From nobody Thu Mar 1 10:17:45 2018 Return-Path: X-Original-To: sidrops@ietf.org Delivered-To: sidrops@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id B5F041242F5; Thu, 1 Mar 2018 10:17:39 -0800 (PST) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: Cc: sidrops@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.73.0 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <151992825965.21572.6894976179606067673@ietfa.amsl.com> Date: Thu, 01 Mar 2018 10:17:39 -0800 Archived-At: Subject: [Sidrops] I-D Action: draft-ietf-sidrops-bgpsec-algs-rfc8208-bis-00.txt X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Mar 2018 18:17:40 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the SIDR Operations WG of the IETF. Title : BGPsec Algorithms, Key Formats, and Signature Formats Authors : Sean Turner Oliver Borchert Filename : draft-ietf-sidrops-bgpsec-algs-rfc8208-bis-00.txt Pages : 21 Date : 2018-03-01 Abstract: This document specifies the algorithms, algorithm parameters, asymmetric key formats, asymmetric key sizes, and signature formats used in BGPsec (Border Gateway Protocol Security). This document updates RFC 8208 ("BGPsec Algorithms, Key Formats, and Signature Formats") by adding Special-Use Algorithm IDs and correcting the range of unassigned algorithms IDs to fill the complete range. This document also includes example BGPsec UPDATE messages as well as the private keys used to generate the messages and the certificates necessary to validate those signatures. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-sidrops-bgpsec-algs-rfc8208-bis/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-sidrops-bgpsec-algs-rfc8208-bis-00 https://datatracker.ietf.org/doc/html/draft-ietf-sidrops-bgpsec-algs-rfc8208-bis-00 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Sun Mar 4 19:34:22 2018 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 057E4126C26; Sun, 4 Mar 2018 19:34:21 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.909 X-Spam-Level: X-Spam-Status: No, score=-1.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Kr__DSvMgHZa; Sun, 4 Mar 2018 19:34:19 -0800 (PST) Received: from cnnic.cn (smtp13.cnnic.cn [218.241.118.13]) by ietfa.amsl.com (Postfix) with ESMTP id B3B99124D6C; Sun, 4 Mar 2018 19:34:17 -0800 (PST) Received: from LIUXD (unknown [218.241.103.63]) by ocmail02.zx.nicx.cn (Coremail) with SMTP id AQAAf0ApMNC0upxaQXnZAA--.41729S3; Mon, 05 Mar 2018 11:34:13 +0800 (CST) From: "Yu Fu" To: Cc: Date: Mon, 5 Mar 2018 11:34:18 +0800 Message-ID: <00e401d3b432$d8216cb0$88644610$@cn> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_00E5_01D3B475.E644ACB0" X-Mailer: Microsoft Office Outlook 12.0 Thread-Index: AdO0MtZgyCCwqvnETaeiMyqy8j6KfA== Content-Language: zh-cn X-CM-TRANSID: AQAAf0ApMNC0upxaQXnZAA--.41729S3 X-Coremail-Antispam: 1UD129KBjvdXoW7JF43Cw4fXr15XF1DAF15twb_yoWfWrX_ua yrGa4qk3yDCFWFga13tw40qFy3Jayvkw1UWF1UXr4vgrySywsxJF4kKrW7Zr1aqry0yan8 GwnxJryDtw17WjkaLaAFLSUrUUUUUb8apTn2vfkv8UJUUUU8Yxn0WfASr-VFAUDa7-sFnT 9fnUUIcSsGvfJTRUUUbSxYjsxI4VWkCwAYFVCjjxCrM7AC8VAFwI0_Jr0_Gr1l1xkIjI8I 6I8E6xAIw20EY4v20xvaj40_Wr0E3s1l1IIY67AEw4v_Jr0_Jr4l8cAvFVAK0II2c7xJM2 8CjxkF64kEwVA0rcxSw2x7M28EF7xvwVC0I7IYx2IY67AKxVW5JVW7JwA2z4x0Y4vE2Ix0 cI8IcVCY1x0267AKxVW8JVWxJwA2z4x0Y4vEx4A2jsIE14v26F4UJVW0owA2z4x0Y4vEx4 A2jsIEc7CjxVAFwI0_GcCE3s1le2I262IYc4CY6c8Ij28IcVAaY2xG8wAqx4xG67k08I80 eVWrJVW7JwAqx4xG6c804VAFz4xC04v7Mc02F40Ew4AK048IF2xKxVW8JVW5JwAqx4xG6x AIxVCFxsxG0wAv7VC0I7IYx2IY67AKxVWUJVWUGwAv7VC2z280aVAFwI0_Jr0_Gr1lOx8S 6xCaFVCjc4AY6r1j6r4UM4x0Y48IcxkI7VAKI48JMxkIecxEwVAFwVW8GwCF04k20xvY0x 0EwIxGrwCFx2IqxVCFs4IE7xkEbVWUJVW8JwC20s026c02F40E14v26r106r1rMI8I3I0E 7480Y4vE14v26r106r1rMI8E67AF67kF1VAFwI0_Jrv_JF1lIxkGc2Ij64vIr41lIxAIcV C0I7IYx2IY67AKxVWUJVWUCwCI42IY6xIIjxv20xvEc7CjxVAFwI0_Jr0_Gr1lIxAIcVCF 04k26cxKx2IYs7xG6rW3Jr0E3s1lIxAIcVC2z280aVAFwI0_Jr0_Gr1lIxAIcVC2z280aV CY1x0267AKxVWUJVW8JbIYCTnIWIevJa73UjIFyTuYvjxUs_MaUUUUU X-CM-SenderInfo: pix13q5fqqxugofq/ Archived-At: Subject: [Sidrops] Request an official cal for draft with Considerations for ROAs issued with Multiple prefixes X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Mar 2018 03:34:21 -0000 This is a multi-part message in MIME format. ------=_NextPart_000_00E5_01D3B475.E644ACB0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Dear chairs, Can I ask for an official call for WG adoption of individual draft: https://tools.ietf.org/html/draft-yan-sidrops-roa-considerations-01 This draft had been presented and discussed in the IETF 100 at sidrops meeting. It analyzes and presents some operational problems which may be caused by the misconfigurations of ROAs containing multiple IP prefixes. It suggests CAs to avoid issuing ROAs with a large number of IP address prefixes and better to issue one ROA for one IP address prefix. It suggests that a safeguard scheme should be considered to protect the process of ROA issuance for the CA. It had been received some agreement at the mic during the meeting. So I think this draft is a meaningful work and its suggestions should be a direction for the RPKI operators and CAs. Thanks Yu ------------------------------------------- Yu Fu fuyu@cnnic.cn ------=_NextPart_000_00E5_01D3B475.E644ACB0 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Dear = chairs,

 

Can I ask for an official call for WG adoption of = individual draft:

https://tools.ietf.org/html/draft-yan-sidrops-roa-considerations-01

 

This draft had been presented and discussed in the IETF 100 = at sidrops meeting.

It analyzes and presents some operational problems which = may be caused by the misconfigurations of ROAs containing multiple IP = prefixes.

It suggests CAs to avoid issuing ROAs with a large number = of IP address prefixes and better to issue one ROA for one IP address = prefix.

It suggests that a safeguard scheme should be considered to = protect the process of ROA issuance for the CA.

It had been received some = agreement at the mic during the meeting.

So I think this draft is a = meaningful work and its suggestions should be a direction for the RPKI = operators and CAs.

 

 

Thanks

Yu

 

 

-------------------------------------------

Yu = Fu

fuyu@cnnic.cn

 

------=_NextPart_000_00E5_01D3B475.E644ACB0-- From nobody Mon Mar 5 10:15:08 2018 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2381A12DA4F for ; Mon, 5 Mar 2018 10:15:08 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.61 X-Spam-Level: X-Spam-Status: No, score=-2.61 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qZ_IOu6vyBBu for ; Mon, 5 Mar 2018 10:15:06 -0800 (PST) Received: from mail3.dllstx09.us.to.gin.ntt.net (mail3.dllstx09.us.to.gin.ntt.net [IPv6:2001:418:3ff:5::26]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8872712D96A for ; Mon, 5 Mar 2018 10:15:06 -0800 (PST) Received: by mail3.dllstx09.us.to.gin.ntt.net with esmtpsa (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.89) (envelope-from ) id 1esudd-0008UT-8I (job@us.ntt.net) for sidrops@ietf.org; Mon, 05 Mar 2018 18:15:06 +0000 Received: by mail-oi0-f51.google.com with SMTP id u73so12781121oie.3 for ; Mon, 05 Mar 2018 10:15:05 -0800 (PST) X-Gm-Message-State: AElRT7Hp74RB3j0ZhhIoPc5t0xxO+BkKIl9hFAIIEBcJdO0i83ZlEcge Gn16fLFf/6AosZApygqCjlLE/lBO3f0YHg+IrYqISw== X-Google-Smtp-Source: AG47ELsza8Ve84K2XfGxtibJCNQg2ssSWWW4Cbw7GxZkdysDWxNA65MEHxaQMb6s2Yjs4XhhQ65P7ecmsK/WxJyamio= X-Received: by 10.202.75.16 with SMTP id y16mr10380061oia.27.1520273704893; Mon, 05 Mar 2018 10:15:04 -0800 (PST) MIME-Version: 1.0 Received: by 10.74.166.66 with HTTP; Mon, 5 Mar 2018 10:15:04 -0800 (PST) X-Originating-IP: [2001:67c:208c:10:cce5:8692:888c:b74b] In-Reply-To: <152027339832.14543.8814801305512518546.idtracker@ietfa.amsl.com> References: <152027339832.14543.8814801305512518546.idtracker@ietfa.amsl.com> From: Job Snijders Date: Mon, 5 Mar 2018 19:15:04 +0100 X-Gmail-Original-Message-ID: Message-ID: To: sidrops@ietf.org, draft-yossigi-rpkimaxlen@ietf.org, Ben Maddison Content-Type: text/plain; charset="UTF-8" Archived-At: Subject: [Sidrops] Fwd: New Version Notification for draft-yossigi-rpkimaxlen-02.txt X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Mar 2018 18:15:08 -0000 Dear working group, This document has gone through a number of revisions outside the working group. As authors we think it may be time to consider a call for adoption and continue work on this document in context of the working group. Thoughts? Kind regards, Job ---------- Forwarded message ---------- From: Date: Mon, Mar 5, 2018 at 7:09 PM Subject: New Version Notification for draft-yossigi-rpkimaxlen-02.txt To: Job Snijders , Kotikalapudi Sriram , Ben Maddison , Yossi Gilad , Sharon Goldberg A new version of I-D, draft-yossigi-rpkimaxlen-02.txt has been successfully submitted by Job Snijders and posted to the IETF repository. Name: draft-yossigi-rpkimaxlen Revision: 02 Title: The Use of Maxlength in the RPKI Document date: 2018-03-05 Group: Individual Submission Pages: 10 URL: https://www.ietf.org/internet-drafts/draft-yossigi-rpkimaxlen-02.txt Status: https://datatracker.ietf.org/doc/draft-yossigi-rpkimaxlen/ Htmlized: https://tools.ietf.org/html/draft-yossigi-rpkimaxlen-02 Htmlized: https://datatracker.ietf.org/doc/html/draft-yossigi-rpkimaxlen-02 Diff: https://www.ietf.org/rfcdiff?url2=draft-yossigi-rpkimaxlen-02 Abstract: This document recommends that operators avoid using the maxLength attribute when issuing Route Origin Authorizations (ROAs) in the Resource Public Key Infrastructure (RPKI). These recommendations complement those in [RFC7115]. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat From nobody Mon Mar 5 13:58:20 2018 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 033B8126DCA; Mon, 5 Mar 2018 13:58:19 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.199 X-Spam-Level: X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tuYGSfLzihs5; Mon, 5 Mar 2018 13:58:13 -0800 (PST) Received: from mail.netability.ie (mail.netability.ie [IPv6:2a03:8900:0:100::5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1257C126D85; Mon, 5 Mar 2018 13:58:12 -0800 (PST) X-Envelope-To: draft-yossigi-rpkimaxlen@ietf.org Received: from crumpet.local (089-101-070074.ntlworld.ie [89.101.70.74] (may be forged)) (authenticated bits=0) by mail.netability.ie (8.15.2/8.15.2) with ESMTPSA id w25Lw9Rk079480 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 5 Mar 2018 21:58:09 GMT (envelope-from nick@foobar.org) X-Authentication-Warning: cheesecake.ibn.ie: Host 089-101-070074.ntlworld.ie [89.101.70.74] (may be forged) claimed to be crumpet.local Message-ID: <5A9DBD70.60800@foobar.org> Date: Mon, 05 Mar 2018 21:58:08 +0000 From: Nick Hilliard User-Agent: Postbox 5.0.24 (Macintosh/20180302) MIME-Version: 1.0 To: Job Snijders CC: sidrops@ietf.org, draft-yossigi-rpkimaxlen@ietf.org, Ben Maddison References: <152027339832.14543.8814801305512518546.idtracker@ietfa.amsl.com> In-Reply-To: X-Enigmail-Version: 1.2.3 Content-Type: multipart/alternative; boundary="------------040208060405000503050902" Archived-At: Subject: Re: [Sidrops] Fwd: New Version Notification for draft-yossigi-rpkimaxlen-02.txt X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Mar 2018 21:58:19 -0000 This is a multi-part message in MIME format. --------------040208060405000503050902 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit This is not a dumb draft. Please adopt. Nick > Job Snijders > 5 March 2018 at 18:15 > Dear working group, > > This document has gone through a number of revisions outside the > working group. > > As authors we think it may be time to consider a call for adoption and > continue work on this document in context of the working group. > > Thoughts? > > Kind regards, > > Job > > > ---------- Forwarded message ---------- > From: > Date: Mon, Mar 5, 2018 at 7:09 PM > Subject: New Version Notification for draft-yossigi-rpkimaxlen-02.txt > To: Job Snijders , Kotikalapudi Sriram > , Ben Maddison , > Yossi Gilad , Sharon Goldberg > > A new version of I-D, draft-yossigi-rpkimaxlen-02.txt > has been successfully submitted by Job Snijders and posted to the > IETF repository. > > Name: draft-yossigi-rpkimaxlen > Revision: 02 > Title: The Use of Maxlength in the RPKI > Document date: 2018-03-05 > Group: Individual Submission > Pages: 10 > URL: > https://www.ietf.org/internet-drafts/draft-yossigi-rpkimaxlen-02.txt > Status: https://datatracker.ietf.org/doc/draft-yossigi-rpkimaxlen/ > Htmlized: https://tools.ietf.org/html/draft-yossigi-rpkimaxlen-02 > Htmlized: > https://datatracker.ietf.org/doc/html/draft-yossigi-rpkimaxlen-02 > Diff: https://www.ietf.org/rfcdiff?url2=draft-yossigi-rpkimaxlen-02 > > Abstract: > This document recommends that operators avoid using the maxLength > attribute when issuing Route Origin Authorizations (ROAs) in the > Resource Public Key Infrastructure (RPKI). These recommendations > complement those in [RFC7115]. > > > Please note that it may take a couple of minutes from the time of > submission > until the htmlized version and diff are available at tools.ietf.org. > > The IETF Secretariat > > _______________________________________________ > Sidrops mailing list > Sidrops@ietf.org > https://www.ietf.org/mailman/listinfo/sidrops > ------------------------------------------------------------------------ --------------040208060405000503050902 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 8bit
This is not a dumb draft.  Please adopt.

Nick
5 March 2018 at 18:15
Dear working group,

This document has gone through a number of revisions outside the working group.

As authors we think it may be time to consider a call for adoption and
continue work on this document in context of the working group.

Thoughts?

Kind regards,

Job


---------- Forwarded message ----------
From: <internet-drafts@ietf.org>
Date: Mon, Mar 5, 2018 at 7:09 PM
Subject: New Version Notification for draft-yossigi-rpkimaxlen-02.txt
To: Job Snijders <job@ntt.net>, Kotikalapudi Sriram
<kotikalapudi.sriram@nist.gov>, Ben Maddison <benm@workonline.co.za>,
Yossi Gilad <yossigi@bu.edu>, Sharon Goldberg <goldbe@cs.bu.edu>

A new version of I-D, draft-yossigi-rpkimaxlen-02.txt
has been successfully submitted by Job Snijders and posted to the
IETF repository.

Name: draft-yossigi-rpkimaxlen
Revision: 02
Title: The Use of Maxlength in the RPKI
Document date: 2018-03-05
Group: Individual Submission
Pages: 10
URL:
https://www.ietf.org/internet-drafts/draft-yossigi-rpkimaxlen-02.txt
Status: https://datatracker.ietf.org/doc/draft-yossigi-rpkimaxlen/
Htmlized: https://tools.ietf.org/html/draft-yossigi-rpkimaxlen-02
Htmlized:
https://datatracker.ietf.org/doc/html/draft-yossigi-rpkimaxlen-02
Diff: https://www.ietf.org/rfcdiff?url2=draft-yossigi-rpkimaxlen-02

Abstract:
This document recommends that operators avoid using the maxLength
attribute when issuing Route Origin Authorizations (ROAs) in the
Resource Public Key Infrastructure (RPKI). These recommendations
complement those in [RFC7115].


