[Sidrops] Re: WG Adoption call for draft-sriram-sidrops-spl-verification - ENDS 06/03/2024 (June 3 2024)

"Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov> Mon, 03 June 2024 21:01 UTC

Return-Path: <kotikalapudi.sriram@nist.gov>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 001F6C1CAF4A for <sidrops@ietfa.amsl.com>; Mon, 3 Jun 2024 14:01:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.101
X-Spam-Level:
X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FROM_GOV_DKIM_AU=-0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nist.gov
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Gz1QXdFL8-i8 for <sidrops@ietfa.amsl.com>; Mon, 3 Jun 2024 14:01:29 -0700 (PDT)
Received: from GCC02-DM3-obe.outbound.protection.outlook.com (mail-dm3gcc02on2041.outbound.protection.outlook.com [40.107.91.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1AEFEC169426 for <sidrops@ietf.org>; Mon, 3 Jun 2024 14:01:28 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=hGmJbb4cQFBibkjfq99AUIa+9uY5/hBlnkyXlUZ7bRasFfvE0JK44k2DTIdG+MLS3xNsDk8IiXozk8+Xdzt5bcoD8S45NIppNRq15yKpmHNP/lIBQWSB8QeHL+OZUVRys4+XVYAZowKTBsaNTDpRW7pRQIf0fwkCfJ7+9LrRj/LZTCUdKMWaGThknI8JUHFFnUXUMuERRguzytVAk/ydzfzqv932Q6eBvgXT+vaho5ndl07PSYVMEFr5361daUemPpOGICs4KMcdNI+hHeQRrfh/I+Y+nZrxOSZtMwWqioWLbFEAfk4mEDJiooKbAXXrWR+O/ePkehsbcvkyBxRZDA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=+GIOt1SpVRxWylo4oEdQbPwUcOxcLePEzNCkQwJUDus=; b=Ng6bPmVcKOMTUT7dbGbVnl8oQ0AZ4zrt8f2+zsE4B9pLdwrWYo4y6Q8mLQFdmz416UIm/0wXCN6CQVhpouvNb04MOM73G7VV7JV4Pfv+eF0STmCKHCKkxYQ/8QSHDSJYGAneAFu/8aWjGfTsQqNJvpekUPENUoH1ESqT0CDqJ2dQtBX0BP1BRgZLDScS8qlDp6npGt0BmniwrqYxY8FND4KxnNLKmSfQF0KCHrB+XnKpsRZeC9PEO1PdWsxirzXZZUtfTZlfFCG0baMnQIQXjNYIcNjgICQn3ESxvsm/2zTF4hPXvCRuOEd5l21hmWTJhZ4vzu2AZX6t52UFEHBchw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nist.gov; dmarc=pass action=none header.from=nist.gov; dkim=pass header.d=nist.gov; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nist.gov; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+GIOt1SpVRxWylo4oEdQbPwUcOxcLePEzNCkQwJUDus=; b=XoRDvYoDtg3iFGAkUq1hZjtU9q8q7+nh8tCiMDAHDWZ1zguK50SZV+ZKN2V84IVS3Ta4b2VYYkW5YRTGE5BAOLTLspHgjvDx5pWAOXY45JkafgGhDq5UFnR8e0/pycFb4KY7GT06KmggLcT8NPl0x/0td7ddRQ3Ibvmn5rjMzG8QyoG1GxdeCszTWm0CbKb1mQq5qwiFhzNeUIiJZWjZo2p4cP8ZFljzlTeWgsjEf/Hkj4vNfWkxsn7AYXmsSpJQFjuFCNhTx5NYurEM7qFy1IgrBUxx5jvSF3qZro2MAz5crolvSg3ApMfqwHBZ03G8cOzzICGiXgAcIB6vd00JSQ==
Received: from SA1PR09MB8142.namprd09.prod.outlook.com (2603:10b6:806:171::8) by SJ0PR09MB11780.namprd09.prod.outlook.com (2603:10b6:a03:50b::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7633.24; Mon, 3 Jun 2024 21:01:24 +0000
