IETF Logo Mail Archive

Re: [Sidrops] I-D Action: draft-ietf-sidrops-aspa-verification-15.txt

"Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov> Tue, 11 July 2023 15:05 UTC

Return-Path: <kotikalapudi.sriram@nist.gov>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1A085C15198E for <sidrops@ietfa.amsl.com>; Tue, 11 Jul 2023 08:05:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.1
X-Spam-Level:
X-Spam-Status: No, score=-7.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FROM_GOV_DKIM_AU=-0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nist.gov
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OwjL-P_mO6P3 for <sidrops@ietfa.amsl.com>; Tue, 11 Jul 2023 08:05:55 -0700 (PDT)
Received: from GCC02-DM3-obe.outbound.protection.outlook.com (mail-dm3gcc02on2100.outbound.protection.outlook.com [40.107.91.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6C408C15171F for <sidrops@ietf.org>; Tue, 11 Jul 2023 08:05:55 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=OuSZJcRzF+eVgeZUzq163P8a50wL+BnmJFtHORpBO2xfmQ8Ir3423cp9e2V4PzN6kAeBuQ0zkPpmI/IhphslUIr3wvIriEBCbHO7RazyChlPY/vTmS1EoLAflUX8PYgwPaWHB+X9ZSErTUEDmUrrmA0/xvy0IzJsMxgdTGNX76L3GQAxgLfpmUKu+hYrXeaMvvBys0Pr5n3fX7xJATWSIs5tmjTUpsNfzuNDdt5KCsKLbJUKq1lMhy9eSTwZ040iKwJx6SkyWk+Dzpj5TSSbBX5UoV5XwRQ4eUF0E7kubZaOTAYafkYhlEVrKDQlos0G73AlQunil0VE/dzurzSFug==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=9mqN5z0B9Nl65QEVDqNcpFX86gnqOPruJFTB6Y7AaPQ=; b=OPxB4lCWXSZ2KmwKF1+gQpzUQdPouwPMVE7lpr3z0aYmvZH6XJMz6Zdq1m4YMar6V6nAboe7ZZe5tZSCG+69ZC4Q03C19pKEze+77WA3s7NkqITlgvPvvJ1hvJfkA3ne4gEp5JD+MXsq4qFiLiLAcl4CVOkuernZJWZ0XHm09yeyOVqukoNIhiSxtjZFE/UEYfpY2e+XE5/jLJFfLkSIMrq9hXUFLvafVjwLItQ+ZIxQUPzs9HqvCdeLsE2oPUaOz7Q+LI2CkivyAZGLm0lyn4+RAVv1bpzkwPdR2mwJp/Y5hDQ7hyL4RGgJzLB/EV2z9Drj+b5GFqjg/WVSnCRasw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nist.gov; dmarc=pass action=none header.from=nist.gov; dkim=pass header.d=nist.gov; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nist.gov; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9mqN5z0B9Nl65QEVDqNcpFX86gnqOPruJFTB6Y7AaPQ=; b=apm+a7risPLxe6MZPfqMhJ3IwYAO/ccWX/9xPGc84eggL3ohqvaiOt1OQAHEeoCNg8wgiO0jp0yf5oR1H/z8A+r9zM1C0qSAV2dYb40eKECRPtmFBo0VlVvUewTEFUTNFMUT32pvxzoefSyMPqR6e+jFanLD69A6V3pE+Ds6D3YswNB+1wgsux4y3H3i/+Xbwu1Gn1kDHtgtLRoSvO+gYmqrmGM+nhi8SG73O3ylYmw2bgaMeVCyA7F+ytsUJg2O+U88a+PgYUuQgSl4PXjUsNL9XovR9IPJYEYq8YiHkhUDJsfoKld6rnbeM2ZnfM0S0/q02JeSlsk8R165K4Dv4A==
Received: from SA1PR09MB8142.namprd09.prod.outlook.com (2603:10b6:806:171::8) by DM8PR09MB7240.namprd09.prod.outlook.com (2603:10b6:5:2e6::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6565.31; Tue, 11 Jul 2023 15:05:51 +0000
Received: from SA1PR09MB8142.namprd09.prod.outlook.com ([fe80::9fad:784d:1f30:7591]) by SA1PR09MB8142.namprd09.prod.outlook.com ([fe80::9fad:784d:1f30:7591%4]) with mapi id 15.20.6565.028; Tue, 11 Jul 2023 15:05:51 +0000
From: "Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov>
To: "sidrops@ietf.org" <sidrops@ietf.org>
Thread-Topic: Re: [Sidrops] I-D Action: draft-ietf-sidrops-aspa-verification-15.txt
Thread-Index: Admz/4LOnhctbpAIT7uTOreuUz1YKQ==
Date: Tue, 11 Jul 2023 15:05:50 +0000
Message-ID: <SA1PR09MB8142DC7FB44633058F1CE3598431A@SA1PR09MB8142.namprd09.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nist.gov;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: SA1PR09MB8142:EE_|DM8PR09MB7240:EE_