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

The IETF Secretariat

_______________________________________________
Sidrops mailing list
Sidrops@ietf.org
https://www.ietf.org/mailman/listinfo/sidrops

--------------040208060405000503050902-- From nobody Mon Mar 5 14:06:14 2018 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 194EC12E049; Mon, 5 Mar 2018 14:06:02 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.53 X-Spam-Level: X-Spam-Status: No, score=-14.53 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0KIqYAJK5VI7; Mon, 5 Mar 2018 14:05:59 -0800 (PST) Received: from alln-iport-5.cisco.com (alln-iport-5.cisco.com [173.37.142.92]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5B69B12711E; Mon, 5 Mar 2018 14:05:59 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=3594; q=dns/txt; s=iport; t=1520287559; x=1521497159; h=from:to:subject:date:message-id:references:in-reply-to: content-id:content-transfer-encoding:mime-version; bh=7K7lizoMs5JaNHbrvkI3VKJ/iQ5r7b8OjQGFlM8xgRQ=; b=JEvnEsIj+x6Dy93c+QGwuRX4jdtxQYCyT5PeyxjBZqLqOhlIJCCndOrC X57hYF82vsa3NLBhebwcaCekhykTBBEBeF3q8ycO3gjSoKLDCaaoDa92p kXSxKAcjo1sxgQX9Mll8fRH0RACQ1UAz4WCRq8S8m+Xjii1L5M2rYT/0o Q=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0D+AABTvp1a/5NdJa1dGQEBAQEBAQEBA?= =?us-ascii?q?QEBAQcBAQEBAYNQZnAoCoNKiiSNeIFbJ4EWlDQUggEKGAuBXIJiTwIaglkhNBg?= =?us-ascii?q?BAgEBAQEBAQJrJ4UjAQEBBAEBGwYRFSUJEgIBCBEDAQIDAiYCAgIlCxUICAIEA?= =?us-ascii?q?RKFGxCocoIniGSCK4EPhB6CLoFXgWYpDIJ4gldMCwEBAgEBF4EeT4J0MIIyBIg?= =?us-ascii?q?hhViFS4ceCQKGUoorgWdOg2eIXIl9hysCERkBgS0BHjiBUnAVGSEqAYIYCYQ/d?= =?us-ascii?q?wGLVoEYAQEB?= X-IronPort-AV: E=Sophos;i="5.47,428,1515456000"; d="scan'208";a="79148937" Received: from rcdn-core-11.cisco.com ([173.37.93.147]) by alln-iport-5.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 05 Mar 2018 22:05:58 +0000 Received: from XCH-RTP-015.cisco.com (xch-rtp-015.cisco.com [64.101.220.155]) by rcdn-core-11.cisco.com (8.14.5/8.14.5) with ESMTP id w25M5wmi014592 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 5 Mar 2018 22:05:58 GMT Received: from xch-rtp-011.cisco.com (64.101.220.151) by XCH-RTP-015.cisco.com (64.101.220.155) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Mon, 5 Mar 2018 17:05:57 -0500 Received: from xch-rtp-011.cisco.com ([64.101.220.151]) by XCH-RTP-011.cisco.com ([64.101.220.151]) with mapi id 15.00.1320.000; Mon, 5 Mar 2018 17:05:57 -0500 From: "Roque Gagliano (rogaglia)" To: Job Snijders , "sidrops@ietf.org" , "draft-yossigi-rpkimaxlen@ietf.org" , "Ben Maddison" Thread-Topic: [Sidrops] Fwd: New Version Notification for draft-yossigi-rpkimaxlen-02.txt Thread-Index: AQHTtK3qerQGd9i5RU2UT1Lw8sWZ5qPCl34A Date: Mon, 5 Mar 2018 22:05:57 +0000 Message-ID: References: <152027339832.14543.8814801305512518546.idtracker@ietfa.amsl.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/10.9.0.180116 x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.61.86.122] Content-Type: text/plain; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 MIME-Version: 1.0 Archived-At: Subject: Re: [Sidrops] Fwd: New Version Notification for draft-yossigi-rpkimaxlen-02.txt X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Mar 2018 22:06:04 -0000 SGkgSm9iLA0KDQpJIGFncmVlIG9uIGFkb3B0aW9uLg0KDQpSb3F1ZQ0KDQrigJQgDQpSb3F1ZSBH YWdsaWFubw0KDQpBdXRvbWF0aW9uIFNvZnR3YXJlIEFyY2hpdGVjdCBFTUVBUg0KDQorNDEgNzYg NDQ5IDg4NjcNCiANCkpvaW4gdGhlIE5TTyBEaWdpdGFsIEVjb3N5c3RlbToNCk5TTyBvbiBEZXZO ZXQ6IHd3dy5jaXNjby5jb20vZ28vbnNvZGV2bmV0IDxodHRwOi8vd3d3LmNpc2NvLmNvbS9nby9u c29kZXZuZXQ+DQpOU08gRGV2ZWxvcGVyIEh1Yjogd3d3LmNpc2NvLmNvbS9nby9uc29odWIgPGh0 dHA6Ly93d3cuY2lzY28uY29tL2dvL25zb2h1Yj4NCg0KIA0K77u/T24gMDUvMDMvMTggMTk6MTUs ICJTaWRyb3BzIG9uIGJlaGFsZiBvZiBKb2IgU25pamRlcnMiIDxzaWRyb3BzLWJvdW5jZXNAaWV0 Zi5vcmcgb24gYmVoYWxmIG9mIGpvYkBudHQubmV0PiB3cm90ZToNCg0KICAgIERlYXIgd29ya2lu ZyBncm91cCwNCiAgICANCiAgICBUaGlzIGRvY3VtZW50IGhhcyBnb25lIHRocm91Z2ggYSBudW1i ZXIgb2YgcmV2aXNpb25zIG91dHNpZGUgdGhlIHdvcmtpbmcgZ3JvdXAuDQogICAgDQogICAgQXMg YXV0aG9ycyB3ZSB0aGluayBpdCBtYXkgYmUgdGltZSB0byBjb25zaWRlciBhIGNhbGwgZm9yIGFk b3B0aW9uIGFuZA0KICAgIGNvbnRpbnVlIHdvcmsgb24gdGhpcyBkb2N1bWVudCBpbiBjb250ZXh0 IG9mIHRoZSB3b3JraW5nIGdyb3VwLg0KICAgIA0KICAgIFRob3VnaHRzPw0KICAgIA0KICAgIEtp bmQgcmVnYXJkcywNCiAgICANCiAgICBKb2INCiAgICANCiAgICANCiAgICAtLS0tLS0tLS0tIEZv cndhcmRlZCBtZXNzYWdlIC0tLS0tLS0tLS0NCiAgICBGcm9tOiAgPGludGVybmV0LWRyYWZ0c0Bp ZXRmLm9yZz4NCiAgICBEYXRlOiBNb24sIE1hciA1LCAyMDE4IGF0IDc6MDkgUE0NCiAgICBTdWJq ZWN0OiBOZXcgVmVyc2lvbiBOb3RpZmljYXRpb24gZm9yIGRyYWZ0LXlvc3NpZ2ktcnBraW1heGxl bi0wMi50eHQNCiAgICBUbzogSm9iIFNuaWpkZXJzIDxqb2JAbnR0Lm5ldD4sIEtvdGlrYWxhcHVk aSBTcmlyYW0NCiAgICA8a290aWthbGFwdWRpLnNyaXJhbUBuaXN0Lmdvdj4sIEJlbiBNYWRkaXNv biA8YmVubUB3b3Jrb25saW5lLmNvLnphPiwNCiAgICBZb3NzaSBHaWxhZCA8eW9zc2lnaUBidS5l ZHU+LCBTaGFyb24gR29sZGJlcmcgPGdvbGRiZUBjcy5idS5lZHU+DQogICAgDQogICAgQSBuZXcg dmVyc2lvbiBvZiBJLUQsIGRyYWZ0LXlvc3NpZ2ktcnBraW1heGxlbi0wMi50eHQNCiAgICBoYXMg YmVlbiBzdWNjZXNzZnVsbHkgc3VibWl0dGVkIGJ5IEpvYiBTbmlqZGVycyBhbmQgcG9zdGVkIHRv IHRoZQ0KICAgIElFVEYgcmVwb3NpdG9yeS4NCiAgICANCiAgICBOYW1lOiAgICAgICAgICAgZHJh ZnQteW9zc2lnaS1ycGtpbWF4bGVuDQogICAgUmV2aXNpb246ICAgICAgIDAyDQogICAgVGl0bGU6 ICAgICAgICAgIFRoZSBVc2Ugb2YgTWF4bGVuZ3RoIGluIHRoZSBSUEtJDQogICAgRG9jdW1lbnQg ZGF0ZTogIDIwMTgtMDMtMDUNCiAgICBHcm91cDogICAgICAgICAgSW5kaXZpZHVhbCBTdWJtaXNz aW9uDQogICAgUGFnZXM6ICAgICAgICAgIDEwDQogICAgVVJMOg0KICAgIGh0dHBzOi8vd3d3Lmll dGYub3JnL2ludGVybmV0LWRyYWZ0cy9kcmFmdC15b3NzaWdpLXJwa2ltYXhsZW4tMDIudHh0DQog ICAgU3RhdHVzOiAgICAgICAgIGh0dHBzOi8vZGF0YXRyYWNrZXIuaWV0Zi5vcmcvZG9jL2RyYWZ0 LXlvc3NpZ2ktcnBraW1heGxlbi8NCiAgICBIdG1saXplZDogICAgICAgaHR0cHM6Ly90b29scy5p ZXRmLm9yZy9odG1sL2RyYWZ0LXlvc3NpZ2ktcnBraW1heGxlbi0wMg0KICAgIEh0bWxpemVkOg0K ICAgIGh0dHBzOi8vZGF0YXRyYWNrZXIuaWV0Zi5vcmcvZG9jL2h0bWwvZHJhZnQteW9zc2lnaS1y cGtpbWF4bGVuLTAyDQogICAgRGlmZjogICAgICAgICAgIGh0dHBzOi8vd3d3LmlldGYub3JnL3Jm Y2RpZmY/dXJsMj1kcmFmdC15b3NzaWdpLXJwa2ltYXhsZW4tMDINCiAgICANCiAgICBBYnN0cmFj dDoNCiAgICAgICBUaGlzIGRvY3VtZW50IHJlY29tbWVuZHMgdGhhdCBvcGVyYXRvcnMgYXZvaWQg dXNpbmcgdGhlIG1heExlbmd0aA0KICAgICAgIGF0dHJpYnV0ZSB3aGVuIGlzc3VpbmcgUm91dGUg T3JpZ2luIEF1dGhvcml6YXRpb25zIChST0FzKSBpbiB0aGUNCiAgICAgICBSZXNvdXJjZSBQdWJs aWMgS2V5IEluZnJhc3RydWN0dXJlIChSUEtJKS4gIFRoZXNlIHJlY29tbWVuZGF0aW9ucw0KICAg ICAgIGNvbXBsZW1lbnQgdGhvc2UgaW4gW1JGQzcxMTVdLg0KICAgIA0KICAgIA0KICAgIFBsZWFz ZSBub3RlIHRoYXQgaXQgbWF5IHRha2UgYSBjb3VwbGUgb2YgbWludXRlcyBmcm9tIHRoZSB0aW1l IG9mIHN1Ym1pc3Npb24NCiAgICB1bnRpbCB0aGUgaHRtbGl6ZWQgdmVyc2lvbiBhbmQgZGlmZiBh cmUgYXZhaWxhYmxlIGF0IHRvb2xzLmlldGYub3JnLg0KICAgIA0KICAgIFRoZSBJRVRGIFNlY3Jl dGFyaWF0DQogICAgDQogICAgX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX18NCiAgICBTaWRyb3BzIG1haWxpbmcgbGlzdA0KICAgIFNpZHJvcHNAaWV0Zi5vcmcN CiAgICBodHRwczovL3d3dy5pZXRmLm9yZy9tYWlsbWFuL2xpc3RpbmZvL3NpZHJvcHMNCiAgICAN Cg0K From nobody Mon Mar 5 14:09:22 2018 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 38004120727; Mon, 5 Mar 2018 14:09:21 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.698 X-Spam-Level: X-Spam-Status: No, score=-2.698 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6d1sDJdQXC0p; Mon, 5 Mar 2018 14:09:18 -0800 (PST) Received: from mail-vk0-x231.google.com (mail-vk0-x231.google.com [IPv6:2607:f8b0:400c:c05::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9A71512008A; Mon, 5 Mar 2018 14:09:18 -0800 (PST) Received: by mail-vk0-x231.google.com with SMTP id s1so11013205vke.5; Mon, 05 Mar 2018 14:09:18 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=xhkN5hpgbKky5YV/pFJ8AONFgUmntMa0yEB6ANCfPnc=; b=Y25y13HlUGyqaR7XWFDvRwKAKFoV/8/Ot+aaWMHwMdYC1bhk8PddlDbPpawWOP3qmc BPIAybzfH1MS/6EPkK7CTYc7kPu10Uk0aPI9HinUf3pTnnfVU6HOmjjLZTs+dEdjm/wT yackDl/obbBjQ4gF3uhQxQY3ljNvqaNBvf5DvrtIkpH5e7ngvHxeMBqW2iE+6OmZ2VCH u7080hZNNwvsfafrBNDAzuNgu1eOoyuf7yAZnTJ9eL/SYdiHI4DVSZZqroc6LEHeCADq t2hcOXrcqui5fxNNRRQpJ2uzqohJytqBBSNhrRGxpAA/P5Zs/8sMScNcOKrmZZRQ5ebU +lyg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=xhkN5hpgbKky5YV/pFJ8AONFgUmntMa0yEB6ANCfPnc=; b=Iw/I71O+DvZiZqAad6gBZbjxu+9lX6E/wLbw5kzJDfoD3IOViVW4Bb3+b0GSksOjD4 XY45+rH91gJkmoJg7NgRlcZ4UrppB//7rQUmN9P8xHe3paV3pNwEIhxJxN3DUgzMR+EZ lTTHWBdsFOmvBm8YIQAISlzbJ9do9H81Lam86Tvu/dT5hkWVlVz0kKB3edQXsrXKdSjx 10Dk7K3bVRPGylkEA4dK5vEl77+gqTeHJh4IWaeDG8uRBD/dRA8Yui9j76g9vIoXb2e7 xCKvAxlKhcF/9CoyTqPBq697Rn6LdKoQ8e3aboJ3IlJFNyczPWFjgLgHIBhRbSSQ3qFc 10EQ== X-Gm-Message-State: AElRT7FfqDCbPx2HrotYPUDDvPwPHJRXkOljF/t+iwT+JSs8ADCDA5jw YGxJ9vikYtqWozwr6EdD4iBwvfKhoymrrE52wRR4Zg== X-Google-Smtp-Source: AG47ELtQZS0lrzkyW/po19AdFfu207opcC6SogUKupXUXR3xJX71L1ID+U+9j8pmxOxgJVKkljELy9fXO05N8h3X2OQ= X-Received: by 10.31.29.3 with SMTP id d3mr11411945vkd.33.1520287757490; Mon, 05 Mar 2018 14:09:17 -0800 (PST) MIME-Version: 1.0 Received: by 10.176.49.4 with HTTP; Mon, 5 Mar 2018 14:09:16 -0800 (PST) In-Reply-To: References: <152027339832.14543.8814801305512518546.idtracker@ietfa.amsl.com> From: Christopher Morrow Date: Mon, 5 Mar 2018 17:09:16 -0500 Message-ID: To: "Roque Gagliano (rogaglia)" Cc: Job Snijders , "sidrops@ietf.org" , "draft-yossigi-rpkimaxlen@ietf.org" , Ben Maddison Content-Type: multipart/alternative; boundary="001a1141d57abde19c0566b19302" Archived-At: Subject: Re: [Sidrops] Fwd: New Version Notification for draft-yossigi-rpkimaxlen-02.txt X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Mar 2018 22:09:21 -0000 --001a1141d57abde19c0566b19302 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable ah sweet... can we end this adoption call: 26 Mar 2018 thanks! On Mon, Mar 5, 2018 at 5:05 PM, Roque Gagliano (rogaglia) < rogaglia@cisco.com> wrote: > Hi Job, > > I agree on adoption. > > Roque > > =E2=80=94 > Roque Gagliano > > Automation Software Architect EMEAR > > +41 76 449 8867 > > Join the NSO Digital Ecosystem: > NSO on DevNet: www.cisco.com/go/nsodevnet nsodevnet> > NSO Developer Hub: www.cisco.com/go/nsohub > > > > =EF=BB=BFOn 05/03/18 19:15, "Sidrops on behalf of Job Snijders" < > sidrops-bounces@ietf.org on behalf of job@ntt.net> wrote: > > Dear working group, > > This document has gone through a number of revisions outside the > working group. > > As authors we think it may be time to consider a call for adoption an= d > continue work on this document in context of the working group. > > Thoughts? > > Kind regards, > > Job > > > ---------- Forwarded message ---------- > From: > Date: Mon, Mar 5, 2018 at 7:09 PM > Subject: New Version Notification for draft-yossigi-rpkimaxlen-02.txt > To: Job Snijders , Kotikalapudi Sriram > , Ben Maddison , > Yossi Gilad , Sharon Goldberg > > A new version of I-D, draft-yossigi-rpkimaxlen-02.txt > has been successfully submitted by Job Snijders and posted to the > IETF repository. > > Name: draft-yossigi-rpkimaxlen > Revision: 02 > Title: The Use of Maxlength in the RPKI > Document date: 2018-03-05 > Group: Individual Submission > Pages: 10 > URL: > https://www.ietf.org/internet-drafts/draft-yossigi-rpkimaxlen-02.txt > Status: https://datatracker.ietf.org/ > doc/draft-yossigi-rpkimaxlen/ > Htmlized: https://tools.ietf.org/html/ > draft-yossigi-rpkimaxlen-02 > Htmlized: > https://datatracker.ietf.org/doc/html/draft-yossigi-rpkimaxlen-02 > Diff: https://www.ietf.org/rfcdiff? > url2=3Ddraft-yossigi-rpkimaxlen-02 > > Abstract: > This document recommends that operators avoid using the maxLength > attribute when issuing Route Origin Authorizations (ROAs) in the > Resource Public Key Infrastructure (RPKI). These recommendations > complement those in [RFC7115]. > > > Please note that it may take a couple of minutes from the time of > submission > until the htmlized version and diff are available at tools.ietf.org. > > The IETF Secretariat > > _______________________________________________ > Sidrops mailing list > Sidrops@ietf.org > https://www.ietf.org/mailman/listinfo/sidrops > > > _______________________________________________ > Sidrops mailing list > Sidrops@ietf.org > https://www.ietf.org/mailman/listinfo/sidrops > --001a1141d57abde19c0566b19302 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
ah sweet... can we end this adoption call:
=C2=A0 26 Ma= r 2018

thanks!
On Mon, Mar 5, 2018 at 5:05 PM, Roque Gagliano = (rogaglia) <rogaglia@cisco.com> wrote:
Hi Job,

I agree on adoption.

Roque

=E2=80=94
Roque Gagliano

Automation Software Architect EMEAR

+41 76 449 8= 867

Join the NSO Digital Ecosystem:
NSO on DevNet: www.cisco.com/go/nsodevnet <http://ww= w.cisco.com/go/nsodevnet>
NSO Developer Hub: www.cisco.com/go/nsohub <http://www.cis= co.com/go/nsohub>


=EF=BB=BFOn 05/03/18 19:15, "Sidrops on behalf of Job Snijders" &= lt;sidrops-bounces@ietf.org= on behalf of job@ntt.net> wrote:

=C2=A0 =C2=A0 Dear working group,

=C2=A0 =C2=A0 This document has gone through a number of revisions outside = the working group.

=C2=A0 =C2=A0 As authors we think it may be time to consider a call for ado= ption and
=C2=A0 =C2=A0 continue work on this document in context of the working grou= p.

=C2=A0 =C2=A0 Thoughts?

