Re: [Sidrops] Alvaro Retana's No Objection on draft-ietf-sidrops-rpkimaxlen-12: (with COMMENT)
"Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov> Wed, 10 August 2022 13:37 UTC
Return-Path: <kotikalapudi.sriram@nist.gov>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D7460C131946; Wed, 10 Aug 2022 06:37:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.689
X-Spam-Level:
X-Spam-Status: No, score=-3.689 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.582, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FROM_GOV_DKIM_AU=-0.999, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nist.gov
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5M46a5PSf-vJ; Wed, 10 Aug 2022 06:37:14 -0700 (PDT)
Received: from GCC02-DM3-obe.outbound.protection.outlook.com (mail-dm3gcc02on2128.outbound.protection.outlook.com [40.107.91.128]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 10A75C14F734; Wed, 10 Aug 2022 06:37:13 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=AeR49D+om2rfjNxsk20SBoENTAjuln3nkl906slpdn1jCs9+az1GV6tkRls8K/SynKJqTvMDrI0pmaV1BfaoVMKV30QHbz92QV7zzk6K9l5yatqeshdaXyDxJygyr2Yk9Lq44QBofnlyFNnvmd8GxnMYclU3K3y2UbaY2olDMFZD5PvlzM+OPDJK5LfsMWFjT2kKxBzcP6O0+mjcOc2VDquFQOEhUBO2HRa3ErPcxJFq68Iz2gXYhhm7s4gxMmbSPf49RXf26FEWghGiiDJa8TGAYQT48/bOjUf0p8iCxDRTGIf7bfMr6LAZHrInU+UJi9Qbf0JkahUQ3pSP8G5uZA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=A4B2Hhy3bzJj5mk0enhgPsGVhi5tVwfrcChbfYptIXw=; b=kVF6rtljUUxmfvxVJRX+6NmMBlHeOkucCgy5lH5ElDYdOeMKI46JQRdOKFTzmH4rRjFaly+JOwKQFCrEi8pEoe/VAISo0fP6KRhofX54jwMw3WRQ5ZUW9Fu3bc+j+o4NIMiW/Tp2soEjW3lwkRmZCIbijYCl05mbh7lZuIJ7wC85dDlEbte/8VQzc17XrNc8jGogpLSM73ZoujoION0tTNIVvRBs5h7INmtzOg1F6DybfasOMlNeC7CIv9X452PJ1N6+uyu4Q4Yy/TjHcp0AU9RRp+17Kqp4o8YVVaBGogtk2WJfHTB6z1z70wwU69T8Ce87/i4cZ+fOapcNN0YOxA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nist.gov; dmarc=pass action=none header.from=nist.gov; dkim=pass header.d=nist.gov; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nist.gov; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=A4B2Hhy3bzJj5mk0enhgPsGVhi5tVwfrcChbfYptIXw=; b=kNqTeDL2msSfMm86MoUi50AkcdmAgwRAcWSUTFTHKFUuAUCImphbkVkOR076P6OBnqU6CdTKq7oXNRKxm8GFLIja8FuNdStMVFNHzVSq9onlGywBKJ08pMgID8ht8NPkjvPIFJ8TkqYsKToITOETdLobDCDiHv0MJW+2VEf+NcI=
Received: from SA1PR09MB8142.namprd09.prod.outlook.com (2603:10b6:806:171::8) by PH0PR09MB7324.namprd09.prod.outlook.com (2603:10b6:510:6a::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5504.15; Wed, 10 Aug 2022 13:37:10 +0000
Received: from SA1PR09MB8142.namprd09.prod.outlook.com ([fe80::e468:3642:30f4:8f64]) by SA1PR09MB8142.namprd09.prod.outlook.com ([fe80::e468:3642:30f4:8f64%4]) with mapi id 15.20.5504.020; Wed, 10 Aug 2022 13:37:10 +0000
From: "Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov>
To: Ben Maddison <benm@workonline.africa>, Alvaro Retana <aretana.ietf@gmail.com>
CC: The IESG <iesg@ietf.org>, "draft-ietf-sidrops-rpkimaxlen@ietf.org" <draft-ietf-sidrops-rpkimaxlen@ietf.org>, "sidrops-chairs@ietf.org" <sidrops-chairs@ietf.org>, "sidrops@ietf.org" <sidrops@ietf.org>, "morrowc@ops-netman.net" <morrowc@ops-netman.net>
