IETF Logo Mail Archive

Re: [Sidrops] WG Adoption call for draft-borchert-sidrops-bgpsec-validation-signaling-01 (9/16-9/30)

"Jakob Heitz (jheitz)" <jheitz@cisco.com> Tue, 24 September 2019 19:32 UTC

Return-Path: <jheitz@cisco.com>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F1B311200CC for <sidrops@ietfa.amsl.com>; Tue, 24 Sep 2019 12:32:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.5
X-Spam-Level:
X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=HpqjBiqM; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=GO1b9Y3c
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G6pFXOcScPiS for <sidrops@ietfa.amsl.com>; Tue, 24 Sep 2019 12:32:27 -0700 (PDT)
Received: from rcdn-iport-7.cisco.com (rcdn-iport-7.cisco.com [173.37.86.78]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A60A21208F1 for <sidrops@ietf.org>; Tue, 24 Sep 2019 12:32:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2982; q=dns/txt; s=iport; t=1569353547; x=1570563147; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=sog9Ouo8wf0HnMh2YYPHI8j5j8PWsOsu/svUXELeo2U=; b=HpqjBiqMHzKCaek/lytOSftPlZlyTocIlVV/C3V6XLRWkqy5mXZutV2x Itgy7lynN9wn1jwwTbCb9K0Hwlg0Ix1VjPEqaHJwyQgSGp918edZ0wtg9 TzwDEWsFK7kkmBxC3Rlke6JqfavlA7Xmb1J4vqK2rZPtOe15MwpuqWMZr Q=;
IronPort-PHdr: 9a23:j1P0tBcaJyabmDwB2yPGqPorlGMj4e+mNxMJ6pchl7NFe7ii+JKnJkHE+PFxlwKYD57D5adCjOzb++D7VGoM7IzJkUhKcYcEFnpnwd4TgxRmBceEDUPhK/u/bSw3HdhQfFRk5Hq8d0NSHZW2ag==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AJAADqbopd/5RdJa1lGgEBAQEBAgEBAQEMAgEBAQGBUwUBAQEBCwGBSlADbVYgBAsqCoQYg0cDhFKGJoJcl3SBLoEkA1QJAQEBDAEBGAsKAgEBg3pFAheDCiM0CQ4CAwkBAQQBAQECAQUEbYUtDIVKAQEBBAEBEAsGEQwBASwLAQsEAgEIEQQBAQMCHwcCAgIlCxUICAIEAQ0FCAwOgwGBagMdAQIMoxoCgTiIYXOBMoJ9AQEFhQ0YghcDBoEMKAGMCRiBQD+BEUaCTD6CYQEBgWODCTKCJox1gmWdNgqCIpUlmSWOGpkVAgQCBAUCDgEBBYFSOIFYcBU7gmxQEBSBTjiDOoUUhT9zgSmJKCuBBAGBIgEB
X-IronPort-AV: E=Sophos;i="5.64,545,1559520000"; d="scan'208";a="630699668"
Received: from rcdn-core-12.cisco.com ([173.37.93.148]) by rcdn-iport-7.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 24 Sep 2019 19:32:26 +0000
Received: from XCH-RCD-014.cisco.com (xch-rcd-014.cisco.com [173.37.102.24]) by rcdn-core-12.cisco.com (8.15.2/8.15.2) with ESMTPS id x8OJWQcp014176 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 24 Sep 2019 19:32:26 GMT
Received: from xhs-aln-002.cisco.com (173.37.135.119) by XCH-RCD-014.cisco.com (173.37.102.24) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 24 Sep 2019 14:32:25 -0500
Received: from xhs-aln-001.cisco.com (173.37.135.118) by xhs-aln-002.cisco.com (173.37.135.119) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 24 Sep 2019 14:32:24 -0500
Received: from NAM03-BY2-obe.outbound.protection.outlook.com (173.37.151.57) by xhs-aln-001.cisco.com (173.37.135.118) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Tue, 24 Sep 2019 14:32:24 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=D4W+bCi0LSRDCmE5lQAhSBiIJKBh4/AH7K/GobW3e2PjIQOURGrYE//FiRkQpmhUouDkQAgNSne3ue/3dNquMLunoXYu4XmMCHcmF8VbAgr4sxC/RjrElTtBuaGJ9AwWr0z6admsP0vtp9OfJUhpShC8oSOfPi/KDj0VlsFtVpPnSTHDqBpUgsweRA0y8L7sXSCyyC1X0zUCX4iS0La9kXs0QebFN9TPbzcAImH2wK2ACB6dtA/lWslWFMe9mf3T7ErsCVhXDjM6prfldsvOGgYJz2+XMs6LA1DAUzt7BSeHghqQfTyc0Adgk9GMt96N2Fh5UyxR9+bzise92+kTOw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=sog9Ouo8wf0HnMh2YYPHI8j5j8PWsOsu/svUXELeo2U=; b=B9Zhf5dwdyFBSvKMpX9n8SF9tq/DGi4KdmdOKxMmhjbHt00Znj8VcYnY+BuFrrUVfDBy7dEtv7UpixwyKCE873WZ3f0LJKG74MV3aJB1cB31da2eNNsU8cAiIiCCdXgwK9lVYaLeR7+QgZtwb2PsQP1Zbs+se60R5BYU2vOgeEqaofctJELeuOTooY9nf3j/7+Vl7WL+XISKEhllpwYHRak3yGI+zT1XWm1NOSODMBDSpkWLovLMe7N/n89E2dl+AdcRT35QT6zMzHstD+ZOzc0AauXmQ/+gNp8xOlpT3oE4cNjrikTBThWBTuKt+qAiRfEIwusE6QYFZ6vSpxVerw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=sog9Ouo8wf0HnMh2YYPHI8j5j8PWsOsu/svUXELeo2U=; b=GO1b9Y3cOwW5oSjjV74c+9VztEPiviqiQ5Pf/GGoU3VGYuPgK89OTVjIjlbp/qNRQtZgFwacm4PM7lbwUiUGtxtHQYXbyI3SMh3iJtx3ymRwMm9D+7ZZmdk+Kck67FtTi7SATNOPKE4tgbHhOyy94zeW+pegWhYhSevWbxIXo2U=