x-ms-office365-filtering-correlation-id: d2d9603a-55e3-45a5-8321-08db822050cf
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: QKT+dPNXru/SOP7kVUnNx24tr13OdyO7NTNjMJQaOqKSjh0vCy1UvfWnrOB8F5jTTplgeH9tl5428+M40pJUgtAsQe20sXzSda8QEeJX+2WmcFjgMFUJgRx0jvCfR7l5aGVs3xwVNNalfW49+jTeLTGpP0z2tj4y+tgLaILKGxDWhrQBM3Lh9kgzsttsxOftkbN7FdyG5S6/XfNhg5d4/nApIzeBYd9B71lVL+SlH17gJtyDfIK1vwSUI0Qar2RzU1ykIMB5DrnuSg9R8yCUNDfolA8HncP2cAUW6zTbDy8z3pFEqM8F3MFHcdW0sad3Li7dY7Mgsr/Osla5hsa7yriyHsmqJ/gqbThkk7aApGOE3LLv6J1xTrRvNYxsimaxHAwqOgb2COMUDXEIVOEASp4oR1/mgQnthsjRq/R5YntYUMUh9F6BHJ4LunwPFLd3pKXJHYNsvEWke1qTY7B9wYiEGDCxw2at3a9jYxqOX/WNKHdXNhoEt55/7ldL4P2sr1g9H6Q7DYY0dVXcrfp5izB624UADg4Qo1b8z5kUltWdPKQ7zCaLwk9a7XkBcAJyyKrrppPMTz+cvjk/W+lVWqdWHQfiZmZ2ghG4QGiyRf4=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SA1PR09MB8142.namprd09.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230028)(4636009)(366004)(451199021)(38070700005)(33656002)(86362001)(55016003)(38100700002)(82960400001)(122000001)(498600001)(71200400001)(7696005)(966005)(8676002)(15650500001)(52536014)(5660300002)(2906002)(6916009)(66476007)(66556008)(76116006)(66446008)(66946007)(64756008)(8936002)(66574015)(26005)(9686003)(6506007)(186003)(83380400001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: Pb+cYeJquTC5LAUFjrZzrXs/raEBDBM/ZQZfZsND5TLCmqttpb+7YqsF1eBXfKXQhe6daxWmdbMdG4lY7o3AEeyxkQZ3YkoEmyW64+AvFTF7l11kp21yKNf3kwnz+QmNWEVRQxv/YEcIDMaxdSTmzi9MmahWvhdtvA6MFP/lyOQCxe+rpHORl/wN8uBIQuAsGS1qrDPoOLFY1gL+5dXz4l29+sciV8FmgMxqISL8bdSRHN53aYUM3IqmEP+f1GZHFQ2r7sxdkQskSfx1aLukZ+bstrJBZrK/m11U3OoB3ZyysWB0PPQWBoNSsaER13S40KJm+bjY4fiCoVnhi9p1k4L3plOIG+PxHIl55qzKmDCsGVL1E+2//xn7WiWNxumyJy1wDp10gaz0JDYcIxUK2D2QhZuiEZ2P9/20uSwcCoFKGuPzf/bmoh6L1XqUFL8jP45L19yjlojYXtOHo3cnLU/W3Wi2SjoNWkoUttlaphwgy5aVjsO7ZrA/e6nF+uakBMksk7rV7gP+QykO021Gkn6vEZQC7joYhl8W5S5J+ZaD/1VkHjpulULJMlTo1OfsJf0XbeBps+ogQir2lK+Pseg/LEWIFJs7Mi07O1pmBLKvZVHrCWUV6H0RUBUhcypIV1C6uTF8nGe+VUaGjhdQahclCqh/+3vdk8JQLREwdFSr3oOxv9z79JERsI6SU48f+mKnZWJGoGOiOIlPgYZ6Z8bxGBkSnXE43ScYgxpdxz4CfckX/F2w3oeBczEqZotc6ncQdCyhGAhAgpGoX7n7I8aD0rZOd+SQGEVABbXF5aZ/w0QwxohZsYQwZgOvfPlVQWK2weeJiaMAQRoyOkCzizLvsG4DC9E46oq9tb0jeH4E55PykoRhCJeug8d1zkBzr44BIKzYBnTj6t++f8L5nfAiHqsAU9URbxKlG1thRkvWyM+8LiQaXN699rrrdMka1y63bwgu0CygjjRdG/AROPlAh4O7tRa5KFqRjXN22sK6VdAGUh+ZgsO3KYxLgmZsOKV4X5bVdFKQ51lQ+Gs5mzuXuNlLqBf03f2/GTgfKf8C/APuTEgppW+MqG1rRYJ06AKL5TEVngP2vEbCzC54cwmf9OgRDKmoMXd/gsqkuuql2Ui/whS4BU/0oAK0QBVTjU8S2O7ePs9FlcLGedp4jy0zZe2Wteujeyf314+kzNJGXyV7sKqf7eW3QCL7FfrOQ25aE9nh8bpNXnm+KtMKyggP/LpENybZYoDW8Fgxbjlcvq4GsNl/hkSApcbovpUi4anaiJ+HBgIKr/POY7RzqPhBcmt618cCABAk8t0Ifw/d2yTor9XnvpNeTjSF8dzusHIBug3IVjqxiTEfJKZ39mZ3FgVLkHE4y6dqOiha9YOXfeYaPQ3b6rLL9tXxh07LvOG7Hzky9dVL6FuivH0BAL70BbmrdOgGke9SvhhXuiuT4oEuxUGPN6maoYK6INcgEfLaguaptpEctunOLjycMpPj3HxLbkSxpc6C3KYV7znr0cAjQeyWaG2MwmSkGMmryIhptyIAR+XsJApvX44DlmyMHWOYURowXraGzg7xr+Kec7CkdP1ab4uW9DQoub7l
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SA1PR09MB8142.namprd09.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: d2d9603a-55e3-45a5-8321-08db822050cf
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Jul 2023 15:05:50.9147 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM8PR09MB7240
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/E_tNditQfIqD1Q3PFUEygcntLpI>
Subject: Re: [Sidrops] I-D Action: draft-ietf-sidrops-aspa-verification-15.txt
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Jul 2023 15:05:59 -0000

