[Sidrops] FW: New Version Notification for draft-sriram-sidrops-drop-invalid-policy-02.txt
"Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov> Mon, 22 October 2018 21:19 UTC
Return-Path: <kotikalapudi.sriram@nist.gov>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D507F128CB7 for <sidrops@ietfa.amsl.com>; Mon, 22 Oct 2018 14:19:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.471
X-Spam-Level:
X-Spam-Status: No, score=-2.471 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.47, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nist.gov
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3ee8xMagfJDZ for <sidrops@ietfa.amsl.com>; Mon, 22 Oct 2018 14:19:35 -0700 (PDT)
Received: from GCC01-DM2-obe.outbound.protection.outlook.com (mail-dm2gcc01on0727.outbound.protection.outlook.com [IPv6:2a01:111:f400:fd01::727]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CCA621292AD for <sidrops@ietf.org>; Mon, 22 Oct 2018 14:19:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nist.gov; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=s6542irNROj3vQi4Ki0OuflLzeY0HeJdoshnG4Ht1B4=; b=z6XG1PQcwWdHN1j6j0zICrFqRQgTVtK4hYVhkD6wVHcPUzeYtiGzM8N5dhhID2JIHOA6GOF1l8xH9Yaqf5s7OUCtUqhiKNi5YW3QbTXEL6iVBbPKu8MX2pQgCyVhZRRc0rrSZZyFGR7LFtqEdDd4FeapeEkIQxnbWxR+7+2Kivo=
Received: from SN6PR0901MB2366.namprd09.prod.outlook.com (52.132.115.159) by SN6PR0901MB2367.namprd09.prod.outlook.com (52.132.115.160) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1250.29; Mon, 22 Oct 2018 21:19:32 +0000
Received: from SN6PR0901MB2366.namprd09.prod.outlook.com ([fe80::4da3:e6e9:3e69:1183]) by SN6PR0901MB2366.namprd09.prod.outlook.com ([fe80::4da3:e6e9:3e69:1183%6]) with mapi id 15.20.1250.028; Mon, 22 Oct 2018 21:19:32 +0000
From: "Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov>
To: "sidrops@ietf.org" <sidrops@ietf.org>
CC: Tim Bruijnzeels <tim@nlnetlabs.nl>, Keyur Patel <keyur@arrcus.com>, Jeff Haas <jhaas@juniper.net>
Thread-Topic: New Version Notification for draft-sriram-sidrops-drop-invalid-policy-02.txt
Thread-Index: AQHUahQbBPyM/huMxU2PSFHTRw+HjqUrwT+Q
Date: Mon, 22 Oct 2018 21:19:32 +0000
Message-ID: <SN6PR0901MB2366CBB5EBA7918C8A01EADC84F40@SN6PR0901MB2366.namprd09.prod.outlook.com>
References: <154021875771.5752.5681218895770750570.idtracker@ietfa.amsl.com>
In-Reply-To: <154021875771.5752.5681218895770750570.idtracker@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=kotikalapudi.sriram@nist.gov;
x-originating-ip: [129.6.140.161]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; SN6PR0901MB2367; 6:MTKLi6Icruj1tUU/xQwDowoiLGPCfWziNpEmslkxFBRF1J4GJ6+u5LONxulLcqWjVQw5PLGYUL3IGcMdBcJDFTig627Hfz9kVvGjUeM1y1R0nSpbqqc/AqwXgcKyknAsr/MmIuVhv0QJMJ3XjIHjqDzaSXlbgtK8OBmEiNMTdHbdOI3zZvizxOQiPlMfwV9z5sEgfgQ6CAL3sg8F9JoWMwhEEaFDT4tyT5wJbJHjmMo3kHMuD6zga0VjIGQIP+mA9RGMhs1dwYAMmQxlU7Uog14yjLm/qg3OiVMp9CC+juEimB+UqJuJRt/au2No/ipQTg0QGM2bQi6ouXMQYQyMXzt31qddaifBVNq8fIdS9FrxbI3bTGtZ+WIw4ob0EZMx05y+D1gC+QKoaQABi8/rAW+RC8teLfU3MnyOEm7rPONunad85Bvryg+DDX4sE+I/WuCUzdG8EC5FC6YcRF3Efw==; 5:iHF1OaSPag0WONf7N9jXAIWldjIHT8aK86Ra5+EopqkU7Dk3WU+Xhr9BQGJ+mwumwlmyI6P0WoKj76GblG7qNvlu8NUHL4HBoEhQjd2pDeTTZ98N6BSqs5aAp1U58iD4iby9yKtsvybSP3snzuqJrkIaLF90vVBgOTUasoUvGWU=; 7:cBENLDCQlYnS8yzGF2us+GZwV+c9gW4b1vzWTwTeFNvt371xBMRSLXhltQvXRapE3t8OBOOm1w7ZH/1jlqDYqiDUWI4h07K4gjfkulQtl45InKsJBzkjkXpFtxjrwllkYvXSro+NorHnvG0XG35DzXRxyqpH1y6p0u1xSOc2B0nR8rMfTl68gqT/650+iaQEK07OFPn5AmWIxEfUThk5ZYjaG0ybtScndcQr9mXTK/nxFtiWQbBk1vbqTaIX2dh+
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: 9804491b-d325-434a-a7ef-08d638640f80
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989299)(5600074)(711020)(4618075)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7153060)(7193020); SRVR:SN6PR0901MB2367;
x-ms-traffictypediagnostic: SN6PR0901MB2367:
x-microsoft-antispam-prvs: <SN6PR0901MB2367AFD9B38665C6D6341A5D84F40@SN6PR0901MB2367.namprd09.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(200054503718035)(65766998875637);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040522)(2401047)(5005006)(8121501046)(3002001)(93006095)(93001095)(3231355)(944501410)(52105095)(10201501046)(6055026)(148016)(149066)(150057)(6041310)(20161123558120)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123562045)(20161123564045)(20161123560045)(201708071742011)(7699051)(76991095); SRVR:SN6PR0901MB2367; BCL:0; PCL:0; RULEID:; SRVR:SN6PR0901MB2367;
