IETF Logo Mail Archive

Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-verification - ENDS 02/17/2023 (Feb 17 2023)

"Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov> Fri, 27 January 2023 15:51 UTC

Return-Path: <kotikalapudi.sriram@nist.gov>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9D9BCC14CEE3; Fri, 27 Jan 2023 07:51:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.101
X-Spam-Level:
X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FROM_GOV_DKIM_AU=-0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nist.gov
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZhAfSpsOgXkk; Fri, 27 Jan 2023 07:51:09 -0800 (PST)
Received: from NAM11-BN8-obe.outbound.protection.outlook.com (mail-bn8nam11on2100.outbound.protection.outlook.com [40.107.236.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 42494C14F72D; Fri, 27 Jan 2023 07:51:08 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=QMqG/TEC1mqsSFU+SnUSxSoHe6VGT302W2kGERfe6/niosn8dFLgBb9MiZpO/7PctOcxzVd51H9iH0gRn4R/UZZLarmeeaCNYg/nJ49tU/XtVRQSgGpaW60tJIVV4XQMSzVRo5XeiTT6IPW+LGe1GgX+oTrFQxDisrMEqsyrfliaeKYFhqAQW66nrPknCjAHSz2dUfpXFChsyL3B8Wp4Q/dPXGVtONITtF2Y6IJFChz2n7pZ4zc7AxpEOF02w5aIgiTtbV7i+GaOPbw2O4xSdoWVVChZ1XiBjLWSUvViHc/LVMw/52dX+A6c8Uc3K4Yt3vjB+LJXmZm2fDN4YRbOKA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=m4sWjzbl+Ao+kfWWBXraMQKZdSjhz2jbKtDBduUD99Y=; b=FaXcZBvhhR2XYX50u7r/X9Gs8c6eKeIEHGe64hs1X8xDjMZicdqjeaUq6kKjo6wyrwz/iuIcv91IZQLfWcm910RxBBNa03NFNRurlEzDeyaH3cFpTjWpGf/UI96oloO25OJDnYrf47p0nquTWvfiwc7f9vInau0xfmPng3pt4fzj26Xm1EFfM2ZzMFCcROcNPYKSVIZ7JbTSb/IGP6hkPNTMyA/rxQCCPCL4KQkah/ZsVJ7qs51y7pwnzkCPcaZfiSgrThcYgatiZk17SIA08QwmhoTGdzTYGK1hput8LPTE20D3hg7yGUOinkMKmRUcVC1AFJNivMnlzinJw4BMtQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nist.gov; dmarc=pass action=none header.from=nist.gov; dkim=pass header.d=nist.gov; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nist.gov; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=m4sWjzbl+Ao+kfWWBXraMQKZdSjhz2jbKtDBduUD99Y=; b=VdjZqVo/6zgTczGjiEervRv8KSLVAtLKrmTD3PyFsGfiqwWuANki4Otw35fdo9cbOgOPFPuuQqAXnwwr+eVvWuHRZY4wug/58nx3ONJl/qorEuyQW4NhEhBBmxYOTdT3UouFIVZYsaNxB87hbNDe+cqv05nVoLmhc/d6m+8d1KCJJ7ptwvo0mPeJzOxyyw8syHXuJE5Vf+qFVq7RUJVb136JMa8n/qXmagtFV+QwiQ5Lbbs11saFqqQWb3wNv5oS4piLyyJcwl5yzF7c3j0bH2PxRHwybcCWImG6IrDzTLLoGF5iXgJEd1WRrZ9HP0pRffSANV5DOiuLsLTXkRF8DQ==
Received: from SA1PR09MB8142.namprd09.prod.outlook.com (2603:10b6:806:171::8) by SJ0PR09MB9793.namprd09.prod.outlook.com (2603:10b6:a03:467::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6043.25; Fri, 27 Jan 2023 15:51:05 +0000
