IETF Logo Mail Archive

Re: [Sidrops] Which 8210-bis error code should be used?

Tim Bruijnzeels <tim@nlnetlabs.nl> Wed, 24 May 2023 13:26 UTC

Return-Path: <tim@nlnetlabs.nl>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AC43BC14068D for <sidrops@ietfa.amsl.com>; Wed, 24 May 2023 06:26:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nlnetlabs.nl
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4hKcofmIeMSh for <sidrops@ietfa.amsl.com>; Wed, 24 May 2023 06:26:10 -0700 (PDT)
Received: from dane.soverin.net (dane.soverin.net [185.233.34.149]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2BB18C152575 for <sidrops@ietf.org>; Wed, 24 May 2023 06:26:10 -0700 (PDT)
Received: from smtp.soverin.net (c04smtp-lb01.int.sover.in [10.10.4.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by dane.soverin.net (Postfix) with ESMTPS id 4QRBlg5Cy2zyV5; Wed, 24 May 2023 13:26:07 +0000 (UTC)
Received: from smtp.soverin.net (smtp.soverin.net [10.10.4.100]) by soverin.net (Postfix) with ESMTPSA id 4QRBlf72qqzJ5; Wed, 24 May 2023 13:26:06 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=nlnetlabs.nl; s=soverin; t=1684934767; bh=KVFfzdhc+uBuSDQuG75V8kfOgApFfrYJXU1dkmKhNTw=; h=Subject:From:In-Reply-To:Date:Cc:References:To:From; b=iJMtlRyRaEca6N6Xdwu7q8E7jcGpKDi2gtpwwjgNwdEye7m4DlnEwutCxZcNy6oEA fpLGruPnPler9SAyks2TKbrOmV3tUAWtnf7MNVvuGbRK3J8F3JiCvNyqhigJV8gNx0 LQ1LtLJriRY77dIEokNtcDsCJbQczYmK1r7xlivLV8grY27/yLVuX/n5heW7lPgkCD DXtLXWb/khV20AFqqHGA7Fe05xWIGJMcMGVFM15ndXWG+uoX3i451ZMt/bltgsFTu1 PN+LJ6+xbF4YRCbXChPI24UoGk8GIy0UIAJo71l4GEoqIX81SydEcepqNpeH00nfpS tptx8Q2Zl10Nw==
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.400.51.1.1\))
X-Soverin-Authenticated: true
From: Tim Bruijnzeels <tim@nlnetlabs.nl>
In-Reply-To: <20230524152102.5fdfd8f0@glaurung.nlnetlabs.nl>
Date: Wed, 24 May 2023 15:25:43 +0200
Cc: Randy Bush <randy@psg.com>, Job Snijders <job@fastly.com>, SIDR Operations WG <sidrops@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <A40A6EDF-7DF6-4085-9274-CB76122DB1D9@nlnetlabs.nl>
References: <SA1PR09MB8142523FA03AC4EA6E0E014E847C9@SA1PR09MB8142.namprd09.prod.outlook.com> <SA1PR09MB814235BE0566A5C6935CF5B184439@SA1PR09MB8142.namprd09.prod.outlook.com> <SA1PR09MB814231707524646D651B69B884439@SA1PR09MB8142.namprd09.prod.outlook.com> <ZGs5bFRjPLnyL2Jd@diehard.n-r-g.com> <25708.55138.924074.242182@hrabosky.cbbtier3.att.net> <ZG2Vobyxl/gPEfCU@diehard.n-r-g.com> <20230524100558.452d4caf@smaug.local.partim.org> <ZG3bN1p4EzSn4XIS@diehard.n-r-g.com> <CAMFGGcDCpQDYNbYKLEp+iT4rx_FNLoWkdNmET8tH1JdQpgi5XQ@mail.gmail.com> <m2v8ghzypr.wl-randy@psg.com> <20230524152102.5fdfd8f0@glaurung.nlnetlabs.nl>
To: Martin Hoffmann <martin@nlnetlabs.nl>
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/QGBfcshcJ789wXZhmeLOTPXBlkk>
Subject: Re: [Sidrops] Which 8210-bis error code should be used?
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 May 2023 13:26:14 -0000

Hi (again)

Sorry, I tripped over the send button ;)

> On 24 May 2023, at 15:21, Martin Hoffmann <martin@nlnetlabs.nl> wrote:
> 
> Randy Bush wrote:
>> perhaps we are responsible for taking a slightly longer term view.
>> 
>> today, ipv6 routing is simply not congruent with ipv4.  we might wish
>> it, but reality bites.
> 
> The question is whether the benefit of allowing to express the
> difference outweighs its cost, i.e., whether there is an realistic risk
> that someone accidentally announces a prefix along a path that wasn’t
> meant for this prefix’ address family and, if so, whether that is
> worthwhile catching. (I’m assuming hijacking isn’t possible here, which
> may be wrong.)

This is pretty much what I was going to write.

I understand that there are differences. But, is it a big enough problem if a provider that is only used for one AFI, is also authorised for the other? Enough so to warrant the complexity in the profile and validation?

I do not have a huge stake in this. I am happy enough to keep the limit if that's the consensus. I am also happy enough to remove the limit from my CA implementation if that is the outcome.

Tim



> 
>  -- Martin
> 
> _______________________________________________
> Sidrops mailing list
> Sidrops@ietf.org
> https://www.ietf.org/mailman/listinfo/sidrops

v2.23.0 | Report a Bug | By Email