Re: [Sidrops] ASPA verification algorithm error

"Jakob Heitz (jheitz)" <jheitz@cisco.com> Thu, 11 February 2021 23:55 UTC

Return-Path: <jheitz@cisco.com>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 57D7E3A0E62 for <sidrops@ietfa.amsl.com>; Thu, 11 Feb 2021 15:55:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.601
X-Spam-Level:
X-Spam-Status: No, score=-9.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=WiUxI/Ig; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=N6oAguqo
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0FX8iiNUBpHD for <sidrops@ietfa.amsl.com>; Thu, 11 Feb 2021 15:55:48 -0800 (PST)
Received: from alln-iport-8.cisco.com (alln-iport-8.cisco.com [173.37.142.95]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 903143A0E65 for <sidrops@ietf.org>; Thu, 11 Feb 2021 15:55:48 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1942; q=dns/txt; s=iport; t=1613087748; x=1614297348; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=ToPzrre280Gzfsa9XeNYnLc6+8HtYlCiUfx21NNJw14=; b=WiUxI/IgBbn7wHn/BcKfKtRgjaEMN+4CT3gT4XIOXt7KuC0/unR7TfPA +Qdp37zfKYiO2SydD91PG/OS3AZzOh9ZKjf6BmVRcyfvYn2gb5dhtiFpq ehyoZC7aT00VWJrMSreRYngUUDJfxb9VeARmSIlih+1u2rUZBXWcqXdL5 A=;
X-IPAS-Result: =?us-ascii?q?A0BzAADTwSVgmIsNJK1iHAEBAQEBAQcBARIBAQQEAQFAg?= =?us-ascii?q?T4EAQELAYFSUYFXNjGEQYNIA44YgQWYF4JTA1QLAQEBDQEBLQIEAQGESwIXg?= =?us-ascii?q?XACJTcGDgIDAQEBAwIDAQEBAQUBAQECAQYEFAEBAQEBAQEBhjYNhkMBAQEEI?= =?us-ascii?q?wQNDAEBMAcBCwQCAQgRBAEBAQICJgICAjAVCAgBAQQOBQiCaIJWAy4Bpi8Ci?= =?us-ascii?q?iV2fzODBAEBBoUXGIISCYEOKgGCdYQFhkMmG4FBQYERQ4IhNT6CXQSBX4MUN?= =?us-ascii?q?IIrgVmBMTyBV4Ezk3ClUgqCepwsoyyQA6YvAgICAgQFAg4BAQaBayKBWXAVg?= =?us-ascii?q?yRQFwINjh8ag1eKWXMCNQIGCgEBAwl8ixcBAQ?=
IronPort-PHdr: =?us-ascii?q?9a23=3AgLktwxZt/1Xg6Z1a6LczLyT/LSx94ef9IxIV55?= =?us-ascii?q?w7irlHbqWk+dH4MVfC4el21QaRD4HH8fMChveF+6zjWGlV55GHvThCdZFXTB?= =?us-ascii?q?YKhI0QmBBoG8+KD0D3bZuIJyw3FchPThlpqne8N0UGHNrkZhvfvy764TsbAB?= =?us-ascii?q?6qMw1zK6z8EZLTiMLi0ee09tXTbgxEiSD7b6l1KUC9rB7asY8dho4xJw=3D=?= =?us-ascii?q?3D?=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.81,172,1610409600"; d="scan'208";a="665235063"
Received: from alln-core-6.cisco.com ([173.36.13.139]) by alln-iport-8.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 11 Feb 2021 23:55:47 +0000
Received: from XCH-RCD-003.cisco.com (xch-rcd-003.cisco.com [173.37.102.13]) by alln-core-6.cisco.com (8.15.2/8.15.2) with ESMTPS id 11BNtltv007441 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 11 Feb 2021 23:55:47 GMT
Received: from xfe-rcd-002.cisco.com (173.37.227.250) by XCH-RCD-003.cisco.com (173.37.102.13) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Thu, 11 Feb 2021 17:55:47 -0600
Received: from xhs-aln-002.cisco.com (173.37.135.119) by xfe-rcd-002.cisco.com (173.37.227.250) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.2.792.3; Thu, 11 Feb 2021 17:55:47 -0600
