IETF Logo Mail Archive

Re: [Sidrops] [WGLC] draft-ietf-sidrops-roa-considerations-01 - Ends 10/March/2022

YAN Zhiwei <yanzhiwei@cnnic.cn> Mon, 18 April 2022 02:52 UTC

Return-Path: <yanzhiwei@cnnic.cn>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D6BE13A12FF for <sidrops@ietfa.amsl.com>; Sun, 17 Apr 2022 19:52:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.909
X-Spam-Level:
X-Spam-Status: No, score=-1.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R7YOQNNaBgk8 for <sidrops@ietfa.amsl.com>; Sun, 17 Apr 2022 19:52:36 -0700 (PDT)
Received: from cnnic.cn (smtp13.cnnic.cn [218.241.118.13]) by ietfa.amsl.com (Postfix) with ESMTP id E1DF73A1296 for <sidrops@ietf.org>; Sun, 17 Apr 2022 19:52:34 -0700 (PDT)
Received: from CNNIC-THINK (unknown [218.241.103.151]) by ocmail02.zx.nicx.cn (Coremail) with SMTP id AQAAf0AJEHhg0lxifTReAA--.65508S2; Mon, 18 Apr 2022 10:52:16 +0800 (CST)
Date: Mon, 18 Apr 2022 10:52:16 +0800
From: YAN Zhiwei <yanzhiwei@cnnic.cn>
To: Rob Austein <sra@hactrn.net>, keyur <keyur@arrcus.com>
Cc: sidrops <sidrops@ietf.org>
References: <BYAPR18MB26961DE9F15501CCA12ECCF1C13D9@BYAPR18MB2696.namprd18.prod.outlook.com>, <20220307010632.8FFE72EA00F6@minas-ithil.hactrn.net>
X-Priority: 3
X-Has-Attach: no
X-Mailer: Foxmail 7.2.9.156[cn]
Mime-Version: 1.0
Message-ID: <202204181052163056836@cnnic.cn>
Content-Type: multipart/alternative; boundary="----=_001_NextPart145306060516_=----"
X-CM-TRANSID: AQAAf0AJEHhg0lxifTReAA--.65508S2
X-Coremail-Antispam: 1UD129KBjvJXoW7WrW3Kr18Ar1kWF17Ar47urg_yoW8WF4xpF s7Ww1rJasxJr1DWF9rXw1DX3WYga1FyFsxJr93Wr4xArn8XF1qvrWakw1Y9Fy7Wws7Cwn0 vrWjyF43Xa4DZaDanT9S1TB71UUUUUUqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDU0xBIdaVrnRJUUUvEb7Iv0xC_Kw4lb4IE77IF4wAFF20E14v26r1j6r4UM7CY07I2 0VC2zVCF04k26cxKx2IYs7xG6rWj6s0DM7CIcVAFz4kK6r1j6r18M28lY4IEw2IIxxk0rw A2F7IY1VAKz4vEj48ve4kI8wA2z4x0Y4vE2Ix0cI8IcVAFwI0_Xr0_Ar1l84ACjcxK6xII jxv20xvEc7CjxVAFwI0_Gr0_Cr1l84ACjcxK6I8E87Iv67AKxVWxJr0_GcWl84ACjcxK6I 8E87Iv6xkF7I0E14v26F4UJVW0owAS0I0E0xvYzxvE52x082IY62kv0487Mc02F40E42I2 6xC2a48xMcIj6xIIjxv20xvE14v26r1j6r18McIj6I8E87Iv67AKxVWUJVW8JwAm72CE4I kC6x0Yz7v_Jr0_Gr1lF7xvr2IYc2Ij64vIr41lFcxC0VAYjxAxZF0Ew4CEw7xC0wCY02Av z4vE14v_Gr1l42xK82IYc2Ij64vIr41l4I8I3I0E4IkC6x0Yz7v_Jr0_Gr1lx2IqxVAqx4 xG67AKxVWUGVWUWwC20s026x8GjcxK67AKxVWUGVWUWwC2zVAF1VAY17CE14v26r1Y6r17 MIIYrxkI7VAKI48JMIIF0xvE2Ix0cI8IcVAFwI0_Jr0_JF4lIxAIcVC0I7IYx2IY6xkF7I 0E14v26r1j6r4UMIIF0xvE42xK8VAvwI8IcIk0rVWrZr1j6s0DMIIF0xvEx4A2jsIE14v2 6r1j6r4UMIIF0xvEx4A2jsIEc7CjxVAFwI0_Jr0_Gr1l6VACY4xI67k04243AbIYCTnIWI evJa73UjIFyTuYvjxUqRV1UUUUU
X-CM-SenderInfo: h1dq6xplzhxq5fqqxugofq/
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/JY7hZAVq4f-Wuzwtlly2Qwt8390>
Subject: Re: [Sidrops] [WGLC] draft-ietf-sidrops-roa-considerations-01 - Ends 10/March/2022
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Apr 2022 02:52:41 -0000

Hello, guys,

As Rob, George, Di and others mentioned, there are two sides to everything. Especially for a security service, the basic motivation of RPKI is for more secured routing system, while it will surely introduce other new risks. We want to optimize it during its designing, but it’s more important to deploy and test it with a more simple logic. I totally agree with Tim, there are some specific situations (…AS0 ROAs for unallocated space that some RIRs publish…) where the resources are more stable and with low risk wrt overclaim, it’s worthy to pack the ROAs together to improve the RP’s efficiency. Then if we have rough consensus about this principles, what we need to do are:

1) Describe the one-prefix-per-ROA as a basic advice of CA operation;

2) List the specific scenarios which have low risk wrt overclaim as the optimization situations CA may consider.

BR,



YAN Zhiwei
 
From: Rob Austein
Date: 2022-03-07 09:06
To: Keyur Patel
CC: sidrops@ietf.org
Subject: Re: [Sidrops] [WGLC] draft-ietf-sidrops-roa-considerations-01 - Ends 10/March/2022
I support publication of this draft.
 
Two comments, for whatever they're worth:
 
1) In retrospect, the ability to specify multiple prefixes in a single
   ROA seems like premature optimization: it's solving a problem I'm
   not convinced we really have, at the expense of creating a new one.
 
2) I tend to think about the multiple-prefix ROA problem in terms of
   "fate sharing": unless all the prefixes involved are in some way so
   closely tied to each other that there will never be a change to one
   of them that isn't a change to all, they should be separate ROAs.

v2.23.0 | Report a Bug | By Email