IETF Logo Mail Archive

[Sidrops] Re: WG Adoption call for draft-sriram-sidrops-spl-verification - ENDS 06/03/2024 (June 3 2024)

"Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov> Wed, 29 May 2024 20:33 UTC

Return-Path: <kotikalapudi.sriram@nist.gov>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 584F9C169431; Wed, 29 May 2024 13:33:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FROM_GOV_DKIM_AU=-0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nist.gov
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HVaWxOvwGdNl; Wed, 29 May 2024 13:33:38 -0700 (PDT)
Received: from GCC02-BL0-obe.outbound.protection.outlook.com (mail-bl0gcc02on2079.outbound.protection.outlook.com [40.107.89.79]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B1D57C1840CC; Wed, 29 May 2024 13:33:38 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=jG9PWn2gjaFHD3ULXh60PRzZvXmUIGQbxCLGS6Y2+FJlc4pKG7CncHBD0bJSqYamC0KntUWLXl3Mipmcq1G0KAy4hV+iUWNP6RGs9p78Co5c8oIg6JOG9b4HQx13BA43nDHNmYwpC6z786g7k3S+HiA4v1f1wMD/0iCma/bRgfS63QE7JBNGTWWP1RaonuszezfT4MLXgMiO7sTJDF/42Tk7s9/IGt8FlFk9AGmgMzaM7A0Xxi14A2auHYp/+Vs5t/i93WbFwMPvUJqcgU6wbH8unBnksBZtkdoze7dqzJ57mmuhL8kpLArVnLi+qkUrzCUDydFg8KMZxAMevwvo0g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=NsytomzB/wTaNwJ/QAtFLVQEI9bN7B3GV30KN4ig1Ok=; b=Efgp9YvZeQ73TwGwLWsTvOYInovOn7cCRwWb8mbAIQTzu7iRH6Rz5L1tcnrOvs/nNyvDeavRi14T6GofN91BwfmELS5fA8ZRQlyXYcnZx6HfVxh2IAkx3nru+v2WKW0ZAGPHNZF1ymCXpzD3KvirPSIghnD3rteVA1G/W+6eIcEr3pjAak11r8iu7jAzhhcqTiSO4hnVxqZ/2PP4I33r1nqHgROz+f/7qQ6qwMgbOfkBv8X9e1P+ZyrOGHp1JwopWmGO2IcA6YJmJfK9gOejREKJE2yftswWas5JlJw8OLoOqjOVlHyzlJdroEz63OUy1D9Hi0x/cdMR2RPuSHshsQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nist.gov; dmarc=pass action=none header.from=nist.gov; dkim=pass header.d=nist.gov; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nist.gov; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=NsytomzB/wTaNwJ/QAtFLVQEI9bN7B3GV30KN4ig1Ok=; b=RvDPhpAuchwBLQiJ09ZwsxhZ+SK2NynQVNqhD3Miu/XA9wY5rxFXTmR8bIbqxxsBBVsqoA6z0hTEm5dRuWC5C5hT70htwKqtcp4nqBuoldV/cJe1riZhL9nZ9f+d0KEUMmv9LhOOnXxy5HMxJOVp/+C7sxWfZk/yHAt0IiGyNzzrjXOnv5uKXkFzRKjCELY7r1trHp7TaMhhGwM9F7UYgW7EdHZXAK3fNspfqgkjavEuuqi89x1eY4J6BhREc4NusWDQaKm9k4QtQjlzzhMd+GrsRsldLANFTpLFpb3/I0DatQhwu92CKr2U+alNaRl40HitJxARZ3fq316WyMAhlQ==
Received: from SA1PR09MB8142.namprd09.prod.outlook.com (2603:10b6:806:171::8) by BY5PR09MB5009.namprd09.prod.outlook.com (2603:10b6:a03:249::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7611.30; Wed, 29 May 2024 20:33:34 +0000
Received: from SA1PR09MB8142.namprd09.prod.outlook.com ([fe80::504f:d20c:9137:39a7]) by SA1PR09MB8142.namprd09.prod.outlook.com ([fe80::504f:d20c:9137:39a7%5]) with mapi id 15.20.7633.018; Wed, 29 May 2024 20:33:34 +0000
