Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-verification - ENDS 03/22/2023 (Mar 22 2023)
Amir Herzberg <amir.lists@gmail.com> Sun, 19 March 2023 12:48 UTC
Return-Path: <amir.herzberg@gmail.com>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 86089C14CE38; Sun, 19 Mar 2023 05:48:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.097
X-Spam-Level:
X-Spam-Status: No, score=-7.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id t_EejZ-8SMyr; Sun, 19 Mar 2023 05:48:37 -0700 (PDT)
Received: from mail-wr1-x433.google.com (mail-wr1-x433.google.com [IPv6:2a00:1450:4864:20::433]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A32E3C14CE30; Sun, 19 Mar 2023 05:48:37 -0700 (PDT)
Received: by mail-wr1-x433.google.com with SMTP id m2so8056831wrh.6; Sun, 19 Mar 2023 05:48:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; t=1679230115; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=/YCEWZFdomZRLx+kGAuTwC5tD3bAUPBXnCuZ6tvDNkM=; b=Krv84KrC9YOWCSR9s+BHlzDKPxO3345AQi3yAbffN2Ctt9bubbPlR0fjNlYo89TxeO SgVfVqCLdWiv0U4z4/EsH2gFAkqRZUmhGTv4UPeYD+X/jgFlTnPQOHMhoDGtDtCEmp9l rI0AupvjI4yf514ZCuD16ZE8gq+Uus+6VnKHXahoRmzTd9QfVAv7J6L42h56WD9dE4EQ I8NBLSXsAKPYQoF8EUkzhIbePF0SR86IbLJZvIeE0SckrnaOOB//SuEFnS3EijKWTd+O wZ7CUSH9fmb7ICp7Ej3pS3J9L6rSHvaqTmxfgGClCcsXL47BAz47saQuQDsbC3wnw8XR 1Iow==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1679230115; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=/YCEWZFdomZRLx+kGAuTwC5tD3bAUPBXnCuZ6tvDNkM=; b=wt1eRi8ihITyzoqmsUEouvvLzdZBrh/B9+xIxl9uXQlanL+WdAN9s/RW27fVd9NgpQ 1eawWbq7fZyKY/FVvtY1WVDN5A21ydyfqUxZbqQmmLqBQDXalJugcmjIHNoJ/gKWYvbx k/LaJQV4awHhOAjt4MBQ9kE45zyfKOOxvDQhLXU3g1M5Wndz6OwWx2f1jYfORPujcSMH vOPfR/NJ+hNiMkDvcwdjFqbS+T4NvZAKE9LJLSQZ2gG7nCuNBFjwAFs0C+3iM+lzamn/ 7/VJFKvMLhJFySad758CwqAx9qBcRDOg67sVJfWshOpFsnpiHiy689+joBgyvAh7OjBU 85tw==
X-Gm-Message-State: AO0yUKUBjnEgtf4rgbPdQBvj3ETrJc6NPhHMoM4wKGe3jB4xm2Ms7tKB MwcNxVSvTUiKJJ925du2FrzxdamK8xnTaBudPhgT9azB
X-Google-Smtp-Source: AK7set9E/er1pkOEpMuWT69EjVVqj/JTXzZRJ73JlT5Q4LE0xJVUAwomxrD3Eu7A+chUuvQVv5u303WcM2B8wRxxXW0=
X-Received: by 2002:adf:e8ce:0:b0:2d4:4f2b:965a with SMTP id k14-20020adfe8ce000000b002d44f2b965amr841970wrn.14.1679230115514; Sun, 19 Mar 2023 05:48:35 -0700 (PDT)
MIME-Version: 1.0
References: <SA1PR09MB8142730B230AF79921756DD384829@SA1PR09MB8142.namprd09.prod.outlook.com>
In-Reply-To: <SA1PR09MB8142730B230AF79921756DD384829@SA1PR09MB8142.namprd09.prod.outlook.com>
From: Amir Herzberg <amir.lists@gmail.com>
Date: Sun, 19 Mar 2023 08:48:24 -0400
Message-ID: <CAHBw0M_LrM9Rs3ogku=V3GtiRBpihwivi+mL83ikfUjv4WzZ4w@mail.gmail.com>
To: "Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov>
Cc: "sidrops@ietf.org" <sidrops@ietf.org>, "draft-ietf-sidrops-aspa-verification@ietf.org" <draft-ietf-sidrops-aspa-verification@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000880f1f05f7403a10"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/unnLMEgcUF-YC0ik78oEyJWozR4>
Subject: Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-verification - ENDS 03/22/2023 (Mar 22 2023)
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 19 Mar 2023 12:48:38 -0000
Sriram, these responses address all of the issues I was able to identify. Thanks! Amir -- Amir Herzberg Comcast professor of Security Innovations, Computer Science and Engineering, University of Connecticut Homepage: https://sites.google.com/site/amirherzberg/home `Applied Introduction to Cryptography' textbook and lectures: https://sites.google.com/site/amirherzberg/cybersecurity On Sat, Mar 18, 2023 at 6:51 PM Sriram, Kotikalapudi (Fed) < kotikalapudi.sriram@nist.gov> wrote: > Hi Amir, > > Thank you. Thanks also for the off-list discussion earlier to clarify > several points between us. > My comments are inline below. > > >I've reviewed this draft and recommend advancing it, I think its adoption > >is relatively-easy and can have significant benefits - Kudos! > > > > Great to hear that. Thanks. > > >I have few comments, nothing critical though. > > > >1. section 2, change the language and say that an AS _MAY_ export any > >announcement, including from non-customers, to sibling AS. The current > >language may be interpreted as if siblings necessarily export everything. > > > > OK, good. Will make that change in v-13. > > >2. section 4: clarify that ASes A, B which are siblings MUST either both > >register the other (in SPAS), or neither register the other in SPAS. I'm > >concerned that if you don't clarify this condition, then we may have > >deployments where A registers B in its SPAS but B doesn't register A in > its > >SPAS. Let C be a provider of A, and consider an announcement which A > >receives from C and exports to B, which exports it to a customer D (who > >adopts ASPA). Then D may (incorrectly) filter this announcement (since > it > >appears to have been sent `up' from A to B). > > > > Yes, good point. Will clarify that in v-13. > > >3. 