Re: [Sidrops] Call for SIDROPS WG Agenda Items
Andrei Robachevsky <andrei.robachevsky@gmail.com> Tue, 10 July 2018 10:56 UTC
Return-Path: <andrei.robachevsky@gmail.com>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 44B14130F81 for <sidrops@ietfa.amsl.com>; Tue, 10 Jul 2018 03:56:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KBLNjohgxGeH for <sidrops@ietfa.amsl.com>; Tue, 10 Jul 2018 03:56:18 -0700 (PDT)
Received: from mail-ed1-x542.google.com (mail-ed1-x542.google.com [IPv6:2a00:1450:4864:20::542]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 05F8F130F7C for <sidrops@ietf.org>; Tue, 10 Jul 2018 03:56:18 -0700 (PDT)
Received: by mail-ed1-x542.google.com with SMTP id v22-v6so16241586edq.4 for <sidrops@ietf.org>; Tue, 10 Jul 2018 03:56:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:openpgp:autocrypt:message-id:date :user-agent:mime-version:in-reply-to; bh=sywnZfO7+z+fR50KI8i3bR1OLty7daASKKUvjBvWN74=; b=HGA+PilvfIOopT/vqqbb0m0Vh6ddaOrb4bltQ5aeuVSx/ztDq7cptoXP7ERXraSOz4 Slf4gqdsj/c3mAGHPBmS+gvN9ilqesXK91AZijO+msWRlUjn6AVXKUi2HbAyQU6dwwVj /3bQNZmZp1ffoWlNz+mqSCeXUChFkXaE3wVP0EdhTl0dK9Qu+wTAXlRa8HgjoEy3f+xd L4zsGYqnck6VCJH+lfCRC0UMRvwF8sNAaQaJceR+bl2IzeZip+Ulpk684AE5pg/BGFkw 1srOkKI7uRQYgki2pTVVPRbrW5eGTpFGxBKidHizvfPZ1QJt1N1H7d94iAvJkn2gD6k6 RbYg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:openpgp:autocrypt :message-id:date:user-agent:mime-version:in-reply-to; bh=sywnZfO7+z+fR50KI8i3bR1OLty7daASKKUvjBvWN74=; b=EhaAG3jkER8twV9tuF0SjJ0qXoE9G4f+M3FwQNuDaDlyv7Z5m0LRb15+c503lMivmm wocqvzWOOgfVzkD7PLYt7A+DFjBRDMsq46cCoAa76h8Xpf9EHhoeA2TOtQoFOrwpmwAc 7pjWG2gV2zcKGZWX2bl0jb8LDzTNLetqNjXnJ7x9EsaN8yKjOz9prsKIW3r2QsUwVt5z ohbZE1W+DZPs0zWlD6EdfkuK5vDxQf+NDZNsnzLVisHrujqGS63qKuuCFggfLrrV6jEV 2tdlueBvQ4d5NNNADTRWPYRTnplg47U44T91uWVGeYR7IxuC+xf3i3jz4FxyhperxlX7 dH2A==
X-Gm-Message-State: APt69E02IWYv9ZsS5em7rNJXH7Yq5P8kZo/yVmonOARXuFQWKv5mQv3G 5pvj0lcxLyGBwg5sGjWBOgWSzA==
X-Google-Smtp-Source: AAOMgpe1NA7Ai3LguuKJOGwx3pwHZlyQlLOJCY7B/s0Fwz4YHXWySvAUHqUVZ0KLZcpscEjmXc4jqg==
X-Received: by 2002:a50:80e6:: with SMTP id 93-v6mr25771747edb.252.1531220176644; Tue, 10 Jul 2018 03:56:16 -0700 (PDT)
Received: from admins-MacBook-Pro-2.local (dhcp-077-250-131-147.chello.nl. [77.250.131.147]) by smtp.googlemail.com with ESMTPSA id 33-v6sm1458738edy.82.2018.07.10.03.56.14 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 10 Jul 2018 03:56:15 -0700 (PDT)
To: Alexander Azimov <aa@qrator.net>, Tim Bruijnzeels <tim@nlnetlabs.nl>
Cc: Keyur Patel <keyur@arrcus.com>, "sidrops@ietf.org" <sidrops@ietf.org>, George Michaelson <ggm@algebras.org>