From: "Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov>
To: Tim Bruijnzeels <tbruijnzeels@ripe.net>
Thread-Topic: [Sidrops] WG Adoption call for draft-sriram-sidrops-spl-verification - ENDS 06/03/2024 (June 3 2024)
Thread-Index: AQHasTnAcFP43j6AjkKmS47h4yUB6bGtEWCggADMfYCAAMZrQA==
Date: Wed, 29 May 2024 20:33:34 +0000
Message-ID: <SA1PR09MB81427742CE82AC2CC894DF6984F22@SA1PR09MB8142.namprd09.prod.outlook.com>
References: <SA1PR09MB8142978FC5DFD478E40B54D884F12@SA1PR09MB8142.namprd09.prod.outlook.com> <SA1PR09MB814286463D99E5327EEDF3B184F12@SA1PR09MB8142.namprd09.prod.outlook.com> <SA1PR09MB8142749B4309DCBDFFEED34784F12@SA1PR09MB8142.namprd09.prod.outlook.com> <SA1PR09MB814214B4946E15E7296570E984F12@SA1PR09MB8142.namprd09.prod.outlook.com> <F62EB815-FEE2-45EB-8B67-FC93C3667619@ripe.net>
In-Reply-To: <F62EB815-FEE2-45EB-8B67-FC93C3667619@ripe.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nist.gov;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: SA1PR09MB8142:EE_|BY5PR09MB5009:EE_
x-ms-office365-filtering-correlation-id: 696b1dee-cc5b-42bc-252f-08dc801e9c96
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230031|1800799015|366007|38070700009;
x-microsoft-antispam-message-info: IwyZSSI0gza0xvKdmhiFpeXvOlRnYixJAoHUJyRT0Ts3+r+Qy24xnvg7g+00BQZG0He2uUBSCYcar2Ls3UAFLdVIQ3YVG84VMG4R1RrXkvHHsQUGNmH48Kc86C8CJqkjXegTJajDiXH4+1/7p7HlegJBifkS8KmLoZS2YxdB/OQZBTYnPnCyvcgYXwHqPwodiRBO8gWRNnL8t00qHUdwX6xUsTr78k+hhwIle9xlz3NjWkod3r507ymtXQKApzv+96YGaTlbuqFZ59gf7Za5wS4xKif3pJHwgnOcMlZBBthnsvByeGSVzgnESAAL6riXXawOrRRQhTTI+E3oNuEjPy+85V7sorfSbNLNoTmwLPMdK8bHGS4HvDEiQPccJFxsfEtpb2RTUH7iOicvchRs6LbFyZ9lGtP0VhB2CoKxcfUSSaf4eEqUgCFOkhzbiUepR5Kg4JUWJUqlSnusnrcbJY3+iRu9s2WbseH0icgbLUAmjajtGry4HZeya5WiPHGI58hOlz1KAZF4E//dygzK84lnUcb2H+spd6RC1W4t4ySlOJrICfWWZS8I6P7j/oUm1QTVS5KKIjom99B8MmFy0kFHpp20a/hk/tYWeOHxVjAlUT8mXZxVQJ6bRM0rbvLKZ30ZDsXsGp2JHmvp0sCjy/dEg26bqpafSvJGUdmdDaq4zH+iCtY6wQHFrEikSYqPVTLTNIZrC4M95vziDxdj79e3920as7k44LN5JNAjtlu7wABRf8zvq5Nl/NiLh48ChAFi4PkV4lpju/Q3EReetJxnYX38jihLECdCwS1o+tf7ThOyk5XnejKpxRPTUKIx4dzdWRsZqSx3Pm/vr9g++nap4mJ/oDUdYjqoJHyB5TnMT8OxncPtLs//IgfqGi7G5qxWougc41mkB2mZNsXinDwd4cwbB0AIJtgTYjadNJr/hxydX842KZY+nwAJonIF/yvFWdLhbIonlzr3lLGoo6VBb80Ik6R4WuDGx7MgrrjnTIDnYFKWUWNSSvqJ+V2IbyD4susEntXGATWWTaptK+mEHX0hMOQpw1dV3F2HFqQgotYkxxwDXXcaYfAVV9NHmhBCej2T5u+2tCVZXoT8jKN8LTDUw2t2oGi5j6hdtNB9juxYQEyOI/JYuRY/i48O1jO/spM5Qs+dplVjlc9tPRvsihtCrmOcMpZ66L827HyiI+uiFj+zY67IM7RgyRIYc1pt/1ng3i+9iGgkfrDR/umn5fEQkIYxlyAWMrBklumrYlA3ihbZPqzXhji3Sa/RgDxzhlcBC5HglvlyjUWeiyW/+f3EvQ6RO4XPq6mVkxfTYsqoBVQNkD3BfTQW5wkouTBynLdhPoNKNb228VbXjA==
