDabmn44+7ZRaN5PhxghnOR4qIo/5Hiu+DtafmVCRA5Juaq3kNfdRKUA?= =?us-ascii?q?NNksQZmQEsQavnQU32JfLndWo2ScJFUlI2/nynPw5SAsmtL1HXq2e5uDgVHB?= =?us-ascii?q?i3PAFpJ+PzT4jVicn/1+2795DJJQtSgz/oarJpJxLwpgLU5cQ=3D?=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0BLCABkxEhg/5RdJa1agQmBT4FTKSg?= =?us-ascii?q?HgVA2MYRBg0gDhTmIWJkegS6BJQNUCwEBAQ0BATICBAEBhE0CF4FbAiU0CQ4?= =?us-ascii?q?CAwEBCwEBBQEBAQIBBgRxhWEBDIZFBiMRDAEBOA8CAQgaAiYCAgIwFRACBBu?= =?us-ascii?q?FPgMvAaIzAooedoEygwQBAQaFFxiCEwmBDyqCdoQJglGCbIEHJhyBSUKBEUO?= =?us-ascii?q?CWD6EFAEqgxQ0giuBWRCBQgeBIoE0AjFBk2KlfgqDAJxPpACUa51jhGECAgI?= =?us-ascii?q?CBAUCDgEBBoFUOoFXcBWDJFAXAg2EGIsqAQmCQopZczgCBgoBAQMJfIk/ASe?= =?us-ascii?q?CHAEB?=
X-IronPort-AV: E=Sophos;i="5.81,237,1610409600"; d="scan'208";a="874396894"
Received: from rcdn-core-12.cisco.com ([173.37.93.148]) by rcdn-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 10 Mar 2021 13:07:56 +0000
Received: from mail.cisco.com (xbe-rcd-003.cisco.com [173.37.102.18]) by rcdn-core-12.cisco.com (8.15.2/8.15.2) with ESMTPS id 12AD7u0Q022428 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=OK) for <sidrops@ietf.org>; Wed, 10 Mar 2021 13:07:56 GMT
Received: from xhs-rtp-002.cisco.com (64.101.210.229) by xbe-rcd-003.cisco.com (173.37.102.18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.2.792.3; Wed, 10 Mar 2021 07:07:56 -0600
Received: from xfe-rcd-005.cisco.com (173.37.227.253) by xhs-rtp-002.cisco.com (64.101.210.229) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Wed, 10 Mar 2021 08:07:54 -0500
Received: from NAM10-DM6-obe.outbound.protection.outlook.com (72.163.14.9) by xfe-rcd-005.cisco.com (173.37.227.253) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.3 via Frontend Transport; Wed, 10 Mar 2021 07:07:54 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=iEB9JQNusLnwwZulN0gaQmx6Pdh4BPX480NjrBtU4A547bvOtrdZtwPYfVQI3IaZEmuGf5I4BPgfmifxQoo9m/Mni7u2ELNz09nv6Ab3kI0GkJ31KQFG00NjwPKCr3jQ0ZTg5YlnmjZQS69uoEZF9UpJEDGR+8fiOvlRRRTdZ/C7XnOSdrPFzGDnO3DpVxnke4CCCwZIrl57KPwnrF99y+Tt9ose3JRNbcsvjRasViQgNH+9bXdW4vQGfijy5s894+ahF6nWc3/16rZnXb9U5T2piDwLsAsaCMzOgRVeX8tseLlDzWUwaW1SebTrEKQFjXt1j+IQjmZAb7Y8tZpiLA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=tF2j64zhIGT5GdyzoX4E/5ny0Dce9K7cQKZMpyrP8Qw=; b=QXuM5D07GiwoeSKNDk2Jl62BhT+qkCfNxZuNl+XDsZ3SqP8ZDmhW6jje20c9uznlf19SSs7tFZjNzurt0Y81+ZuOagakIewtjxP+aTgMfdXJm2nNiQA0/NTkX4enjM/HgoDiGz78V/ydfvP9fGOFTomXeEZe0QMMiDHT15o9jPNWPWk0T3m41A9Qz3Z31LRAfHywjydeXJjcNb+jjIYmx0aZNF79MBVvJ/DSGDGwozTKa5UXRLSemYsc69e+2sjlaTB2eSG9NTVgNJIgVWgi1Q2ubNs+Zgh9Ruiu2QTMEHPh3+C+QmkqaHEeruxpBS5CY/Xj3GMRHpzgc1Mzp2mz0Q==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=tF2j64zhIGT5GdyzoX4E/5ny0Dce9K7cQKZMpyrP8Qw=; b=Z8LbeEmk5S11dKNhJgszqwuAqSkDxfL4exbhkluM0dE1ZD8CMAKBB6WO7D3W3met6pUNrTHzr+Jh7eTwHPxQH3z326F4OvRYSV1sm0Lh3h0l7FrX93ePG2/Ehq6xPuG+GBKuXJcDp8yl4Nbor33CSIZ6EAe+isa1/olhviRFV2Y=
Received: from BYAPR11MB3207.namprd11.prod.outlook.com (2603:10b6:a03:7c::14) by BY5PR11MB4023.namprd11.prod.outlook.com (2603:10b6:a03:190::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3912.18; Wed, 10 Mar 2021 13:07:53 +0000
Received: from BYAPR11MB3207.namprd11.prod.outlook.com ([fe80::e084:727e:9608:11c7]) by BYAPR11MB3207.namprd11.prod.outlook.com ([fe80::e084:727e:9608:11c7%7]) with mapi id 15.20.3912.027; Wed, 10 Mar 2021 13:07:53 +0000
From: "Jakob Heitz (jheitz)" <jheitz@cisco.com>
To: "sidrops@ietf.org" <sidrops@ietf.org>
Thread-Topic: [Sidrops] draft-sidrops-rpkimaxlen
Thread-Index: AQHUy8AmUSoU77RRv0K+rD/l/1dVIqXuHSeAgAAdhqqAAL2XgIAA2cTAgAB8gACEkXKe8A==
Date: Wed, 10 Mar 2021 13:07:53 +0000
Message-ID: <BYAPR11MB32073F176C7DDB3D26EDA2A4C0919@BYAPR11MB3207.namprd11.prod.outlook.com>
References: <SN6PR0901MB236677B37676FFB11A22B14D84780@SN6PR0901MB2366.namprd09.prod.outlook.com>, <alpine.WNT.2.00.1902240047270.4012@mw-x1> <SN6PR0901MB23662F6907DD092EA0EC988184790@SN6PR0901MB2366.namprd09.prod.outlook.com>, <alpine.WNT.2.00.1902241416230.4012@mw-x1> <SN6PR0901MB2366DDDAB75A1619AD5A952E847A0@SN6PR0901MB2366.namprd09.prod.outlook.com> <alpine.WNT.2.00.1902250951230.4012@mw-x1>
In-Reply-To: <alpine.WNT.2.00.1902250951230.4012@mw-x1>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [2601:647:5701:46e0:5951:d330:73f9:48a]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 5d169b7d-2c15-40bc-30e7-08d8e3c58420
x-ms-traffictypediagnostic: BY5PR11MB4023:
x-microsoft-antispam-prvs: <BY5PR11MB4023065BC4125FC3644AE216C0919@BY5PR11MB4023.