Received: from SA1PR09MB8142.namprd09.prod.outlook.com ([fe80::5b68:69d9:e45b:6cfc]) by SA1PR09MB8142.namprd09.prod.outlook.com ([fe80::5b68:69d9:e45b:6cfc%6]) with mapi id 15.20.6043.023; Fri, 27 Jan 2023 15:51:05 +0000
From: "Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov>
To: Claudio Jeker <cjeker@diehard.n-r-g.com>, Job Snijders <job@fastly.com>
CC: "sidrops@ietf.org" <sidrops@ietf.org>, "sidrops-chairs@ietf.org" <sidrops-chairs@ietf.org>, "draft-ietf-sidrops-aspa-verification@ietf.org" <draft-ietf-sidrops-aspa-verification@ietf.org>, "draft-ietf-sidrops-aspa-profile@ietf.org" <draft-ietf-sidrops-aspa-profile@ietf.org>, "Compton, Rich A" <Rich.Compton@charter.com>
Thread-Topic: [Sidrops] WGLC = draft-ietf-sidrops-aspa-verification - ENDS 02/17/2023 (Feb 17 2023)
Thread-Index: AQHZMmcp8mR7K2LFs0K3dY9p9xo2Iw==
Date: Fri, 27 Jan 2023 15:51:04 +0000
Message-ID: <SA1PR09MB8142E41F2D6B537BCAA758F384CC9@SA1PR09MB8142.namprd09.prod.outlook.com>
References: <SA1PR09MB814241245D01E81BADE3ED0884CF9@SA1PR09MB8142.namprd09.prod.outlook.com> <31FDE1E9-3E87-4011-B65B-C6B3A264303F@vigilsec.com> <SA1PR09MB81427B4A1B126A5D1C1E289C84CF9@SA1PR09MB8142.namprd09.prod.outlook.com>
In-Reply-To: <SA1PR09MB81427B4A1B126A5D1C1E289C84CF9@SA1PR09MB8142.namprd09.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nist.gov;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: SA1PR09MB8142:EE_|SJ0PR09MB9793:EE_
x-ms-office365-filtering-correlation-id: 1e8434a4-0491-41a1-97d7-08db007e4c66
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: /jZhuE5xTo9opaJcQ+gWe1ohFooZdcNwzQbYdB22F/iCona5ltItJ8kkgGIK9pKLvbC6x8ERL0jkzhoZ8hSFdCuElAgM1mQnL1rU1VrqB93iurRAk6KEZvJiuNHxIilZ4Y6tJ8zF6Kgw11IrcmHrc382bXjdFT1lTkZCbPvmVCc+w4V5GdFvatdOCErBF2xFdKOROYC3mWtGukl2dmhS6JC/natmgGmN1ycsqMq/mdLRCsKrd5FalSdFV8SVBm3/7Wbg1lQO91F6cA47reuZqefYdpIq5P1FPbJX9oK//m2cTZUYvvlEWyVuT4k2ykxvU7IIYWwtjQ0mLlnewLHbVPIm/5uUARwdSnwlCVgv4D6BJEd5/6pWtBftGs6aX1tUJ4/jJDvdWfGxujTk78nVwycUCV4L8vZeI04Wuj43EZkRY6bR0HO0vUjfheiGd0MG3VKYfFobtjwY+8eO9hrPexQAUcJ13OHYCUu2eEFuWIcWtYzs3X+6tL61QZAbDgQXD0a74jqcK5b1LUBB+89fbUNAzMEaa4UBcK2wucTEutTySMultUeVmzzSAfzT6Hj/lp/0YMMoDXip9q6Zlk7a3oab6PWufNwufAUvI0p4l+1eObNy8ZFyxJrBB/KW8/+SQyKLFeB9ZmKrQl4Dxf5SuGSWpEQkGuBYloixPy5lr+tV3FLJCazqt5vLo3oLhRU+mz2J0kRpZFB7tUu9Nn2qWvwLdecATx7Nf4WgbElx21s=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SA1PR09MB8142.namprd09.