Received: from SA1PR09MB8142.namprd09.prod.outlook.com ([fe80::504f:d20c:9137:39a7]) by SA1PR09MB8142.namprd09.prod.outlook.com ([fe80::504f:d20c:9137:39a7%5]) with mapi id 15.20.7633.021; Mon, 3 Jun 2024 21:01:23 +0000
From: "Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov>
To: Yangyang Wang <wangyy@cernet.edu.cn>
Thread-Topic: [Sidrops] Re: WG Adoption call for draft-sriram-sidrops-spl-verification - ENDS 06/03/2024 (June 3 2024)
Thread-Index: AQLG+jzC7OJp8Df/zsBQSO+/g1JoS6/du+aAgAAvkVA=
Date: Mon, 03 Jun 2024 21:01:23 +0000
Message-ID: <SA1PR09MB814239FF92FA8793F06F953684FF2@SA1PR09MB8142.namprd09.prod.outlook.com>
References: <D20B81DD-3BAB-41F2-A1B5-5EE9553820E7@arrcus.com> <006e01dab5d8$4f3ef3a0$edbcdae0$@cernet.edu.cn>
In-Reply-To: <006e01dab5d8$4f3ef3a0$edbcdae0$@cernet.edu.cn>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nist.gov;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: SA1PR09MB8142:EE_|SJ0PR09MB11780:EE_
x-ms-office365-filtering-correlation-id: 8b8d8592-aa1a-463a-ecb9-08dc841053aa
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230031|1800799015|366007|38070700009;
x-microsoft-antispam-message-info: Vid4Vj6YpshGY616xXIqd8vtiEzfoXSPY69f6bN2ho6esWE0gtZCB81txNw+Yv/cDVOsVKO285jsuylHlpoN46bgmsZ7DfL+Oyhk0NMsQbbVMGTHSQMwLm9LJ2W6+8F+lwC7BBDThupHV+SOdBLQvJkGvqggCCMGpT89u59dZmWGw8tKGIHb6ZA17jcZJceydSUJNe5z/jOrZ+av9D67JdIdNU4JcNGPtTYvmVu18xxoyW1Pa77qHGUbnzM3x5+iNbcfMYsdc2DIABIS2cLMaiNAPzCNReEEQDC/m4+3mokB8UZWbE/hjBtu5noEC7YhMMjw9tKQPW3MEXzbAaWTNqmLytvowyYu0DtQgoi8KSDKXVqgNnKT3z7myar3SjZlXYt9wkhXNMe6cy6V3QqwFMvUlZ9JPm2NLtgyYZr7zeD38fzqZpRTJnXMU8ruQRolWO9MglAIjKDu2eVipPGfAcgtFPfQnHMW6ZFJMQRB7WgARHXezTcItPnQrlPnHpn915ruL+T6mDcdHfjVNmea3cF5oWczYhbj//W7u1PL/BQ46GfynrkCH1s5xitunmx9bjiEAXZ0+iOP2nl2ptMLrALq1GmeepUPkiJXmg8cIaYei0OP+nwLIg/QF2cCH5Cadtiv60ifZj/oZb2KPqX5+vLfaW1GSvLq3t0FMeYH0LGni1IwoOfT7QWOu/S9kUko8euQjNF7AMP+wpQ4Zbgs56JOto4Zf6YCA4eEmXI9oO3LnRqovqzi3rpC49c/kkjB/T3RCEWX02Bj7YaYv5UwRgTVbo8BYFyYWhFWrxM46ZfFOrM17Af0/Qt0mnXD4GF3dtbwIzpcZjC0jxQs5s8sPSQwWu/9RTudx343Zm4zfhPXaq3+S1smxtPrxdGVfuQlNGvBcbVnMb9uSyAToHihtV+4G4PNrPCF9OSGi27YbwC8IobD6CjHAeeBWcIl0tKHfxS8QYTR8cd30Jp/nw/ME2/M9k8ZglCTQynqlqBHTkw6mXSvOG/aQn97lgW35/iblMAAq6aAUgg6oVlQ77vM7yap/ues13Glzqhv7JtS6ZUw5B4svxsPDzTM0GjHV/DnqbNe9vC+2qcVq9/LkyhNmzBIU54DjqtEcOmC/b0+LjRhWaPQ5PiLgu5yrq72SXkawXfU0/Ml030bi9OjzyJDPc+wn25AmCLEq+4gCmNDPya63xMRb1Dg3lPk1UZlWsCXw6bRhy0KwLax0PDPVK6cfpDnMUVTaCd4UJxg5BzIBpapup7Cot+YSuCvYionxkzrPZdhfwdJP/Uh7TLlcvrIYZzxqJw/fPegRmtEfJtnwYCmam0CNRyuZJP9QC0MH1yfIA6sPfhj98QA/OC08kS6pw==