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:7691;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 3AGMRFTfqrgiNaAe018LFZliaAzixHrkTuUpn9TGUCweFe9XFx4i1taNm+YMtNSgs+GmRCCVcwm5OQYcMtpQMJesPCGVbRzA0QaJpiBLurYGqiGVMgZus30qzF+zXHWX6yi5F3pzzIPytaJnknDLB2CDb0SfkxAN+a218N/uqISoEvhCSAybIzACX/UnmrCEdx15CA9SHV4JBVakLKuLD7R4Bhl706qnp3Mwm2pAZGqo+RgRp8Chadim5sM3G4pw+eymndSYCyPGHlHDmxydULrYolVa20NQDfwQ0Bz9/0tXRrKuu4X2nQaQ73QXik/XpzAwYw5QGeZlXxCl+6osupXW8EitIjzW9AzkQDszsK+BlamEB/YllE5liXtXAr5CnSxRdoomfAXsXLQfhJH652W67y1QOH/dmHwTeSPRcyeNcxjIQUgVdWKTXvP2HBMceHIq1sLitIp6cgsTfOV0GbgeGS0JxSqkEaaIQNloj9W3MQaSBw9dsyNjCnQfAVSjVsiGJs0fEPmDV0QQS6+fIQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BYAPR11MB3207.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(376002)(39860400002)(396003)(366004)(136003)(346002)(66556008)(33656002)(83380400001)(8676002)(66946007)(186003)(55016002)(66476007)(8936002)(4744005)(9686003)(2906002)(478600001)(64756008)(76116006)(86362001)(5660300002)(52536014)(71200400001)(6916009)(66446008)(316002)(7696005)(6506007); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: =?utf-8?B?Q2ZvVDZXaTFuWk5jQ2JlUlgvd0ZYSnkwS1NIRFhsNHdxWnkvRVlGTjlxL1Ft?= =?utf-8?B?bXNrbDE1U0h1ZllHYWxEcnpvb1hrRVFiUGZoNUxoYlZIVk5mS2tNN0dTTzFF?= =?utf-8?B?UmtiYm5YYUc2SFN6VlJkMS8zeG55cmxzTEliV2RhQTZPRTIwUzNHVnczYmJU?= =?utf-8?B?d3VyRjBqWFcrdnM5TU5kYTZKRG16bGFhNWtUaHdlWmRMOEpuZ0F4Y05XUHVK?= =?utf-8?B?b0p5R1BvTG94eFlQa1pqa09FZFRGUDBNMjB6S3FrL1YzUGw2bjNjcnR4V2pQ?= =?utf-8?B?b2VMOTFYanh3TitiQTlwMDBLc2xXWC9MbkZEc0VTZzZGdXY2eHl2MnIxbjh4?= =?utf-8?B?U3VyMC8xVXBqcHdRdkRWb3BsUXhMVStXNFdtdjU2NUovb2RjTkExNVZrTlBz?= =?utf-8?B?VXh4WXdMWDlqbU9UL2o0cmc5U1BzT1BLazg2dmdtU0dQd21ORUt3MVdVcXFo?= =?utf-8?B?SVhaWndPZ0prOXpPdWhtL2FobmpFdU9MWmRMeEFBaVZLQVkwUE05WVFnamxr?= =?utf-8?B?Y3ZVV3ErZU5MMVVDTUlyc0xzMzUxbjVPNDFSaG80WnVOZlR1R1lEYy9KUjRP?= =?utf-8?B?M01aVEc1SkNidFBReUI4OGMxWGtHQ3lmeUpnb2thZzA5R0xHMmtQOU4wb3pq?= =?utf-8?B?Kzg5aGVORXNnbVdsME1pdzc3cHFqZ0dBUDA1UTd5YWwxVy9YbndkZS9pYlBM?= =?utf-8?B?bFpZUC9lNzVYMkwvWTM1K204a0pnYnNFTFdBb0UzUWRVN0lFK3cxOWY2dkph?= =?utf-8?B?OE96WFJ3R2w4N2kveFlQZmZVQmdCMDRjclpaVkZaZDgwb0hsQ3QwYkxuQUVM?= =?utf-8?B?dFpJMEdhQ2ZUVC81Yk91djJZK0Jtb3FLZGJGcW1NMlpFdk9POGhCc29yVkNp?= =?utf-8?B?MWx1YWprUk9rdjlXN0VHWEpKczYveU8yYnE0clRBYWVXSE9VQ3JCQVBHM1Zx?= =?utf-8?B?UEtvMWY3QUszdFFHTlZnS1ZTYzVIOGlhc3h4a3dsRllrMWdmOUk4R2Y3MldV?= =?utf-8?B?aHo2RE05Yi9qbU53OTJ6TDkvdEk4dXpmd1NWSTF5a2oyemxQUjQyVFdOQXFK?= =?utf-8?B?dG11QWpqSi9PcjV2bGpRZElyUi9pTDg5RFczR2pULy9Bb3g0TkFqenlNOFdV?= =?utf-8?B?Q2JNeG54WSt4L3JQS0QzWnk5YUY5NjdOTnhic3gwdXVEd3FzNEVoQ3hXamtw?= =?utf-8?B?RXo5TUV1RXIxUGZTL0FQK0pQSXA0MDJydjJmaE9mYWo2bDFUMXhKWHAydHBl?= =?utf-8?B?NDZKTVk3Y3EyR3NSK0tLaGpjeFdzTU9PL3FWblIzM0JnK0xoUjVENDdRTmhW?