[Sidrops] Andrew Alston's Discuss on draft-ietf-sidrops-rov-no-rr-06: (with DISCUSS)
Andrew Alston via Datatracker <noreply@ietf.org> Thu, 25 August 2022 13:22 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: sidrops@ietf.org
Delivered-To: sidrops@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id C6F21C1524A2; Thu, 25 Aug 2022 06:22:22 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Andrew Alston via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-sidrops-rov-no-rr@ietf.org, sidrops-chairs@ietf.org, sidrops@ietf.org, morrowc@ops-netman.net, morrowc@ops-netman.net
X-Test-IDTracker: no
X-IETF-IDTracker: 8.14.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Andrew Alston <andrew-ietf@liquid.tech>
Message-ID: <166143374280.8949.4490792736652212362@ietfa.amsl.com>
Date: Thu, 25 Aug 2022 06:22:22 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/iwTFTnYCNUhYVatbUjhWKzFSYTM>
Subject: [Sidrops] Andrew Alston's Discuss on draft-ietf-sidrops-rov-no-rr-06: (with DISCUSS)
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.39
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Aug 2022 13:22:22 -0000
Andrew Alston has entered the following ballot position for draft-ietf-sidrops-rov-no-rr-06: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-sidrops-rov-no-rr/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- Hi Authors, Thanks for the document, for the most part I find it clear and easy to understand. I however would like to discuss the following: If the BGP speaker's equipment has insufficient resources to support either of the two proposed options, it MUST NOT be used for Route Origin Validation. The equipment should either be replaced with capable equipment or ROV not used. I.e. the knob in Section 4 should only be used in very well known and controlled circumstances. My concerns with this are two fold - firstly - it's entirely unclear what is meant by "well known and controlled circumstances". More importantly, I'm concerned that this paragraph as written could lead to a situation that where people read this as "if you can't support this behavior - forget BGP security" - and that I would think would be a more dangerous situation than the route refresh behavior. I'd be happier if we could a.) Either say that operators should plan for upgrades - but turn off RPKI in the meantime or b.) Change the wording such that it says something along the lines of "it MUST not be used for ROV without the informed consent of the peers" - meaning that peer that takes the brunt of the refreshes has to consent explicitly. Either option prevents the position where operators running smaller older hardware are handed an excuse to forgo RPKI entirely - or to turn it off - because in my experience once someone turns something off, getting them to turn it back on again, can be a tricky proposition. Let's discuss! Thanks Andrew
- [Sidrops] Andrew Alston's Discuss on draft-ietf-s… Andrew Alston via Datatracker
- Re: [Sidrops] Andrew Alston's Discuss on draft-ie… Randy Bush
- Re: [Sidrops] Andrew Alston's Discuss on draft-ie… Andrew Alston - IETF
- Re: [Sidrops] Andrew Alston's Discuss on draft-ie… Randy Bush
- Re: [Sidrops] Andrew Alston's Discuss on draft-ie… Andrew Alston - IETF