IETF Logo Mail Archive

Re: [Sidrops] Block ROA creation for AS23456?

"Dickinson, Ian" <Ian.Dickinson@sky.uk> Thu, 18 May 2017 13:43 UTC

Return-Path: <Ian.Dickinson@sky.uk>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 03CC412947D for <sidrops@ietfa.amsl.com>; Thu, 18 May 2017 06:43:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.921
X-Spam-Level:
X-Spam-Status: No, score=-1.921 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=skyglobal.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gjdUzADTjzae for <sidrops@ietfa.amsl.com>; Thu, 18 May 2017 06:43:52 -0700 (PDT)
Received: from EUR03-VE1-obe.outbound.protection.outlook.com (mail-eopbgr50044.outbound.protection.outlook.com [40.107.5.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7F0D7128DF3 for <sidrops@ietf.org>; Thu, 18 May 2017 06:38:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=skyglobal.onmicrosoft.com; s=selector1-skyglobal-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=ofecaF3F4YcJgOriMfAjb7tLJexZznxTBgEBIBjw07Y=; b=FG/7Dl10hTRocKnkNq/JUQrpOUFda4T6oLOtVuIilqo64rbaJ/Jr00cd+l8tENIKx4EoSYFu+lSVz7cu5Jng9m1/SaJre8rGlORFl7gV1cLrae+s4ZA72OH552UQU6TU93QhE49kep0/heE7iPM1bY+BNRSU4viToS+xCHaO8d4=
Authentication-Results: spf=pass (sender IP is 176.255.244.223) smtp.mailfrom=sky.uk; ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=pass action=none header.from=sky.uk;
Received-SPF: Pass (protection.outlook.com: domain of sky.uk designates 176.255.244.223 as permitted sender) receiver=protection.outlook.com; client-ip=176.255.244.223; helo=mail.bskyb.com;
From: "Dickinson, Ian" <Ian.Dickinson@sky.uk>
To: Job Snijders <job@ntt.net>, Alex Band <alexb@ripe.net>
CC: "sidrops@ietf.org" <sidrops@ietf.org>
Thread-Topic: [Sidrops] Block ROA creation for AS23456?
Thread-Index: AQHSz8vRbsH1TDKRKUyNLdyzcZyjj6H5912AgAAf7tA=
Date: Thu, 18 May 2017 13:38:23 +0000
Message-ID: <9B3BFE0A18160E40BAF1950414D10FAE8989A960@WPMBX010.bskyb.com>
References: <m2o9uq4jb6.wl-randy@psg.com> <9C01478A-B764-48C4-AB93-4DEACB229A09@ripe.net> <20170518123959.clizw3w7sp7hrplk@Vurt.local>
In-Reply-To: <20170518123959.clizw3w7sp7hrplk@Vurt.local>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.105.64.253]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: CIP:176.255.244.223; IPV:CAL; SCL:-1; CTRY:GB; EFV:NLI; SFV:NSPM; SFS:(10009020)(6009001)(39400400002)(39850400002)(39840400002)(39860400002)(39450400003)(39410400002)(2980300002)(438002)(189002)(199003)(24454002)(13464003)(55846006)(305945005)(229853002)(54356999)(50986999)(47776003)(3846002)(6116002)(102836003)(106466001)(7736002)(76176999)(8936002)(23676002)(2920100001)(53546009)(5660300001)(2950100002)(9686003)(86362001)(6306002)(966005)(4326008)(189998001)(33656002)(5890100001)(6246003)(74482002)(38730400002)(2906002)(81166006)(478600001)(50466002)(72206003)(11286001)(8676002); DIR:OUT; SFP:1101; SCL:1; SRVR:DB6PR0601MB2342; H:mail.bskyb.com; FPR:; SPF:Pass; MLV:sfv; MX:1; A:0; LANG:en;