=C2=A0 =C2=A0 Kind regards,

=C2=A0 =C2=A0 Job


=C2=A0 =C2=A0 ---------- Forwarded message ----------
=C2=A0 =C2=A0 From:=C2=A0 <i= nternet-drafts@ietf.org>
=C2=A0 =C2=A0 Date: Mon, Mar 5, 2018 at 7:09 PM
=C2=A0 =C2=A0 Subject: New Version Notification for draft-yossigi-rpkimaxle= n-02.txt
=C2=A0 =C2=A0 To: Job Snijders <job@ntt.n= et>, Kotikalapudi Sriram
=C2=A0 =C2=A0 <kotikalap= udi.sriram@nist.gov>, Ben Maddison <benm@workonline.co.za>,
=C2=A0 =C2=A0 Yossi Gilad <yossigi@bu.= edu>, Sharon Goldberg <goldbe= @cs.bu.edu>

=C2=A0 =C2=A0 A new version of I-D, draft-yossigi-rpkimaxlen-02.txt =C2=A0 =C2=A0 has been successfully submitted by Job Snijders and posted to= the
=C2=A0 =C2=A0 IETF repository.

=C2=A0 =C2=A0 Name:=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0draft-yossigi-r= pkimaxlen
=C2=A0 =C2=A0 Revision:=C2=A0 =C2=A0 =C2=A0 =C2=A002
=C2=A0 =C2=A0 Title:=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 The Use of Maxlength= in the RPKI
=C2=A0 =C2=A0 Document date:=C2=A0 2018-03-05
=C2=A0 =C2=A0 Group:=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 Individual Submissio= n
=C2=A0 =C2=A0 Pages:=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 10
=C2=A0 =C2=A0 URL:
=C2=A0 =C2=A0 https://www.ietf.o= rg/internet-drafts/draft-yossigi-rpkimaxlen-02.txt
=C2=A0 =C2=A0 Status:=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0https://datatracker.ietf.org/doc/draft-yossigi-rpkimaxlen= /
=C2=A0 =C2=A0 Htmlized:=C2=A0 =C2=A0 =C2=A0 =C2=A0https://tools.ietf.org/html/draft-yossigi-rpkimaxlen-02
=C2=A0 =C2=A0 Htmlized:
=C2=A0 =C2=A0 https://datatracker.i= etf.org/doc/html/draft-yossigi-rpkimaxlen-02
=C2=A0 =C2=A0 Diff:=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0https://www.ietf.org/rfcdiff?url2=3Ddraft-yossi= gi-rpkimaxlen-02

=C2=A0 =C2=A0 Abstract:
=C2=A0 =C2=A0 =C2=A0 =C2=A0This document recommends that operators avoid us= ing the maxLength
=C2=A0 =C2=A0 =C2=A0 =C2=A0attribute when issuing Route Origin Authorizatio= ns (ROAs) in the
=C2=A0 =C2=A0 =C2=A0 =C2=A0Resource Public Key Infrastructure (RPKI).=C2=A0= These recommendations
=C2=A0 =C2=A0 =C2=A0 =C2=A0complement those in [RFC7115].


=C2=A0 =C2=A0 Please note that it may take a couple of minutes from the tim= e of submission
=C2=A0 =C2=A0 until the htmlized version and diff are available at tools.ietf.= org.

=C2=A0 =C2=A0 The IETF Secretariat

=C2=A0 =C2=A0 _______________________________________________
=C2=A0 =C2=A0 Sidrops mailing list
=C2=A0 =C2=A0 Sidrops@ietf.org
=C2=A0 =C2=A0 https://www.ietf.org/mailman/listinf= o/sidrops


_______________________________________________
Sidrops mailing list
Sidrops@ietf.org
https://www.ietf.org/mailman/listinfo/sidrops<= br>

