Re: [Sidrops] I-D Action: draft-ietf-sidrops-8210bis-11.txt

Claudio Jeker <> Fri, 22 September 2023 13:45 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 76F24C14CE5E for <>; Fri, 22 Sep 2023 06:45:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.205
X-Spam-Status: No, score=-4.205 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id LAxGt2RTCsx5 for <>; Fri, 22 Sep 2023 06:45:21 -0700 (PDT)
Received: from ( []) (using TLSv1.3 with cipher TLS_CHACHA20_POLY1305_SHA256 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA512) (No client certificate requested) by (Postfix) with ESMTPS id E7E40C14CE5D for <>; Fri, 22 Sep 2023 06:45:19 -0700 (PDT)
Received: (qmail 6009 invoked by uid 1000); 22 Sep 2023 13:45:16 -0000
Date: Fri, 22 Sep 2023 15:45:16 +0200
From: Claudio Jeker <>
Message-ID: <>
References: <>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <>
Archived-At: <>
Subject: Re: [Sidrops] I-D Action: draft-ietf-sidrops-8210bis-11.txt
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A list for the SIDR Operations WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 22 Sep 2023 13:45:22 -0000

On Thu, Sep 21, 2023 at 11:55:38PM -0700, wrote:
> Internet-Draft draft-ietf-sidrops-8210bis-11.txt is now available. It is a
> work item of the SIDR Operations (SIDROPS) WG of the IETF.
>    Title:   The Resource Public Key Infrastructure (RPKI) to Router Protocol, Version 2
>    Authors: Randy Bush
>             Rob Austein
>    Name:    draft-ietf-sidrops-8210bis-11.txt
>    Pages:   39
>    Dates:   2023-09-21

Thanks for this update.
Here my feedback to the changes in -11:

4.  Operational Overview

   ... It is configured with a semi-ordered list of caches and establishes a
   connection to the most preferred cache, or set of caches, caches with that
   same priority, which accept the connections.

You added something about priority. Now this is the only time a priority
is mentioned in this whole document. There is no description on what such
a priority is and why it is required.

Again in 4. the new paragraph is indeed an interesting affect on how RTR
works but it does not only affect VRPs:

   A VRP is effective if it is in the fetched set from any of the
   currently preferred caches.  Therefore, a VRP takes effect on the
   router when the first cache serves that VRP, and the VRP is in effect
   until the last cache withdraws that VRP.  Thus, in a global sense,
   the effect of a VRP announcement propagates more quickly than a

This needs to be reworded since it matters for VRP and Router-Keys.
Also ASPA PDUs are affected by this but there the situation is a bit more
complex. The ASPA PDU Provider Autonomous System Numbers are not part
of the object key and so multiple versions can coexist and need to be
merged. So for ASPA additions to the PAS array propagate more quickly then
any other operation.

Now to "5.12. ASPA PDU":

   The AFI Flags field is defined in Section 15 Currently, the two low
   order bits MUST always be set, i.e. 1, and the rest unset, i.e. 0.
   This allows the router to prepare for less change should the AFIs be
   separated in a future version.

First of all there is a '.' missing after Section 15.

But my main issue is with:
                                                Currently, the two low
   order bits MUST always be set, i.e. 1, and the rest unset, i.e. 0.
   This allows the router to prepare for less change should the AFIs be
   separated in a future version.

How should a router RTR implementation prepare for something that will
probably never happen?

Either the two low order bits MUST always be set (an then the 2nd sentence
is not needed -- since it will break the protocol if changed) or the two
bits can be set and all Routers need to implement something that will not
happen (now that is technical debt from the get go).

While it sounds great, I doubt what it suggests will be feasable without a
full new RFC update.

We will stick to the MUST and only implement a single ASPA database.
Because of this we  will issue an Error Code 0 PDU if the two LSB are not
set.  Having to implement code that is not in regular use and is therefor
not really tested will for sure end in desaster once someone start playing
with these bits.

Also this change is not backwards compatible with previous versions so one
could argue that a more breaking change to the ASPA PDU could be made and
integrating some of the feedback given by other people on SIDROPS.

Last but not least I like the clarification in Section 13.

:wq Claudio