X-Microsoft-Exchange-Diagnostics: 1; VE1EUR01FT015; 1:Zd2hTETG6Fv+bzE+ParvsGpkcSDgXWID5ZlmeBrYoBU7lRaqj+o9MDf3ihx+UhbtUbhYgeTNQy7+27WWx96M1rsviFMwYd3RbxStGUOfRwkXfM3yESTKtmAejUVj/AevRPhndxCIeGgFx3dbfe3VvsACbl3GRRUSxb0jP+WgMTpaVDzSE9yCZNkf+mTAWmyAosswUykeGjvc5eTTE/zr94XvezSsjhdq/lWFUC5Do3wd8SvFFlyXUECQce22Gty9j+TQpB12e2g4iMRItl8UgxRe6a4tdWlA51KJZ4IUX7QF2YmqQQkYRm0yWePNFvinRqDfPlf7L0v3kHzswTFn8FmN2D4XPfVjOYM5qzpEfU0pyIF1ssD5SKyDZCWQHeq/1FnWdCdtjE6Zm3+zUU0c11wmqG+Uu/SYwqJ9EE2OdcMU+A8RS6e1n+tgfAXvOXaxQDc/Qqgc0OzUY/gSzD9S9RM9yMctwmZFPFxD/JDg4ue/eW/W8tcOxXDpDMbS5TCCiXYbtgtIyLCdjNQpdY0S+XCxvTREyJUJ2KU6dLV+qK6o6OwIg61KwGH0LZjOL1iA
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: DB6PR0601MB2342:
X-MS-Office365-Filtering-Correlation-Id: f0f9af18-74a3-40a4-2a4e-08d49df32a77
X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(8251501002)(2017030254075)(201703131423075)(201703031133081); SRVR:DB6PR0601MB2342;
X-Microsoft-Exchange-Diagnostics: 1; DB6PR0601MB2342; 3:pUxQA/Rr8z9LhGchYx32lVm4JUGCfc/WQLmU6erGaSo9Aj9aYI/iPq4awes/XfK0JiaXD5seaKDj22tc2pmx4oFhaKp7AA375ZmxwAJnTIwl08WltNdZAdi6f98Oh0scLuMhKJc6GHJAc4FIFVZc+ZInUIYv/lJpxIakH+YRymM3gdLjHfCsSLWCnrDpLnNpSpwuq50Wql+GdhQrmRlcKjP2yMEKz9MFok4Fmz39i5+MVu09zE0DTFHQKxfu5rIR/K1MrdQb1pGVac9DxuPH/7Q0YZ0WM76Y4CTSPGhp3Cbm6EU3nPrEQ6ZiGAvuZUGKsga+iNyYpzzCGrLweK3A9kTA1dgb4boGXiD0acdsckFjD8WB1cC2FSyVNHQR6UJWj730UL77ce9G4gZYxhmvmFSShygty9CQpihfNn87RKCEZTsD0QfWQK/KUY8yFjllNZhLRnWIR0vF5uaY++EUvv2h8DVb+VNV8uQ7khO3VbT9goSIpT0YyxenimuCWFBw
X-Microsoft-Exchange-Diagnostics: 1; DB6PR0601MB2342; 25:VaVm5lbRxM5raj/aXvuUVVj6LCVnLBCUiqfJYzWMfwVuyd7NGv6Nxo24qqWZoVjsW5iAO47a2iXQJy9VWygyQMrryN6LfU3DkxYoYsM3Jm/rFw6WZHrhduF2RHanvpQjD6+Mqud8osArEjyx9sbPsjRrcBKPe3TNnO9gCrUppaMxSBE1IC+X2U4FOhg1Yw2X36RexTJCx9fd+BBvc/KVI4fEx8ASxxOsyo1H3cW55yk4Mvck5DOXgTBWLNP3r12LQWNrpjU5AlG8ZA3HfdBb6YMNYwVaOk67UMQBxDu/B5YQ3oDySoterWwGNPj7JoH9jb52EeAKq4k6pf3ec4SIPKhHXZ4Z73KInEFtdyYOBL7DX3eQUtdTrmeIvJxr97MGTInENIgw6EsZ3855qJUhitrZvE04PjO6uBCBZHaX9oq6Qs4BzGgRJZYbbVXQVqeQGb8WD1fPyZQVKF/TEPPWqI9Nm5y6Z4ae4/0pu/fci4o=; 31:GJuLoVXti+R8ydi9y4ztUcwTWN9xTjbi6on+ga+sHGuJSg2MimJ3FUAkNzNaYWM6+WHiUWjvpjS00pJdsKE+rE/PWQqqY8AQ5quwdQ86TmM5zYqdSvNKjuzbGZRFmErsdncPJFYHQNKke0pmfQlSymz21phZBU0C3Tf5jQXJZWec/VSXmMIQVJ4+Mn56KamG1XjuYM5fOfPmv2rGPKVT1ksIA7heXRwLmbvpKah2Cq9ZlPmAmxW3q/ly+nwzVky5o6Zv4Oa4jLYrKhE+Hzr16Q==
