IETF Logo Mail Archive

Re: [Sidrops] AD Review of: draft-ietf-sidrops-rfc6482bis - "A Profile for Route Origin Authorizations (ROAs)"

Job Snijders <job@fastly.com> Wed, 20 September 2023 10:47 UTC

Return-Path: <job@fastly.com>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 05840C151530 for <sidrops@ietfa.amsl.com>; Wed, 20 Sep 2023 03:47:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.105
X-Spam-Level:
X-Spam-Status: No, score=-7.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=fastly.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rbFCMyZMu4ae for <sidrops@ietfa.amsl.com>; Wed, 20 Sep 2023 03:46:59 -0700 (PDT)
Received: from mail-ej1-x636.google.com (mail-ej1-x636.google.com [IPv6:2a00:1450:4864:20::636]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 57249C14CE2E for <sidrops@ietf.org>; Wed, 20 Sep 2023 03:46:59 -0700 (PDT)
Received: by mail-ej1-x636.google.com with SMTP id a640c23a62f3a-99c3c8adb27so885412366b.1 for <sidrops@ietf.org>; Wed, 20 Sep 2023 03:46:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastly.com; s=google; t=1695206817; x=1695811617; darn=ietf.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=++HLWzAHzS+P2sOE9rpJIavPX5n6tjAunRfTOAF6MuY=; b=ZVCKXUkgb+Wqxd1XBnjb3uf5g3h3c/B5JjA8Koc9P222207MssjSh+XmxD+rx0bkzU L3h9LSWGPk5NUxZod7IjLQOtNWHD1mME2rd16+i9N/eA10gVZpp2gWwvWSk8ZtmouxFA PUx7sqCtix3+++Q+gPRdvR0gFE6n9dVWEyQKA=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1695206817; x=1695811617; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=++HLWzAHzS+P2sOE9rpJIavPX5n6tjAunRfTOAF6MuY=; b=BPPIMpk3FOMhAlwc9/jylRvWZJL2etJY/nJ6O405saoNjI54KqZdlDEvAmoY1swJHJ uSiVjQ0tgvutCJa2ncDUC6yhvOK8ruTLJHxFefYxPJ2CYpb9x+p/oTysMr61XiWZMwkO BfurbVJwfhrO1DvYa6JBm+lHx5PaNhzVEg6j7hXUucNjomeIwMTfRqFONS+QxqT7ThVz 9za6LM7O94v+0y/dhOZObFlkVfg8GvYSXNjjlbKT18bNh0Mfq52I6Tq8p0ubeMAcTO0t mTHWaSPn26V2+Tl9nYk5BlpYEN0sPmdnDemXWe6OWBcNgIV9lw74/KqXDkIUY5hE2JzP 2Dcw==
X-Gm-Message-State: AOJu0Yx+yvqLwfF9PVd1MuZZYsPq3fnuebxENErQ5V0koLJAozwm4GeX NplwJCL27In5eafWJ8INfQExkQ==
X-Google-Smtp-Source: AGHT+IHV+Wn83BKu0mq/qd/5YfeuLLrpdh6ZBbdObcD0gFdSpgNbV++tuktHEXm9HN6WAYLr/bP8cQ==
X-Received: by 2002:a17:906:d86:b0:9a9:f042:dec0 with SMTP id m6-20020a1709060d8600b009a9f042dec0mr1614938eji.38.1695206817644; Wed, 20 Sep 2023 03:46:57 -0700 (PDT)
Received: from snel (mieli.sobornost.net. [45.138.228.4]) by smtp.gmail.com with ESMTPSA id z19-20020a170906435300b009aa292a2df2sm9092210ejm.217.2023.09.20.03.46.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 20 Sep 2023 03:46:57 -0700 (PDT)
Date: Wed, 20 Sep 2023 12:46:55 +0200
From: Job Snijders <job@fastly.com>
To: Warren Kumari <warren@kumari.net>
Cc: SIDR Operations WG <sidrops@ietf.org>, draft-ietf-sidrops-rfc6482bis@ietf.org
Message-ID: <ZQrNn4mgpA9vJijj@snel>
References: <CAHw9_iKi5FLrrPW2GX0SJLgWq2g802r0JcsFsbgeYnYxfOigVg@mail.gmail.com> <CAMFGGcALstVA=04kZqoVAZanAKDa0rke=QYOyv2LNsWevLWgqg@mail.gmail.com> <CAHw9_iJJwx3R9AiBcmnST7qtdmSM_WMAtVur2RXH=dsZkFscOg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CAHw9_iJJwx3R9AiBcmnST7qtdmSM_WMAtVur2RXH=dsZkFscOg@mail.gmail.com>
X-Clacks-Overhead: GNU Terry Pratchett
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/ttOMLacJCSAATjXIe9DFkudSt6o>
Subject: Re: [Sidrops] AD Review of: draft-ietf-sidrops-rfc6482bis - "A Profile for Route Origin Authorizations (ROAs)"
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Sep 2023 10:47:03 -0000

On Sun, Sep 17, 2023 at 10:10:22AM -0700, Warren Kumari wrote:
> How about, at the end of "5.  ROA Validation", at the end of:
> "Before a relying party can use a ROA to validate a routing announcement,
> the relying party MUST first validate the ROA.  To  validate a ROA, the
> relying party MUST perform all the validation checks specified in [RFC6488]
> as well as the following additional ROA-specific validation steps."
> you add: "If any of these constraints fail, the profile is deemed corrupt,
> and the entire ROA should be discarded (probably after reporting an
> error)." or similar.

Thank you for the suggestion, how about the following?

https://github.com/job/draft-rfc6482bis/commit/25f14dd674625a4ac526dfcfef26f7345bd10cc1

Kind regards,

Job

v2.20.3 | Report a Bug | By Email