Thread-Topic: Alvaro Retana's No Objection on draft-ietf-sidrops-rpkimaxlen-12: (with COMMENT)
Thread-Index: AQHYrLbMG4MEQ78G50q5jjeYcWONgA==
Date: Wed, 10 Aug 2022 13:37:10 +0000
Message-ID: <SA1PR09MB8142AE728E5AAF70FCF1FD0984659@SA1PR09MB8142.namprd09.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
suggested_attachment_session_id: 68685b01-971f-9892-6ff7-b41ff3d4bd86
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nist.gov;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 7d467eaa-f524-4337-3c4d-08da7ad56d39
x-ms-traffictypediagnostic: PH0PR09MB7324:EE_
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: JGJUBXfbKQyheIUoJIifaV3cF6OSCdVCVW9jNLNiGg+xA18BIZJrdwYvBqSYjrInS3WfcFBkyp/0KzhhGZEQQkN+hY/A/Z0iCuM4ZZBaESRV84ux7chtOw5hc3Vq9vCqPEFAmE/tDbZRI2e0BvT8pUi8noARbP3sImy26L9CRJXzmMCz7CwShiHO079wSJblUUUp2zqgyZsX1IrmPwmbBq2dL7Z97xJPjbeBCwfkmNAZgDqb2ADwxj1YH6qMsnE3qhb+f5pjV7kVNe0n+PvkUdti4OdkR6qpWnBDb620XQEE07aw+2M0OaI1td6LNtmQKw0S8gB8ISnjYhiInTV0jqgvfxeLgiROacK/sybF8Q+G6arDIiOnLHeEH8N4LTjexUlmNh+Mu28FPsYoXbt1K5adLWA7R/2ztZDMRePO6mBfgrA4T236cB2/BMY/QFIj43/uRhyOGG+7RkYSDJFQ6nXuUFwPea+wsiePHk1TiFuOsNZHa6+iqcv2CAfBDlL07tj22OZJZBZhCgEqDZEcrtYyDaZkLG8U18B21/cwbqZ4P/4NEX7EIAP+NjwvVgXDI451COUBjnkn7z7dOY/KohOeGXCjj6lY9BoilqUDVqin7LotiGWPO6eLIKVFnwkuVKXj0IVqpK9LCcKPV1fP8e1KCX+tj+iIpTo3vteDqwTpkLIKwKxo6xbgk0P9Ut4GP0ELmy986DH3lzvJltenlGfb3R+BI9IODO/GJSOXEpFL+i4+787m4yLxYaQZLWPpH8nhjOHoeNvLBS2lzencLEEuScc49vegSYC1OPtAe4AVP4MA/m7rQmD50T/FEfr4
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SA1PR09MB8142.namprd09.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230016)(4636009)(366004)(83380400001)(52536014)(8676002)(8936002)(66556008)(66476007)(64756008)(122000001)(66946007)(66446008)(76116006)(55016003)(91956017)(186003)(4326008)(110136005)(54906003)(86362001)(71200400001)(82960400001)(5660300002)(9686003)(33656002)(38070700005)(498600001)(6506007)(7696005)(2906002)(38100700002); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: W0Gt/Vxrtce6YbhcTP+wg7GEhW8RnSW4RQguE5u1HoSSdl4lO4E1CyGJr0+fVPqpzCa0DIcLPE7BCzceWCTAnDkd2DJ46dil/l/47uCguVRJ/HCxWOp9imBcVa8Lcr1L97gUURSMlvPYBaxFYGKI3fTe/f8lrn1UWKEhTJ63+9mQamyOgWxRyukErPG7YzIcrsd8YJvTzoEzktOcx9ncdaD/V1yQKsEUxxmMhlgB969Lmem0QjNvyYtZ1X+tn154dNaFTcYbha1byqRlZdfCFnsfrDjk9Os5qWIxC23wXN36OfpAlF7vn3A02wkrAiBdNDPNJZJEaGJxMWnOlqBmoS24tQz1uTzpCbmeRDf+/yN7tFqpx+Sjno3Gynpjv3PddZdJg3BlxFzhp9L/W3SelF94wRQVmqidU4DwexK5QLzxsUoBxOj9Hip3AerU8vu9ZZCHqX8ajYUIiu3EbJZ2DIqIln4gZoRJa92P6NzNHBZrXA0qPt8RXtOQLr64WCxbrTvGMpsZu84bDnVGzz6BOY2vBpoZ0nq+7BCrAUl85SjSitSODYCjgV3SBjcZ6jj4MZml8EEYZXflUocRd9QF5W+78pF5sXphy2d3FKwhOno+5salzlpUBLhRiWjU2Cj2r7rRuR9To7hCjxqHcoCqGoaLmEZd0hOpg7KPoUnhyx8RBQM3pNLs3vprM8Ixbo7RhZv21SSyL+NcXrwO9z4as2lFocEqrVvWiwHM/dBXXO28Z/SZFkAiBE0jaKBkCxP/hRCkjwA5CfUW4qyU01SXh0NyUhUiAVt4mX8WZu0BSBfNgFNShzc13YNnCCoOjn6BT5w0dXKP9Tk7XNZpMPfUH7MiTZSKWM0xSaZme6kgFVOkfr8IHEPWkDHc/u2vHobzeQL29URMmfurTNzH9k/ex/G5WkTd+K1PT9OWWSVBgTI7X0jpir7oNdM8I/w5FG09BWGWLNJOY07hkAoiwT9hdIBkY9KR6ambf5oLpOSm59OFr8j0+zCJnY7ukL4G887/Egbouhazihyxh4cKkaAlVjKPN2wdl6p5ava+LKRdVPhmWWYgGP44X00udinv8ewIdhjb0jZraUnMrO+J8TIL4fYpR0KdKDHP5Nh8pmm3e7ubjcQDsriPnoKDVZjN33xy1hzzSjHanlzwFIdaTslvmPpRWJs9GC28NCFvdXy/0hRXWbYTXqI5NQqzhIbItSycMfasNhnDyFsRpLnDfxWLszqwJ3hTLX87TWBHibTGPKp1HtHAlfXEmgmZR2HjuGTAWxD1LSZDsilQOLZTsWRAtzj11CL2QwYTJNJqXTKlmubzZmdD5iud1RPqCEg1LYR1+7m9wBolqFpeGipC67fX/FcrPn99Q2eh+WTWBtp+mAuKBzqi56se/WTr6nPIo8kilRhD5iv84/eQObx0b607teQIOClmmqh7KP2t4BXexvCESdV5OfSa3WU3d0TbPpwWO96sJVWPTd7ouW6D6V+wSbV+JNaoYQJnJ+o4Q34BEaLtmhv8OehF/nGHi6/IAAd3K5GtVPkmrcZnWKFRgn0pg62/WiK0TpKKNeGF41qRsw01cTlcCJjGNS4I/QueM5uK