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SA1PR09MB8142.namprd09.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230031)(1800799015)(366007)(38070700009);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: Qxd9Z2A/uKLspXiKMMa3KQ4S7XFs9epUyqZ4Td8PVTJ495eqY/Cd+lWSG18uda6NSiotvu6AvvxvQymSoWog6JvO7nM0LgMdyBMZfg/O97/x+N4DSUx0U17gMuxRIsZ4kJGQ9buoEEmQU8zL+I0etAv1AZSMYjUdPPBPUb0i8ohMjwUnuLLNgmlLoIB/S0QK9wG8gzXG3QgUSi9pCpu3pJMGTD6G1norKhiZFFTJ/OP36Sjd/eoRuWYFVMA9bR//imWdOOeEzJ0FsUEkUA5LnWuYzCOswutNJ3FVDT8e/IJBclvqv8zg0gx6URZkZdU8uHlKmdZQc7KZBwF+e5Z6fwm5xthvxkzi1HbN5hIOc1bwXT3faxkAOktrRPg8ch7LuCFiEfXsm3yapQk6lFUOibatlT7HZWLTontYG8RDPt0d8ix4JRfhR8euH7qSacGq/pnem72iMqOj2bBja7qQzshCrAZZxTurZfV5eUjRSCqSrd20MMKs9vteNsoUCOTmJCRNMW10ei6KTbZRYtVQGykXosV/vy3MHtJWyBP8NbOyRHRhWDbvnzKqokLfuR57sVWliDg2Ez3A2qjCKS04ZO3u+YAngyt69qe3K8K5QUaytGB/69l6EVVi8S5qY/NN1xhzJrU2cFm6e1yzMKNhPBHfR7PB3ks0FT16xAvw6g2cqJaTk7pXpd9u1C3IMN17uX3MEi3DFJgORYfjGKfVLzwO4sTtToaBLDPD9UdTc5O1gcDfPvaAdQAS0n4lNvmmeQJ2XN92sGlmqDcWJcK4tDRpcZim5bXrcVP1T1PSEZb5xaiWeo4LNfM951yZxW9XqqSj8j465PxO8KL0FOucGREr19Q6lqUnxu0RG5hFMdXix+yAwbOoqT9YLPk+Sd5U1Nbyl2scUebP1/LNblbdPgR8UHsbc4XzxxFpYHpCJPZVWcouyHUeu3adZzp57HkkQGeDekPMHp63/UcBdxbEci8oJILWjbtHOoc1G47SJueu+k6nt6bFOmESzBINqyg/VY2tbbB5oI56P9rHD9fjFOQzLKrVTSkwTUB9I2uXuBoiNlo/2zPhNvIvG/JDakgXCoF9PwtVagDMN46eeKhM4yz0B6/c7bfCDChCP502A7mU4wv7+oASXg0b7fMZaS3e4ZjLzynXbo9To1+EYdfsPFr4tflZtrCJMuSCkqMff3S1oUHH/RvNfvbzi0a0KMkohEq2qHsNtpK5gxhcWqXCDfTwFhDSpHyED4P6OH0K71ioBFdxF65VJLBe8II8d3kDBE5Q1KYD2VNshiCaVZ4H4c9+V2nkAiRfK+x33z0v63EF68H1UsxPDD/fWb7XjfnPy89gtQBDf6VAi/m5HTmFpoyLRlVQSAnbbXv/01TgBpYGN4feJon3RXLaLCQyw2H2A+EEgYBkSgZa0daloEFa6uyZP3pqqp/nEXhT1kwiH2OorqqbO07CkJ7/MeuVUpHHk9QLDnrdRhsUNcl/R51W3etoU4rZEfooWi/omVuucQPHf5uCVfiTGfP3pSol+Kyyejx+31pOtVsZWo+hJk5NpxJUbh5qV/487vG7UZYnv3I=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SA1PR09MB8142.namprd09.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 8b8d8592-aa1a-463a-ecb9-08dc841053aa
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Jun 2024 21:01:23.7448 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ0PR09MB11780
Message-ID-Hash: I2YGX5EV7RZSOXODPI5QVQTT6OEE3A47
X-Message-ID-Hash: I2YGX5EV7RZSOXODPI5QVQTT6OEE3A47
X-MailFrom: kotikalapudi.sriram@nist.gov
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-sidrops.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "sidrops@ietf.org" <sidrops@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [Sidrops] Re: WG Adoption call for draft-sriram-sidrops-spl-verification - ENDS 06/03/2024 (June 3 2024)
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/avGXpDGpzkHK0GaSRabwuXo0w_Y>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Owner: <mailto:sidrops-owner@ietf.org>
List-Post: <mailto:sidrops@ietf.org>
List-Subscribe: <mailto:sidrops-join@ietf.org>
List-Unsubscribe: <mailto:sidrops-leave@ietf.org>

