IETF Logo Mail Archive

Re: [Sidrops] Minor comments on draft-ietf-sidrops-aspa-profile-00

"Jakob Heitz (jheitz)" <jheitz@cisco.com> Mon, 07 October 2019 22:28 UTC

Return-Path: <jheitz@cisco.com>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 02BFF120111 for <sidrops@ietfa.amsl.com>; Mon, 7 Oct 2019 15:28:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.501
X-Spam-Level:
X-Spam-Status: No, score=-14.501 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=gN4Uidh8; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=DqQaamQC
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qmxTLY-b8_z0 for <sidrops@ietfa.amsl.com>; Mon, 7 Oct 2019 15:28:09 -0700 (PDT)
Received: from alln-iport-4.cisco.com (alln-iport-4.cisco.com [173.37.142.91]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8B4C71200A4 for <sidrops@ietf.org>; Mon, 7 Oct 2019 15:28:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1500; q=dns/txt; s=iport; t=1570487289; x=1571696889; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=3T5S5t2h/9eD7VTfLj5c9EHhCUCtDOLqNaHYs51pI4E=; b=gN4Uidh87Vqfqk0BBMlf7GPjy+lPl9DKcJ/kWYTRbZXmR/0prDj9tfyp crZqQzArjVGNuSIeidBGrJAAckYvFnogwXWYG1oci6XW7KODiRoUcOPld XU2v0Rlfi0QaNX7t8EcBbwSIPpC5mLbyixBYoQZbF0Xu25TUPLdUyE0lM c=;
IronPort-PHdr: 9a23:BwBtzh9hmXHf1v9uRHGN82YQeigqvan1NQcJ650hzqhDabmn44+/bR7E/fs4iljPUM2b8P9Ch+fM+4HYEW0bqdfk0jgZdYBUERoMiMEYhQslVcyFBEznPtbhbjcxG4JJU1o2t3w=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0ApAAAUu5td/5ldJa1mGgEBAQEBAgEBAQEMAgEBAQGBVgIBAQEBCwGBSlADbVYgBAsqh2oDikqCXJd8glIDVAkBAQEMAQEYCwoCAQGDe0UCglwjNwYOAgMJAQEEAQEBAgEFBG2FLQyFSwEBAQQBARAoBgEBLAsBCwQCAQgRBAEBHxAnCx0IAgQBDQUIGoMBgWoDHQECDKN7AoE4iGGCJ4J9AQEFhQgYghcDBoE0AYwNGIFAP4ERRoJMPoJhAQGBY4M9ggQirUAKgiKVM5k/jiyZMgIEAgQFAg4BAQWBaCNEgRRwFTuCbFAQFIFPg3OFFIU/dIEpkEMBAQ
X-IronPort-AV: E=Sophos;i="5.67,269,1566864000"; d="scan'208";a="339707290"
Received: from rcdn-core-2.cisco.com ([173.37.93.153]) by alln-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 07 Oct 2019 22:28:08 +0000
Received: from XCH-RCD-007.cisco.com (xch-rcd-007.cisco.com [173.37.102.17]) by rcdn-core-2.cisco.com (8.15.2/8.15.2) with ESMTPS id x97MS8Yk021226 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 7 Oct 2019 22:28:08 GMT
Received: from xhs-rtp-001.cisco.com (64.101.210.228) by XCH-RCD-007.cisco.com (173.37.102.17) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 7 Oct 2019 17:27:31 -0500
Received: from xhs-rcd-002.cisco.com (173.37.227.247) by xhs-rtp-001.cisco.com (64.101.210.228) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 7 Oct 2019 18:27:30 -0400
Received: from NAM04-BN3-obe.outbound.protection.outlook.com (72.163.14.9) by xhs-rcd-002.cisco.com (173.37.227.247) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Mon, 7 Oct 2019 17:27:30 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=EWTPtXfRaL+04kokA/wPGU/mapBsGTSLQ/0Vk8gWMl6922ghYC4jP0LCi/9KDm/tj02eVHw9zf5URz5CC2Pky5+0+rpo38yXz+/gO5trGNs4AAxDb81n+NO1c677d9Zy3uam+35X08pC6+zQFYhdH1z00025bBXBXjzPkcnG8TZAGCn6OtB2TAiOT7KlQeo4IxkYglTggdnRim4b+TY4AdRvmNDAy5AgF9lxGkqZnxYrmjMylbqd6a80C40XK74jX/12rjnje+pqFHdm75rYqpDGAGwaoa8OqU1Y47wWP9kWwzfGlnDOvV5SXmFAiEC+r8BKmcm5aTjhmKCfN4bbuQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Y/SDZXOnbw6hA8BWBZvOmZ3BHKAVuzmfFVh3+ruikWI=; b=J2bAOVA0r2pVlTEtGDYur8uSvJnzE1ZlaOgBdA9c/Pj+iWr6AwrmeCNvvw47lqWU83WaJDCNQIFxCQYBvdOvUrptsH18hX9pW5NZJ/H4ZAr09kiE2h0Q+nwdrl82fVzsQB1EnhY9wDKoLaQ4MZBqIpLV8b/gF899YGb1VFmM04TwDVNzD9ag4BCG8X/qh97dWOhBMDUApcGyKwFjMWhTT0flH/9IXhSmTYm2dAEt4O53rYT9ijH9OcTxf2KyevhJ2VHgXWtFeLPRPl/b+xZOyoEFCDKyU8kCko8lxGJEBO4wqNxNDBl4G19lW/oVDcqA2O7K36Lalg1FUvMY3JIzuQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Y/SDZXOnbw6hA8BWBZvOmZ3BHKAVuzmfFVh3+ruikWI=; b=DqQaamQCdxUTMnyYfDqof+NSEJueieKhORCb/4Ui2LYb52HJbVsszufWRthDvLijWqvlClTe9+yZZEw6FFmvNuRGGqk96AaW7fnUqwpX9q8oKwX3Ab/UCp6/UwqIZ0dElWHDgPtWjteeJPiB2nIfXbhVzayJ++Ss1WpHZZSlh/o=