Received: from BN8PR11MB3746.namprd11.prod.outlook.com (20.178.221.23) by BN8PR11MB3668.namprd11.prod.outlook.com (20.178.218.88) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2284.22; Tue, 24 Sep 2019 19:32:23 +0000
Received: from BN8PR11MB3746.namprd11.prod.outlook.com ([fe80::a10e:b152:4deb:f1a4]) by BN8PR11MB3746.namprd11.prod.outlook.com ([fe80::a10e:b152:4deb:f1a4%3]) with mapi id 15.20.2284.023; Tue, 24 Sep 2019 19:32:23 +0000
From: "Jakob Heitz (jheitz)" <jheitz@cisco.com>
To: "Montgomery, Douglas (Fed)" <dougm=40nist.gov@dmarc.ietf.org>, Randy Bush <randy@psg.com>, Keyur Patel <keyur@arrcus.com>
CC: "sidrops@ietf.org" <sidrops@ietf.org>
Thread-Topic: [Sidrops] WG Adoption call for draft-borchert-sidrops-bgpsec-validation-signaling-01 (9/16-9/30)
Thread-Index: AQHVbMKiBubipeZ/d0GMV+4UPfWKYKcuza8A///bQYCADJgpcA==
Date: Tue, 24 Sep 2019 19:32:22 +0000
Message-ID: <BN8PR11MB3746439C06B460A7BD009758C0840@BN8PR11MB3746.namprd11.prod.outlook.com>
References: <0BBFA8C1-A13D-4CC9-A72D-ABAE797F2E4F@arrcus.com> <m28sqouepr.wl-randy@psg.com> <875A2007-9546-4CE3-AD32-15D4E7F7C29E@nist.gov>
In-Reply-To: <875A2007-9546-4CE3-AD32-15D4E7F7C29E@nist.gov>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=jheitz@cisco.com;
x-originating-ip: [128.107.241.182]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 1cefefd0-69f7-43a4-dbdd-08d74125ec64
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600167)(711020)(4605104)(1401327)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7193020); SRVR:BN8PR11MB3668;
x-ms-traffictypediagnostic: BN8PR11MB3668:
x-ms-exchange-purlcount: 1
x-microsoft-antispam-prvs: <BN8PR11MB366802B5B869BAC5B6F04451C0840@BN8PR11MB3668.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 0170DAF08C
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(396003)(39860400002)(376002)(366004)(136003)(346002)(13464003)(199004)(189003)(4326008)(6306002)(52536014)(256004)(476003)(446003)(6116002)(3846002)(33656002)(9686003)(6436002)(316002)(74316002)(55016002)(7736002)(66574012)(305945005)(966005)(478600001)(11346002)(110136005)(6246003)(229853002)(2906002)(66066001)(64756008)(7696005)(66476007)(66446008)(8676002)(102836004)(66556008)(76176011)(53546011)(6506007)(71190400001)(86362001)(14454004)(5660300002)(486006)(186003)(26005)(81156014)(66946007)(76116006)(8936002)(81166006)(25786009)(99286004)(71200400001); DIR:OUT; SFP:1101; SCL:1; SRVR:BN8PR11MB3668; H:BN8PR11MB3746.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: jPBB2GObY1s8RUBFXigMnA7Vb//9xg/+uOUW+MRPS2Yu6RSKtzzCxI987kj/k7vkp8zQR5Rtu0+gl7Eg2SM0id7kFb9ZG+YBndAukU6LAJIy93hcFV99szdV9O+Sg+oj17yimu1yNnMva9muisi60z/fb8zlw89pJ5ru5erhPugPtX7RfjCu3uwfBBLE6C2j2LWnu7RC1sOh6Rc998bH84HQg5EO+t6RC2hNnnJo3+P42/pGyBencLaZ8cGXUFpxCoZrBg0l8rBBJpfPYma5TOaBEhK0/xADXr+yw3aKaZ5eYnKTeMxasbcsG6922wzyuhF9ZYpm6uxwWyBjYjP0TO0cRtH1n2M1ktHMW98TJTMZNbjEjWz2F8+Q1WCd3D40Z3nZTabMxGfYYLDKjVNPWPMe/3fVvs74yw+KLYyWBMXjgb8i51SEZsxhm3OjR+asciBbQefGBKdjlmvcCBUqlg==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 1cefefd0-69f7-43a4-dbdd-08d74125ec64
X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Sep 2019 19:32:22.9953 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: CmD9vCHEDv+pXXqyeoyK5o2GCCxUwdR3hGLi4OEr1S1WuM6oP9/fCDORx37ueke0dGozPLmMc8bXi709jNNXlA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN8PR11MB3668
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.24, xch-rcd-014.cisco.com
X-Outbound-Node: rcdn-core-12.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/u_TcKT5SoNgDnNaqxOQ833Uj_Wc>
Subject: Re: [Sidrops] WG Adoption call for draft-borchert-sidrops-bgpsec-validation-signaling-01 (9/16-9/30)
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Sep 2019 19:32:30 -0000