Received: from NAM10-DM6-obe.outbound.protection.outlook.com (173.37.151.57) by xhs-aln-002.cisco.com (173.37.135.119) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Thu, 11 Feb 2021 17:55:47 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=U1xSTpkdrXOE6h7SgXjGQWj6IiCUWBdY+vulWpte08UYqMyx7uc5JHom/w08uN9wTLl3kuZZtxq+ez12cmLCqIpLlTgfMwAzOK0rPk16klBDdFnfhnuDFRjRiMDrxkQDRYzhzXSqBWY65IkE30UfG7dzMWhoQGK0R2K0AR2A2Qku+Jny1xBK42Zf8GEbf7kl3roi2efKn3Wm8sBMg4msauCYBAe2+1P3fUOhwzhNq3tc9/1ZLwW70M84Cw3bRyDkmlR2I8hFclAPRZKEG53/RLrV2NG8SoRGxK+qjubQUfclxhbgXwyUvKU+TAKUumbeeeINR3Y3eDexg9/UJnpjIA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ToPzrre280Gzfsa9XeNYnLc6+8HtYlCiUfx21NNJw14=; b=UjAgA6qa4dONSuZ1lQSLCBnIhj7iCLmNFkVGaiBtLQp5IDjLk7CRgbmXJy0Huyxut0mAH++iAITrvdCS3n1s3IptjYGXt3MzWPp3sAtQhx6VqvJR8pi17Wtx//Y77UA4inUKC9vqymwLYCECiAph2UuO2SKhr9YcyPfCXCupUoH80nQhAT0NHi1UWF78EJmNBFlmvQt5fwfjx/CeAoYqU0RSqoUCeGFkytDYRbKkCp386AJB5EKpDqBxQiw47fzVP16h5JjVfG/hRmQE7zTLN6zCT+6WLhpGBFStSRt2Yl7ADkMXl4A/pgKmNKg2CAtGDvqb2UN1uQbEEbh7ZMsapA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ToPzrre280Gzfsa9XeNYnLc6+8HtYlCiUfx21NNJw14=; b=N6oAguqoOI1aD5Mb+hSe/fN0UrrMK84dZsFzOf3CpQOwjVb4SgkUsie0I0EAQ5F3hLO6C2UHhDIaKkIMVw27IANNwiC4F2gEWGB25J7Z4/05V0pE3ys+Mzb3dap82+NokrJnY27uvNMt8cTg8gfW5UO/FW+V3PnBzAtEyGIaSNA=
Received: from BYAPR11MB3207.namprd11.prod.outlook.com (2603:10b6:a03:7c::14) by BYAPR11MB3830.namprd11.prod.outlook.com (2603:10b6:a03:fc::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3846.27; Thu, 11 Feb 2021 23:54:32 +0000
Received: from BYAPR11MB3207.namprd11.prod.outlook.com ([fe80::c951:3ae4:1aca:9daf]) by BYAPR11MB3207.namprd11.prod.outlook.com ([fe80::c951:3ae4:1aca:9daf%3]) with mapi id 15.20.3825.034; Thu, 11 Feb 2021 23:54:32 +0000
From: "Jakob Heitz (jheitz)" <jheitz@cisco.com>
To: Lukas Tribus <lukas@ltri.eu>
CC: "Jakob Heitz (jheitz)" <jheitz=40cisco.com@dmarc.ietf.org>, "sidrops@ietf.org" <sidrops@ietf.org>
Thread-Topic: [Sidrops] ASPA verification algorithm error
Thread-Index: AdbwhlK9z1axTpzkRWyI9nY082H2KAPh4G+AAANgFnAAKBpWAAAFTvHw
Date: Thu, 11 Feb 2021 23:54:32 +0000
Message-ID: <BYAPR11MB320745F7CD054ABBAD1647FBC08C9@BYAPR11MB3207.namprd11.prod.outlook.com>
References: <BYAPR11MB320714401DE9AFBF5D24C832C0A09@BYAPR11MB3207.namprd11.prod.outlook.com> <CACC_My906OxmEphW=DOrGhwSagZKf--hd5oLR9uF=24kuA24ag@mail.gmail.com> <BYAPR11MB3207BD021F246199C7E4CCD6C08C9@BYAPR11MB3207.namprd11.prod.outlook.com> <CACC_My8Kg33v=2kXgDZb+11QHSPwJtiFSmuXm_w=LuoEP2crBA@mail.gmail.com>
In-Reply-To: <CACC_My8Kg33v=2kXgDZb+11QHSPwJtiFSmuXm_w=LuoEP2crBA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ltri.eu; dkim=none (message not signed) header.d=none;ltri.eu; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [2601:647:5701:46e0:a466:79fe:7183:c553]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: d476a10a-0a0d-404c-5c92-08d8cee860ea
x-ms-traffictypediagnostic: BYAPR11MB3830:
x-microsoft-antispam-prvs: <BYAPR11MB383072A39E03FD530370D4CAC08C9@BYAPR11MB3830.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: tQbmsdn9IsJsc0RqHytXZqNdkeNDcGYdJoGnOSw2HYstc0vppASJkNOSWzSPvGfh2A/ROjilI9qBF+AswHN0eWtAZ58qS0h9vdI5wAsyTIgOO6A2SNoK0JNZ8Q58oNB3RHzSrp883sxewuZWkIFff3enCDpuzN6kNSIjjW/+Yndf8nGNf5Et/XZh99h+leOHnPB7mExMauPSUkB9kyu6YYE8oDQt60NxU0+GSCmv8eKbAP2BvQbKPBLDROj6LHso7pkingRpGsERkIY1SWiaT/N+6h1YK5bCDYjEfLJ4XnR8oqHPhmaVJ81YZfH/ea0kpFcuywfa0p76E+FmpSgkvljDdyV5hwjtYT1GZzz+C7BK1Xqwd6zvA9s3LcPYhNW7M7P787FKsdD7/f9eOLAgJ9Zob0q/Y6ndIov7EuJ1BddxJNbcefxxT5Wb+tHH6ynp6GiM+ezxKMRFL1y7e4Y9QlOIda9wiDRNmGgJM+nFMxevwXPc2kGuFRgMJZRc9dtean6kw56Rbqm8mVsA8CUpGQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BYAPR11MB3207.