--001a1141d57abde19c0566b19302-- From nobody Mon Mar 5 14:12:53 2018 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6838C126D85; Mon, 5 Mar 2018 14:12:48 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.529 X-Spam-Level: X-Spam-Status: No, score=-14.529 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IEn6mjp5k3gm; Mon, 5 Mar 2018 14:12:37 -0800 (PST) Received: from rcdn-iport-4.cisco.com (rcdn-iport-4.cisco.com [173.37.86.75]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DB97412E9A1; Mon, 5 Mar 2018 14:12:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=22802; q=dns/txt; s=iport; t=1520287954; x=1521497554; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=fxrx8pXKEGa5FwfkuDSYNby86MEVOpNIZLV7Bf3zkhQ=; b=DklNT+NlxZKhMhS56dLAePh0ycBQp5BaHntGeNgkH6JzDAIpgG6r1pbE vxyDM647628qe2J0snaQZGYoZFO6Tw9zWaPjWt7He//vfcN2SA58xLzWS dm2adQY5NQ4D6DVy5WB5YMBCfGP60VsmU6yGpuAsGxHcMrkfY2wlhePLh k=; X-Files: image001.png : 188 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0AAAQC/v51a/5BdJa1dGQEBAQEBAQE?= =?us-ascii?q?BAQEBAQcBAQEBAYJaRTFmcCgKg0qKJI14gVsngRaPEYUjFIIBBwECGAEKgVy?= =?us-ascii?q?CYk8CGoJZITQYAQIBAQEBAQECayeFIwEBAQQBAQMYBgIIARslCQIQAgEIEQM?= =?us-ascii?q?BAgYBAh8DAgICBRABDgELFAkIAgQBDQQBBgiFDRCoc4IniGSCHA+FLYENHIE?= =?us-ascii?q?FgVeBZikMgniCV0wLAQECAQEXgR5PCRYIgk0wgjIEiCFmhHKMaQkChXABYYo?= =?us-ascii?q?rDoFZToNniFyJfYcrAhEZAYEtAR44JoEscBUZISoBghgJhD93AYonLIEDgRg?= =?us-ascii?q?BAQE?= X-IronPort-AV: E=Sophos;i="5.47,428,1515456000"; d="png'150?scan'150,208,217,150";a="363718680" Received: from rcdn-core-8.cisco.com ([173.37.93.144]) by rcdn-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 05 Mar 2018 22:12:33 +0000 Received: from XCH-RTP-013.cisco.com (xch-rtp-013.cisco.com [64.101.220.153]) by rcdn-core-8.cisco.com (8.14.5/8.14.5) with ESMTP id w25MCXJm027052 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 5 Mar 2018 22:12:33 GMT Received: from xch-rtp-011.cisco.com (64.101.220.151) by XCH-RTP-013.cisco.com (64.101.220.153) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Mon, 5 Mar 2018 17:12:32 -0500 Received: from xch-rtp-011.cisco.com ([64.101.220.151]) by XCH-RTP-011.cisco.com ([64.101.220.151]) with mapi id 15.00.1320.000; Mon, 5 Mar 2018 17:12:32 -0500 From: "Roque Gagliano (rogaglia)" To: Nick Hilliard , Job Snijders CC: "draft-yossigi-rpkimaxlen@ietf.org" , "sidrops@ietf.org" , Ben Maddison Thread-Topic: [Sidrops] Fwd: New Version Notification for draft-yossigi-rpkimaxlen-02.txt Thread-Index: AQHTtK3qerQGd9i5RU2UT1Lw8sWZ5qPChI0AgAAUxwA= Date: Mon, 5 Mar 2018 22:12:32 +0000 Message-ID: References: <152027339832.14543.8814801305512518546.idtracker@ietfa.amsl.com> <5A9DBD70.60800@foobar.org> In-Reply-To: <5A9DBD70.60800@foobar.org> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/10.9.0.180116 x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.61.86.122] Content-Type: multipart/related; boundary="_004_ED0FA5A198914BF5BFA9C4D2A77E281Bciscocom_"; type="multipart/alternative" MIME-Version: 1.0 Archived-At: Subject: Re: [Sidrops] Fwd: New Version Notification for draft-yossigi-rpkimaxlen-02.txt X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Mar 2018 22:12:49 -0000 --_004_ED0FA5A198914BF5BFA9C4D2A77E281Bciscocom_ Content-Type: multipart/alternative; boundary="_000_ED0FA5A198914BF5BFA9C4D2A77E281Bciscocom_" --_000_ED0FA5A198914BF5BFA9C4D2A77E281Bciscocom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 SGksDQoNCkFzIGEgc2VwYXJhdGUgbm90ZSBmcm9tIG15IGFkb3B0aW9uIGNvbW1lbnQsIEkgYmVs aWV2ZSB0aGUgZHJhZnQgaXMgbWlzc2luZyBvbmUga2V5IHBvaW50IG9uIHRoZSB1c2Ugb2YgbWF4 TGVuZ2h0IHJlbGF0ZWQgdG8gUlBLSSBjb252ZXJnZW5jZSBkZWxheS4gU28sIGlmIEkgc2V0IHRo ZSBNaW5pbWFsIFJPQXMgYnV0IEkgbmVlZCB0byBwZXJmb3JtIGEgY2hhbmdlIChmb3IgYW55IHJl YXNvbiBhbmQgbm90IG9ubHkgRERvUyksIEkgd291bGQgbmVlZCB0byB3YWl0IHVudGlsIFJQS0kg Y29udmVyZ2VzIGFyb3VuZCB0aGUgZ2xvYmUgdG8gc2VlIG15IGFubm91bmNlbWVudHMgYWNjZXB0 ZWQgZXZlcnl3aGVyZSAoZ2V0dGluZyBSUHMgdG8gZmV0Y2ggbmV3IGNyeXB0byBtYXRlcmlhbCBh bmQgcnVuIHZhbGlkYXRpb24gbG9naWMpLg0KDQpUaGUgYWJpbGl0eSB0byBwZXJmb3JtIGFueSBj aGFuZ2VzICBpbiBteSByb3V0aW5nIHBvbGljaWVzIGF0IGFueSB0aW1lIGlzIGtleSBkcml2ZXIg Zm9yIHRoZSB1c2Ugb2YgbWF4TGVuZ2h0IGFuZCBpdCB3b3VsZCBiZSBuaWNlIHRvIGluY2x1ZGUg dGhhdCBvcGVyYXRpb25hbCBhc3BlY3QgaW4gdGhpcyBCQ1AuDQoNClJlZ2FyZHMsDQpSb3F1ZQ0K DQrigJQNClJvcXVlIEdhZ2xpYW5vDQpBdXRvbWF0aW9uIFNvZnR3YXJlIEFyY2hpdGVjdCBFTUVB Ug0KKzQxIDc2IDQ0OSA4ODY3DQoNCkpvaW4gdGhlIE5TTyBEaWdpdGFsIEVjb3N5c3RlbToNCk5T TyBvbiBEZXZOZXQ6IHd3dy5jaXNjby5jb20vZ28vbnNvZGV2bmV0PGh0dHA6Ly93d3cuY2lzY28u Y29tL2dvL25zb2Rldm5ldD4NCk5TTyBEZXZlbG9wZXIgSHViOiB3d3cuY2lzY28uY29tL2dvL25z b2h1YjxodHRwOi8vd3d3LmNpc2NvLmNvbS9nby9uc29odWI+DQoNCkZyb206IFNpZHJvcHMgPHNp ZHJvcHMtYm91bmNlc0BpZXRmLm9yZz4gb24gYmVoYWxmIG9mIE5pY2sgSGlsbGlhcmQgPG5pY2tA Zm9vYmFyLm9yZz4NCkRhdGU6IE1vbmRheSA1IE1hcmNoIDIwMTggYXQgMjI6NTgNClRvOiBKb2Ig U25pamRlcnMgPGpvYkBudHQubmV0Pg0KQ2M6ICJkcmFmdC15b3NzaWdpLXJwa2ltYXhsZW5AaWV0 Zi5vcmciIDxkcmFmdC15b3NzaWdpLXJwa2ltYXhsZW5AaWV0Zi5vcmc+LCAic2lkcm9wc0BpZXRm Lm9yZyIgPHNpZHJvcHNAaWV0Zi5vcmc+LCBCZW4gTWFkZGlzb24gPGJlbm1Ad29ya29ubGluZS5j by56YT4NClN1YmplY3Q6IFJlOiBbU2lkcm9wc10gRndkOiBOZXcgVmVyc2lvbiBOb3RpZmljYXRp b24gZm9yIGRyYWZ0LXlvc3NpZ2ktcnBraW1heGxlbi0wMi50eHQNCg0KVGhpcyBpcyBub3QgYSBk dW1iIGRyYWZ0LiAgUGxlYXNlIGFkb3B0Lg0KDQpOaWNrDQoNCkpvYiBTbmlqZGVyczxtYWlsdG86 am9iQG50dC5uZXQ+DQo1IE1hcmNoIDIwMTggYXQgMTg6MTUNCkRlYXIgd29ya2luZyBncm91cCwN Cg0KVGhpcyBkb2N1bWVudCBoYXMgZ29uZSB0aHJvdWdoIGEgbnVtYmVyIG9mIHJldmlzaW9ucyBv dXRzaWRlIHRoZSB3b3JraW5nIGdyb3VwLg0KDQpBcyBhdXRob3JzIHdlIHRoaW5rIGl0IG1heSBi ZSB0aW1lIHRvIGNvbnNpZGVyIGEgY2FsbCBmb3IgYWRvcHRpb24gYW5kDQpjb250aW51ZSB3b3Jr IG9uIHRoaXMgZG9jdW1lbnQgaW4gY29udGV4dCBvZiB0aGUgd29ya2luZyBncm91cC4NCg0KVGhv dWdodHM/DQoNCktpbmQgcmVnYXJkcywNCg0KSm9iDQoNCg0KLS0tLS0tLS0tLSBGb3J3YXJkZWQg bWVzc2FnZSAtLS0tLS0tLS0tDQpGcm9tOiA8aW50ZXJuZXQtZHJhZnRzQGlldGYub3JnPjxtYWls dG86aW50ZXJuZXQtZHJhZnRzQGlldGYub3JnPg0KRGF0ZTogTW9uLCBNYXIgNSwgMjAxOCBhdCA3 OjA5IFBNDQpTdWJqZWN0OiBOZXcgVmVyc2lvbiBOb3RpZmljYXRpb24gZm9yIGRyYWZ0LXlvc3Np Z2ktcnBraW1heGxlbi0wMi50eHQNClRvOiBKb2IgU25pamRlcnMgPGpvYkBudHQubmV0PjxtYWls dG86am9iQG50dC5uZXQ+LCBLb3Rpa2FsYXB1ZGkgU3JpcmFtDQo8a290aWthbGFwdWRpLnNyaXJh bUBuaXN0Lmdvdj48bWFpbHRvOmtvdGlrYWxhcHVkaS5zcmlyYW1AbmlzdC5nb3Y+LCBCZW4gTWFk ZGlzb24gPGJlbm1Ad29ya29ubGluZS5jby56YT48bWFpbHRvOmJlbm1Ad29ya29ubGluZS5jby56 YT4sDQpZb3NzaSBHaWxhZCA8eW9zc2lnaUBidS5lZHU+PG1haWx0bzp5b3NzaWdpQGJ1LmVkdT4s IFNoYXJvbiBHb2xkYmVyZyA8Z29sZGJlQGNzLmJ1LmVkdT48bWFpbHRvOmdvbGRiZUBjcy5idS5l ZHU+DQoNCkEgbmV3IHZlcnNpb24gb2YgSS1ELCBkcmFmdC15b3NzaWdpLXJwa2ltYXhsZW4tMDIu dHh0DQpoYXMgYmVlbiBzdWNjZXNzZnVsbHkgc3VibWl0dGVkIGJ5IEpvYiBTbmlqZGVycyBhbmQg cG9zdGVkIHRvIHRoZQ0KSUVURiByZXBvc2l0b3J5Lg0KDQpOYW1lOiBkcmFmdC15b3NzaWdpLXJw a2ltYXhsZW4NClJldmlzaW9uOiAwMg0KVGl0bGU6IFRoZSBVc2Ugb2YgTWF4bGVuZ3RoIGluIHRo ZSBSUEtJDQpEb2N1bWVudCBkYXRlOiAyMDE4LTAzLTA1DQpHcm91cDogSW5kaXZpZHVhbCBTdWJt aXNzaW9uDQpQYWdlczogMTANClVSTDoNCmh0dHBzOi8vd3d3LmlldGYub3JnL2ludGVybmV0LWRy YWZ0cy9kcmFmdC15b3NzaWdpLXJwa2ltYXhsZW4tMDIudHh0DQpTdGF0dXM6IGh0dHBzOi8vZGF0 YXRyYWNrZXIuaWV0Zi5vcmcvZG9jL2RyYWZ0LXlvc3NpZ2ktcnBraW1heGxlbi8NCkh0bWxpemVk OiBodHRwczovL3Rvb2xzLmlldGYub3JnL2h0bWwvZHJhZnQteW9zc2lnaS1ycGtpbWF4bGVuLTAy DQpIdG1saXplZDoNCmh0dHBzOi8vZGF0YXRyYWNrZXIuaWV0Zi5vcmcvZG9jL2h0bWwvZHJhZnQt eW9zc2lnaS1ycGtpbWF4bGVuLTAyDQpEaWZmOiBodHRwczovL3d3dy5pZXRmLm9yZy9yZmNkaWZm P3VybDI9ZHJhZnQteW9zc2lnaS1ycGtpbWF4bGVuLTAyDQoNCkFic3RyYWN0Og0KVGhpcyBkb2N1 bWVudCByZWNvbW1lbmRzIHRoYXQgb3BlcmF0b3JzIGF2b2lkIHVzaW5nIHRoZSBtYXhMZW5ndGgN CmF0dHJpYnV0ZSB3aGVuIGlzc3VpbmcgUm91dGUgT3JpZ2luIEF1dGhvcml6YXRpb25zIChST0Fz KSBpbiB0aGUNClJlc291cmNlIFB1YmxpYyBLZXkgSW5mcmFzdHJ1Y3R1cmUgKFJQS0kpLiBUaGVz ZSByZWNvbW1lbmRhdGlvbnMNCmNvbXBsZW1lbnQgdGhvc2UgaW4gW1JGQzcxMTVdLg0KDQoNClBs ZWFzZSBub3RlIHRoYXQgaXQgbWF5IHRha2UgYSBjb3VwbGUgb2YgbWludXRlcyBmcm9tIHRoZSB0 aW1lIG9mIHN1Ym1pc3Npb24NCnVudGlsIHRoZSBodG1saXplZCB2ZXJzaW9uIGFuZCBkaWZmIGFy ZSBhdmFpbGFibGUgYXQgdG9vbHMuaWV0Zi5vcmcuDQoNClRoZSBJRVRGIFNlY3JldGFyaWF0DQoN Cl9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fDQpTaWRyb3Bz IG1haWxpbmcgbGlzdA0KU2lkcm9wc0BpZXRmLm9yZzxtYWlsdG86U2lkcm9wc0BpZXRmLm9yZz4N Cmh0dHBzOi8vd3d3LmlldGYub3JnL21haWxtYW4vbGlzdGluZm8vc2lkcm9wcw0KDQoNCg== --_000_ED0FA5A198914BF5BFA9C4D2A77E281Bciscocom_ Content-Type: text/html; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTUgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPCEtLVtp ZiAhbXNvXT48c3R5bGU+dlw6KiB7YmVoYXZpb3I6dXJsKCNkZWZhdWx0I1ZNTCk7fQ0Kb1w6KiB7 YmVoYXZpb3I6dXJsKCNkZWZhdWx0I1ZNTCk7fQ0Kd1w6KiB7YmVoYXZpb3I6dXJsKCNkZWZhdWx0 I1ZNTCk7fQ0KLnNoYXBlIHtiZWhhdmlvcjp1cmwoI2RlZmF1bHQjVk1MKTt9DQo8L3N0eWxlPjwh W2VuZGlmXS0tPjxzdHlsZT48IS0tDQovKiBGb250IERlZmluaXRpb25zICovDQpAZm9udC1mYWNl DQoJe2ZvbnQtZmFtaWx5OiJDYW1icmlhIE1hdGgiOw0KCXBhbm9zZS0xOjIgNCA1IDMgNSA0IDYg MyAyIDQ7fQ0KQGZvbnQtZmFjZQ0KCXtmb250LWZhbWlseTpDYWxpYnJpOw0KCXBhbm9zZS0xOjIg MTUgNSAyIDIgMiA0IDMgMiA0O30NCi8qIFN0eWxlIERlZmluaXRpb25zICovDQpwLk1zb05vcm1h bCwgbGkuTXNvTm9ybWFsLCBkaXYuTXNvTm9ybWFsDQoJe21hcmdpbjowY207DQoJbWFyZ2luLWJv dHRvbTouMDAwMXB0Ow0KCWZvbnQtc2l6ZToxMS4wcHQ7DQoJZm9udC1mYW1pbHk6IkNhbGlicmki LHNhbnMtc2VyaWY7fQ0KYTpsaW5rLCBzcGFuLk1zb0h5cGVybGluaw0KCXttc28tc3R5bGUtcHJp b3JpdHk6OTk7DQoJY29sb3I6Ymx1ZTsNCgl0ZXh0LWRlY29yYXRpb246dW5kZXJsaW5lO30NCmE6 dmlzaXRlZCwgc3Bhbi5Nc29IeXBlcmxpbmtGb2xsb3dlZA0KCXttc28tc3R5bGUtcHJpb3JpdHk6 OTk7DQoJY29sb3I6cHVycGxlOw0KCXRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7fQ0KcC5tc29u b3JtYWwwLCBsaS5tc29ub3JtYWwwLCBkaXYubXNvbm9ybWFsMA0KCXttc28tc3R5bGUtbmFtZTpt c29ub3JtYWw7DQoJbXNvLW1hcmdpbi10b3AtYWx0OmF1dG87DQoJbWFyZ2luLXJpZ2h0OjBjbTsN Cgltc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0bzsNCgltYXJnaW4tbGVmdDowY207DQoJZm9udC1z aXplOjExLjBwdDsNCglmb250LWZhbWlseToiQ2FsaWJyaSIsc2Fucy1zZXJpZjt9DQpzcGFuLkVt YWlsU3R5bGUxOA0KCXttc28tc3R5bGUtdHlwZTpwZXJzb25hbC1yZXBseTsNCglmb250LWZhbWls eToiQ2FsaWJyaSIsc2Fucy1zZXJpZjsNCgljb2xvcjp3aW5kb3d0ZXh0O30NCi5Nc29DaHBEZWZh dWx0DQoJe21zby1zdHlsZS10eXBlOmV4cG9ydC1vbmx5Ow0KCWZvbnQtc2l6ZToxMC4wcHQ7fQ0K QHBhZ2UgV29yZFNlY3Rpb24xDQoJe3NpemU6NjEyLjBwdCA3OTIuMHB0Ow0KCW1hcmdpbjo3Mi4w cHQgNzIuMHB0IDcyLjBwdCA3Mi4wcHQ7fQ0KZGl2LldvcmRTZWN0aW9uMQ0KCXtwYWdlOldvcmRT ZWN0aW9uMTt9DQotLT48L3N0eWxlPg0KPC9oZWFkPg0KPGJvZHkgbGFuZz0iRU4tVVMiIGxpbms9 ImJsdWUiIHZsaW5rPSJwdXJwbGUiPg0KPGRpdiBjbGFzcz0iV29yZFNlY3Rpb24xIj4NCjxwIGNs YXNzPSJNc29Ob3JtYWwiPkhpLDxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+ PG86cD4mbmJzcDs8L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5BcyBhIHNlcGFyYXRl IG5vdGUgZnJvbSBteSBhZG9wdGlvbiBjb21tZW50LCBJIGJlbGlldmUgdGhlIGRyYWZ0IGlzIG1p c3Npbmcgb25lIGtleSBwb2ludCBvbiB0aGUgdXNlIG9mIG1heExlbmdodCByZWxhdGVkIHRvIFJQ S0kgY29udmVyZ2VuY2UgZGVsYXkuIFNvLCBpZiBJIHNldCB0aGUgTWluaW1hbCBST0FzIGJ1dCBJ IG5lZWQgdG8gcGVyZm9ybSBhIGNoYW5nZSAoZm9yIGFueSByZWFzb24gYW5kIG5vdCBvbmx5DQog RERvUyksIEkgd291bGQgbmVlZCB0byB3YWl0IHVudGlsIFJQS0kgY29udmVyZ2VzIGFyb3VuZCB0 aGUgZ2xvYmUgdG8gc2VlIG15IGFubm91bmNlbWVudHMgYWNjZXB0ZWQgZXZlcnl3aGVyZSAoZ2V0 dGluZyBSUHMgdG8gZmV0Y2ggbmV3IGNyeXB0byBtYXRlcmlhbCBhbmQgcnVuIHZhbGlkYXRpb24g bG9naWMpLjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8 L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5UaGUgYWJpbGl0eSB0byBwZXJmb3JtIGFu eSBjaGFuZ2VzICZuYnNwO2luIG15IHJvdXRpbmcgcG9saWNpZXMgYXQgYW55IHRpbWUgaXMga2V5 IGRyaXZlciBmb3IgdGhlIHVzZSBvZiBtYXhMZW5naHQgYW5kIGl0IHdvdWxkIGJlIG5pY2UgdG8g aW5jbHVkZSB0aGF0IG9wZXJhdGlvbmFsIGFzcGVjdCBpbiB0aGlzIEJDUC48bzpwPjwvbzpwPjwv cD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCI+UmVnYXJkcyw8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi PlJvcXVlPG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwv bzpwPjwvcD4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1z aXplOjEwLjVwdDtjb2xvcjpibGFjayI+4oCUJm5ic3A7PG86cD48L286cD48L3NwYW4+PC9wPg0K PGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuNXB0 O2NvbG9yOmJsYWNrIj5Sb3F1ZSBHYWdsaWFubzxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2 Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAu NXB0O2NvbG9yOmJsYWNrIj5BdXRvbWF0aW9uIFNvZnR3YXJlIEFyY2hpdGVjdCBFTUVBUjxvOnA+ PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxz cGFuIHN0eWxlPSJmb250LXNpemU6MTAuNXB0O2NvbG9yOmJsYWNrIj4mIzQzOzQxIDc2IDQ0OSA4 ODY3PG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5 bGU9ImZvbnQtc2l6ZToxMC41cHQ7Y29sb3I6YmxhY2siPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFu PjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6OC41 cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7QXJpYWwmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjojNTk1OTU5 Ij5Kb2luIHRoZSBOU08gRGlnaXRhbCBFY29zeXN0ZW06PC9zcGFuPjwvYj48c3BhbiBzdHlsZT0i Zm9udC1zaXplOjguNXB0O2ZvbnQtZmFtaWx5OiZxdW90O0FyaWFsJnF1b3Q7LHNhbnMtc2VyaWY7 Y29sb3I6IzU5NTk1OSI+PGJyPg0KTlNPIG9uIERldk5ldDombmJzcDs8YSBocmVmPSJodHRwOi8v d3d3LmNpc2NvLmNvbS9nby9uc29kZXZuZXQiPjxzcGFuIHN0eWxlPSJjb2xvcjojNTk1OTU5Ij53 d3cuY2lzY28uY29tL2dvL25zb2Rldm5ldDwvc3Bhbj48L2E+PC9zcGFuPjxvOnA+PC9vOnA+PC9w Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTo4LjVwdDtmb250 LWZhbWlseTomcXVvdDtBcmlhbCZxdW90OyxzYW5zLXNlcmlmO2NvbG9yOiM1OTU5NTkiPk5TTyBE ZXZlbG9wZXIgSHViOiZuYnNwOzxhIGhyZWY9Imh0dHA6Ly93d3cuY2lzY28uY29tL2dvL25zb2h1 YiI+PHNwYW4gc3R5bGU9ImNvbG9yOiM1OTU5NTkiPnd3dy5jaXNjby5jb20vZ28vbnNvaHViPC9z cGFuPjwvYT48L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC41cHQ7Y29sb3I6YmxhY2si PjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPC9kaXY+DQo8cCBjbGFzcz0iTXNvTm9y bWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjxkaXYgc3R5bGU9ImJvcmRlcjpub25lO2JvcmRl