2. section 4: you refer to an ASPA object `showing only AS 0 as a > >provider AS' as an AS0 ASPA. It leaves the possibility of an ASPA object > >showing as provider AS both AS 0 and another AS. I think you better > forbid > >this explicitly, i.e., AS 0 should only appear as the only provider AS > (if > >it appears at all). > > OK, good catch. Will add appropriate wording for that. > > > > >4. section 4: you say that all ASes MUST have an ASPA. I think this > should > >be only SHOULD as we can't really require/force ASes to adopt a standard. > >Or just say that this requirement MUST be met by ASes compliant with the > >current specifications. > > > > Yes, will make this substitution: > s/ Any AS, including an RS AS, MUST have an ASPA. / > A compliant AS, including a compliant RS AS, MUST have an ASPA. / > > >5. section 5: in the hop-check function, the value `Provider' should > better > >be renamed to allow for the case the AS(j) is a RS or sibling of AS(i). > >Probably best to change the terms in ASPA_Profile too. I realize this > >change is a bit problematic since what we mean is really something like > >`effective/extended provider', and people are already used to it too, but > >maybe something like eProvider or extProvider will work? or UPok? In any > >case, using exactly the same term for two different concepts - even with > >explanation - is bound to cause confusion and may result in > implementation > >errors. > > As discussed off-list, your other suggestion 'Provider+' seems be the best > term to use. > > So in the equation for the hop-check function in Section 5: > s/Provider/ Provider+/ > > Will also add a paragraph before the equation in Section 5 as follows: > > The term "Provider+" in the definition of the hop-check function > is meant to encompass the possibilities of Provider, RS, or Sibling. > An RS is effectively a Provider to its RS-client. Siblings regard > each other as Provider and include each other in their > respective SPAS (see Section 4). > > Also, in Section 6, all the instances of "Provider" in association with > the hop-check function, hop(..), will be replaced with "Provider+". > > > > >and here are some even more minor comments (nitpicks): > > > >- in section 2, clarify that the relationships, except siblings, are > >defined in RFC9234 > >- in section 4 add reference to definition of non-transparent RS AS (or > >define) > >- In 6.1, s/ AS(i)in/ AS(i) in/ > >- also in 6.1: s/ For 2 <= i <= N, if there is an i/If there is an i > s.t. > >2 <= i <= N and/ > >- in 6.2, step 4, s/find the lowest value of v/find the lowest value of > u/ > > All good catches. Will fix these. > > Hopefully, my responses adequately address your concerns. > > Sriram >
- [Sidrops] WGLC = draft-ietf-sidrops-aspa-verifica… Christopher Morrow
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Claudio Jeker
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Job Snijders
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Christopher Morrow
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Christopher Morrow
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Christopher Morrow
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Chris Morrow
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Christopher Morrow
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Yangyang Wang
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Yangyang Wang
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… gengnan
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Claudio Jeker
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Amir Herzberg
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Ben Maddison
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Amir Herzberg