References: <C0205A63-E2D5-4CD5-A109-08C61A1AEA6D@arrcus.com> <m21scsq8b8.wl-randy@psg.com> <6065B77B-9981-4273-82CD-A13C3151EA24@arrcus.com> <CAKr6gn1expF0syu69zpWhyERjvp72r169NhvudMNUSMd0A5D2A@mail.gmail.com> <D1A6D74E-ECEA-4080-90D3-0E19F1B9EE8E@arrcus.com> <CAHgCvCMcV15dMjUtGeDbzsz3eTJkvLNig7+9RV59Ch6+8c9YgA@mail.gmail.com> <D0933B81-699C-4AAD-ABA4-CCB33BA6317B@nlnetlabs.nl> <CAHgCvCOHrtEUSPwXt1JS9Wj0Aa76x_57aUzxsvY3Tb8CwZo1pQ@mail.gmail.com>
From: Andrei Robachevsky <andrei.robachevsky@gmail.com>
Openpgp: preference=signencrypt
Autocrypt: addr=andrei.robachevsky@gmail.com; prefer-encrypt=mutual; keydata= xsDiBD8L4TQRBACI+LX/GwEK23h5OXLU7iPeZc8FJ0ywH1vVqY/gT8VCs7YzbG4GNV6omEqa 0sDBF/eYKzLC5PfaKkHeAJ51eVIcDqYDhqYNlaxr5XPWWYjOIGvVRDmp4RKxhhDgXgKMmisW RrMCCP1njNQEWYtuB64UUNit1VXbQXn2FBpEXisqxwCg6hZK7Seg5md07iu9lYQx5rng+C0D /2TkPt4t80x3Iw8WV7TSLKdEQMRG42FMIFbaZIKbiEwvfaZYNrOckxdTr8l8LvwxNxHePsVi 1sqjBR8iwtogvLhSudqXxXsj2BiYfGSpTJoiVRPKdlEzo3i1mFPV/dNTSjovzWz5c21nW9kK fUIY43sLD5aynB9WITl9O6iawOrxA/0cOwOOVrpwHdLg+Uxb9y8C/1mx3o307hZDbn84Zare aiQNOn+ETI45ucON72OoMnuaBs3fJOoreXoaOSIxuM5gSQDY/SyDqncPhZmQX8yA52fuc3Ol 8qBjEomymafFymRUFvphEr/KD9BpyBZqM41zrT5VEu2tk/ga5T+bC79W780xQW5kcmVpIFJv YmFjaGV2c2t5IDxhbmRyZWkucm9iYWNoZXZza3lAZ21haWwuY29tPsJ5BBMRCgA5AhsjBgsJ CAcDAgYVCAIJCgsEFgIDAQIeAQIXgBYhBGtZeFNYETVQoSYbeZY8+bWZrYo/BQJadGb/AAoJ EJY8+bWZrYo/pGgAoNlUk0Nu3km8dAtzOlrN5bveacodAJ4jwG65QN2EhvnTgHGQEybn9IjN 0M7ATQQ/C+E1EAQAvRN7YTDiGXS9OPLX5yDKBtvjQaR38t5zpi0ltuC5JITDKZdM6/9PCfJq QnMy+ngrI3VQdhxbduFrC5fBszo1vVMTwKrTD6D7BEsEgC3wNE5NzfzE/fjl0LkQMEf5Vxns jvbtYw2jfoyJFig2gdW4ojmBCge16RZwx7vK7Pn0z6MAAwYEAJ7zZZCCU2DZ/gPdfB3xPZVm 7XSMpG6GBz4mFGgJW/QeC2quqoKBeAEgf0icEM8ykEAPmpy8f6j0Fwe/qz/SgxOXfTlvH8O7 md6rx2t2D+1PM2PlYzwO37U5fqnPuzp5KMXlPPryuTWZmObgZMHHsko9BbpIcqNHqUNXzNwk +gjkwkYEGBECAAYFAj8L4TUACgkQljz5tZmtij/lFQCdGIvMimtJEiYiPIZYSvXI6hx8WOQA oMj/ni+WopJxWu947/5RyWR6AUpH
Message-ID: <5ee309ea-a772-df45-96cc-152726e303a0@gmail.com>
Date: Tue, 10 Jul 2018 12:55:56 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0) Gecko/20100101 Thunderbird/52.9.0
MIME-Version: 1.0
In-Reply-To: <CAHgCvCOHrtEUSPwXt1JS9Wj0Aa76x_57aUzxsvY3Tb8CwZo1pQ@mail.gmail.com>
Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="5RfOLOV2WJgftfVbsNVeznYDUFsAxQOCt"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/tJlQIjGsE3LgujeVPdejrIM6cP4>
Subject: Re: [Sidrops] Call for SIDROPS WG Agenda Items
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Jul 2018 10:56:21 -0000
Alexander, Alexander Azimov wrote on 06/07/2018 22:07: > Yes, it seems that here is a misunderstanding. Behind section 5 there is > a simple idea: > > 1. If there is 'invalid' subpath - then the outcome is 'invalid'; > 2. If the AS_PATH can't be fully verified even if all corresponding > ASPAs exist (AS_SETs, AS_TRANS) - then the outcome is 'unverifiable'; In case the speaker understands 32-bit ASNs a path may be reconstructed using the AS4_PATH attribute. Do you refer to AS_PATH in a sense of constructed AS path (where AS_TRANS may be replaced), rather then the AS_PATH received from a neighbor who doesn't support 32-bit ASNs? > 3. Otherwise - 'valid'.