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230025)(4636009)(366004)(451199018)(2906002)(71200400001)(186003)(966005)(76116006)(5660300002)(8676002)(4326008)(66946007)(33656002)(82960400001)(38070700005)(8936002)(52536014)(86362001)(66556008)(55016003)(38100700002)(122000001)(66446008)(66476007)(64756008)(15650500001)(66574015)(110136005)(54906003)(83380400001)(498600001)(66899018)(7696005)(9686003)(26005)(6506007); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: imLgMWTudxcQBJBSU+TTvRf1vZednHuo0IKy2O6i8dNX7kd3ikMsJlGTMIHgOm4iGsun7np67uyaQbLGqNmLIame11lASh/IsMkRw6CUnaBZbT5oJZknum3G8Q4H4sJ8tft9XK9zN9KIR5PBjndbcrgKFPiB0V+O2Unk8HFaRv7HKyxc4pFVnJ1GcpySYUFWemIiws5q6fZA7zFqHXcQ6hbybxWJ2RwH5PnrNIL4OoUR2Bn3lEGLHwAAcPyK8TPQbNo+wkDdxczip+RJONkO4yZuWIATd5rIf2gHAe0vM8GvnCu8xFkXhXUpcRHbT3lwcxR6jJ4j4+qJ6rZ44cWvsk3qvcEGnImj1xeInsnvfZOS9iiQijGoSAIqLk3NbyI8tRcYnVieilGB7hO5nqac2YK9iYx9wA8g0+nLSfsfDaxF2ofxUFd3nJ6yVWC/V1eekCBbk2ZihYnIn69zFlT/2kScPmDBiY7exJUChyG2nenDCLCirjeaSeY2bPcIcHUP6NSsbmVGLF4rncWewzJDZz2Cu3GajV3rbKx6y0ybxtx6craWc6fohONTCVemqNZnBqbYJ6iqEsB5JlENCWz4sriGA0LgpS8mmav7FFHyK1PFIU9eYmahyeQXnm0XmjdQGAtCQ9r73dbpBY4l3UHT1GQtmYwnryHYjGck4pFI4sh81YfeZ1zN0j6w8I7R3c30OgA/9cExfYe4VeaFOdr+UE45/mvlxtJkzpmfeCeJGPxkJhzyokBQhdIvBGb0PjtJywwnQg6MsT8fi5hDiHr5c6zds2SFbyRrVVlvtO6C7DzD+NWXs9FzMWl4gH0oc/GtkN1VNmcIRny0QppoJ1T+PeYcvrqiINVesEiZtERpuJiD1jNzOz3oo6eEIwzPfmqKeZ4tEoRpvS3AB/sAqqLLpvhkTJFXGC9I96rErnNbg2CFpN34O9YF0jjDApizpXNQgvGPLfL6d4WTV0UDnGh3TEWwLokivPWh+NlxdiKMfpMM0dI/Tx1/4UgqIXOKM/OGkLVGKOpZHerpFq03PHNHVnxD/SETMuSjTJpXzzn0k8YYdl55jmD2XoKHWeQ88No9sRkDI1cbcYelwMoKieJOw9cem5RcqJgRdOr8U0Q7P5p/OncffTHAnhxvc+iQvcv16p9NpBz+kOnrWok6qi9MqvvmPWgLbtLjg+9JU3AdbfAT/lwC/4NArXDdn9wac6SNNHUnv4e4pF33aAvmdM/8MZl3P9AK2dwyXnXZWuQT4AP6T4cIishkjVnVcfVNAqTrM9S7QKCNLMZ4clOmHW+0KBrfjb6E/hoV3V3XgsYd/MJkWsrePwBV5eHDcIgQ8VFEAtUnAii3ASu0vtVGjrGqTH9HtSqMrVDaX9l3EL9fzJroKVxaKAJkdkbypn6vz7KmSKVRUtlcoilZeVYtCQsFuuURClDwotUa+Ka0Ngwpih9IgqjrFoRqJ74CPvBoo28Mj1r2WQ6FgvDwI8P1ptK4CwXC+cNSVxhMXQspDMYrZBJtGxPSx+Io+iU3vb6cpoqkRVYNjAUUmIKsZS5YySUVxQHCZuSULhx1icyK1q4eRBE=
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SA1PR09MB8142.namprd09.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 1e8434a4-0491-41a1-97d7-08db007e4c66
X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Jan 2023 15:51:05.0104 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ0PR09MB9793
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/vLM5lV87q-Laq8QZHVXKqasu40E>
Subject: Re: [Sidrops] WGLC = draft-ietf-sidrops-aspa-verification - ENDS 02/17/2023 (Feb 17 2023)
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Jan 2023 15:51:13 -0000

