IETF Logo Mail Archive

Re: [Sidrops] Call for SIDROPS WG Agenda Items

Tim Bruijnzeels <tim@nlnetlabs.nl> Thu, 05 July 2018 10:01 UTC

Return-Path: <tim@nlnetlabs.nl>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C7674130DC1 for <sidrops@ietfa.amsl.com>; Thu, 5 Jul 2018 03:01:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Level:
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JRl5lRXBzP_L for <sidrops@ietfa.amsl.com>; Thu, 5 Jul 2018 03:01:50 -0700 (PDT)
Received: from dicht.nlnetlabs.nl (open.nlnetlabs.nl [IPv6:2a04:b900::1:0:0:10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4BCC1130EA3 for <sidrops@ietf.org>; Thu, 5 Jul 2018 03:01:50 -0700 (PDT)
Received: from [IPv6:2a04:b900::1:f59a:a5aa:f298:6f81] (unknown [IPv6:2a04:b900:0:1:f59a:a5aa:f298:6f81]) by dicht.nlnetlabs.nl (Postfix) with ESMTPS id 9831989B4; Thu, 5 Jul 2018 12:01:48 +0200 (CEST)
Authentication-Results: dicht.nlnetlabs.nl; dmarc=none header.from=nlnetlabs.nl
From: Tim Bruijnzeels <tim@nlnetlabs.nl>
Message-Id: <D0933B81-699C-4AAD-ABA4-CCB33BA6317B@nlnetlabs.nl>
Content-Type: multipart/alternative; boundary="Apple-Mail=_1078071B-9A9E-4310-A1C7-3976DE8F76DE"
Mime-Version: 1.0 (Mac OS X Mail 11.3 \(3445.6.18\))
Date: Thu, 05 Jul 2018 12:01:48 +0200
In-Reply-To: <CAHgCvCMcV15dMjUtGeDbzsz3eTJkvLNig7+9RV59Ch6+8c9YgA@mail.gmail.com>
Cc: Keyur Patel <keyur@arrcus.com>, "sidrops@ietf.org" <sidrops@ietf.org>, George Michaelson <ggm@algebras.org>
To: Alexander Azimov <aa@qrator.net>
References: <C0205A63-E2D5-4CD5-A109-08C61A1AEA6D@arrcus.com> <m21scsq8b8.wl-randy@psg.com> <6065B77B-9981-4273-82CD-A13C3151EA24@arrcus.com> <CAKr6gn1expF0syu69zpWhyERjvp72r169NhvudMNUSMd0A5D2A@mail.gmail.com> <D1A6D74E-ECEA-4080-90D3-0E19F1B9EE8E@arrcus.com> <CAHgCvCMcV15dMjUtGeDbzsz3eTJkvLNig7+9RV59Ch6+8c9YgA@mail.gmail.com>
X-Mailer: Apple Mail (2.3445.6.18)
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/zqwlJI2OyMmQcUWM1pegjIozg9M>
Subject: Re: [Sidrops] Call for SIDROPS WG Agenda Items
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Jul 2018 10:01:54 -0000

Hi Alexander,

Nice drafts! I have some questions that may come back when you present, but let me ask here as well.

In-line

> On 28 Jun 2018, at 15:57, Alexander Azimov <aa@qrator.net> wrote:
> 
> I would like to reserve 15 minutes for:
> https://datatracker.ietf.org/doc/draft-azimov-sidrops-aspa-profile/ <https://datatracker.ietf.org/doc/draft-azimov-sidrops-aspa-profile/>

Since it’s the customer ASN who signs would it be a good idea if they listed all provider ASNs in a single object? There is no fate sharing risk like we have in ROAs when including multiple signing prefixes. On the other hand this would guarantee atomicity.