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(376002)(39860400002)(346002)(136003)(396003)(366004)(71200400001)(2906002)(66446008)(64756008)(8676002)(53546011)(4326008)(6506007)(52536014)(33656002)(54906003)(83380400001)(66476007)(66556008)(7696005)(5660300002)(478600001)(9686003)(86362001)(316002)(66946007)(8936002)(6916009)(186003)(55016002)(76116006)(15650500001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: =?utf-8?B?YnRJS3ZTelVCRXJTYVUxQ0dOR0JKTWNxaXIyeW5vOTM0RUc5bjRYVzExNUtt?= =?utf-8?B?MTkvTlVhWDkzZHM4OEljQXBoZzNqT2Z3eGRXWUdkMGxDWVpNWHRsWHhmZ0VH?= =?utf-8?B?TU9vd2pzS28vcEN0V2dJOGQrNkpYbFdwUTlwem9zam54N1B1SzBaVTdMemg1?= =?utf-8?B?UDJPaW5ZQkJ1OVhhZnhzams3eEREOUliZUNHRWRnM3VmK3c2QVRFeWNjNDBt?= =?utf-8?B?emtueU5VaUNoNEVDSmxORnlTUWhEYTYvN1RLbGtwT1g3TURIamh5WHpORXRQ?= =?utf-8?B?S01Ob0tqT245eFlHMlVtYWgvVFVyK0o3MERTOGw4RzE5YzJnQkFVVHVveEZU?= =?utf-8?B?RGpEeUlQYkh4WlR4ZnRYWTZYVnRyR1BhOGtSTG9vb09HSWxkeEdGei9rUHYv?= =?utf-8?B?MGgwTTRVam56eUdRQWxBZUxVSlpRUy9WOVJpQ3kzWENDVEpxWTJBUUNaM1kr?= =?utf-8?B?Z1JkcmN4b3k5Njc1Tk5KaDdHZ3RnWmhjRGJINWo1ZXpqZ2dWRWFBR2JZdjNQ?= =?utf-8?B?ekZhOHhZRm14N1ZxbXA5MXhTeHJQOE5KM21qZUUvV3lHcEd5cDJOOFc2UVhV?= =?utf-8?B?aWxTT0R0ekNvWHpJRUtNa0pTZ3RIeVBPYnpUbDRMS3ZPdkN4UXRIMGt4ZmVN?= =?utf-8?B?VU1hYVowQTZZOEtiZDhpOFhzRTRLVTVBOExnUllvakQzVW0xMkZNdk1SZk1P?= =?utf-8?B?cVZFNjdCNFlYTUVZVER4VFJBTmRONW9NN1BRRVBNRWtnTjdYdmhHRVEwY2xS?= =?utf-8?B?dEhQMHgvNFdiUzVoNGQ1Q09UM3Y3SEVNQVJnWXl6MU5ndDJCODFEM1IwR0lB?= =?utf-8?B?ajhIUzVUNE1IdjVzMHowd3M3ODcyOTNZWWZ6SGZ4RlRyeFJDY2MzZWQ0dkVo?= =?utf-8?B?WEkrZHZiVDNJMEFhRVpyYmVmL1M2VDQrR2dEZ3JNTGEzRENUNGc2MlhnUnp5?= =?utf-8?B?bE40V3dzTEd5UzFZWDVyUzc4VzlQU0lIekJvdThoSzJOMjcvQ3VEZW1JbkI4?= =?utf-8?B?K3d3UnNKQit1N2pUQ2pxeXFxV2F0MVp4dnFsR0ppRjlLRTF4Mi9pQ01IUnJM?= =?utf-8?B?dEpPWnMrNjN2cmtOZTNiRHl4SHdZSTRtTStSRnE2SGNNeVNkcTIyekJ4Ukd4?= =?utf-8?B?UVdtM0pySFc2UkEwM1lRRWg0cUl4ZU1CZzFWSmt2QThyT3NKa2ZuQ0xHRkxu?= =?utf-8?B?dm52RHRnWEoxb2RJVm9MQ0lwcnNjMDFNbS94cEtxWUkxTGp4ZG5DZFE0TTF2?= =?utf-8?B?MXlYMWVTN1lTVWhzYU9aYXUwYU0yUzZwVnVCN09mWkw1NWtwT0pxL0Y5TEVT?= =?utf-8?B?anVXUHdGLzE1cGpjNjhub3QxeGxpTWtVN1VubTFZaS9Zckw2cW1SbHhpbVI2?= =?utf-8?B?cUh2U3Z4a1pEcG5JRDMwU1VCbjc3bDMzNmx0d2V2bU9iS2hZQUt5b3ZlSXk2?= =?utf-8?B?akZBU2dVWlQ5SWJ5T0ErOGNWZ1puOGQyZXBzVlJiY0xpZXZ3dWI2ZUYwbDk1?= =?utf-8?B?T0hBV3dRRHJteFFJZlZQUzlYUWVLQ2ZNNG00NkRVOHVrMFhxYThnb2c0OWRt?= =?utf-8?B?NXB1Smdhb0RUZnJLYTE3dzV2UU5mdWhiY2xuSkxRU1UxTWJicndtNmttRjEz?= =?utf-8?B?aVBydEVPZWo5UjEweEFJVnFLN1JKWlNiOXlEY0tJSFBKakhvUnl2Ny8rUHJD?= =?utf-8?B?RG05L1FLb3o2L0owK0puYmdiRzVETzBlekoxQk50cWNRWXBDWTF4dlhkMW9S?= =?utf-8?B?dXZhUjdkdnh4d1ZqdHY2a0wwNzZOYXQyWFpNcng0YWJOVXp4NnRuYXl3dGZE?= =?utf-8?B?V01mRGIyNmJ1VnQzSUl6dU9wQi9HNy9rVXFzQUFCalcyU01SdW9RT2JsTDhI?= =?utf-8?Q?AFnmT2MQfTPBV?=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BYAPR11MB3207.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: d476a10a-0a0d-404c-5c92-08d8cee860ea
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Feb 2021 23:54:32.5352 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: meIH3Le1y1or43F1zSkcQd7rtpyZl2++SyyDh9I6gIdJsizbtLp3jbUskJx+P0Qf2NuSks/4t37erHJgRLKq/Q==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR11MB3830
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.13, xch-rcd-003.cisco.com
X-Outbound-Node: alln-core-6.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/DlAEuPnemmuZcl-Vwlh9fRDQ14Q>
Subject: Re: [Sidrops] ASPA verification algorithm error
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Feb 2021 23:55:50 -0000

