Re: [Sidrops] Alvaro Retana's No Objection on draft-ietf-sidrops-rpkimaxlen-12: (with COMMENT)
Ben Maddison <benm@workonline.africa> Wed, 10 August 2022 20:20 UTC
Return-Path: <benm@workonline.africa>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2DFF9C13CCF7; Wed, 10 Aug 2022 13:20:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.108
X-Spam-Level:
X-Spam-Status: No, score=-2.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=workonline.africa
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1FOGdxXKo0Um; Wed, 10 Aug 2022 13:20:03 -0700 (PDT)
Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on2052.outbound.protection.outlook.com [40.107.22.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BCB31C13CCE5; Wed, 10 Aug 2022 13:19:58 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Ml2sNEuRuyn1LmRI90Ge0iXzjwinkGLlrt1LK/fuQk4Md9V5frhxF9O9k6gYdwLw/Q+QlKCSMSMtYkwIEUYt63gbkI3u/ChRwpveZ9y4fU4O7yD104rHr+fu+u5OH4jsrbjbyK73l0zAVxx2+T09+6t1MROxrwcEOiqjVIjVIPjnUnMr7pUrqAFysqF7B6RNzpNyf56QMacCnsmG9sXIvs+wQ7qywyalJr1TPlfS4enSqqIJyFwzgiycX/c7BsCLihPPnqRWmVHh6brzLeKyP1qcGKp6Bl7q9j35EftP+JZK/5S474gPBwV3F0JnDKJA1nBkEM34AXBLwfAU1SG+NQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=IB9BWeqCNWYqnw4pSEKgWQYA/rCmCDskeWMRfytPY5c=; b=jMOkwc050lPcJvCHRb4f6/SJj6avLx1w7j44s19jDUN1xqeWjl3fhNTCccVzj92BMqJpQ9uM8qdiATsPoq3PnA1dd+VJZlP8B4/L1wrDLK37z8lud5xvlh1z/5/bFeoggVCHDFCn1xYmuIOIwxh9c5OWwxL7Dv8AOXDbBqKlX9u/ASO+HcoAA2qspnmnAHIHtugknDTtOmB96H/o7vskcgcTcgKUPtl8WJLq0lnkptlaAWDdHWXQ3CXnAbY3xEe4REHHLtF+71DKydq5sqDwBn5ZNvg6EGy3NoTb768rY2Xcyr4MvQhntegoY8fIzLD86nqEtorP/bHk2ALfUg3ZDw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=workonline.africa; dmarc=pass action=none header.from=workonline.africa; dkim=pass header.d=workonline.africa; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=workonline.africa; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=IB9BWeqCNWYqnw4pSEKgWQYA/rCmCDskeWMRfytPY5c=; b=A3Ht7/uve6giLfZoELuXFNEx5oRIYisODH5ZIgFN1c96n1n2uRp+p+NGrLaXqz3/W0dpegGoXq3DFzR4tDBa8KiRtY04wfzYfTzrKkWdDY3tcW6JaeiJE72Nc/Rp1O5DnjFrUpulmEmv16K1/rtv6HLWaKFEx/an83xgZ3uj/6g=
Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=workonline.africa;
Received: from AS8P190MB1078.EURP190.PROD.OUTLOOK.COM (2603:10a6:20b:2e7::13) by AM0P190MB0708.EURP190.PROD.OUTLOOK.COM (2603:10a6:208:198::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5525.10; Wed, 10 Aug 2022 20:19:54 +0000
Received: from AS8P190MB1078.EURP190.PROD.OUTLOOK.COM ([fe80::24e3:a696:db62:47e8]) by AS8P190MB1078.EURP190.PROD.OUTLOOK.COM ([fe80::24e3:a696:db62:47e8%8]) with mapi id 15.20.5504.021; Wed, 10 Aug 2022 20:19:54 +0000
Date: Wed, 10 Aug 2022 22:19:45 +0200
From: Ben Maddison <benm@workonline.africa>
To: Alvaro Retana <aretana.ietf@gmail.com>
Cc: sidrops-chairs@ietf.org, morrowc@ops-netman.net, sidrops@ietf.org, The IESG <iesg@ietf.org>, draft-ietf-sidrops-rpkimaxlen@ietf.org
Message-ID: <20220810201945.yyvuah7lz2rirnch@benm-laptop>
References: <165999488384.24516.14815105547545369665@ietfa.amsl.com> <20220810105618.yueivflxkx72b24h@benm-laptop> <CAMMESsyHo8HbBCj4BE3afLiJQ1vy+2JMZqgs48=2tnxEEh-qpg@mail.gmail.com>
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="owqmfokdhqr4u7yn"
Content-Disposition: inline
