Re: [Sidrops] ASPA objects in the public RPKI
Zhuangshunwan <zhuangshunwan@huawei.com> Wed, 14 December 2022 06:42 UTC
Return-Path: <zhuangshunwan@huawei.com>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 461B8C14F74B for <sidrops@ietfa.amsl.com>; Tue, 13 Dec 2022 22:42:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.896
X-Spam-Level:
X-Spam-Status: No, score=-6.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HwTnaoxY_uMw for <sidrops@ietfa.amsl.com>; Tue, 13 Dec 2022 22:42:54 -0800 (PST)
Received: from frasgout.his.huawei.com (frasgout.his.huawei.com [185.176.79.56]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 15115C14CE37 for <sidrops@ietf.org>; Tue, 13 Dec 2022 22:42:54 -0800 (PST)
Received: from lhrpeml500005.china.huawei.com (unknown [172.18.147.207]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4NX5PM6MDNz682wY for <sidrops@ietf.org>; Wed, 14 Dec 2022 14:41:43 +0800 (CST)
Received: from kwepemi100003.china.huawei.com (7.221.188.122) by lhrpeml500005.china.huawei.com (7.191.163.240) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.34; Wed, 14 Dec 2022 06:42:50 +0000
Received: from kwepemi500002.china.huawei.com (7.221.188.171) by kwepemi100003.china.huawei.com (7.221.188.122) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.34; Wed, 14 Dec 2022 14:42:48 +0800
Received: from kwepemi500002.china.huawei.com ([7.221.188.171]) by kwepemi500002.china.huawei.com ([7.221.188.171]) with mapi id 15.01.2375.034; Wed, 14 Dec 2022 14:42:48 +0800
From: Zhuangshunwan <zhuangshunwan@huawei.com>
To: Job Snijders <job=40fastly.com@dmarc.ietf.org>, Zhuangshunwan <zhuangshunwan=40huawei.com@dmarc.ietf.org>
CC: "sidrops@ietf.org" <sidrops@ietf.org>
Thread-Topic: [Sidrops] ASPA objects in the public RPKI
Thread-Index: AQHZBkogLri7BCWM90a1hGCMS2zS7a5sxmSw//+RpYCAAKOcoA==
Date: Wed, 14 Dec 2022 06:42:48 +0000
Message-ID: <49f4a93ff4fa4c2d80ba07f895b9e595@huawei.com>
References: <Y4nwMhW3Cye6Jg1O@snel> <3398600d8dc84334bc6b7583a844d84a@huawei.com> <CAMFGGcCmciM7F5AW4892BBhNu=NMwa9UpoV5etEDVNrezO7-Gg@mail.gmail.com>
In-Reply-To: <CAMFGGcCmciM7F5AW4892BBhNu=NMwa9UpoV5etEDVNrezO7-Gg@mail.gmail.com>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.108.202.95]
Content-Type: multipart/alternative; boundary="_000_49f4a93ff4fa4c2d80ba07f895b9e595huaweicom_"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/KCCDJGMuXamSvVuyejs5V5z5kR4>
Subject: Re: [Sidrops] ASPA objects in the public RPKI
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Dec 2022 06:42:58 -0000
Dear Job, Thank you for your clear explanation! Your answer opened me up to some facts that I hadn't noticed before: Some looking glasses only see IPv4 AS neighbors for 2 ASes, but no IPv6 AS neighbors. This observation does not prove that there are no IPv6 neighbors for such 2 ASes, instead, it shows that the capability of these looking glasses need to be improved. Kind regards, Shunwan From: Sidrops [mailto:sidrops-bounces@ietf.org] On Behalf Of Job Snijders Sent: Wednesday, December 14, 2022 12:35 PM To: Zhuangshunwan <zhuangshunwan=40huawei.com@dmarc.ietf.org> Cc: sidrops@ietf.org Subject: Re: [Sidrops] ASPA objects in the public RPKI Dear Shunwan, Thank you for your question. The ASPAs in the current set of valid objects apply to BOTH ipv6 and ipv4. If they were IPv6-specific, the objects would’ve contained the “afiLimit” field with the value set to IPv6 (0002). Kind regards, Job On Wed, 14 Dec 2022 at 07:18, Zhuangshunwan <zhuangshunwan=40huawei.com@dmarc.ietf.org<mailto:40huawei.com@dmarc.ietf.org>> wrote: Hi Job, Thanks for your sharing! I think it's a great, significant work. As I understand it, the current ASPA objects are for AFI IPv4 and does not take into account AFI IPv6. Is my understanding wrong? Kind regards, Shunwan > -----Original Message----- > From: Sidrops [mailto:sidrops-bounces@ietf.org<mailto:sidrops-bounces@ietf.org>] On Behalf Of Job Snijders > Sent: Friday, December 2, 2022 8:32 PM > To: sidrops@ietf.org<mailto:sidrops@ietf.org> > Subject: [Sidrops] ASPA objects in the public RPKI > > Dear all, > > Just FYI. Recently, the very first ASPA objects (produced by two different CA > implementations) appeared in the public RPKI: > > AS 970 - > https://console.rpki-client.org/rpki-rps.arin.net/repository/8a848adf8143bf > 6201823bd454752be6/0/AS970.asa.html > AS 21957 - > https://console.rpki-client.org/rpki-rps.arin.net/repository/8a848adf8143bf > 6201823bd454752be6/0/AS21957.asa.html > AS 15562 - > https://console.rpki-client.org/chloe.sobornost.net/rpki/RIPE-nljobsnijders/ > VCIb3NxttGlL0VzKekHcAGpU9Ls.asa.html > > CA implementers can use rpki-client 8.0 and higher to confirm object profile > specification compliance. > > Kind regards, > > Job > > _______________________________________________ > Sidrops mailing list > Sidrops@ietf.org<mailto:Sidrops@ietf.org> > https://www.ietf.org/mailman/listinfo/sidrops
- [Sidrops] ASPA objects in the public RPKI Job Snijders
- Re: [Sidrops] ASPA objects in the public RPKI Di Ma
- Re: [Sidrops] ASPA objects in the public RPKI Zhuangshunwan
- Re: [Sidrops] ASPA objects in the public RPKI Job Snijders
- Re: [Sidrops] ASPA objects in the public RPKI Zhuangshunwan
- Re: [Sidrops] ASPA objects in the public RPKI Zhuangshunwan
- Re: [Sidrops] ASPA objects in the public RPKI Claudio Jeker
- Re: [Sidrops] ASPA objects in the public RPKI Job Snijders
- Re: [Sidrops] ASPA objects in the public RPKI Claudio Jeker
- Re: [Sidrops] ASPA objects in the public RPKI Randy Bush
- Re: [Sidrops] ASPA objects in the public RPKI Job Snijders
- Re: [Sidrops] ASPA objects in the public RPKI Zhuangshunwan
- Re: [Sidrops] ASPA objects in the public RPKI Christopher Morrow