ci10b3A6c29saWQgI0I1QzRERiAxLjBwdDtwYWRkaW5nOjMuMHB0IDBjbSAwY20gMGNtIj4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tbGVmdDozNi4wcHQiPjxiPjxzcGFuIHN0 eWxlPSJmb250LXNpemU6MTIuMHB0O2NvbG9yOmJsYWNrIj5Gcm9tOg0KPC9zcGFuPjwvYj48c3Bh biBzdHlsZT0iZm9udC1zaXplOjEyLjBwdDtjb2xvcjpibGFjayI+U2lkcm9wcyAmbHQ7c2lkcm9w cy1ib3VuY2VzQGlldGYub3JnJmd0OyBvbiBiZWhhbGYgb2YgTmljayBIaWxsaWFyZCAmbHQ7bmlj a0Bmb29iYXIub3JnJmd0Ozxicj4NCjxiPkRhdGU6IDwvYj5Nb25kYXkgNSBNYXJjaCAyMDE4IGF0 IDIyOjU4PGJyPg0KPGI+VG86IDwvYj5Kb2IgU25pamRlcnMgJmx0O2pvYkBudHQubmV0Jmd0Ozxi cj4NCjxiPkNjOiA8L2I+JnF1b3Q7ZHJhZnQteW9zc2lnaS1ycGtpbWF4bGVuQGlldGYub3JnJnF1 b3Q7ICZsdDtkcmFmdC15b3NzaWdpLXJwa2ltYXhsZW5AaWV0Zi5vcmcmZ3Q7LCAmcXVvdDtzaWRy b3BzQGlldGYub3JnJnF1b3Q7ICZsdDtzaWRyb3BzQGlldGYub3JnJmd0OywgQmVuIE1hZGRpc29u ICZsdDtiZW5tQHdvcmtvbmxpbmUuY28uemEmZ3Q7PGJyPg0KPGI+U3ViamVjdDogPC9iPlJlOiBb U2lkcm9wc10gRndkOiBOZXcgVmVyc2lvbiBOb3RpZmljYXRpb24gZm9yIGRyYWZ0LXlvc3NpZ2kt cnBraW1heGxlbi0wMi50eHQ8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luLWxlZnQ6MzYuMHB0Ij48bzpwPiZuYnNw OzwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJt YXJnaW4tbGVmdDozNi4wcHQiPjxhIG5hbWU9Il9NYWlsT3JpZ2luYWxCb2R5Ij5UaGlzIGlzIG5v dCBhIGR1bWIgZHJhZnQuJm5ic3A7IFBsZWFzZSBhZG9wdC48YnI+DQo8YnI+DQpOaWNrPGJyPg0K PGJyPg0KPG86cD48L286cD48L2E+PC9wPg0KPGJsb2NrcXVvdGUgc3R5bGU9Im1hcmdpbi10b3A6 NS4wcHQ7bWFyZ2luLWJvdHRvbTo1LjBwdCI+DQo8ZGl2IHN0eWxlPSJtYXJnaW4tbGVmdDoxOC43 NXB0O21hcmdpbi10b3A6MjIuNXB0O21hcmdpbi1yaWdodDoxOC43NXB0O21hcmdpbi1ib3R0b206 Ny41cHQiPg0KPGRpdiBzdHlsZT0iYm9yZGVyOm5vbmU7Ym9yZGVyLXRvcDpzb2xpZCAjRURGMUY0 IDEuNXB0O3BhZGRpbmc6OC4wcHQgMGNtIDBjbSAwY20iPg0KPGRpdj4NCjxwIGNsYXNzPSJNc29O b3JtYWwiIHN0eWxlPSJtYXJnaW4tbGVmdDozNi4wcHQ7dmVydGljYWwtYWxpZ246bWlkZGxlIj48 c3BhbiBzdHlsZT0ibXNvLWJvb2ttYXJrOl9NYWlsT3JpZ2luYWxCb2R5Ij48L3NwYW4+PGEgaHJl Zj0ibWFpbHRvOmpvYkBudHQubmV0Ij48c3BhbiBzdHlsZT0ibXNvLWJvb2ttYXJrOl9NYWlsT3Jp Z2luYWxCb2R5Ij5Kb2IgU25pamRlcnM8L3NwYW4+PHNwYW4gc3R5bGU9Im1zby1ib29rbWFyazpf TWFpbE9yaWdpbmFsQm9keSI+PC9zcGFuPjwvYT48c3BhbiBzdHlsZT0ibXNvLWJvb2ttYXJrOl9N YWlsT3JpZ2luYWxCb2R5Ij48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxwIGNsYXNz PSJNc29Ob3JtYWwiIGFsaWduPSJyaWdodCIgc3R5bGU9Im1hcmdpbi1sZWZ0OjM2LjBwdDt0ZXh0 LWFsaWduOnJpZ2h0O3ZlcnRpY2FsLWFsaWduOm1pZGRsZSI+DQo8c3BhbiBzdHlsZT0ibXNvLWJv b2ttYXJrOl9NYWlsT3JpZ2luYWxCb2R5Ij48c3BhbiBzdHlsZT0iY29sb3I6IzkwOUFBNCI+NSBN YXJjaCAyMDE4IGF0IDE4OjE1PC9zcGFuPjwvc3Bhbj48c3BhbiBzdHlsZT0ibXNvLWJvb2ttYXJr Ol9NYWlsT3JpZ2luYWxCb2R5Ij48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjwvZGl2 Pg0KPGRpdiBzdHlsZT0ibWFyZ2luLWxlZnQ6MTguMHB0O21hcmdpbi1yaWdodDoxOC4wcHQiPg0K PGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tbGVmdDozNi4wcHQiPjxz cGFuIHN0eWxlPSJtc28tYm9va21hcms6X01haWxPcmlnaW5hbEJvZHkiPjxzcGFuIHN0eWxlPSJj b2xvcjojOTA5QUE0Ij5EZWFyIHdvcmtpbmcgZ3JvdXAsPGJyPg0KPGJyPg0KVGhpcyBkb2N1bWVu dCBoYXMgZ29uZSB0aHJvdWdoIGEgbnVtYmVyIG9mIHJldmlzaW9ucyBvdXRzaWRlIHRoZSB3b3Jr aW5nIGdyb3VwLjxicj4NCjxicj4NCkFzIGF1dGhvcnMgd2UgdGhpbmsgaXQgbWF5IGJlIHRpbWUg dG8gY29uc2lkZXIgYSBjYWxsIGZvciBhZG9wdGlvbiBhbmQ8YnI+DQpjb250aW51ZSB3b3JrIG9u IHRoaXMgZG9jdW1lbnQgaW4gY29udGV4dCBvZiB0aGUgd29ya2luZyBncm91cC48YnI+DQo8YnI+ DQpUaG91Z2h0cz88YnI+DQo8YnI+DQpLaW5kIHJlZ2FyZHMsPGJyPg0KPGJyPg0KSm9iPGJyPg0K PGJyPg0KPGJyPg0KLS0tLS0tLS0tLSBGb3J3YXJkZWQgbWVzc2FnZSAtLS0tLS0tLS0tPGJyPg0K RnJvbTogPC9zcGFuPjwvc3Bhbj48YSBocmVmPSJtYWlsdG86aW50ZXJuZXQtZHJhZnRzQGlldGYu b3JnIj48c3BhbiBzdHlsZT0ibXNvLWJvb2ttYXJrOl9NYWlsT3JpZ2luYWxCb2R5Ij4mbHQ7aW50 ZXJuZXQtZHJhZnRzQGlldGYub3JnJmd0Ozwvc3Bhbj48c3BhbiBzdHlsZT0ibXNvLWJvb2ttYXJr Ol9NYWlsT3JpZ2luYWxCb2R5Ij48L3NwYW4+PC9hPjxzcGFuIHN0eWxlPSJtc28tYm9va21hcms6 X01haWxPcmlnaW5hbEJvZHkiPjxzcGFuIHN0eWxlPSJjb2xvcjojOTA5QUE0Ij48YnI+DQpEYXRl OiBNb24sIE1hciA1LCAyMDE4IGF0IDc6MDkgUE08YnI+DQpTdWJqZWN0OiBOZXcgVmVyc2lvbiBO b3RpZmljYXRpb24gZm9yIGRyYWZ0LXlvc3NpZ2ktcnBraW1heGxlbi0wMi50eHQ8YnI+DQpUbzog Sm9iIFNuaWpkZXJzIDwvc3Bhbj48L3NwYW4+PGEgaHJlZj0ibWFpbHRvOmpvYkBudHQubmV0Ij48 c3BhbiBzdHlsZT0ibXNvLWJvb2ttYXJrOl9NYWlsT3JpZ2luYWxCb2R5Ij4mbHQ7am9iQG50dC5u ZXQmZ3Q7PC9zcGFuPjxzcGFuIHN0eWxlPSJtc28tYm9va21hcms6X01haWxPcmlnaW5hbEJvZHki Pjwvc3Bhbj48L2E+PHNwYW4gc3R5bGU9Im1zby1ib29rbWFyazpfTWFpbE9yaWdpbmFsQm9keSI+ PHNwYW4gc3R5bGU9ImNvbG9yOiM5MDlBQTQiPiwgS290aWthbGFwdWRpDQogU3JpcmFtPGJyPg0K PC9zcGFuPjwvc3Bhbj48YSBocmVmPSJtYWlsdG86a290aWthbGFwdWRpLnNyaXJhbUBuaXN0Lmdv diI+PHNwYW4gc3R5bGU9Im1zby1ib29rbWFyazpfTWFpbE9yaWdpbmFsQm9keSI+Jmx0O2tvdGlr YWxhcHVkaS5zcmlyYW1AbmlzdC5nb3YmZ3Q7PC9zcGFuPjxzcGFuIHN0eWxlPSJtc28tYm9va21h cms6X01haWxPcmlnaW5hbEJvZHkiPjwvc3Bhbj48L2E+PHNwYW4gc3R5bGU9Im1zby1ib29rbWFy azpfTWFpbE9yaWdpbmFsQm9keSI+PHNwYW4gc3R5bGU9ImNvbG9yOiM5MDlBQTQiPiwNCiBCZW4g TWFkZGlzb24gPC9zcGFuPjwvc3Bhbj48YSBocmVmPSJtYWlsdG86YmVubUB3b3Jrb25saW5lLmNv LnphIj48c3BhbiBzdHlsZT0ibXNvLWJvb2ttYXJrOl9NYWlsT3JpZ2luYWxCb2R5Ij4mbHQ7YmVu bUB3b3Jrb25saW5lLmNvLnphJmd0Ozwvc3Bhbj48c3BhbiBzdHlsZT0ibXNvLWJvb2ttYXJrOl9N YWlsT3JpZ2luYWxCb2R5Ij48L3NwYW4+PC9hPjxzcGFuIHN0eWxlPSJtc28tYm9va21hcms6X01h aWxPcmlnaW5hbEJvZHkiPjxzcGFuIHN0eWxlPSJjb2xvcjojOTA5QUE0Ij4sPGJyPg0KWW9zc2kg R2lsYWQgPC9zcGFuPjwvc3Bhbj48YSBocmVmPSJtYWlsdG86eW9zc2lnaUBidS5lZHUiPjxzcGFu IHN0eWxlPSJtc28tYm9va21hcms6X01haWxPcmlnaW5hbEJvZHkiPiZsdDt5b3NzaWdpQGJ1LmVk dSZndDs8L3NwYW4+PHNwYW4gc3R5bGU9Im1zby1ib29rbWFyazpfTWFpbE9yaWdpbmFsQm9keSI+ PC9zcGFuPjwvYT48c3BhbiBzdHlsZT0ibXNvLWJvb2ttYXJrOl9NYWlsT3JpZ2luYWxCb2R5Ij48 c3BhbiBzdHlsZT0iY29sb3I6IzkwOUFBNCI+LA0KIFNoYXJvbiBHb2xkYmVyZyA8L3NwYW4+PC9z cGFuPjxhIGhyZWY9Im1haWx0bzpnb2xkYmVAY3MuYnUuZWR1Ij48c3BhbiBzdHlsZT0ibXNvLWJv b2ttYXJrOl9NYWlsT3JpZ2luYWxCb2R5Ij4mbHQ7Z29sZGJlQGNzLmJ1LmVkdSZndDs8L3NwYW4+ PHNwYW4gc3R5bGU9Im1zby1ib29rbWFyazpfTWFpbE9yaWdpbmFsQm9keSI+PC9zcGFuPjwvYT48 c3BhbiBzdHlsZT0ibXNvLWJvb2ttYXJrOl9NYWlsT3JpZ2luYWxCb2R5Ij48c3BhbiBzdHlsZT0i Y29sb3I6IzkwOUFBNCI+PGJyPg0KPGJyPg0KQSBuZXcgdmVyc2lvbiBvZiBJLUQsIGRyYWZ0LXlv c3NpZ2ktcnBraW1heGxlbi0wMi50eHQ8YnI+DQpoYXMgYmVlbiBzdWNjZXNzZnVsbHkgc3VibWl0 dGVkIGJ5IEpvYiBTbmlqZGVycyBhbmQgcG9zdGVkIHRvIHRoZTxicj4NCklFVEYgcmVwb3NpdG9y eS48YnI+DQo8YnI+DQpOYW1lOiBkcmFmdC15b3NzaWdpLXJwa2ltYXhsZW48YnI+DQpSZXZpc2lv bjogMDI8YnI+DQpUaXRsZTogVGhlIFVzZSBvZiBNYXhsZW5ndGggaW4gdGhlIFJQS0k8YnI+DQpE b2N1bWVudCBkYXRlOiAyMDE4LTAzLTA1PGJyPg0KR3JvdXA6IEluZGl2aWR1YWwgU3VibWlzc2lv bjxicj4NClBhZ2VzOiAxMDxicj4NClVSTDo8YnI+DQo8L3NwYW4+PC9zcGFuPjxhIGhyZWY9Imh0 dHBzOi8vd3d3LmlldGYub3JnL2ludGVybmV0LWRyYWZ0cy9kcmFmdC15b3NzaWdpLXJwa2ltYXhs ZW4tMDIudHh0Ij48c3BhbiBzdHlsZT0ibXNvLWJvb2ttYXJrOl9NYWlsT3JpZ2luYWxCb2R5Ij5o dHRwczovL3d3dy5pZXRmLm9yZy9pbnRlcm5ldC1kcmFmdHMvZHJhZnQteW9zc2lnaS1ycGtpbWF4 bGVuLTAyLnR4dDwvc3Bhbj48c3BhbiBzdHlsZT0ibXNvLWJvb2ttYXJrOl9NYWlsT3JpZ2luYWxC b2R5Ij48L3NwYW4+PC9hPjxzcGFuIHN0eWxlPSJtc28tYm9va21hcms6X01haWxPcmlnaW5hbEJv ZHkiPjxzcGFuIHN0eWxlPSJjb2xvcjojOTA5QUE0Ij48YnI+DQpTdGF0dXM6IDwvc3Bhbj48L3Nw YW4+PGEgaHJlZj0iaHR0cHM6Ly9kYXRhdHJhY2tlci5pZXRmLm9yZy9kb2MvZHJhZnQteW9zc2ln aS1ycGtpbWF4bGVuLyI+PHNwYW4gc3R5bGU9Im1zby1ib29rbWFyazpfTWFpbE9yaWdpbmFsQm9k eSI+aHR0cHM6Ly9kYXRhdHJhY2tlci5pZXRmLm9yZy9kb2MvZHJhZnQteW9zc2lnaS1ycGtpbWF4 bGVuLzwvc3Bhbj48c3BhbiBzdHlsZT0ibXNvLWJvb2ttYXJrOl9NYWlsT3JpZ2luYWxCb2R5Ij48 L3NwYW4+PC9hPjxzcGFuIHN0eWxlPSJtc28tYm9va21hcms6X01haWxPcmlnaW5hbEJvZHkiPjxz cGFuIHN0eWxlPSJjb2xvcjojOTA5QUE0Ij48YnI+DQpIdG1saXplZDogPC9zcGFuPjwvc3Bhbj48 YSBocmVmPSJodHRwczovL3Rvb2xzLmlldGYub3JnL2h0bWwvZHJhZnQteW9zc2lnaS1ycGtpbWF4 bGVuLTAyIj48c3BhbiBzdHlsZT0ibXNvLWJvb2ttYXJrOl9NYWlsT3JpZ2luYWxCb2R5Ij5odHRw czovL3Rvb2xzLmlldGYub3JnL2h0bWwvZHJhZnQteW9zc2lnaS1ycGtpbWF4bGVuLTAyPC9zcGFu PjxzcGFuIHN0eWxlPSJtc28tYm9va21hcms6X01haWxPcmlnaW5hbEJvZHkiPjwvc3Bhbj48L2E+ PHNwYW4gc3R5bGU9Im1zby1ib29rbWFyazpfTWFpbE9yaWdpbmFsQm9keSI+PHNwYW4gc3R5bGU9 ImNvbG9yOiM5MDlBQTQiPjxicj4NCkh0bWxpemVkOjxicj4NCjwvc3Bhbj48L3NwYW4+PGEgaHJl Zj0iaHR0cHM6Ly9kYXRhdHJhY2tlci5pZXRmLm9yZy9kb2MvaHRtbC9kcmFmdC15b3NzaWdpLXJw a2ltYXhsZW4tMDIiPjxzcGFuIHN0eWxlPSJtc28tYm9va21hcms6X01haWxPcmlnaW5hbEJvZHki Pmh0dHBzOi8vZGF0YXRyYWNrZXIuaWV0Zi5vcmcvZG9jL2h0bWwvZHJhZnQteW9zc2lnaS1ycGtp bWF4bGVuLTAyPC9zcGFuPjxzcGFuIHN0eWxlPSJtc28tYm9va21hcms6X01haWxPcmlnaW5hbEJv ZHkiPjwvc3Bhbj48L2E+PHNwYW4gc3R5bGU9Im1zby1ib29rbWFyazpfTWFpbE9yaWdpbmFsQm9k eSI+PHNwYW4gc3R5bGU9ImNvbG9yOiM5MDlBQTQiPjxicj4NCkRpZmY6IDwvc3Bhbj48L3NwYW4+ PGEgaHJlZj0iaHR0cHM6Ly93d3cuaWV0Zi5vcmcvcmZjZGlmZj91cmwyPWRyYWZ0LXlvc3NpZ2kt cnBraW1heGxlbi0wMiI+PHNwYW4gc3R5bGU9Im1zby1ib29rbWFyazpfTWFpbE9yaWdpbmFsQm9k eSI+aHR0cHM6Ly93d3cuaWV0Zi5vcmcvcmZjZGlmZj91cmwyPWRyYWZ0LXlvc3NpZ2ktcnBraW1h eGxlbi0wMjwvc3Bhbj48c3BhbiBzdHlsZT0ibXNvLWJvb2ttYXJrOl9NYWlsT3JpZ2luYWxCb2R5 Ij48L3NwYW4+PC9hPjxzcGFuIHN0eWxlPSJtc28tYm9va21hcms6X01haWxPcmlnaW5hbEJvZHki PjxzcGFuIHN0eWxlPSJjb2xvcjojOTA5QUE0Ij48YnI+DQo8YnI+DQpBYnN0cmFjdDo8YnI+DQpU aGlzIGRvY3VtZW50IHJlY29tbWVuZHMgdGhhdCBvcGVyYXRvcnMgYXZvaWQgdXNpbmcgdGhlIG1h eExlbmd0aDxicj4NCmF0dHJpYnV0ZSB3aGVuIGlzc3VpbmcgUm91dGUgT3JpZ2luIEF1dGhvcml6 YXRpb25zIChST0FzKSBpbiB0aGU8YnI+DQpSZXNvdXJjZSBQdWJsaWMgS2V5IEluZnJhc3RydWN0 dXJlIChSUEtJKS4gVGhlc2UgcmVjb21tZW5kYXRpb25zPGJyPg0KY29tcGxlbWVudCB0aG9zZSBp biBbUkZDNzExNV0uPGJyPg0KPGJyPg0KPGJyPg0KUGxlYXNlIG5vdGUgdGhhdCBpdCBtYXkgdGFr ZSBhIGNvdXBsZSBvZiBtaW51dGVzIGZyb20gdGhlIHRpbWUgb2Ygc3VibWlzc2lvbjxicj4NCnVu dGlsIHRoZSBodG1saXplZCB2ZXJzaW9uIGFuZCBkaWZmIGFyZSBhdmFpbGFibGUgYXQgdG9vbHMu aWV0Zi5vcmcuPGJyPg0KPGJyPg0KVGhlIElFVEYgU2VjcmV0YXJpYXQ8YnI+DQo8YnI+DQpfX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXzxicj4NClNpZHJvcHMg bWFpbGluZyBsaXN0PGJyPg0KPC9zcGFuPjwvc3Bhbj48YSBocmVmPSJtYWlsdG86U2lkcm9wc0Bp ZXRmLm9yZyI+PHNwYW4gc3R5bGU9Im1zby1ib29rbWFyazpfTWFpbE9yaWdpbmFsQm9keSI+U2lk cm9wc0BpZXRmLm9yZzwvc3Bhbj48c3BhbiBzdHlsZT0ibXNvLWJvb2ttYXJrOl9NYWlsT3JpZ2lu YWxCb2R5Ij48L3NwYW4+PC9hPjxzcGFuIHN0eWxlPSJtc28tYm9va21hcms6X01haWxPcmlnaW5h bEJvZHkiPjxzcGFuIHN0eWxlPSJjb2xvcjojOTA5QUE0Ij48YnI+DQo8L3NwYW4+PC9zcGFuPjxh IGhyZWY9Imh0dHBzOi8vd3d3LmlldGYub3JnL21haWxtYW4vbGlzdGluZm8vc2lkcm9wcyI+PHNw YW4gc3R5bGU9Im1zby1ib29rbWFyazpfTWFpbE9yaWdpbmFsQm9keSI+aHR0cHM6Ly93d3cuaWV0 Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9zaWRyb3BzPC9zcGFuPjxzcGFuIHN0eWxlPSJtc28tYm9v a21hcms6X01haWxPcmlnaW5hbEJvZHkiPjwvc3Bhbj48L2E+PHNwYW4gc3R5bGU9Im1zby1ib29r bWFyazpfTWFpbE9yaWdpbmFsQm9keSI+PHNwYW4gc3R5bGU9ImNvbG9yOiM5MDlBQTQiPjxvOnA+ PC9vOnA+PC9zcGFuPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0 eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6MTEuMjVwdDttYXJnaW4tcmlnaHQ6MGNtO21hcmdpbi1i b3R0b206MGNtO21hcmdpbi1sZWZ0OjM2LjBwdDttYXJnaW4tYm90dG9tOi4wMDAxcHQiPg0KPHNw YW4gc3R5bGU9Im1zby1ib29rbWFyazpfTWFpbE9yaWdpbmFsQm9keSI+PHNwYW4gc3R5bGU9ImNv bG9yOiM5MDlBQTQiPjxpbWcgYm9yZGVyPSIwIiB3aWR0aD0iOTQ0IiBoZWlnaHQ9IjEiIHN0eWxl PSJ3aWR0aDo5LjgzMzNpbjtoZWlnaHQ6LjAxMDRpbiIgaWQ9Ikhvcml6b250YWxfeDAwMjBfTGlu ZV94MDAyMF8xIiBzcmM9ImNpZDppbWFnZTAwMS5wbmdAMDFEM0I0RDcuNkY4RUJDNzAiPjwvc3Bh bj48L3NwYW4+PHNwYW4gc3R5bGU9Im1zby1ib29rbWFyazpfTWFpbE9yaWdpbmFsQm9keSI+PHNw YW4gc3R5bGU9ImNvbG9yOiM5MDlBQTQiPjxvOnA+PC9vOnA+PC9zcGFuPjwvc3Bhbj48L3A+DQo8 L2Rpdj4NCjwvYmxvY2txdW90ZT4NCjxzcGFuIHN0eWxlPSJtc28tYm9va21hcms6X01haWxPcmln aW5hbEJvZHkiPjwvc3Bhbj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2lu LXRvcC1hbHQ6MTEuMjVwdDttYXJnaW4tcmlnaHQ6MGNtO21hcmdpbi1ib3R0b206MGNtO21hcmdp bi1sZWZ0OjM2LjBwdDttYXJnaW4tYm90dG9tOi4wMDAxcHQiPg0KPG86cD4mbmJzcDs8L286cD48 L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9ib2R5Pg0KPC9odG1sPg0K --_000_ED0FA5A198914BF5BFA9C4D2A77E281Bciscocom_-- --_004_ED0FA5A198914BF5BFA9C4D2A77E281Bciscocom_ Content-Type: image/png; name="image001.png" Content-Description: image001.png Content-Disposition: inline; filename="image001.png"; size=188; creation-date="Mon, 05 Mar 2018 22:12:32 GMT"; modification-date="Mon, 05 Mar 2018 22:12:32 GMT" Content-ID: Content-Transfer-Encoding: base64 iVBORw0KGgoAAAANSUhEUgAAA7AAAAABCAYAAADnw0KPAAAAAXNSR0IArs4c6QAAAAlwSFlzAAAO xAAADsQBlSsOGwAAAGFJREFUSA3tl0EKACAIBPP/D/J55RpC0NkOMRtkp1TadDV3n4HRATMbultW qHOXvysHuVVq232YiCeWrNAdD/nz/sWxF3xLUp8b/Of/U/+o//S/rIr0f/QP+g/9i/7/Z/5Z5nML MnDEvUAAAAAASUVORK5CYII= --_004_ED0FA5A198914BF5BFA9C4D2A77E281Bciscocom_-- From nobody Mon Mar 5 14:17:53 2018 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 39FDF126D05 for ; Mon, 5 Mar 2018 14:17:44 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.669 X-Spam-Level: X-Spam-Status: No, score=-1.669 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, UNPARSEABLE_RELAY=0.001] autolearn=no autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mrqEc59s3Sld for ; Mon, 5 Mar 2018 14:17:43 -0800 (PST) Received: from mail-wm0-f54.google.com (mail-wm0-f54.google.com [74.125.82.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 697BC1273E2 for ; Mon, 5 Mar 2018 14:17:42 -0800 (PST) Received: by mail-wm0-f54.google.com with SMTP id t3so18976647wmc.2 for ; Mon, 05 Mar 2018 14:17:42 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=Spwov1kGfSh2ecEKvQcSeVXXWsJkuoZDbOyTRFlfi1I=; b=ss3+QkBPiA33+AnsB7Yi14yCd5Ei2zFmCx3AQFlqZrGa1WvoaOkfRtvkzL849BS4vi IGPZc0JkkB9JQug3rCw/3MVCxmX1Dc3giT1vcitCsDN3NrW4ZkiPPW75QIgKkENSMEtI NEfkAwlaib7zHKZK1BIFQg7U63Btutq7sRLgyC3oGhBCo63XE9XVHQiGi0Y5bDerteYh ywqqGMdYYSMQdRWhlRjuvy3zNj/tv2LAqeCjlJc4hvkRmEKeMj1972M/EKRbpOuqQ97f 8IloY8fJTHPk5HiA8Weqc5KZUPJ6zY0Z3I9t5vafRy4DzLAlOT0fxBzuwUlCqaxj+VHg Xz8A== X-Gm-Message-State: APf1xPDe/u7BIE/1txHKtP9u36gFpMZWwYLs+0JTu9EjLxzZ0D8vY9QI 2dTTKY3wBdLVErCJU2PPwKafOw== X-Google-Smtp-Source: AG47ELtzhMU2V+gfJalyAk5kUXFyzKNq4Uzi9oyYyi4g/cz6iAcB/UAfgVWuBQyijFpxGheqxdnuwA== X-Received: by 10.80.192.1 with SMTP id r1mr20377765edb.222.1520288260769; Mon, 05 Mar 2018 14:17:40 -0800 (PST) Received: from vurt.meerval.net (vurt.meerval.net. [192.147.168.22]) by smtp.gmail.com with ESMTPSA id s8sm1457777edk.28.2018.03.05.14.17.39 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Mon, 05 Mar 2018 14:17:40 -0800 (PST) Received: from localhost (vurt.meerval.net [local]) by vurt.meerval.net (OpenSMTPD) with ESMTPA id 5cf799e0; Mon, 5 Mar 2018 22:17:39 +0000 (UTC) Date: Mon, 5 Mar 2018 22:17:39 +0000 From: Job Snijders To: "Roque Gagliano (rogaglia)" Cc: Nick Hilliard , "draft-yossigi-rpkimaxlen@ietf.org" , "sidrops@ietf.org" , Ben Maddison Message-ID: <20180305221739.GI34878@vurt.meerval.net> References: <152027339832.14543.8814801305512518546.idtracker@ietfa.amsl.com> <5A9DBD70.60800@foobar.