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SA1PR09MB8142.namprd09.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230031)(1800799015)(366007)(38070700009);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: GYys/ENnIr1N0og1K837IHAUGqOH7ETBaOATmqDo0H7kyWQ7tBr1QR8yWRUNKDbRUbyRW9KOSluyXDonO7KbwX9SqtSv2jfQfFMnCY43kZjxNB6ydFBFi1OausftWvWx5BkJsQd08x3xcnW0c45tKbBm4v8Jq9uZ+2MPS0hFF2CtMNlF8r8Dbhiz7tj4u4XtqPWwXozQfRyBNx2+ZYUzGTMqZXhbmsV/Ou+fliyqPccQpz7jHuIaBwqCFDBF1E3J7GwIxYiE+qjNX2JMUMhlCnHamrJ0GrhGlgJnAnX5/6Fmu9VYDsE2JscKSVaBzCoh3ojHrheoS0yhzo2enbHid3quNf0fxswCCRx1uBb3uqT048CwyEZu1uKosUjsnhM9d1/njumchWdf0BDErx9l1zwpEIb/MaUlS1EnFY0MG+1RLun0CGCs7l90fshKvRg7VaT9/3YXM/qLNxEf/8/FRgvd+yZwL8Ze/AiMG3BIqHK/WdzwucRfounGWLlouEJsb0aqGJHxV/8XQ5vUo245TSU/+KehDR1K7JxAqJF97QuwGon6CeTwVc1mvZVGDiU9/+8boCoAR4CNfdYi+tTojy3Eb4ZhHSQ2bAUooCw31wN22+rdenUAb1+8fAKTyWgioG20q89rm+yPykW608SqekFlSLNiYZNtqnMZcRt8zM9Vduxd0D7DaV/TivDqNOkfSXqvf1iQgq2bNhg/DeX9Rlnv7Uz9gyMRBja8uDhZVhtXOOokKPzYbW/9L9YD7S4k5UPbIWXzIcGP5fI80htZYIs+jR0P0drsJJUyv19TzyNQXbn3GXXWYI7eLJ/IgzzJLQ/R7n0afE7VsbCnW3azeKCtcFyTAVqwecK4NVNbzLYra3Yh5IcFDDtm8SoBSMqfwkNnfSc49CKlR5vs2dNwYbPkA1t1IBKtFDvXLzVCZDpjIhsuSGO6bm3LDuJQbefIpX3e3/KvlAHNOjxxT7FaH2LtDDA9ulydtntld/btUgn+LAntCyMR4ff8nnWe304FacbWgO2esU5NtvpJnondlGfAY46CY3DyYDkGVqsuIeqoxPtadxHaB6lsudkO1eMeTwLoA2qSgDVSQIa055GTOYpFS47JVWY9aiQUocFx31BJJhzzHGc0CsmuedcxmRosVVduqSVWCO4xq1hD5P8KvzhxgvVy/oxGUTeX2xu4sv72IY8ePOpM/ITbjjOQ1ikW+7ig/sqvwHLuFpauJos9okETyaX04T6TCb+EwI4V2uUWOJjf2nqetjM8F9OfLuVi1I6Pl2kXuUKgfEw2hkZffDuNdGyidkcXTb5Hfe90CQFddBC4x6AqS9HtRQ3+r3PXegkV+RXnhkfcu5RhVGqw3AsloKAGeY5DPAZKHLe1NM4d81j3S/XqwMoMoPWWOPhs2BkCgPlU7Y3kLEfEHr211bwss8WGBqe5lSAOkMZgICi//BNX6X+x5xAr9z6PB9TNGq64CeaN8e1dM9yfmnQnYiypBoWqBNg21W3aD1DqcNaBg2pWr0tLVPnaBG0p1Vl/w06Wn9iADdu9ikqB/mbx3aHhHuJiIRQaBXvV8LDCaA4=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SA1PR09MB8142.namprd09.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 696b1dee-cc5b-42bc-252f-08dc801e9c96
X-MS-Exchange-CrossTenant-originalarrivaltime: 29 May 2024 20:33:34.3593 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY5PR09MB5009
Message-ID-Hash: CRQGASO2PHPEPRMDSVFYK2YLG5UNQMRX
X-Message-ID-Hash: CRQGASO2PHPEPRMDSVFYK2YLG5UNQMRX
X-MailFrom: kotikalapudi.sriram@nist.gov
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-sidrops.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Amir Herzberg <amir.lists@gmail.com>, "sidrops@ietf.org" <sidrops@ietf.org>, "draft-sriram-sidrops-spl-verification@ietf.org" <draft-sriram-sidrops-spl-verification@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [Sidrops] Re: WG Adoption call for draft-sriram-sidrops-spl-verification - ENDS 06/03/2024 (June 3 2024)
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/xGyaLA1oEvC_FCBpUbBND2FLVUs>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Owner: <mailto:sidrops-owner@ietf.org>
List-Post: <mailto:sidrops@ietf.org>
List-Subscribe: <mailto:sidrops-join@ietf.org>
List-Unsubscribe: <mailto:sidrops-leave@ietf.org>

