Re: [Sidrops] ASPA objects in the public RPKI
Job Snijders <job@fastly.com> Wed, 14 December 2022 04:34 UTC
Return-Path: <jsnijders@fastly.com>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C545EC14CE35 for <sidrops@ietfa.amsl.com>; Tue, 13 Dec 2022 20:34:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=fastly.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jqfwfZSsf7FH for <sidrops@ietfa.amsl.com>; Tue, 13 Dec 2022 20:34:45 -0800 (PST)
Received: from mail-qt1-x82d.google.com (mail-qt1-x82d.google.com [IPv6:2607:f8b0:4864:20::82d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1477DC14CF16 for <sidrops@ietf.org>; Tue, 13 Dec 2022 20:34:45 -0800 (PST)
Received: by mail-qt1-x82d.google.com with SMTP id h16so1688124qtu.2 for <sidrops@ietf.org>; Tue, 13 Dec 2022 20:34:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastly.com; s=google; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=LAVanHeG9fw9d7c+/WXtdMVgXdela/UMNln8I0eTuKo=; b=G3g2wpikgcpb1CLr1A2aEN0cVYsI61JrGTX3azQPlGmuyv2zX89D323VBgKq2PldJ3 lPZUViQH9T+9KostjENV5tmmnxrVA9j7BlzkGG8yAalt4Wjh1wb7bTfIOhWE8dlahoI+ PiVD5HGjSXZTAHuo/g+vaIC5RWyxF1TRMkbM8=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=LAVanHeG9fw9d7c+/WXtdMVgXdela/UMNln8I0eTuKo=; b=I31t3KgIlfCM5nIo6IjIPnpN+0iZmZCmDGQ7qQ+K2L3bkH1B+2e5pCYmOSiiZ1R82C 7InMVhEKtb9FTjJaltjmA4nUVyHoNzaDa+EpnT7OshsJ9bei9M/BAVZlJZ63wHxZO6Ab G8U7s3Osftrtb38d8ztldsa5kmJX7hnqs1T/h502dA7ZIxZ8y1+c5H8dDhZYkidohTD4 iQh+RBirh18XjXc/xcgWrtR6kilKZifRdeYaO4QpKaQs69Og+EFrZPEfImDjo/Nnz5g+ c4uvw9tI5oFmbOqpUIDAPm54E1hIsSXUhNF9b9NTpjug/4mQaNO8Bi9tuEa176c7t4gI 2pbw==
X-Gm-Message-State: ANoB5pmtoCquwbtJK6v39WsmqxRH+kAaradxPDfxKscWVooj96En6scQ 4asFiwdkrtkV6VmwP0uf/r0j8xi+IMnYc946g0nd+RWI8jQvA5tMjt0=
X-Google-Smtp-Source: AA0mqf4TzlCoTGZtZ7leVaMxVSzmhx3iBBcJu7n/FfFYu/ONkr8YuhK5dJopAxEO+ShbSuR71sh8ZhtmvfgRtp9EYkE=
X-Received: by 2002:a05:622a:4d96:b0:3a6:8ddd:5095 with SMTP id ff22-20020a05622a4d9600b003a68ddd5095mr11228027qtb.145.1670992483998; Tue, 13 Dec 2022 20:34:43 -0800 (PST)
MIME-Version: 1.0
References: <Y4nwMhW3Cye6Jg1O@snel> <3398600d8dc84334bc6b7583a844d84a@huawei.com>
In-Reply-To: <3398600d8dc84334bc6b7583a844d84a@huawei.com>
From: Job Snijders <job@fastly.com>
Date: Wed, 14 Dec 2022 08:34:33 +0400
Message-ID: <CAMFGGcCmciM7F5AW4892BBhNu=NMwa9UpoV5etEDVNrezO7-Gg@mail.gmail.com>
To: Zhuangshunwan <zhuangshunwan=40huawei.com@dmarc.ietf.org>
Cc: "sidrops@ietf.org" <sidrops@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000006e738105efc241b5"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/LNcTVk5wZ0dJbcTIZSVh0VpPw3s>
Subject: Re: [Sidrops] ASPA objects in the public RPKI
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Dec 2022 04:34:48 -0000
Dear Shunwan, Thank you for your question. The ASPAs in the current set of valid objects apply to BOTH ipv6 and ipv4. If they were IPv6-specific, the objects would’ve contained the “afiLimit” field with the value set to IPv6 (0002). Kind regards, Job On Wed, 14 Dec 2022 at 07:18, Zhuangshunwan <zhuangshunwan= 40huawei.com@dmarc.ietf.org> wrote: > Hi Job, > > Thanks for your sharing! I think it's a great, significant work. > As I understand it, the current ASPA objects are for AFI IPv4 and does not > take into account AFI IPv6. Is my understanding wrong? > > Kind regards, > Shunwan > > > -----Original Message----- > > From: Sidrops [mailto:sidrops-bounces@ietf.org] On Behalf Of Job > Snijders > > Sent: Friday, December 2, 2022 8:32 PM > > To: sidrops@ietf.org > > Subject: [Sidrops] ASPA objects in the public RPKI > > > > Dear all, > > > > Just FYI. Recently, the very first ASPA objects (produced by two > different CA > > implementations) appeared in the public RPKI: > > > > AS 970 - > > > https://console.rpki-client.org/rpki-rps.arin.net/repository/8a848adf8143bf > > 6201823bd454752be6/0/AS970.asa.html > > AS 21957 - > > > https://console.rpki-client.org/rpki-rps.arin.net/repository/8a848adf8143bf > > 6201823bd454752be6/0/AS21957.asa.html > > AS 15562 - > > > https://console.rpki-client.org/chloe.sobornost.net/rpki/RIPE-nljobsnijders/ > > VCIb3NxttGlL0VzKekHcAGpU9Ls.asa.html > > > > CA implementers can use rpki-client 8.0 and higher to confirm object > profile > > specification compliance. > > > > Kind regards, > > > > Job > > > > _______________________________________________ > > Sidrops mailing list > > Sidrops@ietf.org > > https://www.ietf.org/mailman/listinfo/sidrops > >
- [Sidrops] ASPA objects in the public RPKI Job Snijders
- Re: [Sidrops] ASPA objects in the public RPKI Di Ma
- Re: [Sidrops] ASPA objects in the public RPKI Zhuangshunwan
- Re: [Sidrops] ASPA objects in the public RPKI Job Snijders
- Re: [Sidrops] ASPA objects in the public RPKI Zhuangshunwan
- Re: [Sidrops] ASPA objects in the public RPKI Zhuangshunwan
- Re: [Sidrops] ASPA objects in the public RPKI Claudio Jeker
- Re: [Sidrops] ASPA objects in the public RPKI Job Snijders
- Re: [Sidrops] ASPA objects in the public RPKI Claudio Jeker
- Re: [Sidrops] ASPA objects in the public RPKI Randy Bush
- Re: [Sidrops] ASPA objects in the public RPKI Job Snijders
- Re: [Sidrops] ASPA objects in the public RPKI Zhuangshunwan
- Re: [Sidrops] ASPA objects in the public RPKI Christopher Morrow