In-Reply-To: <CAMMESsyHo8HbBCj4BE3afLiJQ1vy+2JMZqgs48=2tnxEEh-qpg@mail.gmail.com>
X-ClientProxiedBy: CT2P275CA0073.ZAFP275.PROD.OUTLOOK.COM (2603:1086:100:27::17) To AS8P190MB1078.EURP190.PROD.OUTLOOK.COM (2603:10a6:20b:2e7::13)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: c6b77232-863e-4ea1-bd23-08da7b0dafec
X-MS-TrafficTypeDiagnostic: AM0P190MB0708:EE_
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: jVhwtweHwLDvBc3LcqtZISBDjqSQI7ksDIkxWykjX6/j/Ic+qQ64WVJ+ajgWWya/DnhKNV12V2Yi802YZIykkTU+DYy3ElG0azx0qT3nPbvlT1dzj8MhEgiSWrxDMUGmvOvSaC2RmiVesYxephuGBCi6XJYuqNZd2OGSZ3nYBxf/QmWc+TRbGNpxJ2Gt/4OFbGu4TolLHkEigek+Y++S1nEkBCbutZ/5m1iVn5LsX3J72BUuF7PZZk4ulaDSndhLDU1GrXotBBxa96z8nS2SD8vnKXQYEfox9xvoz5XdhK5dCbmNs11hNH612fELh6emoEsb4xAfFsR5A7k48YcUcaxUR3vMM4mLIQXVrDG2fri/Of/U3cw75wzCidRMyJ3/FthvTqB3+I8ksPECp8nbgYJZcWvcersYNDy9Ef9zZddX9AS4zO6VxAWaR6kIF+x294TcWTRf5aRz3z473VGAASG1LjPAHikkOwvRXku+4GMeDdtc8bFjXnONHd9pMiKwtpuVBgeCc8OSccm7sqxXiTUIB2xQpdIkgmlO/u3fnc6cB3+/hrj/t9uFUC1XWm1fP1ug2lNKCIisOqKhcrz29fmN9lYVdrcmgxwLx98mZ2CD+1DbJWNQdoiaWNIk5VafiYeUZ6rOqVrp1x+9HmGvhRxv0GS9bN7tWGb2yc9pwVDoqOQ0bp/n5GYRbYnATloaX3Sk/Dfa5LC30VAQTiIIU4WOpZAoOjP7VUIJUnytstOipOyqNtoAnwkoai/NM9mhVIrKKVRUFcnrVNwwcfvMn3X4+ijo7agBK70VjrZuSKtzkENSaiL5ObJojD+hg4WePyEHfAyshT0HIHw5+osHUg2OCa1koccIT1gfppwKGdY=
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AS8P190MB1078.EURP190.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230016)(7916004)(346002)(136003)(396003)(366004)(39840400004)(376002)(478600001)(41300700001)(6486002)(26005)(9686003)(6666004)(6512007)(6506007)(86362001)(52116002)(44144004)(186003)(1076003)(83380400001)(21480400003)(33716001)(8676002)(4326008)(66476007)(66556008)(5660300002)(6916009)(316002)(8936002)(66946007)(38100700002)(38350700002)(2906002)(46492015)(2700100001); DIR:OUT; SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: P7scVXe+cbBr1zmypl+kgETcoGh680kRsBzaxNJYcP2oD4fTa+uSZrUNOY6qzz7VBMA/FhTyxG8x5X26/FaXH9yieeFoQJ45Ni+GdOBjLI6A9EfmuofUTHkP/z7IdE8Kk3W7ny9af/PaQa6YaE+ksF4MNi8wMez/ZYbnNbXQ9yzYVo2jKeMsWgEbGRYT+MIKTBcsZDQue5zij+VUPeh/eQj4+bt73S5o11JkGbXqEfu1AL5C6uHgePHIRz9rREH7Qiep2uhAv+MSbrdwgPbuhyu0h3nb7/AlQT8CCpK1vYE4aqBSpV3I25dSuZs1c1+t1XcM4VhyEhmr0TStpktwaYKlbqd08Uf9JaSuudq/YIww0N2YkkZ4hf2Ru/MGuh277rxQzEKzeQxYTwem/I/SSMg0Kmhqd4L4s6m3bVPTVC6M+I2ilO2ueBJJ1JAcZCscz2atlIlSb53RDito/Gsse6qaDocjE9E7ijKcXp3U1eaLSxpYwfKQLBxZp1Ff+Zp/rAoUHJC93sekYR9XQ3kNTxHenc2CBCbgMsPetS6HutWgSBVVsQfZuh8UlZHQHFgpmILd3RKcgdRrZlOlt1INMLZjDmimUHwd0vDypbbhk207SqzkYPiVz9os3CJtIQOSFXKWjkYByOmanSI4TSmcltsyj1RfCnsXBDDDzFytzCBOG0fTBaGbiNXr//zVhm1nHtcz2sN23SDBQJaV71GA6kZDW7IuukIuT6L2bE/v2JrwP4S3NdGcKQH4+mb01xj1oxu5Tc9nSYnwwPbeW5BeRf6jrdRe+WS+DJv2Y0MjFEzpVUhAPR6RgRvNwMjM4BZMjHg6s1PYLxH3VBuHSnjzxVXpYNpnVOOkyVVCVxxNP1+IeDzpjYS7i0cF7B0Eua/n/+w5NjjvcVD1SYePbJmCkH5HTd9mpQ4o8/S/UJWwuWWSo/yTj22Z7/qqZ7Ck2ATJKC2DjnUhfbfbEtt/Q0ToTfJqf1G1Eu9pM1V+TOut/vE7TnaCyF8RlxsBID23O+KHnaMeCfH3fBB96ZkuNV7Kv4QV882Nb3i2eZ1wEeljNQHz5bUur01fcWk38/Z6MCua4widMpMlt6Qu45VbGZez3Oxjs3PCFE8b5F+ph0BLDpRkzfuGb+3s83w1wTGadu4zMNi5t3JkElX32dTk8CSkUNQRKA7XpvvprWv4SXUaDUbG7mtyTsgcKiwpb01/yoGiof+aws8FiZUeRNCrOVndbHi8exie4YukgZTimrtycpIm/gvBzl6dhNl7HZTJf3Jyghu/rfjPEYgikIP6uH9c+bSaQrH6btoZc8+ZMXNurq5+NoH6VLJdZRkos0szMiI/EnCT3sJrURuGHJxb2maNQPrTSnGhHLg6Lh0tgKuH2PqqtxcV63kRciPsxaHBbXz53oBZCSa75ZYu62ZMKK/NhvHjgAIbS6kqrgL193yehNe5+mY4IsrKA6Tw9uQCote66zzMXbU3tUiUK8Xrowx2fqxKjofjhusJ5t896rwMJbjyHaGoK0DK+xNK6L9QA86UiFHfBZnqBBS6jlcqhVG6sO9i3syyCifPwg4SJqUxJ03wnKu1FlZ/mDrFVVw8RPk5OtvY1dLTs+a4G5qUggDEQQ==