Hi all,

An updated version 15 has been uploaded.
https://datatracker.ietf.org/doc/html/draft-ietf-sidrops-aspa-verification-15

The changes in v-15 are:

1. Updates due to the removal of afiLimit from the ASPA profile.

2. Incorporates comments (very helpful) that continued to come after the formal WGLC period.

3. Sections 7 and 8 are better organized.

4. New Section 7.2 "Verification and Mitigation at Egress eBGP Router".  This section extends what RFC 8893 did for RPKI-ROV to ASPA-based AS_PATH verification.

5. New Section 9.4 "DoS/DDoS Mitigation Service Provider".

6. Other edits for text improvements.

Thank you.

Sriram 

------------------------
A New Internet-Draft is available from the on-line Internet-Drafts
directories. This Internet-Draft is a work item of the SIDR Operations
(SIDROPS) WG of the IETF.

   Title           : BGP AS_PATH Verification Based on Autonomous System Provider Authorization (ASPA) Objects
   Authors         : Alexander Azimov
                     Eugene Bogomazov
                     Randy Bush
                     Keyur Patel
                     Job Snijders
                     Kotikalapudi Sriram
   Filename        : draft-ietf-sidrops-aspa-verification-15.txt
   Pages           : 23
   Date            : 2023-07-10

Abstract:
   This document describes procedures that make use of Autonomous System
   Provider Authorization (ASPA) objects in the Resource Public Key
   Infrastructure (RPKI) to verify the Border Gateway Protocol (BGP)
   AS_PATH attribute of advertised routes.  This type of AS_PATH
   verification provides detection and mitigation of route leaks and
   improbable AS paths.  It also to some degree provides protection
   against prefix hijacks with forged-origin or forged-path-segment.

The IETF datatracker status page for this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-ietf-sidrops-aspa-verification/

There is also an htmlized version available at:
https://datatracker.ietf.org/doc/html/draft-ietf-sidrops-aspa-verification-15

A diff from the previous version is available at:
https://author-tools.ietf.org/iddiff?url2=draft-ietf-sidrops-aspa-verification-15

v2.23.0 | Report a Bug | By Email