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Clacks-Overhead: GNU Terry Pratchett User-Agent: Mutt/1.9.3 (2018-01-21) Archived-At: Subject: Re: [Sidrops] Fwd: New Version Notification for draft-yossigi-rpkimaxlen-02.txt X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Mar 2018 22:17:44 -0000 On Mon, Mar 05, 2018 at 10:12:32PM +0000, Roque Gagliano (rogaglia) wrote: > As a separate note from my adoption comment, I believe the draft is > missing one key point on the use of maxLenght related to RPKI > convergence delay. So, if I set the Minimal ROAs but I need to perform > a change (for any reason and not only DDoS), I would need to wait > until RPKI converges around the globe to see my announcements accepted > everywhere (getting RPs to fetch new crypto material and run > validation logic). > > The ability to perform any changes in my routing policies at any time > is key driver for the use of maxLenght and it would be nice to include > that operational aspect in this BCP. Similarly, one would need to wait until RPKI converges around the globel to see a hijack being mitigated; if the hijack was possible because non-minimal ROAs were used. A liberal application of MaxLength does indeed offer a degree of flexibility, but as the draft describes, that flexibility comes at the price of increased risk and less prototection. Do you have a specific snippet of text as suggestion for inclusion? Kind regards, Job From nobody Mon Mar 5 14:21:50 2018 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 17764127010; Mon, 5 Mar 2018 14:21:48 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.53 X-Spam-Level: X-Spam-Status: No, score=-14.53 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wO7JkclYFuCz; Mon, 5 Mar 2018 14:21:46 -0800 (PST) Received: from rcdn-iport-7.cisco.com (rcdn-iport-7.cisco.com [173.37.86.78]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 54B89126DC2; Mon, 5 Mar 2018 14:21:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2300; q=dns/txt; s=iport; t=1520288506; x=1521498106; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=pYcDBL/TrlC4GU6TafUP8jkh04LOcDxUruzCS2V0lnY=; b=NMS+O8vU352PSCyeH71czBHgT0fZoRen0WMBXy6bJRhKQ0+QRhgqo+Tf 8JoI3z65pzOfjOsKcQahJ2iKSsUC4WF7m1kMQCUQFT3eQ7PdKJ9cLwRB8 DUUQoRSZlPw0XySwqwS01LfIKicXpRMhxkRXTYkx0Hdk3NeoK6W6p25JV E=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0D9AACewZ1a/49dJa1dGQEBAQEBAQEBA?= =?us-ascii?q?QEBAQcBAQEBAYNQZnAoCoNKiiSNeIICgRaUNIIVChgLhD5PAhqCWSE0GAECAQE?= =?us-ascii?q?BAQEBAmsnhSQBAQQBASEROgkCEAIBCBgCAiYCAgIlCxUQAgQOBYUbEKhxgieIY?= =?us-ascii?q?4ImBYEPhB6BDRyBBYFXgWYpgwSDLgEBgXEXgnQwgjIEmmIJApB9jniRKAIRGQG?= =?us-ascii?q?BLQEeOIFScBU6KgGCGIRId4ooLIEDgRgBAQE?= X-IronPort-AV: E=Sophos;i="5.47,428,1515456000"; d="scan'208";a="362125359" Received: from rcdn-core-7.cisco.com ([173.37.93.143]) by rcdn-iport-7.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 05 Mar 2018 22:20:45 +0000 Received: from XCH-RTP-011.cisco.com (xch-rtp-011.cisco.com [64.101.220.151]) by rcdn-core-7.cisco.com (8.14.5/8.14.5) with ESMTP id w25MKiXW017886 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 5 Mar 2018 22:20:44 GMT Received: from xch-rtp-011.cisco.com (64.101.220.151) by XCH-RTP-011.cisco.com (64.101.220.151) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Mon, 5 Mar 2018 17:20:44 -0500 Received: from xch-rtp-011.cisco.com ([64.101.220.151]) by XCH-RTP-011.cisco.com ([64.101.220.151]) with mapi id 15.00.1320.000; Mon, 5 Mar 2018 17:20:44 -0500 From: "Roque Gagliano (rogaglia)" To: Job Snijders CC: "draft-yossigi-rpkimaxlen@ietf.org" , "sidrops@ietf.org" , Ben Maddison , Nick Hilliard Thread-Topic: [Sidrops] Fwd: New Version Notification for draft-yossigi-rpkimaxlen-02.txt Thread-Index: AQHTtK3qerQGd9i5RU2UT1Lw8sWZ5qPChI0AgAAUxwD///CtgIAAEZ0A Date: Mon, 5 Mar 2018 22:20:43 +0000 Message-ID: References: <152027339832.14543.8814801305512518546.idtracker@ietfa.amsl.com> <5A9DBD70.60800@foobar.org> <20180305221739.GI34878@vurt.meerval.net> In-Reply-To: <20180305221739.GI34878@vurt.meerval.net> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/10.9.0.180116 x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.61.86.122] Content-Type: text/plain; charset="utf-8" Content-ID: <46E4DBDBCABA3B46B5D0B4061C0B9473@emea.cisco.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 Archived-At: Subject: Re: [Sidrops] Fwd: New Version Notification for draft-yossigi-rpkimaxlen-02.txt X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Mar 2018 22:21:48 -0000 SGkgSm9iLA0KDQpJIHdpbGwgc2VuZCB5b3Ugc29tZSB0ZXh0IGFuZCB5b3UgYXJlIGNvcnJlY3Qg dGhhdCB0aGUgY29udmVyZ2VuY3kgZGVsYXkgZ29lcyBpbiBib3RoIGRpcmVjdGlvbnMuDQoNClJv cXVlDQoNCg0KDQrvu79PbiAwNS8wMy8xOCAyMzoxNywgIlNpZHJvcHMgb24gYmVoYWxmIG9mIEpv YiBTbmlqZGVycyIgPHNpZHJvcHMtYm91bmNlc0BpZXRmLm9yZyBvbiBiZWhhbGYgb2Ygam9iQG50 dC5uZXQ+IHdyb3RlOg0KDQogICAgT24gTW9uLCBNYXIgMDUsIDIwMTggYXQgMTA6MTI6MzJQTSAr MDAwMCwgUm9xdWUgR2FnbGlhbm8gKHJvZ2FnbGlhKSB3cm90ZToNCiAgICA+IEFzIGEgc2VwYXJh dGUgbm90ZSBmcm9tIG15IGFkb3B0aW9uIGNvbW1lbnQsIEkgYmVsaWV2ZSB0aGUgZHJhZnQgaXMN CiAgICA+IG1pc3Npbmcgb25lIGtleSBwb2ludCBvbiB0aGUgdXNlIG9mIG1heExlbmdodCByZWxh dGVkIHRvIFJQS0kNCiAgICA+IGNvbnZlcmdlbmNlIGRlbGF5LiBTbywgaWYgSSBzZXQgdGhlIE1p bmltYWwgUk9BcyBidXQgSSBuZWVkIHRvIHBlcmZvcm0NCiAgICA+IGEgY2hhbmdlIChmb3IgYW55 IHJlYXNvbiBhbmQgbm90IG9ubHkgRERvUyksIEkgd291bGQgbmVlZCB0byB3YWl0DQogICAgPiB1 bnRpbCBSUEtJIGNvbnZlcmdlcyBhcm91bmQgdGhlIGdsb2JlIHRvIHNlZSBteSBhbm5vdW5jZW1l bnRzIGFjY2VwdGVkDQogICAgPiBldmVyeXdoZXJlIChnZXR0aW5nIFJQcyB0byBmZXRjaCBuZXcg Y3J5cHRvIG1hdGVyaWFsIGFuZCBydW4NCiAgICA+IHZhbGlkYXRpb24gbG9naWMpLg0KICAgID4g DQogICAgPiBUaGUgYWJpbGl0eSB0byBwZXJmb3JtIGFueSBjaGFuZ2VzIGluIG15IHJvdXRpbmcg cG9saWNpZXMgYXQgYW55IHRpbWUNCiAgICA+IGlzIGtleSBkcml2ZXIgZm9yIHRoZSB1c2Ugb2Yg bWF4TGVuZ2h0IGFuZCBpdCB3b3VsZCBiZSBuaWNlIHRvIGluY2x1ZGUNCiAgICA+IHRoYXQgb3Bl cmF0aW9uYWwgYXNwZWN0IGluIHRoaXMgQkNQLg0KICAgIA0KICAgIFNpbWlsYXJseSwgb25lIHdv dWxkIG5lZWQgdG8gd2FpdCB1bnRpbCBSUEtJIGNvbnZlcmdlcyBhcm91bmQgdGhlIGdsb2JlbA0K ICAgIHRvIHNlZSBhIGhpamFjayBiZWluZyBtaXRpZ2F0ZWQ7IGlmIHRoZSBoaWphY2sgd2FzIHBv c3NpYmxlIGJlY2F1c2UNCiAgICBub24tbWluaW1hbCBST0FzIHdlcmUgdXNlZC4NCiAgICANCiAg ICBBIGxpYmVyYWwgYXBwbGljYXRpb24gb2YgTWF4TGVuZ3RoIGRvZXMgaW5kZWVkIG9mZmVyIGEg ZGVncmVlIG9mDQogICAgZmxleGliaWxpdHksIGJ1dCBhcyB0aGUgZHJhZnQgZGVzY3JpYmVzLCB0 aGF0IGZsZXhpYmlsaXR5IGNvbWVzIGF0IHRoZQ0KICAgIHByaWNlIG9mIGluY3JlYXNlZCByaXNr IGFuZCBsZXNzIHByb3RvdGVjdGlvbi4NCiAgICANCiAgICBEbyB5b3UgaGF2ZSBhIHNwZWNpZmlj IHNuaXBwZXQgb2YgdGV4dCBhcyBzdWdnZXN0aW9uIGZvciBpbmNsdXNpb24/DQogICAgDQogICAg S2luZCByZWdhcmRzLA0KICAgIA0KICAgIEpvYg0KICAgIA0KICAgIF9fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fDQogICAgU2lkcm9wcyBtYWlsaW5nIGxpc3QN CiAgICBTaWRyb3BzQGlldGYub3JnDQogICAgaHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9s aXN0aW5mby9zaWRyb3BzDQogICAgDQoNCg== From nobody Mon Mar 5 15:24:16 2018 Return-Path: X-Original-To: sidrops@ietf.org Delivered-To: sidrops@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id A512F120227; Mon, 5 Mar 2018 15:24:14 -0800 (PST) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: Cc: sidrops@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.74.0 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <152029225463.12916.12486008795366987065@ietfa.amsl.com> Date: Mon, 05 Mar 2018 15:24:14 -0800 Archived-At: Subject: [Sidrops] I-D Action: draft-ietf-sidrops-bgpsec-algs-rfc8208-bis-01.txt X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Mar 2018 23:24:15 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the SIDR Operations WG of the IETF. Title : BGPsec Algorithms, Key Formats, and Signature Formats Authors : Sean Turner Oliver Borchert Filename : draft-ietf-sidrops-bgpsec-algs-rfc8208-bis-01.txt Pages : 22 Date : 2018-03-05 Abstract: This document specifies the algorithms, algorithm parameters, asymmetric key formats, asymmetric key sizes, and signature formats used in BGPsec (Border Gateway Protocol Security). This document updates RFC 8208 ("BGPsec Algorithms, Key Formats, and Signature Formats") by adding Special-Use Algorithm IDs and correcting the range of unassigned algorithms IDs to fill the complete range. This document also includes example BGPsec UPDATE messages as well as the private keys used to generate the messages and the certificates necessary to validate those signatures. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-sidrops-bgpsec-algs-rfc8208-bis/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-sidrops-bgpsec-algs-rfc8208-bis-01 https://datatracker.ietf.org/doc/html/draft-ietf-sidrops-bgpsec-algs-rfc8208-bis-01 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-sidrops-bgpsec-algs-rfc8208-bis-01 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Tue Mar 6 02:21:42 2018 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B14D9126CF6; Tue, 6 Mar 2018 02:21:40 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.91 X-Spam-Level: X-Spam-Status: No, score=-6.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2iIFL-GAk73D; Tue, 6 Mar 2018 02:21:39 -0800 (PST) Received: from mahimahi.ripe.net (mahimahi.ripe.net [IPv6:2001:67c:2e8:11::c100:1372]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CADC3126579; Tue, 6 Mar 2018 02:21:38 -0800 (PST) Received: from titi.ripe.net ([193.0.23.11]) by mahimahi.ripe.net with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.89) (envelope-from ) id 1et9iu-0003iO-RK; Tue, 06 Mar 2018 11:21:35 +0100 Received: from sslvpn.ripe.net ([193.0.20.230] helo=vpn-246.ripe.net) by titi.ripe.net with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.89) (envelope-from ) id 1et9iu-0004BX-LX; Tue, 06 Mar 2018 11:21:32 +0100 Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\)) From: Tim Bruijnzeels In-Reply-To: Date: Tue, 6 Mar 2018 11:21:21 +0100 Cc: "Roque Gagliano (rogaglia)" , "draft-yossigi-rpkimaxlen@ietf.org" , "sidrops@ietf.org" , Ben Maddison , Job Snijders Content-Transfer-Encoding: quoted-printable Message-Id: <3D17FF6A-782E-4949-8126-33C77E3DBEBB@ripe.net> References: <152027339832.14543.8814801305512518546.idtracker@ietfa.amsl.com> To: Christopher Morrow X-Mailer: Apple Mail (2.3445.5.20) X-ACL-Warn: Delaying message X-RIPE-Spam-Level: ------- X-RIPE-Spam-Report: Spam Total Points: -7.5 points pts rule name description ---- ---------------------- ------------------------------------ -7.5 ALL_TRUSTED Passed through trusted hosts only via SMTP -0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay domain X-RIPE-Signature: 784d7acfe6559f2a0b602ec6519a0719716ef9bf84a03f3d2b70823fcec809d2 Archived-At: Subject: Re: [Sidrops] New Version Notification for draft-yossigi-rpkimaxlen-02.txt X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Mar 2018 10:21:40 -0000 Support adoption! > On 5 Mar 2018, at 23:09, Christopher Morrow = wrote: >=20 > ah sweet... can we end this adoption call: > 26 Mar 2018 >=20 > thanks! >=20 > On Mon, Mar 5, 2018 at 5:05 PM, Roque Gagliano (rogaglia) = wrote: > Hi Job, >=20 > I agree on adoption. >=20 > Roque >=20 > =E2=80=94 > Roque Gagliano >=20 > Automation Software Architect EMEAR >=20 > +41 76 449 8867 >=20 > Join the NSO Digital Ecosystem: > NSO on DevNet: www.cisco.com/go/nsodevnet = > NSO Developer Hub: www.cisco.com/go/nsohub = >=20 >=20 > =EF=BB=BFOn 05/03/18 19:15, "Sidrops on behalf of Job Snijders" = wrote: >=20 > Dear working group, >=20 > This document has gone through a number of revisions outside the = working group. >=20 > As authors we think it may be time to consider a call for adoption = and > continue work on this document in context of the working group. >=20 > Thoughts? >=20 > Kind regards, >=20 > Job >=20 >=20 > ---------- Forwarded message ---------- > From: > Date: Mon, Mar 5, 2018 at 7:09 PM > Subject: New Version Notification for = draft-yossigi-rpkimaxlen-02.txt > To: Job Snijders , Kotikalapudi Sriram > , Ben Maddison = , > Yossi Gilad , Sharon Goldberg >=20 > A new version of I-D, draft-yossigi-rpkimaxlen-02.txt > has been successfully submitted by Job Snijders and posted to the > IETF repository. >=20 > Name: draft-yossigi-rpkimaxlen > Revision: 02 > Title: The Use of Maxlength in the RPKI > Document date: 2018-03-05 > Group: Individual Submission > Pages: 10 > URL: > = https://www.ietf.org/internet-drafts/draft-yossigi-rpkimaxlen-02.txt > Status: = https://datatracker.ietf.org/doc/draft-yossigi-rpkimaxlen/ > Htmlized: = https://tools.ietf.org/html/draft-yossigi-rpkimaxlen-02 > Htmlized: > https://datatracker.ietf.org/doc/html/draft-yossigi-rpkimaxlen-02 > Diff: = https://www.ietf.org/rfcdiff?url2=3Ddraft-yossigi-rpkimaxlen-02 >=20 > Abstract: > This document recommends that operators avoid using the = maxLength > attribute