Re: [Sidrops] Which 8210-bis error code should be used?
Claudio Jeker <cjeker@diehard.n-r-g.com> Mon, 22 May 2023 09:44 UTC
Return-Path: <cjeker@diehard.n-r-g.com>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4000AC151B00 for <sidrops@ietfa.amsl.com>; Mon, 22 May 2023 02:44:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.892
X-Spam-Level:
X-Spam-Status: No, score=-1.892 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TSBiWJxoSiQK for <sidrops@ietfa.amsl.com>; Mon, 22 May 2023 02:44:15 -0700 (PDT)
Received: from diehard.n-r-g.com (diehard.n-r-g.com [62.48.3.9]) (using TLSv1.3 with cipher TLS_CHACHA20_POLY1305_SHA256 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA512) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 03445C1519B9 for <sidrops@ietf.org>; Mon, 22 May 2023 02:44:14 -0700 (PDT)
Received: (qmail 31832 invoked by uid 1000); 22 May 2023 09:44:12 -0000
Date: Mon, 22 May 2023 11:44:12 +0200
From: Claudio Jeker <cjeker@diehard.n-r-g.com>
To: "Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov>
Cc: "Borchert, Oliver (Fed)" <oliver.borchert@nist.gov>, "sidrops@ietf.org" <sidrops@ietf.org>, "draft-ietf-sidrops-aspa-verification@ietf.org" <draft-ietf-sidrops-aspa-verification@ietf.org>
Message-ID: <ZGs5bFRjPLnyL2Jd@diehard.n-r-g.com>
References: <SA1PR09MB8142523FA03AC4EA6E0E014E847C9@SA1PR09MB8142.namprd09.prod.outlook.com> <SA1PR09MB814235BE0566A5C6935CF5B184439@SA1PR09MB8142.namprd09.prod.outlook.com> <SA1PR09MB814231707524646D651B69B884439@SA1PR09MB8142.namprd09.prod.outlook.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <SA1PR09MB814231707524646D651B69B884439@SA1PR09MB8142.namprd09.prod.outlook.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/m6jU2kH0hYkjffZZlU72RCxyCEY>
Subject: Re: [Sidrops] Which 8210-bis error code should be used?
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 May 2023 09:44:19 -0000
On Mon, May 22, 2023 at 05:05:21AM +0000, Sriram, Kotikalapudi (Fed) wrote: > Oliver and I have discussed the issue off-list. Requiring an artificial > insertion of an AS 0 only VAP-SPAS for the neglected AFI for the CAS is > not required. The verification algorithm (hop-check function in Section > 5) inherently takes care of the neglected AFI (absent VAP-SPAS) > situation. I agree with this direction. I suggested a very similar change in a previous mail. > The previously proposed text change ( > https://mailarchive.ietf.org/arch/msg/sidrops/C5newCanz60yBNc6myoEZfQnMoc/ > ) is retracted. > > But a slight modification of the paragraph in consideration would be > good as follows: > > > OLD text: > > > If, despite the above recommendations, the ASPA(s) of a CAS includes > SPAS for one AFI but not for the other AFI (not even an AS 0), the > ASPA SHALL NOT be rejected just for that reason. However, such an > ASPA(s) will be presumed to imply that the CAS has no providers > (equivalent to AS 0 SPAS) for the AFI that they neglected to include. > > > > NEW text: > > > If, despite the above recommendations, the ASPA(s) of a CAS includes > SPAS for one AFI but not for the other AFI (not even an AS 0), then > for AS_PATH verification purposes, the CAS is considered to have no > providers (i.e., absent VAP-SPAS) for the neglected AFI (see the hop- > check function computation in Section 5). (Note: Artificial > insertion of an AS 0 only VAP-SPAS for the neglected AFI for the CAS > is not required.) I think one should just remove this section and offload all of this into Section 5. Especially the added Note: does not help at all and is just confusing for a reader