Re: [Sidrops] ASPA: Is this really a leak?

Jay Borkenhagen <jayb@braeburn.org> Wed, 16 December 2020 16:40 UTC

Return-Path: <jayb@oz.mt.att.com>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B2B943A10E4 for <sidrops@ietfa.amsl.com>; Wed, 16 Dec 2020 08:40:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.647
X-Spam-Level:
X-Spam-Status: No, score=-1.647 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.25, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e736Ndt-khuF for <sidrops@ietfa.amsl.com>; Wed, 16 Dec 2020 08:40:32 -0800 (PST)
Received: from hrabosky.cbbtier3.att.net (braeburn.org [12.0.1.25]) by ietfa.amsl.com (Postfix) with ESMTP id 11C533A1103 for <sidrops@ietf.org>; Wed, 16 Dec 2020 08:40:31 -0800 (PST)
Received: from oz.mt.att.com (zoe.cbbtier3.att.net [12.0.1.45]) by hrabosky.cbbtier3.att.net (Postfix) with ESMTP id 940064AC96; Wed, 16 Dec 2020 16:40:30 +0000 (UTC)
Received: by oz.mt.att.com (Postfix, from userid 1000) id 5EBD45640E6F; Wed, 16 Dec 2020 11:40:30 -0500 (EST)
X-Mailer: emacs 25.2.2 (via feedmail 11-beta-1 I); VM 8.2.0b under 25.2.2 (x86_64-pc-linux-gnu)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <24538.14458.724169.315853@oz.mt.att.com>
Date: Wed, 16 Dec 2020 11:40:26 -0500
From: Jay Borkenhagen <jayb@braeburn.org>
To: "Jakob Heitz \(jheitz\)" <jheitz=40cisco.com@dmarc.ietf.org>
Cc: "sidrops@ietf.org" <sidrops@ietf.org>
In-Reply-To: <BYAPR11MB3207E12FA868D4ECCF064161C0C60@BYAPR11MB3207.namprd11.prod.outlook.com>
References: <BYAPR11MB3207E12FA868D4ECCF064161C0C60@BYAPR11MB3207.namprd11.prod.outlook.com>
Reply-To: Jay Borkenhagen <jayb@braeburn.org>
X-GPG-Fingerprint: DDDB 542E D988 94D0 82D3 D198 7DED 6648 2308 D3C0
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/EqYJeFRqqxzBfwxxLfKOtdiLLYQ>
Subject: Re: [Sidrops] ASPA: Is this really a leak?
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Dec 2020 16:40:34 -0000

Jakob Heitz \(jheitz\) writes:
 > https://tools.ietf.org/html/draft-ietf-sidrops-aspa-verification-06
 > finds suspected leaky AS paths.

No, not really.

draft-ietf-sidrops-aspa-verification rejects routes whose AS_PATHs are
contra-indicated by the expressed wishes of the AS resource-holders,
as communicated by the set of validated ASPA records.

It's thus up to each party publishing ASPA records to ensure that all
necessary upstream and mutual transit relationships are explicitly
authorized.

						Jay B.