Re: [Sidrops] WG ADOPTION - draft-madi-sidrops-rush - ENDS 10/12/2020 (Oct 12th)

Tim Bruijnzeels <tim@nlnetlabs.nl> Wed, 18 November 2020 08:04 UTC

Return-Path: <tim@nlnetlabs.nl>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 391F73A14E0; Wed, 18 Nov 2020 00:04:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nlnetlabs.nl
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uo8t8fahx-2n; Wed, 18 Nov 2020 00:04:16 -0800 (PST)
Received: from outbound.soverin.net (outbound.soverin.net [IPv6:2a01:4f8:fff0:2d:8::215]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7E0563A14B2; Wed, 18 Nov 2020 00:04:15 -0800 (PST)
Received: from smtp.soverin.net (unknown [10.10.3.28]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by outbound.soverin.net (Postfix) with ESMTPS id ECAF160100; Wed, 18 Nov 2020 08:04:12 +0000 (UTC)
Received: from smtp.soverin.net (smtp.soverin.net [159.69.232.142]) by soverin.net
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=nlnetlabs.nl; s=soverin; t=1605686651; bh=fWUzshm/K2NRn/l/qfDrDbiIukDmws0UDvWIvkWTeQc=; h=Subject:From:In-Reply-To:Date:Cc:References:To:From; b=TeQ0rzxp8atq+fgQcd+uh4At1PfPRfw0q/VrtC3XOwqcDxTpFRSdfg0nnSNppA/Im HbWZEUfMTpD1khWuZ826QcL/1JSX04I7pbnzO1YK+ee7JkMplLxTn+RIxjwnp6fYES tHTTWqIkgfiyENE8O2caMjnkLeJ7p0LPpULeAvMoNM97f772hoNT7xxYtr0rCmRiaH YrR09xPL8UMnz4ygO8m4neSxq4coO6kGF4+9xTN6UW5bcXP5OPXrs3gbrtITmy9YoG BzVEYe5E0Ce3JOI6H/mOb/NFl5+NSJT2iOhMLkhUPc8+TJ2z34nWtlXgoCKggacC0I /lYfJ0155BNOQ==
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.4\))
From: Tim Bruijnzeels <tim@nlnetlabs.nl>
In-Reply-To: <BBAF2E50-87B7-4A03-9512-E7681BB85E91@rpstir.net>
Date: Wed, 18 Nov 2020 09:04:06 +0100
Cc: Jared Mauch <jared@puck.nether.net>, "sidrops-ads@ietf.org" <sidrops-ads@ietf.org>, Guyunan <guyunan@huawei.com>, SIDR Operations WG <sidrops@ietf.org>, SIDROps Chairs <sidrops-chairs@ietf.org>, Melchior Aelmans <melchior@aelmans.eu>, Job Snijders <job@ntt.net>
Content-Transfer-Encoding: quoted-printable
Message-Id: <6C07A611-5D8F-4668-BF2F-16CD48C77C2A@nlnetlabs.nl>
References: <87imbybjne.wl-morrowc@ops-netman.net> <CALxNLBhjU409LB8pU3Dr287hyKDSW8bHbJiLNPjf4yOSnzc2kg@mail.gmail.com> <C01B0098369B2D4391851938DA6700B717C1D699@DGGEML532-MBX.china.huawei.com> <C4FE2995-87D4-4FF5-9F3D-91D5BE44ED33@rpstir.net> <CAL9jLaZAC9soiJKy856dWexjAmh5=brBnnUOrUjeSHLR_CKJTQ@mail.gmail.com> <3B7B607B-C100-4805-94BE-DC2F597A3CD2@rpstir.net> <87a6vgfb3i.wl-morrowc@ops-netman.net> <X7PYnV3pz9QO5NUY@bench.sobornost.net> <D77FB6ED-2288-4E55-8329-27EC52C8BB37@rpstir.net> <95A9B418-370C-43F5-8466-3FC157C3F914@puck.nether.net> <BBAF2E50-87B7-4A03-9512-E7681BB85E91@rpstir.net>
To: Di Ma <madi@rpstir.net>
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/Kitl3AgNUIHceUO6sJaDH_XgL84>
Subject: Re: [Sidrops] WG ADOPTION - draft-madi-sidrops-rush - ENDS 10/12/2020 (Oct 12th)
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Nov 2020 08:04:25 -0000

Hi,

> On 18 Nov 2020, at 08:02, Di Ma <madi@rpstir.net> wrote:
> 
> Jared,
> 
> Thanks for your suggestion.
> 
>> 2020年11月18日 14:54,Jared Mauch <jared@puck.nether.net> 写道:
>> 
>> 
>> 
>>> On Nov 18, 2020, at 1:48 AM, Di Ma <madi@rpstir.net> wrote:
>>> 
>>> We don’t make decision for operators but offer them a choice that they can outsource valiation if they have no problem with this fashion.
>> 
>> Is it perhaps better to think about offering validation as a service to people who can’t or are unable to run their own validators?
>> 
>> (Thinking of how people may decide to use an off-network DNS resolver so they don’t need to operate one themselves).
>> 
>> Perhaps this is something larger networks may want to offer to their customers, similar to how they may offer NTP, DNS and other services?
> 
> I think this is a reasonable usecase which can be added into RUSH document.
> 
> And RUSH can also be used within a large ISP to distribute cache to RTR servers deployed in different ASes.

I believe that for this use case it would be better to standardise the (signed) json emitted by validators so that it can be used by rpki-rtr implementations (go-rtr, and the one we are building rtrtr).

That way people can have interchangeable validators and RTR implementations. With signing one can distribute the data safely even over public internet which can help centralised *own* management.

I believe that outsourcing the validation and using someone else's RP feed for their RTR is ill advised, yet it may be something that people choose to do regardless.

As far as RUSH is concerned I am still on the fence about it, but I see a possible use case in having an API to push updated SLURM settings in a local RP, more finegrained, e.g. allow listing things, adding/removing one or more exceptions as a delta, rather than just giving the RP a complete new file. But.. that would be a different thing altogether, and I don't really want to invent this for the sake of it - I would ask operators here if they have that use case first.

As written the document seems to say: there are SLURM files and you can transport them over HTTPS, possibly implying that RP software will actively fetch these files. I lean towards not standardising this, as it's something that people can already do today. A simple script that fetches a file and feeds it to an RP would already work, if that's the way one chooses to operate.

Tim

> 
> Di
> 
> _______________________________________________
> Sidrops mailing list
> Sidrops@ietf.org
> https://www.ietf.org/mailman/listinfo/sidrops