Hi Yangyang,

Thank you for the comments.  My responses are inline below.

>From: Yangyang Wang <wangyy@cernet.edu.cn> 
>Sent: Monday, June 3, 2024 1:06 PM
>
>I have read this draft and support adoption.
>
>I also feel that the application of SPL needs more discussion.
>
>My comments and questions are as follows:
>
>In Table 1, the stats of ROA-ROV-state=NotFound and SPL-ROV-state=Valid will generate the state 'Eligible'. I feel that this 'Eligible' is not so Eligible and SPL may introduce potential risk easily. An AS A may insert a prefix not covered by a ROA into its SPL, but AS B is also announce this prefix and include it in its SPL. Either A or B may make a (malicious) mistake. Although the operators of AS A and B may find out what's wrong with it after negotiation, the event could have happened for a while. 

There is consensus that if the SPL-ROV state is not Invalid, then the Eligible/Ineligible decision for path selection should be the same as that based on ROA-ROV.  So, in your example, if AS B is falsely including the prefix in its SPL, the route it announces gains no advantage in path selection based on that. 

>I feel that the state SPL-ROV-state=Invalid is more credible than SPL-ROV-state=valid, because any AS does not want the prefix originated by it legally to be validated as 'invalid' and blocked. The power of SPL is as a 'invalid' filter for prefixes.

Yes, if SPL-ROV-state = Invalid, then the route is considered Ineligible regardless of the ROA-ROV state.   

>And, it seems that SPL cannot help save on ROA registration. If a prefix is requested to be included in the SPL, the appropriate ROAs also need to be registered in advance, as mentioned in 7.4, 7.2 and this recommendation should be required in 7.1 (the prefix owner may decide to split its prefix, it should register ROAs for more-specific prefixes).

Sure, we can include additional wording in Section 7.1 that says: "The AS operator must recommend the prefix owner to update its ROA (or create a ROA) to include the subsumed more-specific prefix.  Also, if the prefix owner had maintained a ROA for the announced less-specific prefix, they should be cognizant to update their ROA prior to requesting announcement of a subsumed more-specific prefix."

Sriram