[Sidrops] SIDROPS IETF-101 meeting minutes
Keyur Patel <keyur@arrcus.com> Tue, 03 April 2018 19:52 UTC
Return-Path: <keyur@arrcus.com>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B9F1E1267BB for <sidrops@ietfa.amsl.com>; Tue, 3 Apr 2018 12:52:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=netorgft1331857.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lWQ881WD5w0E for <sidrops@ietfa.amsl.com>; Tue, 3 Apr 2018 12:52:29 -0700 (PDT)
Received: from NAM03-DM3-obe.outbound.protection.outlook.com (mail-dm3nam03on0068.outbound.protection.outlook.com [104.47.41.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AA4C9124F57 for <sidrops@ietf.org>; Tue, 3 Apr 2018 12:52:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=NETORGFT1331857.onmicrosoft.com; s=selector1-arrcus-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=upuKFygiszv3BnoMeVTtkWszFBjeJdH+LW7W3UYDXp4=; b=V9q6Z1MHdg8/kTbjwNGm83zHd4djSEatpqh9BPhtp09zU4cellugb7paIBmw479ORZdkVnHKsyZytHev84R0EtG06BpleP21NA+nGFIa3ZLTFFzU5d+Unz6SAPp2ynqi6s7CHaaTcifXUyg9ucYur8K+F5PMAwmOTEBP6DwGi/s=
Received: from BY2PR18MB0328.namprd18.prod.outlook.com (10.163.192.30) by BY2PR18MB0248.namprd18.prod.outlook.com (10.163.72.150) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.631.10; Tue, 3 Apr 2018 19:52:24 +0000
Received: from BY2PR18MB0328.namprd18.prod.outlook.com ([10.163.192.30]) by BY2PR18MB0328.namprd18.prod.outlook.com ([10.163.192.30]) with mapi id 15.20.0631.013; Tue, 3 Apr 2018 19:52:24 +0000
From: Keyur Patel <keyur@arrcus.com>
To: "sidrops@ietf.org" <sidrops@ietf.org>
Thread-Topic: SIDROPS IETF-101 meeting minutes
Thread-Index: AQHTy4VJXRgBR6ou20WMYzpKVhNpow==
Date: Tue, 03 Apr 2018 19:52:24 +0000
Message-ID: <756BF83A-17EC-4EAF-84E9-6EFD54D3A586@arrcus.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=keyur@arrcus.com;
x-originating-ip: [75.8.210.205]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; BY2PR18MB0248; 7:gEDJhp4UE88Geh11ANoRftc1XOMrem+JK3r289HUlIfl/PrBAGdphnBigzTLxrCIXw4Dq94MF8kZaRy2zZpTli1UI6NtQQhZyrNQK7GxaTiLbONgMg3IKYAJVxOOvt3Kub0FAmMSsukzUmMsqoXXYsUKcoNdr/OGi3Dp5MmLr+8zqUIJkvv/mnKs2XYfh0Tdy5lgrFZIH7YzYGL5kyEyROZiAsAWy+G2eXlctChIppw6oG5Dit6SbDbUYCaynJON
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: d73a62d6-f1f2-42f5-18a8-08d5999c6be0
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(7021125)(5600026)(4604075)(3008032)(4534165)(7022125)(4603075)(4627221)(201702281549075)(7048125)(7024125)(7027125)(7028125)(7023125)(2017052603328)(7153060)(7193020); SRVR:BY2PR18MB0248;
x-ms-traffictypediagnostic: BY2PR18MB0248:
x-microsoft-antispam-prvs: <BY2PR18MB0248AA1347D0A1DFCE702298C1A50@BY2PR18MB0248.namprd18.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(28532068793085)(158342451672863)(120809045254105)(21748063052155);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040522)(2401047)(8121501046)(5005006)(3231221)(944501327)(52105095)(3002001)(10201501046)(93006095)(93001095)(6041310)(2016111802025)(20161123562045)(20161123560045)(20161123564045)(20161123558120)(6043046)(6072148)(201708071742011); SRVR:BY2PR18MB0248; BCL:0; PCL:0; RULEID:; SRVR:BY2PR18MB0248;
x-forefront-prvs: 0631F0BC3D
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(396003)(39380400002)(346002)(376002)(39830400003)(366004)(199004)(189003)(7736002)(6116002)(6506007)(476003)(2616005)(66066001)(106356001)(2501003)(83716003)(606006)(77096007)(25786009)(5890100001)(8936002)(99286004)(86362001)(2900100001)(81166006)(316002)(8676002)(478600001)(82746002)(81156014)(186003)(3846002)(1730700003)(3280700002)(36756003)(2351001)(105586002)(59450400001)(2906002)(6306002)(102836004)(54896002)(26005)(14454004)(5660300001)(6512007)(6436002)(33656002)(53936002)(5640700003)(6916009)(68736007)(97736004)(966005)(6486002)(3660700001)(236005)(486006); DIR:OUT; SFP:1101; SCL:1; SRVR:BY2PR18MB0248; H:BY2PR18MB0328.namprd18.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: arrcus.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: cOjnzxgLwBVAX8Bfq+p5AidZc/xuDVC7JXklMbKTQ62k77Zetq7m2xPyqeawqUy+Kdc4bbyKK7VxZsvv7LbkAOkjbP1PXvb/i8nVfrF9NJwE+oAjUy58iLgn11NL6ejluQbFBWUnPspPmyNhUp493Mtr+Z9DnH0kH2E6JKF16CL6lrgst7pT/inT9zAwWNh5IqE+LeUgRsSq1Rz2VYwQg/5X7O0/nxAFsq1xDMTXuK3fwJt5MmTkxwLet9umgj3r2oc5n7CCGNvF0SIEjB3DEPJ/4+xx0Nz8P0L+cMfU3udwd8w5aJmXQcP7M4zTqwB9bklhVRGPeX6KEpiLA38J6LpEm9Aw1Mfw7mcKiRxI40tcgIdKFkUQj7KBEsI9GQ6tC7rQ5YGoOL8iR+xhMHuOLxWQaUel/5jBRSXlEgXMLGs=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_756BF83A17EC4EAF84E96EFD54D3A586arrcuscom_"