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SA1PR09MB8142.namprd09.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 7d467eaa-f524-4337-3c4d-08da7ad56d39
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Aug 2022 13:37:10.4798 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR09MB7324
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/OJNykrGZXHuwhJnJ8mMbxU8DSTY>
Subject: Re: [Sidrops] Alvaro Retana's No Objection on draft-ietf-sidrops-rpkimaxlen-12: (with COMMENT)
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Aug 2022 13:37:18 -0000
Hi Alvaro, You suggested: > In particular, operators with short prefixes and many advertisements of both > IPv4 and IPv6 may have a harder time keeping up with changes. I would love to > see some text around the challenges that applying the recommendations at scale > may bring, which may also "result in a self-inflicted denial of service" (to > use the description in §7). The text that is already in the draft and addresses the challenges (exception cases where the maxlength recommendation need not be heeded) is as follows: In general, except in some special cases, operators SHOULD avoid using the maxLength attribute in their ROAs, since its inclusion will usually make the ROA non-minimal. One such exception may be when all more specific prefixes permitted by the maxLength are actually announced by the AS in the ROA. Another exception is where: (a) the maxLength is substantially larger compared to the specified prefix length in the ROA, and (b) a large number of more specific prefixes in that range are announced by the AS in the ROA. This recognizes both IPv4 and IPv6 cases when the operator may decide to use maxLength rather than enumerate a large number of sub-prefixes in the ROA. Let us know if you feel the above text is not adequate. Ben and Alvaro: Elsewhere in the doc, I feel that saying "Failure to do so could, in the worst case, result in a self-inflicted denial of service." is not helpful or necessary. It can be deleted. The operator can make many different kinds of mistakes (e.g., a single typo) with ROAs that can cause self-inflicted denial of service. Sriram
- [Sidrops] Alvaro Retana's No Objection on draft-i… Alvaro Retana via Datatracker
- Re: [Sidrops] Alvaro Retana's No Objection on dra… Randy Bush
- Re: [Sidrops] Alvaro Retana's No Objection on dra… Ben Maddison
- Re: [Sidrops] Alvaro Retana's No Objection on dra… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] Alvaro Retana's No Objection on dra… Alvaro Retana
- Re: [Sidrops] Alvaro Retana's No Objection on dra… Alvaro Retana
- Re: [Sidrops] Alvaro Retana's No Objection on dra… Ben Maddison
- Re: [Sidrops] Alvaro Retana's No Objection on dra… Ben Maddison