> > So, the procedure may return 'valid' also in case if part of AS_PATH > isn't fully covered by ASPAs. It doesn't make much sense to me to declare the path valid even if some of the segments cannot be verified. As opposed to BGPsec it is not all or nothing in this case, as I understand it. Valid ASPAs linking segments on both ends of the path provide value since an attacker cannot craft a shorter path, and will probably lose because of that. So in this sense every ASPA is an incremental improvement. > And to support detection of intentionally malformed AS_PATH for selected > ASN it's enough if all its upper providers create ASPAs. For > transit-free networks this rule is even more simplified - they just need > to create ASPA0. IMHO - it provides a quite powerful mechanism even at > the state of partial deployment. I like the simplicity of the approach, are different types of relationships between the two AS'es outside the scope? Thanks, Andrei
- Re: [Sidrops] Call for SIDROPS WG Agenda Items Andrei Robachevsky
- Re: [Sidrops] Call for SIDROPS WG Agenda Items Alexander Azimov
- [Sidrops] Call for SIDROPS WG Agenda Items Keyur Patel
- Re: [Sidrops] Call for SIDROPS WG Agenda Items Keyur Patel
- Re: [Sidrops] Call for SIDROPS WG Agenda Items Randy Bush
- Re: [Sidrops] Call for SIDROPS WG Agenda Items Keyur Patel
- Re: [Sidrops] Call for SIDROPS WG Agenda Items George Michaelson
- Re: [Sidrops] Call for SIDROPS WG Agenda Items Alexander Azimov
- Re: [Sidrops] Call for SIDROPS WG Agenda Items Keyur Patel
- Re: [Sidrops] Call for SIDROPS WG Agenda Items Randy Bush
- Re: [Sidrops] Call for SIDROPS WG Agenda Items Alexander Azimov
- Re: [Sidrops] Call for SIDROPS WG Agenda Items Tim Bruijnzeels
- Re: [Sidrops] Call for SIDROPS WG Agenda Items Keyur Patel
- Re: [Sidrops] Call for SIDROPS WG Agenda Items George Michaelson
- Re: [Sidrops] Call for SIDROPS WG Agenda Items George Michaelson
- Re: [Sidrops] Call for SIDROPS WG Agenda Items Tim Bruijnzeels
- Re: [Sidrops] Call for SIDROPS WG Agenda Items Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] Call for SIDROPS WG Agenda Items Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] Call for SIDROPS WG Agenda Items Tim Bruijnzeels
- Re: [Sidrops] Call for SIDROPS WG Agenda Items Alexander Azimov
- Re: [Sidrops] Call for SIDROPS WG Agenda Items Andrei Robachevsky
- Re: [Sidrops] Call for SIDROPS WG Agenda Items Tim Bruijnzeels
- Re: [Sidrops] Call for SIDROPS WG Agenda Items Andrei Robachevsky
- Re: [Sidrops] Call for SIDROPS WG Agenda Items Christopher Morrow