when issuing Route Origin Authorizations (ROAs) in = the > Resource Public Key Infrastructure (RPKI). These = recommendations > complement those in [RFC7115]. >=20 >=20 > Please note that it may take a couple of minutes from the time of = submission > until the htmlized version and diff are available at = tools.ietf.org. >=20 > The IETF Secretariat >=20 > _______________________________________________ > Sidrops mailing list > Sidrops@ietf.org > https://www.ietf.org/mailman/listinfo/sidrops >=20 >=20 > _______________________________________________ > Sidrops mailing list > Sidrops@ietf.org > https://www.ietf.org/mailman/listinfo/sidrops >=20 > _______________________________________________ > Sidrops mailing list > Sidrops@ietf.org > https://www.ietf.org/mailman/listinfo/sidrops From nobody Tue Mar 6 07:46:40 2018 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6346612706D; Tue, 6 Mar 2018 07:46:39 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.611 X-Spam-Level: X-Spam-Status: No, score=-2.611 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dhvnRJgkegz0; Tue, 6 Mar 2018 07:46:37 -0800 (PST) Received: from de-cix.net (relay4.de-cix.net [46.31.123.2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 86DF9124E15; Tue, 6 Mar 2018 07:46:35 -0800 (PST) X-IronPort-AV: E=Sophos;i="5.47,432,1515452400"; d="scan'208";a="1509803" Received: from smtp.de-cix.net ([192.168.65.10]) by mailgw014.de-cix.net with ESMTP; 06 Mar 2018 16:46:35 +0100 Received: from MS-EXCHANGE.for-the-inter.net (MS-EXCHANGE.for-the-inter.net [192.168.49.2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by smtp.de-cix.net (Postfix) with ESMTPS id 24E14B00B9; Tue, 6 Mar 2018 16:46:34 +0100 (CET) Received: from MS-EXCHANGE.for-the-inter.net (192.168.49.2) by MS-EXCHANGE.for-the-inter.net (192.168.49.2) with Microsoft SMTP Server (TLS) id 15.0.1347.2; Tue, 6 Mar 2018 16:46:33 +0100 Received: from MS-EXCHANGE.for-the-inter.net ([fe80::9449:4d85:69bf:3d4c]) by MS-EXCHANGE.for-the-inter.net ([fe80::9449:4d85:69bf:3d4c%12]) with mapi id 15.00.1347.000; Tue, 6 Mar 2018 16:46:33 +0100 From: Daniel Kopp To: "sidrops@ietf.org" , "draft-ietf-sidrops-validating-bgp-speaker@ietf.org" Thread-Topic: [Sidrops] I-D Action: draft-ietf-sidrops-validating-bgp-speaker-00.txt Thread-Index: AQHTm41twkxKT3QcQ0iMeEg7MU5wP6OZPYUAgAAHoQCACzxtAIAe+yiA Date: Tue, 6 Mar 2018 15:46:33 +0000 Message-ID: <9ED5AE55-7876-4F61-BF44-D1EAB6939A39@de-cix.net> References: <151751097300.24475.14917315480902104354@ietfa.amsl.com> <5A7B4764.8070308@ams-ix.net> <20180207190442.GS5974@vurt.meerval.net> <5A84BAB6.8020406@ams-ix.net> In-Reply-To: <5A84BAB6.8020406@ams-ix.net> Accept-Language: de-DE, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-mailer: Apple Mail (2.3445.5.20) x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [192.168.141.150] Content-Type: text/plain; charset="utf-8" Content-ID: <3C823D2769566A4F801062A7F8C5FDC5@for-the-inter.net> Content-Transfer-Encoding: base64 MIME-Version: 1.0 Archived-At: Subject: Re: [Sidrops] I-D Action: draft-ietf-sidrops-validating-bgp-speaker-00.txt X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Mar 2018 15:46:39 -0000 SGkgZXZlcnlvbmUgZm9sbG93aW5nIGRyYWZ0LWlldGYtc2lkcm9wcy12YWxpZGF0aW5nLWJncC1z cGVha2VyIGFuZCBzaXJkb3BzLA0KDQp0aGFua3MgdG8gYWxsIHBlb3BsZSB0aGF0IHByb3ZpZGVk IHRoZWlyIGZlZWRiYWNrIG9uIHRoZSBsYXN0IGNoYW5nZXMgb2YgdGhlIGRyYWZ0Lg0KSSB3b3Vs ZCBhbHNvIGxpa2UgdG8gam9pbiB0aGUgZGlzY3Vzc2lvbiBieSBnaXZpbmcgbXkgdmlldyBvbiB0 aGUgZHJhZnQgYXMgYmVpbmcgYSBjby1hdXRob3IuDQoNCk1vdGl2YXRpb246DQpUaGUgY2VudHJh bCBtb3RpdmF0aW9uIG9mIHRoZSBkcmFmdCBpcyB0byBoYXZlIGEgdW5pZmllZCBtZXRob2QgdG8g c2lnbmFsIA0KUlBLSSBzdGF0dXMgb2YgcHJlZml4ZXMgd2l0aGluIHRoZSBJWFAgZG9tYWluLiBU aGUgZHJpdmUgZm9yIHN1Y2ggYW4gaW1wbGVtZW50YXRpb24gDQpjYW1lIGZyb20gY3VzdG9tZXJz IHNpZGUgYW5kIHRoZSBpZGVhIHRvIGhhdmUgYSBSRkMgZnJvbSB0aGUgZmFjdCB0aGF0IHNvbWUg SVhQIHN0YXJ0ZWQgaW1wbGVtZW50aW5nIHRoaXMgaW4gc29tZSBmbGF2b3VyLiANCg0KTGFzdCBV cGRhdGU6DQpUbyByZWNhcCwgd2l0aCB0aGUgbGFzdCBtYWpvciB1cGRhdGUgd2UgbW92ZWQgdGhl IHNpZ25hbGxpbmcgZnJvbSBub24tdHJhbnNpdGl2ZSB0byBiZWluZyB0cmFuc2l0aXZlLg0KVGhp cyB3YXMgZG9uZSBiZWNhdXNlIHdlIGRpc2N1c3NlZCB0aGF0IElYUCBiZWluZyBhbiBFQkdQIGRv bWFpbiB0aGUgbm9uLXRyYW5zaXRpdmUgZmVhdHVyZSB3b3VsZCBiZSBhIG1pc3NmaXQuIA0KQWRk aXRpb25hbGx5LCB0aGUgQVMgdGhhdCB2YWxpZGF0ZWQgdGhlIFJQS0kgc3RhdHVzIHdvdWxkIGJl IGFkZGVkIHRvIHRoZSBHbG9iYWwgQWRtaW5pc3RyYXRvciBmaWVsZC4NCg0KVGVjaG5pY2FsOg0K Tm93IGl0IHNlZW1zIHRoYXQgdGhlIG5ldyBhcHByb2FjaCBtaWdodCBhbHNvIHBvc2Ugc29tZSBn cmVhdGVyIGNoYWxsZW5nZXMgdG8gYmUgdXNlZCBieSBvcGVyYXRvcnMsIA0Kd2hlbiBpdHMgbmVj ZXNzYXJ5IHRvIGltcGxlbWVudCBmZWF0dXJlcyB0byBzaWduYWwgdGhlIGNhcGFiaWxpdHkgb2Yg dGhpcyBleHRlbnNpb24gYmV0d2VlbiByb3V0ZXJzLiANCkkgdGhpbmsgaXQgd291bGQgYmUgZ29v ZCB0byBjb2xsZWN0IG1vcmUgdGhvdWdodHMgYWJvdXQgdGhpcywgYWRkaXRpb25hbGx5IHdl4oCZ bGwgYXNrIHNvbWUgdmVuZG9ycyBhYm91dCB0aGVpciB2aWV3Lg0KT24gYSBzaWRlIG5vdGUsIEkg cGVyc29uYWxseSBsaWtlIHRoZSBpZGVhIG9mIEplZmYgV2hlZWxlciB0byB1c2UgYSBXZWxsLUtu b3duIENvbW11bml0eSwgDQpzaW1pbGFyIGxpa2UgaXQgd2FzIGRvbmUgZm9yIFJGQzc5OTksIHdo aWNoIGlzIGFsc28gdXNlZCBpbiB0aGUgY29udGV4dCBvZiBJWFBzLg0KDQpBYm91dCBkcm9wcGlu ZyBSUEtJIGludmFsaWRzIHBlciBkZWZhdWx0Og0KSSB0aGluayBpdHMgY2xlYXIgdGhhdCBpbiB0 aGVvcnkgZHJvcHBpbmcgaW52YWxpZHMgYXMgZGVmYXVsdCB3b3VsZCBwcm9tb3RlIHRoZSBoeWdp ZW5lIG9mIGFkdmVydGlzZW1lbnRzIHRoZSBtb3N0Lg0KQnV0IGlmIHdlIG1ha2UgdGhpcyB0aGUg b25seSBtb2RlIG9mIG9wZXJhdGlvbiBpbiB0aGUgZHJhZnQsIHRoZSBhZG9wdGlvbiBmb3IgUlBL SSBpbiBJWFBzIHdvdWxkIG5vdCBiZSBkaWZmZXJlbnQgZnJvbSBub3cuIA0KV2Ugd291bGRu4oCZ dCBldmVuIG5lZWQgdG8gaGF2ZSBhIGRyYWZ0IGZvciB0aGF0IGF0IGFsbC4gU2ltaWxhciB0byB0 aGF0IHNvbWUgSVhQcyBhcmUgZHJvcHBpbmcgQVMgYW5ub3VuY2VtZW50cyB0aGF0IGRvbuKAmXQg aGF2ZSB0aGVpciBJUlIgZW50cmllcyBzZXQgY29ycmVjdGx5Lg0KDQpBYm91dCBhZGQtcGF0aDoN Ckl0IHdhcyBtZW50aW9uZWQgc2V2ZXJhbCB0aW1lcyB0aGF0IHdpdGhvdXQgQWRkLXBhdGggcGF0 aCBoaWRpbmcgY2FuIG9jY3VyLiBJIHRoaW5rIGl0IG1ha2VzIHNlbnNlIHRvIGhhdmUgQWRkLVBh dGggYXMgYW4gb3B0aW9uIGluIHRoZSBkcmFmdCwgDQphbmQgYWxzbyBpdCB3b3VsZCBiZSB0aGUg aWRlYWwgY2FzZSB0byBoYXZlIHRoZSBzaWduYWxsaW5nIG9mIFJQS0kgdmFsaWRhdGlvbiBzdGF0 ZXMgd2l0aCBhZGQtcGF0aCBhcyBkZWZhdWx0LCANCmJ1dCBjdXJyZW50bHkgbm90IGFsbCBkZXZp Y2VzIGFuZCBJWFBzIGhhdmUgdGhpcyBmZWF0dXJlIGltcGxlbWVudGVkLg0KDQpGaW5hbGx5Og0K V2Ugd2FudCB0byB1c2UgUlBLSSB0b2RheSBhdCBJWFBzIGFuZCBieSBrZWVwaW5nIHRoZSBvdmVy YWxsIHNpdHVhdGlvbiBpbiBtaW5kLCANCnRoaXMgZHJhZnQgZGVzY3JpYmVzIHdoYXQgY2FuIGJl IGRvbmUgYW5kIHRpcmVzIHRvIGFjaGlldmUgYSBjb21tb24gc2lnbmFsbGluZy4NCg0KSeKAmWxs IGJlIGF0IHRoZSBuZXh0IElFVEYgbWVldGluZyBhbmQgSeKAmW0gbG9va2luZyBmb3J3YXJkIHRv IGhhdmUgc29tZSBkaXNjdXNzaW9uIHRoZWlyIGJ1dCBhbHNvIGluIGFkdmFuY2UuDQpMb29raW5n IGZvcndhcmQgdG8geW91IGNvbW1lbnRzLCBpbnB1dCBhbmQgZGlzY3Vzc2lvbi4NCg0KQmVzdCwN CkRhbmllbA0KDQoNCj4gT24gMTQuIEZlYiAyMDE4LCBhdCAyMzozOSwgQXJpcyBMYW1icmlhbmlk aXMgPGFyaXMubGFtYnJpYW5pZGlzQGFtcy1peC5uZXQ+IHdyb3RlOg0KPiANCj4gSGkgSm9iLA0K PiANCj4gSm9iIFNuaWpkZXJzIHdyb3RlOg0KPj4gSGksDQo+PiANCj4+IEkgdGhpbmsgYSBtdWNo IHNhZmVyIG1vZGUgb2Ygb3BlcmF0aW9uIGZvciBCR1Agc3BlYWtlcnMgaXMgdG8gcmVqZWN0DQo+ PiBpbnZhbGlkIGFubm91bmNlbWVudHMsIHJhdGhlciB0aGFuICJ0YWcgd2l0aCBleHRlbmRlZCBi Z3AgY29tbXVuaXR5ICYNCj4+IHByb3BhZ2F0ZSIuDQo+PiANCj4gSWYgUlBLSSBhZG9wdGlvbiBh bmQga25vdy1ob3cgd2FzIHdpZGVzcHJlYWQsIEkgd291bGQgYWdyZWUuIFNhZGx5LCB0aGlzIGlz IG5vdCB0aGUgDQo+IG9wZXJhdGlvbmFsIHJlYWxpdHkgYXMgSSBzZWUgaXQuIFRoZSBkcmFmdCB0 cmllcyB0byBiZSBpbmNsdXNpdmUgaW4gaXRzIG9wdGlvbnMgYXMgdG8NCj4gcHJvbW90ZSBSUEtJ IGFkb3B0aW9uLCBidXQgYXMgc3RhdGVkIGluIGEgcHJldmlvdXMgZW1haWwgb2YgbWluZSwgdGhp cyBpcyBqdXN0IG9uZSBvZiBpdHMgZ29hbHMuIA0KPiANCj4gPkZyb20gYSBzdGFuZGFyZGl6YXRp b24gc3RhbmRwb2ludCAodGhlIG90aGVyIGdvYWwpLCBvZmZlcmluZyBsZXNzIG9wdGlvbnMgb24g aG93IG9wZXJhdG9ycyBkZXBsb3kgdGhlIA0KPiB2YWxpZGF0aW5nIGJncCBzcGVha2VyIG1lYW5z IGxlc3MgcHJvYmFiaWxpdHkgb2Ygd2lkZXNwcmVhZCBhZG9wdGlvbiwgdGhlcmVieQ0KPiBkZWZl YXRpbmcgaXRzIHB1cnBvc2UuDQo+IA0KPiBGdXJ0aGVybW9yZSwgaWYgd2Ugd2VyZSB0byBnbyBk aXJlY3RseSB3aXRoIHRoZSBzYWZlciBtb2RlIG9mIG9wZXJhdGlvbiwNCj4gd2Ugd291bGQgbG9z ZSBvcGVyYXRvcnMgd2hvIGFyZSBvbiB0aGUgZmVuY2UgYWJvdXQgUlBLSSBhbmQgaXRzIHVzZWZ1 bG5lc3MgYW5kIA0KPiB3aG8gd2FudCB0byBtYWludGFpbiBtb3JlIGdyYW51bGFyIGNvbnRyb2wg b24gd2hhdCB0aGV5IHJlY2VpdmUgYmVmb3JlIHB1bGxpbmcgdGhlIHByb3ZlcmJpYWwNCj4ga2ls bHN3aXRjaCwgdGFraW5nIGludG8gYWNjb3VudCB3aGF0IHdhcyBtZW50aW9uZWQgaW4gdGhlIGZp cnN0IHBhcmFncmFwaC4NCj4gDQo+IElmIGl0IGhlbHBzLCBJIHNlZSB0aGUgZHJhZnQgYXMgYW4g YW5hbG9neSB0byB0aGUgbWlncmF0aW9uIHN0ZXBzIHRha2VuIHdpdGggYW55IG5ldyB0ZWNobm9s b2d5LCBpLmUuIGluc3RhbGxpbmcNCj4gZmlyZXdhbGxzIG9yIHByb3hpZXMgaW4gb25lJ3MgbmV0 d29yay4gVHlwaWNhbGx5IHRoZXkgYXJlIGZpcnN0IGJlaW5nIHBsYWNlZCBpbiAiYnlwYXNzL21v bml0b3JpbmciDQo+IG1vZGUsIGFuZCB0aGVuIHRoZXkgYXJlIGNvbmZpZ3VyZWQgdG8gZmlsdGVy L2Ryb3AgdHJhZmZpYywgYWZ0ZXIgY29uZmlkZW5jZSBvZiB0aGVpciBvcGVyYXRpb24gaGFzIGJl ZW4gZ2FpbmVkLiANCj4gDQo+IFRoZSBkcmFmdCBpbiBubyB3YXkgcHJvaGliaXRzLCBhbmQgYXJn dWFibHkgZXZlbiBlbmNvdXJhZ2VzLCBvcGVyYXRvcnMgdG8gb2ZmZXIgZGlmZmVyZW50IG9wdGlv bnMgZm9yIGRpZmZlcmVudCBjdXN0b21lcnMuDQo+IEN1c3RvbWVycyB3aG8gZmVlbCBjb25maWRl bnQgaW4gdGhlIHZhbGlkYXRpbmcgQkdQIHNwZWFrZXIgY2FuIHNpbXBseSBzZWxlY3QgdG8gcmVq ZWN0IGludmFsaWQgYW5ub3VuY2VtZW50cy4NCj4gDQo+IEtpbmQgcmVnYXJkcywNCj4gQXJpcw0K DQo= From nobody Tue Mar 6 08:34:23 2018 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C08A21274D2; Tue, 6 Mar 2018 08:34:21 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.901 X-Spam-Level: X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nistgov.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FE9bvXzGeXb7; Tue, 6 Mar 2018 08:34:19 -0800 (PST) Received: from gcc01-dm2-obe.outbound.protection.outlook.com (mail-dm2gcc01on0115.outbound.protection.outlook.com [23.103.201.115]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6FDDA127076; Tue, 6 Mar 2018 08:34:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nistgov.onmicrosoft.com; s=selector1-nist-gov; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=7xnw+Du3kYhJMegy5m3yASweTg/KHbZyaiaX4/jjspE=; b=owMmLiHbgE4+YmzDMyrIsZuiV/tX6yGNs9+7n5XlmmXTnas5W74u3MPIGvV3V2MEYnPUwwHWwaI5BrHcu/RoANtMvhBcwlBE/fyhEn+4DMtoGDoqXIJct3z9Q4cINDz7uHyFp7hy1qMe5Ist+niQnij0NvyoGSTk+4Fbb2N6cAs= Received: from BYAPR09MB2773.namprd09.prod.outlook.com (52.135.224.26) by BYAPR09MB2773.namprd09.prod.outlook.com (52.135.224.26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.548.13; Tue, 6 Mar 2018 16:34:17 +0000 Received: from BYAPR09MB2773.namprd09.prod.outlook.com ([fe80::d015:9eb2:757:ba95]) by BYAPR09MB2773.namprd09.prod.outlook.com ([fe80::d015:9eb2:757:ba95%13]) with mapi id 15.20.0548.016; Tue, 6 Mar 2018 16:34:17 +0000 From: "Sriram, Kotikalapudi (Fed)" To: "sidrops@ietf.org" CC: "sidrops-chairs@ietf.org" Thread-Topic: New Version Notification for draft-sriram-sidrops-drop-invalid-policy-00.txt Thread-Index: AQHTtNWhXGiptyuPFE2FzpnwC7YBGqPDZQDe Date: Tue, 6 Mar 2018 16:34:17 +0000 Message-ID: References: <152029076512.12908.14537578849320525718.idtracker@ietfa.amsl.com> In-Reply-To: <152029076512.12908.14537578849320525718.idtracker@ietfa.amsl.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=kotikalapudi.sriram@nist.gov; x-originating-ip: [71.255.240.48] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; BYAPR09MB2773; 7:56iHuSvRdSy+WG2YMYAoEXIWTUgVRHM+d2veOjTBbwhgDI1WJWz5cuyzvVvClZ0i3ksi0TRaQU4xbGxls5hL6cGidv/rmFFHraq/PhAjOdTE6Yv6vA3Ow/2V/DuYnzPD44j4p9OWpU0uPmW1/SUhlJEVJ/Oi69ohyMeBJ3CVchMiUA85kakaY1RgKFbrnTkkunJgfltRIxuDndfJwLWjSAtoOsRJQ8ygwxH4eZwS/hRKwoBqtcGe7Isue98+55GZ x-ms-exchange-antispam-srfa-diagnostics: SSOS; x-ms-office365-filtering-ht: Tenant x-ms-office365-filtering-correlation-id: 46dbd8c3-63b4-4ca9-ea73-08d583801af9 x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(5600026)(4604075)(3008032)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020); SRVR:BYAPR09MB2773; x-ms-traffictypediagnostic: BYAPR09MB2773: x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:; x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040501)(2401047)(5005006)(8121501046)(3231220)(944501244)(52105095)(10201501046)(93006095)(93001095)(3002001)(6055026)(6041288)(20161123558120)(20161123560045)(20161123562045)(20161123564045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(6072148)(201708071742011); SRVR:BYAPR09MB2773; BCL:0; PCL:0; RULEID:; SRVR:BYAPR09MB2773; x-forefront-prvs: 06036BD506 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39860400002)(39380400002)(366004)(376002)(396003)(346002)(199004)(189003)(22804003)(377424004)(2906002)(3846002)(74316002)(25786009)(102836004)(6116002)(14454004)(68736007)(229853002)(26005)(478600001)(15650500001)(33656002)(99286004)(305945005)(6506007)(3660700001)(3280700002)(2351001)(59450400001)(316002)(53546011)(5660300001)(6916009)(2950100002)(66066001)(7736002)(966005)(106356001)(53936002)(8936002)(55016002)(8676002)(5640700003)(4326008)(105586002)(7696005)(76176011)(6306002)(9686003)(6436002)(81156014)(97736004)(1730700003)(81166006)(2501003)(186003)(450100002)(2900100001)(6246003)(5250100002)(86362001); DIR:OUT; SFP:1102; SCL:1; SRVR:BYAPR09MB2773; H:BYAPR09MB2773.namprd09.