= =?utf-8?B?Y01qY0hrczRHRUVjRERMQXFZRjVqVUlBV0Nkc0hqeXArY3RQVzJHZVV2dFBT?= =?utf-8?B?S2VuejdPQmlGK2JMZnVrVmM2Y3M1Z293WnZ4MTZjY1kvNmF6VEM2dTZHY09h?= =?utf-8?B?aGhST2hYL2w3MnF1aHU3MklOcUFUY21rZktWWk1UTnBUai8vZkZGSzJLVlI0?= =?utf-8?B?cUVPM3VxM3orSGgrUTNFVTRqbVpRVTN4dWVpUXJlelkrc2VjOG5PVkxCS1h6?= =?utf-8?B?UzBQUWJJUStNR0RvK1o4cTVlbjRHSmlCWkxEcFNHNUpMeWlwcHBLYktEbHZm?= =?utf-8?B?c21QTVZ0L3oxTGtLMk9MNVlUSkc3YjQyeWt6YWRVMzZkemgxWDlRcXQyL3ZP?= =?utf-8?B?d2pqMkxJOHhkWko1V2ZSZVZiRmpiallaZmVMN3djYU5xU251MjJHSHUzWExN?= =?utf-8?B?SmFVOXZudTUwbEhxTWhzWDltSDR3VXpvRmJVTFFFMjBDeW1KeEFidUUwa2Rn?= =?utf-8?B?c3VnS25CRHNYcmIyYWJaUHFVWHJ6QVIweS9wRmhIckVWakNseWtMelU4Q09s?= =?utf-8?Q?5Ypx44v0PfBZy?=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BYAPR11MB3207.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 5d169b7d-2c15-40bc-30e7-08d8e3c58420
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Mar 2021 13:07:53.6990 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: NTKCrjKEADUZcV/7YvOLTYcwVZWngmIFGMEZYWEgLBYkhHn71ZJgnd99pImqsSYqSzVKBe0d8bM7XOIuDGJHhA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY5PR11MB4023
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.18, xbe-rcd-003.cisco.com
X-Outbound-Node: rcdn-core-12.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/CkWipMxrqsaw_sztw4yJc3oRO6k>
Subject: Re: [Sidrops] draft-sidrops-rpkimaxlen
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Mar 2021 13:08:18 -0000

I agree that a hijack is made easier when a ROA exists without a corresponding BGP advertisement.

Implementing DDOS and RTBH as indicated in the draft is difficult without the ROAs for the required BGP announcements. As indicated in the draft, creating and distributing the ROAs required for RTBH and DDOS scrubbers is time consuming.

Note that these ROAs are not required throughout the entire BGP space, the world.
These ROAs are only needed near the AS requiring these services, thus distributing them
around the entire world, just for some local RTBH implementation is disruptive to the
rest of the world.

To help with these "limited distribution ROAs" that are required quickly, and in
a smaller space than the entire BGP space, I propose to invent a new BGP address
family to publish them. Using BGP to publish a ROA enables fast distribution
and allows to limit the distribution to only those ASes that need it.

Anybody want to help me write a draft?

Regards,
Jakob.