x-forefront-prvs: 08331F819E
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(136003)(366004)(39860400002)(396003)(376002)(346002)(13464003)(199004)(189003)(6306002)(81166006)(76176011)(74316002)(105586002)(81156014)(305945005)(7696005)(4326008)(11346002)(1730700003)(5660300001)(2900100001)(71200400001)(86362001)(476003)(71190400001)(486006)(8676002)(446003)(2906002)(68736007)(6916009)(53546011)(5640700003)(15650500001)(3846002)(102836004)(97736004)(4001150100001)(186003)(229853002)(6436002)(316002)(5250100002)(2501003)(9686003)(2473003)(8936002)(966005)(7736002)(26005)(54906003)(478600001)(2351001)(99286004)(53936002)(14444005)(256004)(14454004)(106356001)(6116002)(55016002)(6506007)(25786009)(66066001)(33656002); DIR:OUT; SFP:1102; SCL:1; SRVR:SN6PR0901MB2367; H:SN6PR0901MB2366.namprd09.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts)
x-microsoft-antispam-message-info: GMzDxruUv63GYRjG67ysW5JoGKiUanSBjMuyBVkwTB6x6xu3spItADaVjqXVolDuKE0t1C3xRBquWSF7jmn3LMUccdSjTePj5YyVACVHzpfbL6v3dI7BCHafoFzEEvxFKM5WxuwkRNrTBXxCCllhoIoleOB+X/ITO+JIP1ZIV+tHmQ1UJk4PRjuGWN8s5+FCmSCEPElLK4D/O0pWZ3y6tckP+6LBd29ct3QndERp6wsTzWuF6BJ5LrF1P2TNyUtqnSzprQtkUyiQ54yR/72N9GdVxcW8kGLQH5o1j9TQ26Gs05Fj6HWs6QpnYNOyOXW4s2Lj9UGNVivefqHyY4kQZJBBjtD1RrTLyjOZHz+tIL4=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-Network-Message-Id: 9804491b-d325-434a-a7ef-08d638640f80
X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Oct 2018 21:19:32.6438 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR0901MB2367
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/uxjJWV4Nq1YvzrmQtJzhoXRdDFk>
Subject: [Sidrops] FW: New Version Notification for draft-sriram-sidrops-drop-invalid-policy-02.txt
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Oct 2018 21:19:40 -0000
The following changes made in this updated version: - AS0 ROA consideration (Tim) - 0.0.0.0/0 (IPv4) or ::/0 (IPv6) consideration (Keyur) - Jeff Haas' suggestions about implementation included URL: https://tools.ietf.org/html/draft-sriram-sidrops-drop-invalid-policy-02 Please let authors know about your reflections on the following wordings in the draft: The existence of an AS0 ROA for a prefix means that the prefix or any more specific prefix subsumed in it are forbidden from routing except when there exists a different ROA with a normal ASN for the prefix or the more specific prefix. DISR policy MUST apply the following exception: If a route is Invalid due to an AS0 ROA, then always drop the route. Any routes for 0.0.0.0/0 (IPv4) or ::/0 (IPv6) in the routing table must be excluded from consideration in the DISR policy. (Author's note: Think this through with help from the WG.) Thanks. Sriram -----Original Message----- From: internet-drafts@ietf.org <internet-drafts@ietf.org> Sent: Monday, October 22, 2018 10:33 AM To: Sriram, Kotikalapudi (Fed) <kotikalapudi.sriram@nist.gov>; Montgomery, Douglas (Fed) <dougm@nist.gov>; Borchert, Oliver (Fed) <oliver.borchert@nist.gov>; Job Snijders <job@ntt.net> Subject: New Version Notification for draft-sriram-sidrops-drop-invalid-policy-02.txt A new version of I-D, draft-sriram-sidrops-drop-invalid-policy-02.txt has been successfully submitted by Kotikalapudi Sriram and posted to the IETF repository. Name: draft-sriram-sidrops-drop-invalid-policy Revision: 02 Title: Origin Validation Policy Considerations for Dropping Invalid Routes Document date: 2018-10-22 Group: Individual Submission Pages: 7 URL: https://tools.ietf.org/html/draft-sriram-sidrops-drop-invalid-policy-02 Diff: https://tools.ietf.org/rfcdiff?url2=draft-sriram-sidrops-drop-invalid-policy-02.txt Abstract: Deployment of Resource Public Key Infrastructure (RPKI) and Route Origin Authorizations (ROAs) is expected to occur gradually over several or many years. During the incremental deployment period, network operators would wish to have a meaningful policy for dropping Invalid routes. Their goal is to balance (A) dropping Invalid routes so hijacked routes can be eliminated, versus (B) tolerance for missing or erroneously created ROAs for customer prefixes. This document considers a Drop Invalid if Still Routable (DISR) policy that is based on these considerations. The key principle of DISR policy is that an Invalid route can be dropped if a Valid or NotFound route exists for a subsuming less specific prefix.
- [Sidrops] FW: New Version Notification for draft-… Sriram, Kotikalapudi (Fed)