Hi, Claudio and all,

Yes, please wait a few weeks and then read the upcoming version 12 (ASPA verification) draft for commenting.

I was puzzled as did some of my co-authors seeing the WGLC posted yesterday.

I have closely interacted with Claudio who has a nearly complete implementation of ASPA verification. Much of the proposed revisions for v-12 are motivated by his feedback.   

Claudio wrote: 
>I sent a mail on Nov 2nd with a large amount of feedback to this draft.
>None of it has been incorporated so a last-call for this draft is very
>premature.

Your Nov 2nd post: https://mailarchive.ietf.org/arch/msg/sidrops/KlILGgdItF-0O-xUsJde1DqGCoE/ 
My Nov 4th response: https://mailarchive.ietf.org/arch/msg/sidrops/cWcF2Y0msvko73zY912Y3cQj7SM/

Yes, your excellent and detailed feedback will be incorporated in v-12.

Claudio wrote:
>There are additional concerns I have with this draft after working on the
>only BGP implementation over the last weeks. I will send a follow up
>regarding my findings.

Yes, please send. In part, you may be referring to the IXP RS AS (transp./non-transp.) and RS-client discussion we had (via video chat). I posted about our discussion and conclusions here:
Jan 13, 2023 post: https://mailarchive.ietf.org/arch/msg/sidrops/JgxHTtynu-mihYnPxw1xgVGopPg/

So, yes those proposed changes about the part of the verification algorithm that deals with IXP RS & RS-client will also be included in v-12. 

Claudio wrote:
>1. Introduction 
>
>    When the CAS has multiple Providers, all Provider ASes are listed in the
>    ASPA including any internet exchange point (IXP) route server (RS) AS that
>    serves the CAS.

>This requirement is wrong and I will not approve any version of this draft
>which requires inclusion of "any internet exchange point (IXP) route server
>(RS) AS" in the SPAS.

Yes, as you and I discussed, that requirement will only apply to non-transparent IXP RS AS. We'll make that clear in both ASPA drafts.
This was also stated in my post of Jan 13: https://mailarchive.ietf.org/arch/msg/sidrops/JgxHTtynu-mihYnPxw1xgVGopPg/ 

Also, I plan to incorporate comments from Rich Compton:
   https://mailarchive.ietf.org/arch/msg/sidrops/zPXDR5iL52REtpIDoL6qdvJ2IsI/ 

Job asked:
>What is the status of ASPA in NIST BGP-SRx? 

I had posted about implementation of ASPA path verification in BGP-SRx in Dec. 2021:
https://mailarchive.ietf.org/arch/msg/sidrops/C6Ethp2aC9sJsxDtBrLQDjmCqk4/ 
BGP-SRx ASPA unit test cases/examples: 
https://github.com/usnistgov/NIST-BGP-SRx/blob/master/examples/example-demo-aspa-new/README 
BGP-SRx project Github page: https://github.com/usnistgov/NIST-BGP-SRx

We have not yet included the IXP RS portion of the ASPA verification algorithm in BGP-SRx implementation.

Thank you.

Sriram

v2.23.0 | Report a Bug | By Email