Re: [Sidrops] request for feedback draft-spaghetti-sidrops-rpki-asgroup-00
Job Snijders <job@fastly.com> Wed, 16 November 2022 13:19 UTC
Return-Path: <job@fastly.com>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 56277C14CE59 for <sidrops@ietfa.amsl.com>; Wed, 16 Nov 2022 05:19:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.096
X-Spam-Level:
X-Spam-Status: No, score=-7.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=fastly.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pJKPdES_rOEQ for <sidrops@ietfa.amsl.com>; Wed, 16 Nov 2022 05:19:06 -0800 (PST)
Received: from mail-ej1-x62b.google.com (mail-ej1-x62b.google.com [IPv6:2a00:1450:4864:20::62b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 097B2C14CE5E for <sidrops@ietf.org>; Wed, 16 Nov 2022 05:18:10 -0800 (PST)
Received: by mail-ej1-x62b.google.com with SMTP id ud5so44048232ejc.4 for <sidrops@ietf.org>; Wed, 16 Nov 2022 05:18:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastly.com; s=google; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=1hoWq6SRYLiwovtrvZCsCts+DOCmIW1s4rcBrnqYFi8=; b=PdT6lwT+PGWiLEcSTCT1C1oPOvBebcpScP51N8njYuZrCz1MVUeSRX22JNtghnIEyQ ChY1vMlR2bgjomuJk8ukDIg4AZN4V5kDtMLsx3UI6dL/lnYMQ4hpOO2FO+N3XBIX5KNP 2vFDm8Iclpw48keZuJr+R0Gbs1mZa3h51Lp3I=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=1hoWq6SRYLiwovtrvZCsCts+DOCmIW1s4rcBrnqYFi8=; b=3spnc8fBTQ8KWXI+AluXaDk/rg04bBgE5+mx54+U+RpmqVGIbEKTW+bIhK5NihSQ0/ T0shHpmqnR3hS1lOrVe7qVnl1voe2UB7Ky/rtfUnv38CW/4V1xBPSAgT4BB6d2zBbIx+ 6fV3l0w63gzCwW5pkEuEeEmnB+8jPjCY7ahGksBr6KUdtiotbbtg8BC2B/Dl3EvmVFLT QZiRA0jIpS7ou/V8jzMb1yV9uCchw8HTYSTg3xeKKkK2g0Uy+/OlKQM+7Q2aI+hpwXMF oMnrjKLd0g9vLmv1NnKsyveoQSRsXcQ+r87sM6AVE+RlCIBhWTnrlubBmhwEaeitMJA8 SDeQ==
X-Gm-Message-State: ANoB5pkOCpMYaeMdUiQczVJsudRtenCH6rhfc0lBD1ZwyqkLe183gtri aKIxk5DSd2hNa1TO6y/Bt4exVw==
X-Google-Smtp-Source: AA0mqf47mxP5ydpVve509xCwJtn2tPc70yk9RrzeDe9ryv4QO/obirY5+ziPylPJ7pVU601iWnN7BA==
X-Received: by 2002:a17:906:468b:b0:7a8:dddc:7ec6 with SMTP id a11-20020a170906468b00b007a8dddc7ec6mr17584677ejr.734.1668604688991; Wed, 16 Nov 2022 05:18:08 -0800 (PST)
Received: from snel ([2a10:3781:276:1:16f6:d8ff:fe47:2eb7]) by smtp.gmail.com with ESMTPSA id fd4-20020a1709072a0400b0078d3a075525sm6860664ejc.56.2022.11.16.05.18.08 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 16 Nov 2022 05:18:08 -0800 (PST)
Date: Wed, 16 Nov 2022 14:18:06 +0100
From: Job Snijders <job@fastly.com>
To: Ties de Kock <tdekock@ripe.net>
Cc: sidrops@ietf.org
Message-ID: <Y3TjDnCft7DuanWl@snel>
References: <Y3TbE1fEuZd62Fh2@snel> <36FFD745-C838-4853-B96C-75481E4D1952@ripe.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <36FFD745-C838-4853-B96C-75481E4D1952@ripe.net>
X-Clacks-Overhead: GNU Terry Pratchett
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/ONK-G4UnrJ30GdY-OVWS_JOErsc>
Subject: Re: [Sidrops] request for feedback draft-spaghetti-sidrops-rpki-asgroup-00
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Nov 2022 13:19:10 -0000
On Wed, Nov 16, 2022 at 01:56:35PM +0100, Ties de Kock wrote: > > We put together a proposal to port the IRR 'as-set' class object > > functionality to the RPKI framework; leveraging authorization > > through validating a chain of AS Identifier extensions; resolve > > object naming collisions; and additionally provide an opt-out > > mechanism. We imagine the UI for operators could be very similar to > > IRR AS-SET edit forms. > > Interesting to describe this in the RPKI. > > Do you know a good/authoritative description of the data model of > AS-SETs in the IRR? That would help me in evaluating this draft. I can share a bit of history: RIPE-081 (february 1993) introduced the concept of "Representing IP Routing Policies in the RIPE Database" (but lacked AS-SETs!) https://www.ripe.net/publications/docs/ripe-081/pdf Then came RIPE-181 (RFC 1786) which in section 7 introduced the concept of "AS Macros" - a grouping of ASNs. I suspect that after a few months of RIPE-81 deployment experience, it became clear some kind of short-hand notation was needed, because copy+pasting long lists of ASNs in all locations probably was tedious labor :-) https://www.ripe.net/publications/docs/ripe-181/pdf https://www.rfc-editor.org/rfc/rfc1786.html#section-7 Then in 1998, through RFC 2280 Section 5.2 the concept of 'AS Macros' was renamed to "AS-SETs": https://www.rfc-editor.org/rfc/rfc2280#section-5.2 Nowdays AS-SETs still are in via tools like bgpq3/bgpq4, irrtoolset, irrpt, arouteserver, or ixpmanager. An example invocation of bgpq4 is: $ bgpq4 -l listing -f1 -j AS15562:AS-SNIJDERS {"listing": [ 112,234,267,8952,12654,15562,31451,39765, 41731,41996,43997,44854,48603,51861,57436,57782, 60003,60927,61438,199036,202314,202539,205591,205593, 205956,206479,206499,206551,208241,210089,212121 ]} An AS-SET contains AS numbers, or references to other AS-SETs. The purpose and application of a given AS-SET is beholden to an agreement between the publisher AS-SET and the consumer of the AS-SET. > One nit, section 5, step 5:It would be clearer to me to use language > here that the extension MUST NOT be present in the EE certificate (the > inverse of 5.4). Thanks, pull-requests welcome - https://github.com/job/draft-sidrops-asgroups/commit/cff3de6942ba77229de4406f31367fd944a7e55f Kind regards, Job
- [Sidrops] request for feedback draft-spaghetti-si… Job Snijders
- Re: [Sidrops] request for feedback draft-spaghett… Ties de Kock
- Re: [Sidrops] request for feedback draft-spaghett… Job Snijders
- Re: [Sidrops] request for feedback draft-spaghett… Russ Housley
- Re: [Sidrops] request for feedback draft-spaghett… Job Snijders