MIME-Version: 1.0
X-OriginatorOrg: arrcus.com
X-MS-Exchange-CrossTenant-Network-Message-Id: d73a62d6-f1f2-42f5-18a8-08d5999c6be0
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Apr 2018 19:52:24.4558 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 697b3529-5c2b-40cf-a019-193eb78f6820
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY2PR18MB0248
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/NTw9y6hakL61wU4C5R9oIAK_WGk>
Subject: [Sidrops] SIDROPS IETF-101 meeting minutes
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Apr 2018 19:52:32 -0000
Folks, Meeting minutes of our SIDROPS meeting at IETF-101 attached (and posted). Thank you Geoff Huston for taking notes. Regards, Keyur https://datatracker.ietf.org/doc/minutes-101-sidrops/ Status: As per data tracker LTA Uses cases is probably Chris Morrow's fault Question over tree-validation draft - Chair to follow up 1) draft-ietf-sidrops-route-server-rpki-light Job Snijders: Unauthorized BGP propagation of a more specific route of an exchange would case some routing damage, and the marking of it without recourse to a ROA would be a poor move - they should always be encouraged to drop invalids. Response: use a separate draft? Response: The aim it to document a standard best operator practice for exchanges Job: why use an extended community to tag announcements? Why is current practice not sufficient? Why do you need an RFC Response: We think it is widely applicable and merits an RFC Asimov: If you already have two methods that already achieve IX filtering, why propose a third method? Response: RPKI has a more solid foundation over IRR filtering. Asimov: Do you believe that your customers will use BGP communities for this purpose? Response: We have customers already doing this and want to standardize this Rudiger Volk: Did not produce a draft on how to use the expanded code space to describe policies as leading to a BCP on common ways to describe routing intent - far better than the old extended communities. The open community attribute does not need to await vendor support for this. i.e. anyone can get an AS code point to mark their communities. Rudiger: Which trust anchors are you using to generate your community-based marks? Response: We leave trust to the customers Doug Montgomery: Scope - all of these descriptions of actions of dropping and tagging are actions already know - what’s the purpose Response: standardized mechanisms Chairs: there is a bunch of follow-up conversations here, all of which could be on the mailing list 2) Origin Validation Policy Considerations for Dropping Invalid Routes Keyur Patel: As an implementer would you ever get a request to NOT consider the Decision Process? Maybe you should provide that flexibility in the draft Keyur Patel: How many levels should you recurse through to find the covering valid aggregate? Response: No limit specified Warren: What happens when the covering aggregate flaps? John Scudder: Question on multi-homing example - the generic observation is that we can't just easily dismiss this problem Job Snijders: There is ZERO deployment of origin validation. The observation is whether there is an incremental path towards deployment that does not cause spurious drops Randy: Don't do it at exchange points [timeout] Chairs: take this to the mailing list 3) https://tools.ietf.org/html/draft-ietf-sidrops-signed-tal-00 Rob Austein: the main purpose seems of be for unplanned key rolls - yes? Rob Austein: why 24 hours? What is the problem in making it longer? Rob Austain: We should think about unplanned key rolls Tim: We should be aware of the incremental load on Relying Parties if we make this process more convoluted 4) https://tools.ietf.org/html/draft-tbruijnzeels-sidrops-https-tal-00 really really minor change to RFC7730 ship it 5) RIPE NCC RPKI Validator 3 architecture Rob Austein: when implementing the client side of RDP and using RIPE's database on the server side I noticed different behavior - the difference between full and incremental transfer - do you have implementation experience? Tim: not sure we encountered that Tim: support of validation reconsidered: we had it in an earlier version of the code. We have not done it in this code yet. The moment we publish a certificate with a new OIDs in it then things will break. The transition is unclear and we are not clear how to approach this. 6) draft-ietf-sidrops-rp-00 no questions
- [Sidrops] SIDROPS IETF-101 meeting minutes Keyur Patel