Received: from BYAPR11MB3751.namprd11.prod.outlook.com (20.178.238.144) by BYAPR11MB3253.namprd11.prod.outlook.com (20.177.184.146) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2327.24; Mon, 7 Oct 2019 22:27:29 +0000
Received: from BYAPR11MB3751.namprd11.prod.outlook.com ([fe80::25f5:edd3:912d:fd12]) by BYAPR11MB3751.namprd11.prod.outlook.com ([fe80::25f5:edd3:912d:fd12%3]) with mapi id 15.20.2327.026; Mon, 7 Oct 2019 22:27:29 +0000
From: "Jakob Heitz (jheitz)" <jheitz@cisco.com>
To: Nick Hilliard <nick@foobar.org>, Jay Borkenhagen <jayb@braeburn.org>
CC: SIDR Operations WG <sidrops@ietf.org>
Thread-Topic: [Sidrops] Minor comments on draft-ietf-sidrops-aspa-profile-00
Thread-Index: AQHVWAB1SjQJpUEXD0ai6mvWNAHq36dOXjSAgAA4PQCAAIoWAIAAPBAAgAAJy4CAAKS80A==
Date: Mon, 07 Oct 2019 22:27:29 +0000
Message-ID: <BYAPR11MB375183DF6D321438827C39FCC09B0@BYAPR11MB3751.namprd11.prod.outlook.com>
References: <1CF3E143-98E7-4B66-AEE5-02617A639BCC@nlnetlabs.nl> <CAEGSd=AH5hNf4vm=f4ztcMnDDrPLxE-tZoHHjmcWDO7OVo5pxQ@mail.gmail.com> <m2sgo5zad3.wl-randy@psg.com> <9579DFEC-6653-4CD2-A4DE-2DC5B7427782@nlnetlabs.nl> <23963.10240.12287.137386@oz.mt.att.com> <29669e33-2ae9-1aab-0cf2-63e9d0f3857e@foobar.org>
In-Reply-To: <29669e33-2ae9-1aab-0cf2-63e9d0f3857e@foobar.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=jheitz@cisco.com;
x-originating-ip: [2001:420:30d:1254:68ee:ac2e:9d42:aa6f]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 50736512-1615-4efa-5152-08d74b7589e4
x-ms-traffictypediagnostic: BYAPR11MB3253:
x-ms-exchange-purlcount: 1
x-microsoft-antispam-prvs: <BYAPR11MB3253E0965B82D2E316889FB6C09B0@BYAPR11MB3253.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:5516;
x-forefront-prvs: 01834E39B7
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(136003)(39860400002)(376002)(366004)(346002)(396003)(13464003)(199004)(189003)(8936002)(33656002)(7696005)(76176011)(53546011)(6506007)(8676002)(186003)(6116002)(486006)(6436002)(229853002)(316002)(2906002)(86362001)(55016002)(6246003)(256004)(6306002)(4326008)(71200400001)(71190400001)(25786009)(14444005)(81156014)(81166006)(52536014)(478600001)(64756008)(46003)(305945005)(11346002)(9686003)(76116006)(476003)(7736002)(66476007)(66556008)(66446008)(110136005)(966005)(99286004)(14454004)(102836004)(66946007)(5660300002)(74316002)(446003); DIR:OUT; SFP:1101; SCL:1; SRVR:BYAPR11MB3253; H:BYAPR11MB3751.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 4UyWlqHyNTIF7QJhZJ8Dp1umE5HeL7oGjqqYelKnYnIX8nsIZ7G6XNS6lqE0MPAf78D5cW3H98aiRPspd8JMW4Usog5QTglwL/RIOXhutuBevJqHIYh0AeIXvoKyjkNzVqoWJdPOWOuAXj7M/RqYhPv3sBodfhbzkV25k7kF4u6veSfu8cscH6zQN0nzHRY5BmouBCLzw9InUtDX/0pa+TFM24wWx4FL22DUkEDkyt8e5mEFaW85pfpt/D5imMxMy9kZ/bZdTQEWDben0xasAuayx/8vJwgXRgq8I14kKO4gPHnn0aTiU1c7QY/qDSGqZaj97zOsMkM6zd1frgJpRRPrfkMlbnTn3Ip+oifaIz0gUM+fI1ZGKsKeYtdrz1HL0vG9i78LC7863AFKrWMtzJqq8u353TGSDrV6RvRXfDDXc/yvKLL59YCjcA0fnWnJ34nWBuOh9+unmY7yNr/esQ==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 50736512-1615-4efa-5152-08d74b7589e4
X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Oct 2019 22:27:29.1203 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 3OocCVEtP1C0ZlmptG+YCONuyhD9es76hMiy3/MQ30J5IkmeiDwY20zy21vpW8zyioJ2d1cSoxV3+LLn1qIajA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR11MB3253
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.17, xch-rcd-007.cisco.com
X-Outbound-Node: rcdn-core-2.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/y0cxY2h3NNaLuRuDrQw8CMTx904>
Subject: Re: [Sidrops] Minor comments on draft-ietf-sidrops-aspa-profile-00
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Oct 2019 22:28:12 -0000

