IETF Logo Mail Archive

Re: [Sidrops] [internet-drafts@ietf.org: New Version Notification for draft-spaghetti-sidrops-aspa-slurm-00.txt]

Russ Housley <housley@vigilsec.com> Thu, 23 February 2023 18:40 UTC

Return-Path: <housley@vigilsec.com>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2CD4DC14CEFE for <sidrops@ietfa.amsl.com>; Thu, 23 Feb 2023 10:40:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.897
X-Spam-Level:
X-Spam-Status: No, score=-6.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2KvHBoQzUSMu for <sidrops@ietfa.amsl.com>; Thu, 23 Feb 2023 10:40:25 -0800 (PST)
Received: from mail3.g24.pair.com (mail3.g24.pair.com [66.39.134.11]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EA02FC14F74E for <sidrops@ietf.org>; Thu, 23 Feb 2023 10:40:24 -0800 (PST)
Received: from mail3.g24.pair.com (localhost [127.0.0.1]) by mail3.g24.pair.com (Postfix) with ESMTP id 3D47D177CF9 for <sidrops@ietf.org>; Thu, 23 Feb 2023 13:40:23 -0500 (EST)
Received: from [10.0.1.2] (pfs.iad.rg.net [198.180.150.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail3.g24.pair.com (Postfix) with ESMTPSA id 23EC9181B8A for <sidrops@ietf.org>; Thu, 23 Feb 2023 13:40:23 -0500 (EST)
From: Russ Housley <housley@vigilsec.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.21\))
Date: Thu, 23 Feb 2023 13:40:22 -0500
References: <Y/dkK0LgV0TZvDcf@snel> <DB15C81D-FC28-4DA1-88FF-20D03753BFE0@nlnetlabs.nl> <Y/ejXR76SeZvmAro@snel>
To: SIDR Operations WG <sidrops@ietf.org>
In-Reply-To: <Y/ejXR76SeZvmAro@snel>
Message-Id: <DE5F45E6-6EA1-44F6-9897-9D354F67D20A@vigilsec.com>
X-Mailer: Apple Mail (2.3445.104.21)
X-Scanned-By: mailmunge 3.10 on 66.39.134.11
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/yfxe2viJW9IjKD8ATqVvysUz5YY>
Subject: Re: [Sidrops] [internet-drafts@ietf.org: New Version Notification for draft-spaghetti-sidrops-aspa-slurm-00.txt]
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Feb 2023 18:40:26 -0000

I am hearing several peopl speak in support of this work getting done, and I am hearing some of the original SLURM authors offering to help finish the work.

Could one of the authors talk about this I-D at IETF 116?

Russ

> On Feb 23, 2023, at 12:33 PM, Job Snijders <job=40fastly.com@dmarc.ietf.org> wrote:
> 
> Hello Tim, Di Ma, others,
> 
> On Thu, Feb 23, 2023 at 05:23:28PM +0100, Tim Bruijnzeels wrote:
>>> On 23 Feb 2023, at 14:03, Job Snijders <job=40fastly.com@dmarc.ietf.org> wrote:
>>> While working on running code implementations to support RFC8210bis
>>> in StayRTR and OpenBGPD, it dawned upon us that SLURM for ASPA
>>> wasn't specified yet.
>>> 
>>> This below submission serves to compliment the existing body of work
>>> related to ASPA, and barring any complications, it might be good to try
>>> to make this part of the I-D cluster draft-ietf-sidrops-8210bis,
>>> draft-ietf-sidrops-aspa-profile, & draft-ietf-sidrops-aspa-verification.
>>> 
>>> If the WG & chairs think this make sense, I'd like to ask for a call for
>>> Working Group Adoption for draft-spaghetti-sidrops-aspa-slurm.
>> 
>> I think this should indeed be done.. I have mentioned this on
>> occasion, and quite recently I asked about this explicitly here:
>> https://mailarchive.ietf.org/arch/msg/sidrops/-mGfZYT7IcVSGB8vPuwkWvENy0c/
>> 
>> As one of the original SLURM co-authors I volunteered to work on it,
>> and asked if the WG agrees that it's needed. I got little response to
>> this. As a result talking to the other co-authors, and drafting a
>> proposal did not make it to the top of my todo list yet. Given the
>> lack of responses I am a bit surprised that there is now a document.
> 
> I'm not entirely sure what exactly to make of the above: you volunteered
> to do something but then didn't get to it yet, because other work
> obligations and because of perceived lack of responses from the working
> group? Sure, that happens. Luckily, it seems there now is a chance to
> help progress such a spec and not have to do all the work yourself! :-)
> 
>> As for the content. It is not clear through the references how the
>> Validated ASPA Payloads (VAPs) are made, and fed into RPKI-RTR
>> (8210-bis). There is a reference related to VAP to
>> draft-ietf-sidrops-aspa-profile-12, which in turn refers to
>> draft-ietf-sidrops-aspa-verification-11 for this. The latter document
>> does not mention VAP.
> 
> Perhaps 'Validated ASPA Payloads' should be replaced with "ASPA Record";
> as 8210bis also doesn't make any mention of VAPs.
> 
>> This is important if we are to understand what the format should be
>> for the aspa filter and local assertions. In particular, we need to
>> know whether a VAP is modelled after the 8210-bis section 5.12 ASPA
>> PDU. Or.. that, like Validated ROA Prefixes, it's a tuple of
>> (customer-as, provider-as, optional afi limit) in which case as single
>> ASPA object would contain multiple VAPs, and other ASPA objects could
>> contain some of the same VAPs, as well as additional VAPs. I would
>> then expect these to be combined to form the appropriate ASPA rtr PDU.
> 
> In context of draft-spaghetti-sidrops-aspa-slurm 'aspaFilters', any such
> perceived distinction do not matter: the proposed matching happens based
> on whether the Customer ASID in the RPKI-ASPA-derived information and
> the to-be-generated-ASPA-RTR-PDU are equal or not.
> 
> Whether a single ASPA object listing multiple providers is exploded into
> multiple (Customer_ASID/Provider_ASN) tuples; or remains a single data
> structure; the matching is based on the Customer ASID & Afi, which exist
> in both approaches to model the information.
> 
> As for the 'aspaAssertions', the aspaAssertions are modeled after
> 8210bis ASPA PDUs and there should not be any ambiguity. Each
> 'aspaAssertion' contains the same data fields that a single ASPA RTR PDU
> would contain: afi, customer asid, and one or more provider ASNs.
> 
> Tim & Di Ma if you wish to contribute text and list yourselfs as
> co-authors that's fine by us. Feel free to send pull-requests via
> https://github.com/job/draft-sidrops-aspa-slurm/
> 
> Kind regards,
> 
> Job
> 
> _______________________________________________
> Sidrops mailing list
> Sidrops@ietf.org
> https://www.ietf.org/mailman/listinfo/sidrops

v2.46.0 | Report a Bug | By Email | System Status