Re: [Sidrops] ASPA verification algorithm error

Lukas Tribus <lukas@ltri.eu> Thu, 11 February 2021 00:36 UTC

Return-Path: <lukas@ltri.eu>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C22913A0C88 for <sidrops@ietfa.amsl.com>; Wed, 10 Feb 2021 16:36:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ltri.eu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id n1vaZhKkG_uj for <sidrops@ietfa.amsl.com>; Wed, 10 Feb 2021 16:36:03 -0800 (PST)
Received: from mout-p-103.mailbox.org (mout-p-103.mailbox.org [80.241.56.161]) (using TLSv1.2 with cipher ECDHE-RSA-CHACHA20-POLY1305 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CCA2D3A0C87 for <sidrops@ietf.org>; Wed, 10 Feb 2021 16:36:02 -0800 (PST)
Received: from smtp2.mailbox.org (smtp2.mailbox.org [IPv6:2001:67c:2050:105:465:1:2:0]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-103.mailbox.org (Postfix) with ESMTPS id 4Dbd342TQdzQlWg for <sidrops@ietf.org>; Thu, 11 Feb 2021 01:36:00 +0100 (CET)
X-Virus-Scanned: amavisd-new at heinlein-support.de
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ltri.eu; s=MBO0001; t=1613003758; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=+M39QDIuijAC05eyav7IA41aJb7QYVnx5a7mkIChgcI=; b=cEKVm8XrE1QYxi5K+W4V90QRUfRAZ33vSMqzSUJf5dcnTceJgiS1lZItOc+gVzjGK1eyJT Z/yg3vB5cdfAsAS7Kjdm96tnNUiq521u6pmDqne9RGRHn4oCe9DtdWoFwH7gp3z5aeU5M+ W0Lrj56gVH2g6bvr/OPU9R56+DFsIpwbF461TZtNw7tZKPJTPuUrb+dj2QTO2AIBW12zBS eaZDhdbv5tpGRO1sEBdj+RsyW/DtQY7i1yrwoi1CWDFPiRWZsafXIcZ+QGV1K4aYTRDovC GxiVsFPN5I+vFe1E7l/zJNoCH6oUaJiSPqqAmCbv1I73xKsdfRGAxlnjY/EhbQ==
Received: from smtp2.mailbox.org ([80.241.60.241]) by spamfilter02.heinlein-hosting.de (spamfilter02.heinlein-hosting.de [80.241.56.116]) (amavisd-new, port 10030) with ESMTP id e_kOaWcFPkkS for <sidrops@ietf.org>; Thu, 11 Feb 2021 01:35:56 +0100 (CET)
Received: by mail-il1-f177.google.com with SMTP id o7so3667033ils.2 for <sidrops@ietf.org>; Wed, 10 Feb 2021 16:35:56 -0800 (PST)
X-Gm-Message-State: AOAM532hauzsx5Qv/H5a4lwrv1a5q9r7XJlSTNcZuWjFFT8LL03udD/C 5v9L0KXHiDDAj9XDxs7fb+ss9s1H6FAqXM8pME4=
X-Google-Smtp-Source: ABdhPJydvRI0GyRrnHSMBwAmyUgcsyuDlWWDfW0+sXelA/QOtvYuxvZgEg/lz/N1qCY6bN6DgjyYp1ODFOoenaUp3aY=
X-Received: by 2002:a92:d250:: with SMTP id v16mr3620925ilg.236.1613003754753; Wed, 10 Feb 2021 16:35:54 -0800 (PST)
MIME-Version: 1.0
References: <BYAPR11MB320714401DE9AFBF5D24C832C0A09@BYAPR11MB3207.namprd11.prod.outlook.com>
In-Reply-To: <BYAPR11MB320714401DE9AFBF5D24C832C0A09@BYAPR11MB3207.namprd11.prod.outlook.com>
From: Lukas Tribus <lukas@ltri.eu>
Date: Thu, 11 Feb 2021 01:35:43 +0100
X-Gmail-Original-Message-ID: <CACC_My906OxmEphW=DOrGhwSagZKf--hd5oLR9uF=24kuA24ag@mail.gmail.com>
Message-ID: <CACC_My906OxmEphW=DOrGhwSagZKf--hd5oLR9uF=24kuA24ag@mail.gmail.com>
To: "Jakob Heitz (jheitz)" <jheitz=40cisco.com@dmarc.ietf.org>
Cc: "sidrops@ietf.org" <sidrops@ietf.org>
Content-Type: text/plain; charset="UTF-8"
X-MBO-SPAM-Probability: *
X-Rspamd-Score: 0.54 / 15.00 / 15.00
X-Rspamd-Queue-Id: 1DC3117BE
X-Rspamd-UID: 4915da
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/OVwwCgsYFb1gnBQ8REe1T2KZ0jM>
Subject: Re: [Sidrops] ASPA verification algorithm error
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Feb 2021 00:36:05 -0000

On Fri, 22 Jan 2021 at 07:21, Jakob Heitz (jheitz)
<jheitz=40cisco.com@dmarc.ietf.org> wrote:
>
> Consider the as-path (1 2 3 4), where
>
> 1 attests that 2 is its provider
>
> 4 attests that 3 is its provider
>
> 2 and 3 make no attestations.
>
> Then the path is valid.
>
> The algorithm in https://tools.ietf.org/html/draft-ietf-sidrops-aspa-verification-06
>
> would incorrectly return "unknown"

I assume 2 is not a provider for 3 (but a peer)? Wouldn't section 5.2.
"Downstream Paths" make this "valid" then?

Are they "special" non-peers? Then "7.  Mutual Transit (Complex
Relations)" would apply (in that case, without attestation "unkown"
would be expected and a positive attestation required for a "valid"
result) - which I believe is what we want.


I think in this case it would be helpful to include the actual
relationship between the AS you have on your mind, not only the ASPA
attestations.



Lukas