Re: [Sidrops] ASPA verification questions

Ben Maddison <benm@workonline.africa> Wed, 14 December 2022 18:10 UTC

Date: Wed, 14 Dec 2022 20:10:35 +0200
From: Ben Maddison <benm@workonline.africa>
To: Claudio Jeker <cjeker@diehard.n-r-g.com>
Cc: sidrops@ietf.org
Message-ID: <20221214181035.bydtb3nvtsklav4j@iolcus>
References: <Y5nh7YrUMjxOy1xA@diehard.n-r-g.com>
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="ryq5frbs3pfq2jso"
Content-Disposition: inline
In-Reply-To: <Y5nh7YrUMjxOy1xA@diehard.n-r-g.com>
MIME-Version: 1.0
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 6z6gh3/GMyQzrryvKcMniWceSmcwy2GktW37Ab8WgGDwTMFeIhSRHZ8fA0T1OdTF1Nkau53lmuWDAP/obp0OqzVrTqMX4g0ntFJsAQCxvajdgE3xWYdbw6/sSjoT+2ROEeFPOEw7lMmLvdfrDO/9hpE7tNgD+psqguD7xI+WsvatxYC93inphUv+WG5LkCeA9wnvXQwQItkt2ng2LHvV18f4kTnqM1tBX+TSzoHsayfk7VgAedsG8WRataRFjXA0xlMIt6n43wak44hxCOjvL2Maml/MaCmQ9tzEGRc4XXKypQQ1xzv++rUVwRVIQgJh0HErthVXbNaniJAPbe/Fk24bgwHUJncMxh5o20tFM7XOOXyObnJ5bS2vir7TefPaIwWLvDS/nC3gtrsIm/Il/sMLNyqAsElRg9RrhQ2ymPRKvglXRLcq5RO12/r13JVne7EL1UZ53/WHuk4O439opyuPjHbCWUedXHEw/ojIfUzvrGH0AOlmuaVXMzD2zxsgDsRnqdiN+BAokgkkFUFfA6Ftyr21qEAWjwds064NQ6o18+TFeWsAdWDN7L5BXZrKFGjpd7o2OL+RlRTCjvRAghQdFuCoJCTVcGwXQjYuR2H+Oea1qVUb6AIjzZNwwpvv1C2/4uOvtXcbe1fs9u8Eg5rs9XfEgecqaysOtgn51A3uPS595T5LRp+9Usflg0iRSD7L9XAjx55+eFwE0i0SLyJr3xx7w0NY7sKC0aMxK4peVW3M6UmzXdsN8w6pcz0yhucF7ZqHW4kHK3f3m4sE525JHFIXyFSctFJODbm5pm1uIt1YwlPu3TU0vm/LDihXRfqyo3pPgsvN3hYFpB6R+TUcUEi2Oqo9tgGmzrXIqKYrrTdSBXHkcRIybEJBVjBdv+SpMVQcZwcYVCAblb0PBwYx6VvU6YqyQLVz6SW4OENa8hjr5G11EWfn0kJl76ClUZvf9ziImhiigvrJhtAiggSUcbduBG35quxqlMAMXHqbuxK/2S2GPkPS/Umj5fPKTPQgrPZDFA372tQuQBnqqAFRjFQzI3/AUjhqQb1M9FwD4YolL/T3IdVsNOmfpNckgNXNgT3ZxC+M+j79mZdUoeew+mAPSD9tjORGDd56ghh+30viSLk92QplUtePFfKnQZv5SytZxSGgB0JWpvmqjAeCCoe2QmZ3Ckvj/9Y0hd2wqQDD7FsJ075C7FkqpLgDbNdGU70sEwpksawjYuPuO/9AVrujxHp1/hRWczkFQhE8bWJtXXlfhLVpHbPdipMSuJJ35DiQKla7GsHoeSvEa06i5x8ow4qQ8S+SmrVneHO+S4Vrd3qLHSk7ku3+YGJ5gsY3UGFZoqhi+R7nKcmlTjb+esCoz3J6p3mMW6/r8r9tJdOJpy4IrqGm8A86mGlEMvPSI8Z4vi/3nLyT01/HRF1z5EWYkWb1nyfnb31FwfHWl810VFT051NYdM4j3RihsTrRiePEOeZOhetjUHDw+eNv1gRkpwJqKbIo4yMrEcxpw9fEaVQC8h4qcq1yIBz58LNFRZj3HCEY8PdYHp+B+rn31st1oNcmpg0ziXpWIWTIS5Gcz/BLMN3ICrBTpj5A
X-OriginatorOrg: workonline.africa
X-MS-Exchange-CrossTenant-Network-Message-Id: e72611c9-e964-47ec-7147-08daddfe835f
X-MS-Exchange-CrossTenant-AuthSource: AS8P190MB1078.EURP190.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 14 Dec 2022 18:10:42.3410 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: b4e811d5-95e8-453a-b640-0fba8d3b9ef7
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 4wmKo49dC/SZXBjTLxEMAXQw2m1ze8kdKV8Lkf41Np2iHmhNW6rAItIE91DaszKvIRAweaGXrrK4kmvtacGW/w==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1P190MB0719
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/FVJ5AJfFLgQM7JhVf8fnj41OIEQ>
Subject: Re: [Sidrops] ASPA verification questions
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Dec 2022 18:10:59 -0000

Hi Claudio,

On 12/14, Claudio Jeker wrote:
> Hi all,
> 
> I'm working on ASPA verification in OpenBGPD and while I have the basic
> validation algorithm working I have a question that is not covered by
> draft-ietf-sidrops-aspa-verification-11:
> 
> What should happen with ebgp peers that have no role assigned?

My personal view (which I have previously discussed, without agreement,
with some of the authors) is that the default 'provider/non-provider'
status of an external peer should be derived from the ASPAs issued by
the local AS.

This obviously needs a knob for override on a per-peer, per-afi basis.

I would prefer not to have a tight coupling with RFC9234 roles in
implementations.

Cheers,

Ben

Attachment: signature.asc

[Sidrops] ASPA verification questions Claudio Jeker
Re: [Sidrops] ASPA verification questions Job Snijders
Re: [Sidrops] ASPA verification questions Ben Maddison
Re: [Sidrops] ASPA verification questions Randy Bush
Re: [Sidrops] ASPA verification questions Wanghaibo (Rainsword)
Re: [Sidrops] ASPA verification questions Claudio Jeker
Re: [Sidrops] ASPA verification questions Zhuangshunwan
Re: [Sidrops] ASPA verification questions Sriram, Kotikalapudi (Fed)
Re: [Sidrops] ASPA verification questions Claudio Jeker

Re: [Sidrops] ASPA verification questions

Attachment: signature.asc