IETF Logo Mail Archive

Re: [Sidrops] [WGLC] draft-ietf-sidrops-roa-considerations-01 - Ends 28/November/2022

Randy Bush <randy@psg.com> Mon, 28 November 2022 18:23 UTC

Return-Path: <randy@psg.com>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 38EBBC1526E5 for <sidrops@ietfa.amsl.com>; Mon, 28 Nov 2022 10:23:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jUL6BmlFQhO3 for <sidrops@ietfa.amsl.com>; Mon, 28 Nov 2022 10:23:09 -0800 (PST)
Received: from ran.psg.com (ran.psg.com [IPv6:2001:418:8006::18]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AA482C1526E3 for <sidrops@ietf.org>; Mon, 28 Nov 2022 10:23:09 -0800 (PST)
Received: from localhost ([127.0.0.1] helo=ryuu.rg.net) by ran.psg.com with esmtp (Exim 4.93) (envelope-from <randy@psg.com>) id 1ozimH-000aVs-5m; Mon, 28 Nov 2022 18:22:49 +0000
Date: Mon, 28 Nov 2022 10:22:48 -0800
Message-ID: <m2ilizx7k7.wl-randy@psg.com>
From: Randy Bush <randy@psg.com>
To: Tim Bruijnzeels <tim@nlnetlabs.nl>
Cc: YAN Zhiwei <yanzhiwei@cnnic.cn>, keyur <keyur@arrcus.com>, sidrops <sidrops@ietf.org>
In-Reply-To: <C44222D9-EC29-4095-83AD-BE1D20B5B942@nlnetlabs.nl>
References: <BYAPR18MB2696749EEBAA3B56FA83254EC1029@BYAPR18MB2696.namprd18.prod.outlook.com> <D10DA468-01D2-494C-A05E-4DF9B0730157@nlnetlabs.nl> <2022111614535870108414@cnnic.cn> <3ED0BB02-9F4A-47ED-B765-F438953BC85E@nlnetlabs.nl> <202211181003067811763@cnnic.cn> <C44222D9-EC29-4095-83AD-BE1D20B5B942@nlnetlabs.nl>
User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/26.3 Mule/6.0 (HANACHIRUSATO)
MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue")
Content-Type: text/plain; charset="US-ASCII"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/O2flEmR-QgXL9AehgbbDNE_aZMk>
Subject: Re: [Sidrops] [WGLC] draft-ietf-sidrops-roa-considerations-01 - Ends 28/November/2022
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Nov 2022 18:23:14 -0000

>    Using multiple ROA objects with single IP prefix also allows a CA to
>    affect routing over time based on certificate expiry.  For example, a
>    prefix could be allowed to be originated from an AS only for a
>    specific period of time, such as some IP prefix was leased out
>    temporarily.
> 
> I don't think this describes a problem.

An operator with multiple prefixes may have complex contracts with
multiple upstream providers with varying time windows in which those
prefixes should be allowed to originate from each of those upstreams.

you may want to untersify that :)

randy

v2.46.0 | Report a Bug | By Email | System Status