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Borchert, Oliver (Fed)
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Claudio Jeker
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Zhuangshunwan
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Amreesh Phokeer
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Job Snijders
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Claudio Jeker
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Martin Hoffmann
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Claudio Jeker
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Martin Hoffmann
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Randy Bush
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Aftab Siddiqui
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Lubashev, Igor
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Tim Bruijnzeels
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Tim Bruijnzeels
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Di Ma
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… gengnan
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Lubashev, Igor
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Job Snijders
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Yangyang Wang
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Tim Bruijnzeels
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Claudio Jeker
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Claudio Jeker
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Randy Bush
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Claudio Jeker
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Martin Hoffmann
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Ben Maddison
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Ben Maddison
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Claudio Jeker
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Lubashev, Igor
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Lubashev, Igor
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Lubashev, Igor
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Claudio Jeker
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Yangyang Wang
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… 戴志滨
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Russ Housley
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Martin Hoffmann
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Randy Bush
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Job Snijders
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Martin Hoffmann
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Martin Hoffmann
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Job Snijders
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Martin Hoffmann
- [Sidrops] Fw: WGLC = draft-ietf-sidrops-aspa-veri… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-veri… Christopher Morrow
- [Sidrops] Making ASPA AFI-Agnostic - coordination… Job Snijders
- Re: [Sidrops] Making ASPA AFI-Agnostic - coordina… Martin Hoffmann
- Re: [Sidrops] Making ASPA AFI-Agnostic - coordina… Tim Bruijnzeels
- Re: [Sidrops] Making ASPA AFI-Agnostic - coordina… Di Ma
- Re: [Sidrops] Making ASPA AFI-Agnostic - coordina… Matthias Waehlisch
- Re: [Sidrops] Making ASPA AFI-Agnostic - coordina… Claudio Jeker
- Re: [Sidrops] Making ASPA AFI-Agnostic - coordina… Martin Hoffmann
- Re: [Sidrops] Making ASPA AFI-Agnostic - coordina… Ties de Kock
- Re: [Sidrops] Making ASPA AFI-Agnostic - coordina… Alexander Azimov
- Re: [Sidrops] Making ASPA AFI-Agnostic - coordina… Borchert, Oliver (Fed)
- Re: [Sidrops] Making ASPA AFI-Agnostic - coordina… Russ Housley
- Re: [Sidrops] Making ASPA AFI-Agnostic - coordina… Borchert, Oliver (Fed)
- Re: [Sidrops] Making ASPA AFI-Agnostic - coordina… Job Snijders
- Re: [Sidrops] Making ASPA AFI-Agnostic - coordina… Russ Housley
- Re: [Sidrops] Making ASPA AFI-Agnostic - coordina… Martin Hoffmann
- Re: [Sidrops] Making ASPA AFI-Agnostic - coordina… Job Snijders
- Re: [Sidrops] Making ASPA AFI-Agnostic - coordina… Russ Housley
- Re: [Sidrops] Making ASPA AFI-Agnostic - coordina… Martin Hoffmann
- Re: [Sidrops] Making ASPA AFI-Agnostic - coordina… Job Snijders
- Re: [Sidrops] Making ASPA AFI-Agnostic - coordina… Alexander Azimov
- Re: [Sidrops] Making ASPA AFI-Agnostic - coordina… Alexander Azimov