Re: [Sidrops] Alvaro Retana's No Objection on draft-ietf-sidrops-rpkimaxlen-12: (with COMMENT)
Alvaro Retana <aretana.ietf@gmail.com> Wed, 10 August 2022 16:07 UTC
Return-Path: <aretana.ietf@gmail.com>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1CEC0C13CCD2; Wed, 10 Aug 2022 09:07:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.108
X-Spam-Level:
X-Spam-Status: No, score=-2.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HeqK9BUD_cTj; Wed, 10 Aug 2022 09:06:56 -0700 (PDT)
Received: from mail-lf1-x12f.google.com (mail-lf1-x12f.google.com [IPv6:2a00:1450:4864:20::12f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 85D58C15C53B; Wed, 10 Aug 2022 09:06:56 -0700 (PDT)
Received: by mail-lf1-x12f.google.com with SMTP id c17so21881385lfb.3; Wed, 10 Aug 2022 09:06:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:cc:to:subject:message-id:date :mime-version:references:in-reply-to:from:from:to:cc; bh=911dBp/wW5KvN82S7VR0n5rfz8AO2LF3tBOwuDAJ6ds=; b=H2qAQPLqzZ8Qjd2tWdaxAThid9TLidrNsealN4HPfB4RjHif88pkACGkv+mzAwe1fJ dgFURghsL7Gubo/JXMH0f2AoEpRjQI0FbqpcjSwqF8vFUwmByMm+UwjlI3VRv/6K1V9U 0gokz7oyDohuUgrXw+Cr+a1BTs7NvNIjgR0lmAdTNhlYWP5m1/jMzHyr4PZDoxCGIWM7 F4o/glfYcriVPRqkQ5EpskYwIUZ0s8Cz/Q/yUNY1hLS3NoQ3c8+I4epeNnvbVJkEvvc9 cShFzZMNUtshKpaLudywzEmgCQroTRoGSJCzVlLOHYZZMLaPTieWLi1wbZHPxPIZ6O4W iOvQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:cc:to:subject:message-id:date :mime-version:references:in-reply-to:from:x-gm-message-state:from:to :cc; bh=911dBp/wW5KvN82S7VR0n5rfz8AO2LF3tBOwuDAJ6ds=; b=2GT2qawKQH6PrajrfUK6f5FUYP0oKmK8izNtAjXDMtTzDwOd6rC7brdgHKjuUbTNls lfHLd0ad9y21/JEJU8wtPmBUJgYQG25jLq2H0jR6BkgBs2DrreevF7UuW6dAb+iLC977 FnwtOholmEEn8mCRjspjt4/LhxSGUFEvKEnb6nJUctNgJ0gaWpsBE1WqCk3t5vNc0+48 gec4gi/27Ms8HrB7R1LDfDFFJg2oR8wT4L2ruoV7MJnFInSU4GeYyXRwn6hJHdApm5vB qXTqmAyWr+dR4yR3T7xM/bj9LjR4714xQKxDcOCJ5exsuF3dVjCOlrbIpr5dr11z0cTW ng+Q==
X-Gm-Message-State: ACgBeo0Dw8Z6RhCmzr+Utz9Eh4+v9qd8txfRgdDfCpO6CBerGA6sh6k+ SQLoJCIeQwRbmj4hQiHrCSRB+r7dlcpzYC/H+2k=
X-Google-Smtp-Source: AA6agR7XIsSlr3oxyzI5zH2pIq4+/nv9E8Xrb7YfROhNfa2k6DOpJgd+dwqqxgwnGDPOR4V75d2ovtSAXKUpnl7AhYM=
X-Received: by 2002:a05:6512:b01:b0:48b:a065:2a8b with SMTP id w1-20020a0565120b0100b0048ba0652a8bmr6362757lfu.401.1660147614214; Wed, 10 Aug 2022 09:06:54 -0700 (PDT)
Received: from 1058052472880 named unknown by gmailapi.google.com with HTTPREST; Wed, 10 Aug 2022 09:06:53 -0700
From: Alvaro Retana <aretana.ietf@gmail.com>
In-Reply-To: <SA1PR09MB8142AE728E5AAF70FCF1FD0984659@SA1PR09MB8142.namprd09.prod.outlook.com>
References: <SA1PR09MB8142AE728E5AAF70FCF1FD0984659@SA1PR09MB8142.namprd09.prod.outlook.com>
MIME-Version: 1.0
Date: Wed, 10 Aug 2022 09:06:53 -0700
Message-ID: <CAMMESszgOxm2vjnQm56AtC-sJ5v=vJZZiZKWAPZcCmvGYzrgfQ@mail.gmail.com>
To: Ben Maddison <benm@workonline.africa>, "Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov>