One small thing, eventually this will need a filename extension to be included in the IANA “RPKI Repository Name Scheme” registry. See also:
https://tools.ietf.org/html/rfc6481#section-7.2 <https://tools.ietf.org/html/rfc6481#section-7.2>

> https://datatracker.ietf.org/doc/draft-azimov-sidrops-aspa-verification/ <https://datatracker.ietf.org/doc/draft-azimov-sidrops-aspa-verification/>

I am not entirely clear on the AS_PATH verification in section 5. It reads to me like the outcome is invalid, or unverifiable if not all of the ASNs on the path have published ASPAs. And that unverifiable is considered close to invalid. But I may have misunderstood.. so I would be particularly interested in this part of your presentation.

All that said, I think that it would be extremely useful if a partial, incremental deployment can be supported. IMHO one of the big issues with BGPSec deployment is that it’s all or nothing, so there really is no incentive to deploy until everybody else has done so. With ASPAs you could argue that a route should be dropped if any of the pairs in the path turns out to be invalid, but it’s okay to accept unknowns. This would allow ASNs to get benefits from publishing ASPAs without requiring that everyone else does so as well. Of course things will be better when they do as well, but until that time there still is a benefit. So, there is incentive for ASNs to be pro-active.

But as I said.. I am not sure that I got this section 5 completely..

Regards,

Tim


> 
> 2018-06-28 1:33 GMT+03:00 Keyur Patel <keyur@arrcus.com <mailto:keyur@arrcus.com>>:
> Done. Thanks.
> 
> Regards,
> Keyur
> 
> > On Jun 27, 2018, at 3:32 PM, George Michaelson <ggm@algebras.org <mailto:ggm@algebras.org>> wrote:
> > 
> > I have been asked by my RIR colleagues to talk about modified
> > validation deployment planning. I think about 10 minutes should do it.
> > 
> > cheers
> > 
> > -george
> > 
> >> On Thu, Jun 28, 2018 at 6:34 AM, Keyur Patel <keyur@arrcus.com <mailto:keyur@arrcus.com>> wrote:
> >> Done. Thanks.
> >> 
> >> Regards,
> >> Keyur
> >> 
> >> On 6/27/18, 1:32 PM, "Randy Bush" <randy@psg.com <mailto:randy@psg.com>> wrote:
> >> 
> >>> SIDROPS will meet at IETF-102 on Monday, July 16th from 1:30 pm - 3:30
> >>> pm. Please forward any SIDROPS agenda items you may have to Chris and
> >>> me. Please also make sure that your slides are available to the chairs
> >>> by Friday morning (07/13/2018). Slides received after the deadline may
> >>> not be available for use during the meeting.
> >> 
> >>    i would appreciate 10-15 minutes to discuss
> >> 
> >>        draft-ymbk-sidrops-ov-signal-01
> >> 
> >>    i do NOT plan to present it.  folk who want to discuss it and/or have
> >>    questions MUST have read it beforehand.
> >> 
> >>    randy
> >> 
> >> 
> >> _______________________________________________
> >> Sidrops mailing list
> >> Sidrops@ietf.org <mailto:Sidrops@ietf.org>
> >> https://www.ietf.org/mailman/listinfo/sidrops <https://www.ietf.org/mailman/listinfo/sidrops>
> _______________________________________________
> Sidrops mailing list
> Sidrops@ietf.org <mailto:Sidrops@ietf.org>
> https://www.ietf.org/mailman/listinfo/sidrops <https://www.ietf.org/mailman/listinfo/sidrops>
> 
> 
> 
> -- 
> | Alexander Azimov  | HLL l QRATOR
> | tel.: +7 499 241 81 92
> | mob.: +7 915 360 08 86
> | skype: mitradir
> | mailto: aa@qrator.net <mailto:aa@qrator.net>
> | visit: www.qrator.net <http://www.qrator.net/>_______________________________________________
> Sidrops mailing list
> Sidrops@ietf.org
> https://www.ietf.org/mailman/listinfo/sidrops

v2.23.0 | Report a Bug | By Email