X-Microsoft-Exchange-Diagnostics: 1; DB6PR0601MB2342; 20:X/qxGzCyeMiQIMkl5+8Cl7dgWWnlK4KrfiYOGm11fghloDVWmvH3n/D18tvcy05ZaUwzwChKOog3dBncqAPP8JwsDwWiAPxukuHzwHLCtG1gXoYWPjn94Tmj6LMK1h4YoSaTbP54vB/UprpFebAJXnQaN8ZGFYD/n3KiGsHN4qM/pC3rpy+DZwJ4+mY6ffyaJ8gXF8kkxNH0IUE68kEE0R4TXk+qAmHRmL1/ZqU7BnBX6iNVPl5SURNnBUSgZy8ZAG+cG+0a5o0n7U42L5quN9awSS21Du/4pJQGEf5YcgiehzZuHiXVhx6BbmDUvdMr1ym8OdwbwgvZ6pkNMN8QN+wTDZnkiUrfY7BqpkQS+d0+R89Q4+Cf8kMwv8YTaAstke3ki6obzHxElaYL0rivF8cAmZgjhQJP2n2VLtapvfb5hCVV5xja1oBcq3qyECYV3y/oHIi5TTds8nES73cIq+LBAOvDY5Lo1cFY8Vn1O/bXwjvVILcxj/xbI3yGgs0u
X-Microsoft-Antispam-PRVS: <DB6PR0601MB2342F3243D672EA33372CA0093E40@DB6PR0601MB2342.eurprd06.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:;
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040450)(601004)(2401047)(5005006)(13012025)(13020025)(8121501046)(10201501046)(3002001)(93006095)(93004095)(6041248)(20161123564025)(20161123562025)(20161123558100)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123560025)(20161123555025)(6072148); SRVR:DB6PR0601MB2342; BCL:0; PCL:0; RULEID:; SRVR:DB6PR0601MB2342;
X-Microsoft-Exchange-Diagnostics: 1; DB6PR0601MB2342; 4:ohCs3uWRtvEjdouv8LVaWCaPdEAEJk8D04uzWIqkQhyZJoYWlpQylaHvYsUtGY1WTJMT1n2OqrxTyOSVQR3RlM53Doz17C8axyb1vthHKXx33YW0HR5AlBS4OKSOoNHENBm/cFj0/AO8xb7NcnabgZuBW4wrszF2q8SR7HqGBt8TU3fLYyok31GdxqVKEipSIdyp78sbjwN/wEk/kqEwYOgWPlFUlzGkTbJaUxem+kwT6hZMoG0WPDGyMsWper4nnlM9eX8/XjOsUfGz77SXraoWOGbdcdbc8gCrDfJ96CchwepSaJ2bXHvOIQGsz9L6Qfq9cTlgJPE1qOr6cLCl0pWnq8sbWbb2c7nm2XvWWgIX2CynMcMAICGWi2ZR7UTLtTNTTrpll4ipY/URLCTVH9Z8kIZzyIyVzylJzqwLP27NpIkPZBp5o9PF82m6UinlctWE7XmBD8uHWEKqLcnPIjP94PzaMdFjS/A8z+aSW47u5/D+QWxXt6bAUOLRWr3vAWvE0T/Dh2JUzpuX5oqpKdhLxnz3DPJ59P2ij+QNoicBz85ubBQhvlJryc+3owY5K86CLsByeiDFOZqby81Dg/g5ipRKVJ7ylrVdNsUtGgg+2S24su0mN3KF0K+RzDpn61Sr3M2CVFmXdYSF6KEPEG6FKC/moETTyXnSlLBq1JioNpZsdR+eqmdelBRVzmyBnngBByTGPwb/IKNs5ZhcvuqtGdNlNr5SRq0JIda9aju3SP5gLPdGuJtb5pt+dabGnTidruGS9AattOEnseTchrd+JleZGYHI2ion9++zPpSMTyMnU5C1Bl0JHwwzNmml
X-Forefront-PRVS: 0311124FA9
X-Microsoft-Exchange-Diagnostics: 1;DB6PR0601MB2342;23:WArEq7UGhzhUlG4NOnu9+ha5TrYH3IRSt4AykPohVjV8nrI7F/1rHaRvMVkc1Ro6VCQoPlNCjaVRNGtQBBJNiVrHw9wGdtyG9OVBRfpJz/4cQisIU/BjicFIjlTz3i9jaf33k3wYkk+j9zouXYz+alHDCwEQzU77TBqdTntP5KJMm/cKODtqa+tgKCbaATV8lg2XLfEcOmGjwzRIcrHvC84SXfDME+luGJ/m8Bpt8D5KGnfr0IJuno6MTsfB4/fMx8SW74EvOdkFp9t0H+LKDnMd2SScoNqRlShplJmmOpfMmLIzSOzzwd6ef1f+PIvAasRqpPejU/KL9UqeCCAMn/lsiLB3igCoEZ1kJFhCk3XguwoPTevRvph3+wpCkX2z1FRcS1r3zkCDFahIWxjB7ShIJKR2iWqtEDfck47RFL2s/XAlUZs8lCqiP5l1kbr1uoUslq5RVjVY5qXd+GrCbCl0FN2ftACUsEoE+NlGFZ4fxgCvogatHVK63Jm8oxtBpD17rBaKyPgZtwXMKo80KQqK5i7Vm8VA7r6J99uox83/JzQUBpcb6bT3R0gw8/YL7qR6T9Uf2KYRBg5khdti4AkP/4mP+itLdVrFwAVU0YBvOtM3PWXYqmQjCzmbMbXbKVV1cCqGXi6d2mioiKZ/kHTGaG5gHxzHm9/QgGNuR4zn73m1oSBpon2geoxrRSb86/qYSvoSoA8EBXGCV28lAXSYa5ap15KSNJ8oDmWUE0pJqslRTPTqLMHTp7Qtgb0x5iK9vvNEuu6Y6UlEwtceT03Nxi7dCdtR8aHevQAo6f8vrVHDf9xXes47RACt08MlHcaPax2oud4639tb+SbwoW1SdnXcmG5cWApWKBnvwHdk0TCItZNso225z0jFPT/8bniSF9/QAef7PdOS3Y6PPINjA7bIsAtcy51hctFlehEdHOFMZWtuaaOSIucuZbqUXhLnf9gSJGWHCJbocEhk/rPLb+DE+0s25yPsetbTnxmR5H/snwRwUgrLqrzs5dOxztNGqhwaP/njIwFZkWnwSBuOQaXaqXptnfKJEj5PWEP9K4SH9dAuZHMiFsQC0Awx3ogTdDdND0jfrwl7drU1w449cs+sLSbKT8JR/ddvvrDnZPTRR51IsWbozY00unGX9ZYQE7meAwG27OTR4Q8n2bgItxcM0cjVbhCh23h7I6ljuoJPqYhW0v13BK2ZItIq
X-Microsoft-Exchange-Diagnostics: 1; DB6PR0601MB2342; 6:1LTbbOmw6D+tJ54jXXXMHS6Q0quT0jCW5dCTqZDXtN7n9JlbQQ7B+tR3CfkxwptVK2dTh9Pv9BW/r4W7ej7/diHsKLGf8+0FdwhB2+olvnLsU8qQd8U87rOea9DQpk0u05kQMj4eQGSigwHVl7fXTr3KrZuIGjD4w3Yy45WIdS2/AwKNV6dJUL/FHrjQaHzlERPUQfamPv54RdtYivbpBeu0HRl8V6l97+ScmGvudPsPc/a5f6yWalVq53XII6zz895RYLPMhZQlE6Ra6KI4/1GLdHSNZEfwwKMubjgRaqS2qXWMhZoNBIXUPWWZySUimt805IcSJd8lhTiWkB/MqNoaSNdXpZh1pv3g3klVsrOfzAjUwUtY61Ia4Dly/rYkMqYmpLH/6ofSBNxPNz6lxmjvk2ICvZvhPYeek7RdZw1QTqPwgNQU+ScfM7N9EdkOz+7uZLSfEWI+8nfsT0sU6MCfPhyaND5TLHrmwV/N1ASzFHNRUexm2TWTsWFiAmb/z0c9r3zIlWYJkx21ZGxjCQ==; 5:o9Vkfq5amsZiiDKC0+3cD26y9MZUMc2xDtND612VZVoeZrHnYaQSfE2TduPhvJY5GLa6vR0/UPRVgfyJ9Un2r0j4AnSPVReVW9wpeB3tzeQO68TLh99ktAaSkxvQSCVJpMAS9sxv39glIfB/cfyTzQ==; 24:WzGjxWRquacr3sIo/ifxgSnbyqNM9WW1xseMY8ur0Qiljk4cN52r4ztWFQ4cLtAvYE8V8DtFci9ZmWPnNrNeZPzW/Qpy000JIjdh0h5/3DU=
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-Microsoft-Exchange-Diagnostics: 1; DB6PR0601MB2342; 7:u96hmcRk1dVD+d2BzylixHNUYR7HoZGdgK6q20Hrzxoe8HmfwEYP1PcceLIwn1AjRyaW3/f3OgLRH4aQiGpM/uXFWFHgu0hs0Zb9gqALSEWRRfHYHv/79jw9rbNEV7qyinxCh2fUiMN0yz6Q0wd2RNr8O5dPlsDh1Gix0mBteVGqQYiVg9Azz42FqtIi5qN4DA/JuAPlGoNFA3ojGKkzv/LcoAk/qPrmSqiW1b7x+lXI+shRphSbPFqRvzZxdakpvMzE9EZLCI1dza2hlhf4vkT8rEjjLVkXh+Hpsgb8spuurUEpmj8nRWzc7Kfl8fR2n5Nn5GSg6s1/LonGAk+JbA==
X-OriginatorOrg: sky.uk
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 May 2017 13:38:27.8336 (UTC)
X-MS-Exchange-CrossTenant-Id: 68b865d5-cf18-4b2b-82a4-a4eddb9c5237
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=68b865d5-cf18-4b2b-82a4-a4eddb9c5237; Ip=[176.255.244.223]; Helo=[mail.bskyb.com]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6PR0601MB2342
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/pRvZk83LqzutIA2T83QFnw1HBuY>
Subject: Re: [Sidrops] Block ROA creation for AS23456?
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 May 2017 13:43:55 -0000