Cc: "sidrops-chairs@ietf.org" <sidrops-chairs@ietf.org>, "morrowc@ops-netman.net" <morrowc@ops-netman.net>, "sidrops@ietf.org" <sidrops@ietf.org>, The IESG <iesg@ietf.org>, "draft-ietf-sidrops-rpkimaxlen@ietf.org" <draft-ietf-sidrops-rpkimaxlen@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/QFL7iQJj6Q8xIdSCsPGeWyBnP48>
Subject: Re: [Sidrops] Alvaro Retana's No Objection on draft-ietf-sidrops-rpkimaxlen-12: (with COMMENT)
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Aug 2022 16:07:01 -0000
On August 10, 2022 at 9:37:13 AM, Sriram, Kotikalapudi wrote: Sriram: Hi! > You suggested: > > In particular, operators with short prefixes and many advertisements of > > both IPv4 and IPv6 may have a harder time keeping up with changes. I would > > love to see some text around the challenges that applying the > > recommendations at scale may bring, which may also "result in a self- > > inflicted denial of service" (to use the description in §7). > > The text that is already in the draft and addresses the challenges (exception > cases where the maxlength recommendation need not be heeded) is as follows: > > In general, except in some special cases, operators SHOULD avoid > using the maxLength attribute in their ROAs, since its inclusion will > usually make the ROA non-minimal. > > One such exception may be when all more specific prefixes permitted > by the maxLength are actually announced by the AS in the ROA. > Another exception is where: (a) the maxLength is substantially larger > compared to the specified prefix length in the ROA, and (b) a large > number of more specific prefixes in that range are announced by the > AS in the ROA. > > This recognizes both IPv4 and IPv6 cases when the operator may decide to use > maxLength rather than enumerate a large number of sub-prefixes in the ROA. > Let us know if you feel the above text is not adequate. Yes, that text is helpful. I like Ben's proposal too as it directly addresses the complexity. > Ben and Alvaro: > > Elsewhere in the doc, I feel that saying "Failure to do so could, in the > worst case, result in a self-inflicted denial of service." is not helpful or > necessary. It can be deleted. The operator can make many different kinds of > mistakes (e.g., a single typo) with ROAs that can cause self-inflicted denial > of service. True, other mistakes are possible, but I think it's good to explicitly point at the ones that may happen because of the procedures recommended in the document. IOW, it's always good to point at the possible risk. Thanks! Alvaro.
- [Sidrops] Alvaro Retana's No Objection on draft-i… Alvaro Retana via Datatracker
- Re: [Sidrops] Alvaro Retana's No Objection on dra… Randy Bush
- Re: [Sidrops] Alvaro Retana's No Objection on dra… Ben Maddison
- Re: [Sidrops] Alvaro Retana's No Objection on dra… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] Alvaro Retana's No Objection on dra… Alvaro Retana
- Re: [Sidrops] Alvaro Retana's No Objection on dra… Alvaro Retana
- Re: [Sidrops] Alvaro Retana's No Objection on dra… Ben Maddison
- Re: [Sidrops] Alvaro Retana's No Objection on dra… Ben Maddison