Hi Tim,

I agree with your observations about Amir's proposal.

>I support adopting SPL, my feeling is that some more discussion is needed before it’s done, but adopting it so we can have that discussion makes sense to me.

Thank you.

Sriram

--------------------------------------------------------------


-----Original Message-----
From: Tim Bruijnzeels <tbruijnzeels@ripe.net> 
Sent: Wednesday, May 29, 2024 4:14 AM
To: Sriram, Kotikalapudi (Fed) <kotikalapudi.sriram@nist.gov>
Cc: Amir Herzberg <amir.lists@gmail.com>; sidrops@ietf.org; draft-sriram-sidrops-spl-verification@ietf.org
Subject: Re: [Sidrops] WG Adoption call for draft-sriram-sidrops-spl-verification - ENDS 06/03/2024 (June 3 2024)


Hi,

> On 28 May 2024, at 22:37, Sriram, Kotikalapudi (Fed) <kotikalapudi.sriram=40nist.gov@dmarc.ietf.org> wrote:
> 
>> 
>> However, is SPV the best mechanism to deal with this?
>> I think a better alternative would be an extension to the ROA 
>> mechanism. This extension will define a `conditional ROA'.
>> This conditional ROA will also contain the result of a hash function
>> h(x) over some random x. You can use the conditional ROA in two ways:
>> 
>> - without the preimage x: such ROA will not make announcements for AS
>> 7 and 1.2.3/24 valid. However, it could be used to allow DSR , i.e., 
>> it would be considered for BAR-SAV filtering.
>> 
>> - with the preimage x, provided as a transitive BGP attribute or otherwise:
>> this turns the conditional ROA into regular ROA.
>> 
> 
> Your proposal involves modifying the ROA to add a new field. Perhaps it can be taken up in the future by the WG as new work.  I'll be happy to discuss its the pros and cons off-list.

I think discussion is good, but generally speaking I am not keen on changing the ROA format. We have a lot of deployment, CA implementations and UIs/APIs, RPs, best practices, documentation, etc.

I think new semantics are generally best done as separate, explicit, complementary types. This way it’s also clear that the signer explicitly opted in to making a statement - rather than going with an implicit default which is what we might end up with if we had a next version ROA with optional extra bits.

I support adopting SPL, my feeling is that some more discussion is needed before it’s done, but adopting it so we can have that discussion makes sense to me.

Tim

v2.34.0 | Report a Bug | By Email | System Status