of the draft/RFC who does not know the backstory. We need to write this for people not knowing all the discussions we had. > The hop-check function is slightly tweaked as follows: > > / > | "No Attestation" if there is no entry > | in VAP-SPAS table for CAS = AS(i) > | > hop(AS(i), AS(j), AFI) = / Else, "Provider+" if a VAP-SPAS entry for > \ CAS = AS(i) for the mentioned AFI > | is present and includes AS(j) > | > | Else, "Not Provider+" > \ > > > This is basically the same function definition as before but makes it > clearer that since VAP-SPAS is absent for the neglected AFI, there would > be no match in the VAP-SPAS for AS(j) and hence the outcome for that AFI > would be "Not Provider+". While already better I prefer if in the "No Attestation" case a clear statement that this applies to all possible AFI values. A possible option is: | "No Attestation" if there is no entry | in VAP-SPAS table for CAS = AS(i) | independent of the AFI value I really prefer the definition of the hop-check function to be explicit to avoid any possible misinterpretation. -- :wq Claudio
- [Sidrops] Which 8210-bis error code should be use… Borchert, Oliver (Fed)
- Re: [Sidrops] Which 8210-bis error code should be… Randy Bush
- Re: [Sidrops] Which 8210-bis error code should be… Claudio Jeker
- Re: [Sidrops] Which 8210-bis error code should be… Claudio Jeker
- Re: [Sidrops] Which 8210-bis error code should be… Borchert, Oliver (Fed)
- Re: [Sidrops] Which 8210-bis error code should be… Borchert, Oliver (Fed)
- Re: [Sidrops] Which 8210-bis error code should be… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] Which 8210-bis error code should be… Borchert, Oliver (Fed)
- Re: [Sidrops] Which 8210-bis error code should be… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] Which 8210-bis error code should be… Claudio Jeker
- Re: [Sidrops] Which 8210-bis error code should be… Claudio Jeker
- Re: [Sidrops] Which 8210-bis error code should be… Claudio Jeker
- [Sidrops] some wording improvements in draft-ietf… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] some wording improvements in draft-… Borchert, Oliver (Fed)
- Re: [Sidrops] Which 8210-bis error code should be… Jay Borkenhagen
- Re: [Sidrops] Which 8210-bis error code should be… Claudio Jeker
- Re: [Sidrops] Which 8210-bis error code should be… Martin Hoffmann
- Re: [Sidrops] Which 8210-bis error code should be… Claudio Jeker
- Re: [Sidrops] Which 8210-bis error code should be… Job Snijders
- Re: [Sidrops] Which 8210-bis error code should be… Randy Bush
- Re: [Sidrops] Which 8210-bis error code should be… Martin Hoffmann
- Re: [Sidrops] Which 8210-bis error code should be… Tim Bruijnzeels
- Re: [Sidrops] Which 8210-bis error code should be… Tim Bruijnzeels
- Re: [Sidrops] Which 8210-bis error code should be… Borchert, Oliver (Fed)
- Re: [Sidrops] Which 8210-bis error code should be… Jay Borkenhagen
- Re: [Sidrops] Which 8210-bis error code should be… Hollyman, Michael
- Re: [Sidrops] Which 8210-bis error code should be… Mikael Abrahamsson
- Re: [Sidrops] Which 8210-bis error code should be… Tony Tauber
- Re: [Sidrops] Which 8210-bis error code should be… Yangyang Wang
- Re: [Sidrops] Which 8210-bis error code should be… Tim Bruijnzeels
- Re: [Sidrops] Which 8210-bis error code should be… Claudio Jeker
- Re: [Sidrops] Which 8210-bis error code should be… Tim Bruijnzeels
- Re: [Sidrops] Which 8210-bis error code should be… gengnan
- Re: [Sidrops] Which 8210-bis error code should be… Claudio Jeker
- Re: [Sidrops] Which 8210-bis error code should be… Borchert, Oliver (Fed)