If the customer-provider objects are individual, then a relying party
may have a partial list of providers for one customer.

If all the providers for one customer are in a single object,
then, upon a change, the RP can have either the old object
or the new object, but never a partial view.

A partial view, IMO is worse that having the old view a little longer
than possible. A partial view can cause some AS-paths to be considered
invalid when they are not.

Regards,
Jakob.

-----Original Message-----
From: Sidrops <sidrops-bounces@ietf.org> On Behalf Of Nick Hilliard
Sent: Monday, October 7, 2019 5:32 AM
To: Jay Borkenhagen <jayb@braeburn.org>
Cc: SIDR Operations WG <sidrops@ietf.org>
Subject: Re: [Sidrops] Minor comments on draft-ietf-sidrops-aspa-profile-00

Jay Borkenhagen wrote on 07/10/2019 12:56:
> It's critical that users of ASPA data operate using a complete set of
> an ASN's authorized upstream ASNs.  The simplest way to communicate
> such a verifiably-complete set is to use a single object.

bits of me agree with this, but other bits not.  It's shifting the 
problem from an RPKI database synchronisation problem to a 
human-oriented data synchronisation problem.  Both are hideously 
difficult problems to solve, but the one which involves human input is 
almost certainly less reliable.

Nick

_______________________________________________
Sidrops mailing list
Sidrops@ietf.org
https://www.ietf.org/mailman/listinfo/sidrops

v2.23.0 | Report a Bug | By Email