pair_check with either AS2 or AS3 as customer will return unknown.
Therefore, the algorithm returns unknown, when it should return valid.

Regards,
Jakob.

-----Original Message-----
From: Lukas Tribus <lukas@ltri.eu> 
Sent: Thursday, February 11, 2021 1:21 PM
To: Jakob Heitz (jheitz) <jheitz@cisco.com>
Cc: Jakob Heitz (jheitz) <jheitz=40cisco.com@dmarc.ietf.org>rg>; sidrops@ietf.org
Subject: Re: [Sidrops] ASPA verification algorithm error

On Thu, 11 Feb 2021 at 03:27, Jakob Heitz (jheitz) <jheitz@cisco.com> wrote:
>
> All we have is the attestations.
> We don't know the actual relationships.
> Thus we need to try all possible relationships given the available attestations.
> Using the notation where the arrow points to the provider:
> A -> B means B is provider for A
> A <- B means A is provider for B
> A -- B means A and B are bilateral peers
> A <> B means A and B are complex or siblings.
> then the possible relationships are:
> 1 -> 2 -- 3 <- 4
> 1 -> 2 -- 3 <> 4
> 1 -> 2 -> 3 <- 4
> 1 -> 2 -> 3 <> 4
> 1 -> 2 <- 3 <- 4
> 1 -> 2 <- 3 <> 4
> 1 -> 2 <> 3 <- 4
> 1 -> 2 <> 3 <> 4
> 1 <> 2 -- 3 <- 4
> 1 <> 2 -- 3 <> 4
> 1 <> 2 -> 3 <- 4
> 1 <> 2 -> 3 <> 4
> 1 <> 2 <- 3 <- 4
> 1 <> 2 <- 3 <> 4
> 1 <> 2 <> 3 <- 4
> 1 <> 2 <> 3 <> 4
> All of these possible relationships represent a valid AS_PATH.

How does 5.2. "Downstream Paths" not address this?


Lukas