Inline [Ian]

-----Original Message-----
From: Sidrops [mailto:sidrops-bounces@ietf.org] On Behalf Of Job Snijders
Sent: 18 May 2017 13:40
To: Alex Band <alexb@ripe.net>
Cc: sidrops@ietf.org
Subject: Re: [Sidrops] Block ROA creation for AS23456?

On Thu, May 18, 2017 at 01:36:45PM +0200, Alex Band wrote:
> One of our members argues that we should be preventing that ROAs are
> created which authorise AS23456, as referred to in RFC6793 [1]. It
> would allegedly open up possibilities for abuse. You could make the
> same argument for several other special registry AS Numbers [2].

One probably has to carefully assess per 'special ASN' whether it makes
sense or not. Preventing that ROAs are created with AS0 would be counter
productive in some scenarios.

[Ian] Indeed - https://tools.ietf.org/html/rfc6483#section-4 will serve a useful purpose when sufficient filtering support is deployed.

> I’m curious to hear if you think this argument holds any truth, and if
> we should be thinking about such measures.

Did the member elaborate on what problem the restriction would resolve?
I'd be interested to learn more about the possibilities for abuse.

[Ian] Yes. Me too. But I'm certainly not inherently against well defined best practice being developed.

Kind regards,

Job

_______________________________________________
Sidrops mailing list
Sidrops@ietf.org
https://www.ietf.org/mailman/listinfo/sidrops
Information in this email including any attachments may be privileged, confidential and is intended exclusively for the addressee. The views expressed may not be official policy, but the personal views of the originator. If you have received it in error, please notify the sender by return e-mail and delete it from your system. You should not reproduce, distribute, store, retransmit, use or disclose its contents to anyone. Please note we reserve the right to monitor all e-mail communication through our internal and external networks. SKY and the SKY marks are trademarks of Sky plc and Sky International AG and are used under licence.

Sky UK Limited (Registration No. 2906991), Sky-In-Home Service Limited (Registration No. 2067075) and Sky Subscribers Services Limited (Registration No. 2340150) are direct or indirect subsidiaries of Sky plc (Registration No. 2247735). All of the companies mentioned in this paragraph are incorporated in England and Wales and share the same registered office at Grant Way, Isleworth, Middlesex TW7 5QD.

v2.23.0 | Report a Bug | By Email