X-OriginatorOrg: workonline.africa
X-MS-Exchange-CrossTenant-Network-Message-Id: c6b77232-863e-4ea1-bd23-08da7b0dafec
X-MS-Exchange-CrossTenant-AuthSource: AS8P190MB1078.EURP190.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Aug 2022 20:19:54.5477 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: b4e811d5-95e8-453a-b640-0fba8d3b9ef7
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: kZSjyq1hFlBpk2mrpSQtb/qINqtrz4BIazLkdoUECDbhZEFTVxEocbHYtNfYJzNCpns6fuVRwMM6DVk0ZjCSvw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0P190MB0708
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/zKCLjYiVFKOMrfRQ30L3EYC8sQM>
Subject: Re: [Sidrops] Alvaro Retana's No Objection on draft-ietf-sidrops-rpkimaxlen-12: (with COMMENT)
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Aug 2022 20:20:09 -0000
Hi Alvaro, On 08/10, Alvaro Retana wrote: > On August 10, 2022 at 6:56:29 AM, Ben Maddison wrote: > > Ben: > > Hi! > > > > (1) The running example makes the text clear -- but by being a minimal > > > example (only a couple of prefixes are involved) it may oversimplify the > > > potential operational complexity of maintaining a set of minimal ROAs. > > > > > > In particular, operators with short prefixes and many advertisements of > > > both IPv4 and IPv6 may have a harder time keeping up with changes. I would > > > love to see some text around the challenges that applying the > > > recommendations at scale may bring, which may also "result in a self- > > > inflicted denial of service" (to use the description in §7). > > > > I doubt that such an operator would fail to see that their situation is > > more operationally complex than the example. > > > > Perhaps something along the lines of: > > > > The recommendations made in section 5 are likely to be more onerous > > for operators utilising large IP address space allocations from > > which many more-specific advertisements are made in BGP. Operators > > of such networks are encouraged to seek opportunities to automate > > the required procedures in order to minimise manual operational > > burden. > > > > Even the above seems a bit tautological to me! Thoughts? > > That works for me. I'm just looking for completeness, even if there's > some redundancy. Ack. Will be included in -13. > > > (2) This text in §5 talks about the maintenance steps (review, replace, > > > repeat): > > > > > > Operators that have existing ROAs published in the RPKI system SHOULD > > > perform a review of such objects, especially where they make use of > > > the maxLength attribute, to ensure that the set of included prefixes > > > is "minimal" with respect to the current BGP origination and routing > > > policies. Published ROAs SHOULD be replaced as necessary. Such an > > > exercise SHOULD be repeated whenever the operator makes changes to > > > either policy. > > > > > > I assume that throughout the document "SHOULD" is used because, even though > > > this is a BCP, the practice is only recommended. > > > > Correct. MUST feels weird in an Ops BCP. Maybe that's just