IETF Logo Mail Archive

[Sidrops] AD Review of: draft-ietf-sidrops-rfc6482bis - "A Profile for Route Origin Authorizations (ROAs)"

Warren Kumari <warren@kumari.net> Sat, 09 September 2023 22:25 UTC

Return-Path: <warren@kumari.net>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 47015C15154E for <sidrops@ietfa.amsl.com>; Sat, 9 Sep 2023 15:25:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.106
X-Spam-Level:
X-Spam-Status: No, score=-7.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=kumari.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nUlCiancuN6u for <sidrops@ietfa.amsl.com>; Sat, 9 Sep 2023 15:25:20 -0700 (PDT)
Received: from mail-qk1-x736.google.com (mail-qk1-x736.google.com [IPv6:2607:f8b0:4864:20::736]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1E6A7C151080 for <sidrops@ietf.org>; Sat, 9 Sep 2023 15:25:19 -0700 (PDT)
Received: by mail-qk1-x736.google.com with SMTP id af79cd13be357-76ef935abaeso190607885a.2 for <sidrops@ietf.org>; Sat, 09 Sep 2023 15:25:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kumari.net; s=google; t=1694298319; x=1694903119; darn=ietf.org; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=YdotTzVhRaJGTuJwi4mS7WKE8vPNt4pYOOhfNgXx6hA=; b=YFZbhqDx/jEzGhAJ8Fj0dY8TsWs87FXBF3pA/TOtx8lSiAeRhwC5ycgbi0hPYhmEG/ Nn1qJ/0T8MWGW4BlvcRJoRlSOF1Lt1YfIQnfg+kmr2aJ/UW1YbHvze8bNgtl5U0XRj9J BpSTBGekS2wY8VXZnxLL0BE+Fa8u7FJaqPHsrkycNm2DB34CtUkQ3gvqdV2Ov34cp+Wl gfWba99CJzu1BmOkjqhA6/k3t4HKffQKM+4+DJnDId/favyM89FYlQi1CBnlteVo/3LM 8RWgriHNibuXQtCZJPniF3uSsw1Ag8Us6laZOYkJVPk6rvnOYjU9Y3e8KWcrGSPvVjUW duIQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1694298319; x=1694903119; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=YdotTzVhRaJGTuJwi4mS7WKE8vPNt4pYOOhfNgXx6hA=; b=RsRrROFYdRt2aKUlQ1EE8nj9cc0klFAvq4pGC801g/nG90Ehe8DdoZgSxa6fEExMH+ tHPnN/62DuigBJVWzXKIuLpxddoxtfF2KUtA+8Yt9vXEMKhVRJ19iDKCT2Y1a2TYxLq8 m7PUycEeNAhOJfBPHTP5wlGCi+t8l+Taa4JuK62+ZqI9/uFuxlUKPEbqC5fkJGvXIbZm zIojeEyjAJrkfggR/OQxs/K/BObndLLxy5PZPqoedmQMrne+fDo43OinzoZla8EjTe5v d6sZURihwFqVJ5rwlpGLx2pxhbc5rj2y53qt9L/tGmSFltxlMZPorBP5kYXEEda6BUtz 1Dvg==
X-Gm-Message-State: AOJu0YwZ92sDqYWpf/hptEVW9JP/mL+v6K6fI6A5RTpj6SJ8Jasdky/V MKClr0UjDy9EXefhROajnf0Mm1o/awY4B2Kwu9WgJw==
X-Google-Smtp-Source: AGHT+IFOUTlbH2jK0+4kYF9SlcWBSTkrENAsZL45Az3F9IXTNzdNjOvVy4R0w6xSUcwarU7TqG6MTuUpNRy0KdqZCtE=
X-Received: by 2002:a05:620a:4545:b0:76f:a86:65b6 with SMTP id u5-20020a05620a454500b0076f0a8665b6mr7279444qkp.63.1694298318763; Sat, 09 Sep 2023 15:25:18 -0700 (PDT)
Received: from 649336022844 named unknown by gmailapi.google.com with HTTPREST; Sat, 9 Sep 2023 15:25:18 -0700
Mime-Version: 1.0
X-Superhuman-ID: lmclgl23.c45f5efd-73e3-4ab0-ad5b-80b05b3fa3f2
X-Superhuman-Draft-ID: draft0045aa9932d454f1
X-Superhuman-Thread-ID: draft0047a134fcfe21fb
From: Warren Kumari <warren@kumari.net>
X-Mailer: Superhuman Desktop (2023-09-08T19:06:05Z)
Date: Sat, 09 Sep 2023 15:25:18 -0700
Message-ID: <CAHw9_iKi5FLrrPW2GX0SJLgWq2g802r0JcsFsbgeYnYxfOigVg@mail.gmail.com>
To: draft-ietf-sidrops-rfc6482bis@ietf.org, SIDR Operations WG <sidrops@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000006f0fcb0604f49111"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/xOp0f8iPgJ-luiEdz7H9P8vbfzY>
Subject: [Sidrops] AD Review of: draft-ietf-sidrops-rfc6482bis - "A Profile for Route Origin Authorizations (ROAs)"
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 09 Sep 2023 22:25:24 -0000

Dear authors and WG,

Thank you for this document.

I only have a single comment — throughout, the document says things like:

S 4.3.2.2.  Element maxLength
"If present, the maxLength MUST be:

   *  an integer greater than or equal to the length of the accompanying
      prefix, and
   *  less than or equal to the maximum length (in bits) of an IP
      address in the applicable address family: 32 in case of IPv4 and
      128 in case of IPv6."

Oh, fine. But, what happens if the maxLength is **less** than length of the
prefix? Should implementations simply ignore this prefix? Should they view
the ROA as invalid? Should they call the police and report it? This is just
one example of this sort of concern, there are a bunch of similars ones
too.

I guess that the argument could be made that this document only specifies a
profile, and that it is the responsibility of other documents to handle
this (and other violations), but that feels like somewhat of a cop out…

W

P.S: I had a quick look at RFC6488, RFC9319, and a few others, and didn't
see that particular issue handled, so I don't really know if other
documents are addressing all of the errors….

v2.20.3 | Report a Bug | By Email