I would be in favor of carving off another byte from the reserved field.
Redefining the validation state to add the new information instead would confuse older receivers that do not understand the new code points.

In addition, I would add another point to the BGPSec validation state: BGPSec attribute not present or in error.

   +-------+------------------------------+
   | Value | Meaning                      |
   +-------+------------------------------+
   |   0   | Lookup result = "Unverified" |
   |   1   | Lookup result = "Valid"      |
   |   2   | Lookup result = "Not valid"  |
   |   3   | Lookup result = "BGPSec attribute not present or in error"
   +-------+------------------------------+

If it were to use a reserved byte of the RFC8097 community, 0 for unverified would work, I think.

Regards,
Jakob.

-----Original Message-----
From: Sidrops <sidrops-bounces@ietf.org> On Behalf Of Montgomery, Douglas (Fed)
Sent: Monday, September 16, 2019 4:02 PM
To: Randy Bush <randy@psg.com>; Keyur Patel <keyur@arrcus.com>
Cc: sidrops@ietf.org
Subject: Re: [Sidrops] WG Adoption call for draft-borchert-sidrops-bgpsec-validation-signaling-01 (9/16-9/30)

Randy,

Are you suggesting keeping the 0x43 0x00 code point, but redefining its validation state byte with additional values and meanings for path validation?

Or carving off another byte from reserved?

Either of those sounds fine and save bits.   

Clearly there would need to be a new spec that that adds the words to do that.

dougm
--
Doug Montgomery, Manager Internet  & Scalable Systems Research @ NIST
 

On 9/16/19, 5:13 PM, "Sidrops on behalf of Randy Bush" <sidrops-bounces@ietf.org on behalf of randy@psg.com> wrote:

    "This document defines a new BGP non-transitive extended community to
    carry the BGPsec path validation state inside an autonomous system."
    
    given the one in RFC 8097, we need a new one because?
    
    randy
    
    _______________________________________________
 

_______________________________________________
Sidrops mailing list
Sidrops@ietf.org
https://www.ietf.org/mailman/listinfo/sidrops

v2.23.0 | Report a Bug | By Email