me. > > > > > That is not an issue for me, except for the last recommendation above: > > > the "exercise SHOULD be repeated whenever the operator makes changes > > > to either policy". If the recommendations in this document are > > > followed, a review of the system should be required, not just > > > recommended. > > > > I think they should either all be MUST or all be SHOULD. Changing only > > the last sentence would mean performing a review initially is > > operational, but performing subsequent reviews is required, which I > > think is poor advice. > > > > I generally think MUST is odd in this kind of doc, but I'm happy to > > accept guidance on this. > > IMO, documents are generally self-contained -- the normative language > should be interpreted in the context of each document. For example, > if an optional extension to a protocol is being described, the > required or recommended behavior should be seen in the context of > using that extension. > > In the case of this document, it describes a practice that operators > may decide to take on, or not. If they do, then the requirements and > recommendations should apply in the context of using the mechanism. Thanks for the explanation. Makes sense to me. > All this is to say that I would rather you require (MUST) the behavior > -- in the context of "if you're implementing this BCP then these are > the things you MUST do". Specifically, all the actions above are > required. > > If operators don't chose to follow what this document recommends, it > doesn't matter whether SHOULD/MUST were used. Ack. Will update in -13. > ... > > > (4) "The recommendations complement and extend those in [RFC7115]." > > > > > > It seems to me that this document should formally Update rfc7115 as there > > > are related considerations mentioned there. I checked the archive but > > > couldn't find a related discussion. Was an Update considered? > > > > To the best of my recollection, no. > > > > I'm inclined to agree that this should probably update 7115. Given that > > the original author of that document has indicated he is, at best, > > lukewarm about this draft, I'd appreciate some guidance on the etiquette > > here? > > This is a decision that the WG should make. I would expect the Chairs > to lead a discussion and reach a consensus, one way or the other. > [Disclaimer: this is not my WG, so I'll rely on the Responsible > AD/Chairs on the way forward.] > > FWIW, given the relationship with rfc7115, I think it's more important > to make sure this document is also part of BCP 185 than to use the > Updates tag. Agreed RE: BCP 185. I'll await comments from the rest of the WG before touching updates. Cheers, Ben
- [Sidrops] Alvaro Retana's No Objection on draft-i… Alvaro Retana via Datatracker
- Re: [Sidrops] Alvaro Retana's No Objection on dra… Randy Bush
- Re: [Sidrops] Alvaro Retana's No Objection on dra… Ben Maddison
- Re: [Sidrops] Alvaro Retana's No Objection on dra… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] Alvaro Retana's No Objection on dra… Alvaro Retana
- Re: [Sidrops] Alvaro Retana's No Objection on dra… Alvaro Retana
- Re: [Sidrops] Alvaro Retana's No Objection on dra… Ben Maddison
- Re: [Sidrops] Alvaro Retana's No Objection on dra… Ben Maddison