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts) x-microsoft-antispam-message-info: Blfh4hXb/sJr7Mm0d1JA+ioucZsrh9Fk1S24mzlbjShQ5qhqgnZBJnPOkHrLE9/lBihwMVFvmg58JeVoXbzXntRIxfop7CA1qdVf0KbexdwveUkf6skF06uReHojtIMXC3aMR/n9Q4Ldz33Sr/rrpOjRi1YJGy2DFTc7obwDJ7CPJ8JTQEFlvgUIIP8IYxuql5cQGdIbXTti+YIa4Xfn2z9uX6vYms/tN9PNyA1k3r/Oy3B6HaoXkAUzyybVkLfvZboZJivASQirZAQfhdAqZMrXlivEBq9EAfdK56bTQiD5h3JFkqS0CgiWW+lDmkOiZ6d35yqR04jiCh17L009uQ== spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: nist.gov X-MS-Exchange-CrossTenant-Network-Message-Id: 46dbd8c3-63b4-4ca9-ea73-08d583801af9 X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Mar 2018 16:34:17.3181 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR09MB2773 Archived-At: Subject: Re: [Sidrops] New Version Notification for draft-sriram-sidrops-drop-invalid-policy-00.txt X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Mar 2018 16:34:22 -0000 We have requested the chairs for time on the SIDROPS meeting agenda to disc= uss this work: =20 https://tools.ietf.org/html/draft-sriram-sidrops-drop-invalid-policy-00=20 The authors would appreciate comments/discussion on the list as well. Sriram=20 ________________________________________ From: internet-drafts@ietf.org Sent: Monday, March 5, 2018 5:59 PM To: Sriram, Kotikalapudi (Fed); Montgomery, Douglas (Fed); Borchert, Oliver= (Fed) Subject: New Version Notification for draft-sriram-sidrops-drop-invalid-pol= icy-00.txt A new version of I-D, draft-sriram-sidrops-drop-invalid-policy-00.txt has been successfully submitted by Kotikalapudi Sriram and posted to the IETF repository. Name: draft-sriram-sidrops-drop-invalid-policy Revision: 00 Title: Origin Validation Policy Considerations for Dropping Invali= d Routes Document date: 2018-03-05 Group: Individual Submission Pages: 6 https://tools.ietf.org/html/draft-sriram-sidrops-drop-invalid-policy-00=20 Abstract: During incremental deployment of RPKI and Route Origin Authorizations (and possibly under some transient conditions), network operators would wish to have a meaningful policy for dropping Invalid routes. Their goal is to balance (A) dropping Invalid routes so hijacked routes can be eliminated, versus (B) tolerance for missing or erroneously created ROAs for customer prefixes. This document considers a Drop Invalid if Still Routable (DISR) policy that is based on these considerations. The key principle of DISR policy is that an Invalid route can be dropped if a Valid or NotFound route exists for a subsuming less specific prefix.= From nobody Thu Mar 8 06:08:41 2018 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1FFA6126B7E for ; Thu, 8 Mar 2018 06:08:39 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.669 X-Spam-Level: X-Spam-Status: No, score=-1.669 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, UNPARSEABLE_RELAY=0.001] autolearn=no autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7AG0hAoeDvhD for ; Thu, 8 Mar 2018 06:08:37 -0800 (PST) Received: from mail-wm0-f45.google.com (mail-wm0-f45.google.com [74.125.82.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 94891126CD6 for ; Thu, 8 Mar 2018 06:08:37 -0800 (PST) Received: by mail-wm0-f45.google.com with SMTP id 139so11318065wmn.2 for ; Thu, 08 Mar 2018 06:08:37 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=5PcwjXqqsHPc1MbIH3bWx/lX1T53UJJNFlO5b7Xk38c=; b=tgg12ooXhe2cd3iVzD4Rf4y/ck0+oVm5J9KgBpEvn2938bP9NjkQR+kR/Up7nUeQpS wh3NRE51twKtOe+S0bxs2Yy6ukxuGXcP1g5tLuQBY1rdy8JEiWXWRKiT6UiAWfpkeiNg Vr9LVqgJxt/pxWSM1/7/WSCDbniCiAcp+4qnzQoTYqdn1wtm0y+lYSE2CYhBSzmi+1+X 9X4hGoIo5ISW+HOpRnUs93g7LSAbFj3mMfAIes2YwGw9S9Xm8gv5W2/6+hOTRPUyT7ZX +tVHsBpVrYymjwk97/qZnQjcBj8OtimZo28LbX6j4CvNtwedVD6IOwexy1WDJjDKZnd/ +wIg== X-Gm-Message-State: APf1xPD9xrZsP/+R6kJk/wTQFRX/ksL0Ur2n20SFrd3iG7Gl8yOKt1rp RU1PQTMqeuXXK1tQyc2wjGbzXw== X-Google-Smtp-Source: AG47ELtmYOG/mgGwmmwVEpPF6CA8wTnaFAlD1LhvwqrPs49MdULbrTHpaWDViZVqby2HWrJLCnYfKA== X-Received: by 10.80.135.170 with SMTP id a39mr32628343eda.82.1520518115768; Thu, 08 Mar 2018 06:08:35 -0800 (PST) Received: from vurt.meerval.net ([89.200.37.109]) by smtp.gmail.com with ESMTPSA id 26sm20039104eds.26.2018.03.08.06.08.34 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Thu, 08 Mar 2018 06:08:35 -0800 (PST) Received: from localhost (vurt.meerval.net [local]) by vurt.meerval.net (OpenSMTPD) with ESMTPA id 72dc3392; Thu, 8 Mar 2018 14:08:32 +0000 (UTC) Date: Thu, 8 Mar 2018 14:08:32 +0000 From: Job Snijders To: "Sriram, Kotikalapudi (Fed)" , ytti@ntt.net Cc: "sidrops@ietf.org" , "sidrops-chairs@ietf.org" Message-ID: <20180308140832.GL67566@vurt.meerval.net> References: <152029076512.12908.14537578849320525718.idtracker@ietfa.amsl.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Clacks-Overhead: GNU Terry Pratchett User-Agent: Mutt/1.9.3 (2018-01-21) Archived-At: Subject: Re: [Sidrops] New Version Notification for draft-sriram-sidrops-drop-invalid-policy-00.txt X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Mar 2018 14:08:39 -0000 On Tue, Mar 06, 2018 at 04:34:17PM +0000, Sriram, Kotikalapudi (Fed) wrote: > We have requested the chairs for time on the SIDROPS meeting agenda to discuss this work: > > https://tools.ietf.org/html/draft-sriram-sidrops-drop-invalid-policy-00 > > The authors would appreciate comments/discussion on the list as well. Dear Sriram, I like the general idea, it would be interesting to see this standardized in a more formal form. We think the algorithm in section 3 needs some rework. What if the implementer creates three RIBs: Loc-RIB-Validation-State-Valid Loc-RIB-Validation-State-Unknown Loc-RIB-Validation-State-Invalid A composite Loc-RIB is then created by walking the RIBs in the above order. I don't any role for LOCAL_PREF in this context. Kind regards, Job From nobody Thu Mar 8 06:25:47 2018 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 62055126DFB; Thu, 8 Mar 2018 06:25:45 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.91 X-Spam-Level: X-Spam-Status: No, score=-6.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WnPQ9tmxN8ZE; Thu, 8 Mar 2018 06:25:43 -0800 (PST) Received: from mahimahi.ripe.net (mahimahi.ripe.net [IPv6:2001:67c:2e8:11::c100:1372]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BC919120713; Thu, 8 Mar 2018 06:25:43 -0800 (PST) Received: from titi.ripe.net ([193.0.23.11]) by mahimahi.ripe.net with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1etwUG-0001gw-Jz; Thu, 08 Mar 2018 15:25:42 +0100 Received: from sslvpn.ripe.net ([193.0.20.230] helo=vpn-125.ripe.net) by titi.ripe.net with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.89) (envelope-from ) id 1etwUG-0003LN-EL; Thu, 08 Mar 2018 15:25:40 +0100 Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\)) From: Tim Bruijnzeels In-Reply-To: Date: Thu, 8 Mar 2018 15:25:36 +0100 Cc: "sidrops@ietf.org" , "sidrops-chairs@ietf.org" Content-Transfer-Encoding: quoted-printable Message-Id: <074D75CB-7D34-4838-BEAA-88AE5E044F6C@ripe.net> References: <152029076512.12908.14537578849320525718.idtracker@ietfa.amsl.com> To: "Sriram, Kotikalapudi (Fed)" X-Mailer: Apple Mail (2.3445.5.20) X-ACL-Warn: Delaying message X-RIPE-Spam-Level: ------- X-RIPE-Spam-Report: Spam Total Points: -7.5 points pts rule name description ---- ---------------------- ------------------------------------ -7.5 ALL_TRUSTED Passed through trusted hosts only via SMTP -0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay domain X-RIPE-Signature: 784d7acfe6559f2a0b602ec6519a071999ed0a36be1bbcb0d8481cd79a9c2c00 Archived-At: Subject: Re: [Sidrops] New Version Notification for draft-sriram-sidrops-drop-invalid-policy-00.txt X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Mar 2018 14:25:45 -0000 Hi Sriram, I think this addresses a concern that blocks uptake for transit networks = in particular. So I am happy to see discussion on this, and hope that = actual operators will speak to this. Hey Job, glad you did :) One remark on the content.. would it make sense to have a different = treatment in case an AS0 ROA is issued? I.e. in case an announcement is = invalid due to AS0 and there is no valid announcement (there can=E2=80=99t= be) - still drop it? Tim =20 > On 6 Mar 2018, at 17:34, Sriram, Kotikalapudi (Fed) = wrote: >=20 > We have requested the chairs for time on the SIDROPS meeting agenda to = discuss this work: >=20 > = https://tools.ietf.org/html/draft-sriram-sidrops-drop-invalid-policy-00=20= >=20 > The authors would appreciate comments/discussion on the list as well. >=20 > Sriram=20 > ________________________________________ > From: internet-drafts@ietf.org > Sent: Monday, March 5, 2018 5:59 PM > To: Sriram, Kotikalapudi (Fed); Montgomery, Douglas (Fed); Borchert, = Oliver (Fed) > Subject: New Version Notification for = draft-sriram-sidrops-drop-invalid-policy-00.txt >=20 > A new version of I-D, draft-sriram-sidrops-drop-invalid-policy-00.txt > has been successfully submitted by Kotikalapudi Sriram and posted to = the > IETF repository. >=20 > Name: draft-sriram-sidrops-drop-invalid-policy > Revision: 00 > Title: Origin Validation Policy Considerations for Dropping = Invalid Routes > Document date: 2018-03-05 > Group: Individual Submission > Pages: 6 >=20 > = https://tools.ietf.org/html/draft-sriram-sidrops-drop-invalid-policy-00=20= >=20 > Abstract: > During incremental deployment of RPKI and Route Origin = Authorizations > (and possibly under some transient conditions), network operators > would wish to have a meaningful policy for dropping Invalid routes. > Their goal is to balance (A) dropping Invalid routes so hijacked > routes can be eliminated, versus (B) tolerance for missing or > erroneously created ROAs for customer prefixes. This document > considers a Drop Invalid if Still Routable (DISR) policy that is > based on these considerations. The key principle of DISR policy is > that an Invalid route can be dropped if a Valid or NotFound route > exists for a subsuming less specific prefix. > _______________________________________________ > Sidrops mailing list > Sidrops@ietf.org > https://www.ietf.org/mailman/listinfo/sidrops >=20 From nobody Thu Mar 8 20:12:53 2018 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 78928120227; Thu, 8 Mar 2018 20:12:52 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.901 X-Spam-Level: X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nistgov.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sZZn-I1-pnSz; Thu, 8 Mar 2018 20:12:50 -0800 (PST) Received: from gcc01-dm2-obe.outbound.protection.outlook.com (mail-dm2gcc01on0119.outbound.protection.outlook.com [23.103.201.119]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 16E91126BFD; Thu, 8 Mar 2018 20:12:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nistgov.onmicrosoft.com; s=selector1-nist-gov; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=E1VJwNc97PrW5cIjU9TaG6bY7pUaTKRsB3OdVD/r3+8=; b=w5//afy9IbyrLA3PdYk21X4PGUAi+6fac+Wj+I9o9qnFEQ6LYvak/VFJNVsNSq3lu2OviUkBke4F37/McBPpJmfFO9P79phIGVc1vxg7T/QIMRfHyioWIFc6PlF0ZI468j/0Q92RfMymnubeeyjazR0ANN2WUdS64oWiNC5dzwg= Received: from BYAPR09MB2773.namprd09.prod.outlook.com (52.135.224.26) by MWHPR09MB2141.namprd09.prod.outlook.com (10.173.100.15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.567.14; Fri, 9 Mar 2018 04:12:48 +0000 Received: from BYAPR09MB2773.namprd09.prod.outlook.com ([fe80::d015:9eb2:757:ba95]) by BYAPR09MB2773.namprd09.prod.outlook.com ([fe80::d015:9eb2:757:ba95%13]) with mapi id 15.20.0548.018; Fri, 9 Mar 2018 04:12:47 +0000 From: "Sriram, Kotikalapudi (Fed)" To: Job Snijders , "ytti@ntt.net" CC: "sidrops@ietf.org" , "sidrops-chairs@ietf.org" Thread-Topic: [Sidrops] New Version Notification for draft-sriram-sidrops-drop-invalid-policy-00.txt Thread-Index: AQHTtNWhXGiptyuPFE2FzpnwC7YBGqPDZQDegAL/NgCAAOKqWA== Date: Fri, 9 Mar 2018 04:12:47 +0000 Message-ID: References: <152029076512.12908.14537578849320525718.idtracker@ietfa.amsl.com> , <20180308140832.GL67566@vurt.meerval.net> In-Reply-To: <20180308140832.GL67566@vurt.meerval.net> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [129.6.222.113] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; MWHPR09MB2141; 6:NvI8qQyCB6KW8PMdYoS4Ey+ajggnCnNuxzfEyXNW6q0/YskqM1HCsGsnrB+A7CNqoHBWEuu2pnlyu1+GINF0XJrkYrO3ABwG4Ti2/Tk3K4lpfIiBMKNVkG3k9uNmSPqzpm87yRK0AWqkFHHcKv3rEc22uaQjp4wcE+iJDo+X/2bOoEn6dvwfs5kiEbsK07cKMVpKMK0pBLKHDSyrTMGvQOsDZgfJ+koChXsXUx2ct0LGIbxKP9cIx1BTAD9IaECGf3O33mH+zKheC48RFWCLFuQ+QNkezaGYa0wZT1vOhRwm3MPDHASUYqHzcK595eulFXRBE4MRo+cdDY/PbWmTWEVZbAJQhSKvUlEG1Ks8HWsJXBFaOAkG41KfthxpYwqz; 5:EAGyrvRU6mlOQYTDsAqrUVJRpISuYPqFP5PWEmJaWASS7VqGLaaGK/jFv0oYDMgGDkmLWEcKEOfnxLXSBgbyksNMTaCwjqAa8acdyFmTC2mqpggUQnoeGAxEmXvYVKaZTpxRoOgwXzkZxdIfPfpTwrFmHMf/I2wHOKUwePnqDMs=; 24:wqAztuswNTiKh0/LX4iZMA+ZhwuKbWOETmZcePZm770cZknp866I/fae60DUBQlAK9a02Z+ZBJl3jUgGpvMP7iFENd7lhp23N2csbXkCXMU=; 7:qHmEs9nIomxv4L/+c2LcBObpU54hvpTmGke4SbtVfESDhCWwYcl/TgUbutTtB8Gew4FFc7XM1eQ3i7ZLtzyeixql+BFuAYQLGkxumqMXunw+dZgTkxDM4Il4ePJUv+drHq61C/c7KcfDDVP+qUpDW7UqViqvlyY9ySukWqMUoBsarWeWyT7l+GQrqy4CWS6iTu8E3MOyazU0divJcNJ3rrDm/Oy1bGnsaCmZvOCNt6/4IIYRLijDG39V0hPF2v7i x-ms-exchange-antispam-srfa-diagnostics: SSOS; x-ms-office365-filtering-ht: Tenant x-ms-office365-filtering-correlation-id: 9d0588cc-790b-4205-de51-08d58574045f x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(5600026)(4604075)(3008032)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020); SRVR:MWHPR09MB2141; x-ms-traffictypediagnostic: MWHPR09MB2141: authentication-results: spf=none (sender IP is ) smtp.mailfrom=kotikalapudi.sriram@nist.gov; x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:; x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040522)(2401047)(8121501046)(5005006)(3002001)(3231220)(944501244)(52105095)(93006095)(93001095)(10201501046)(6055026)(6041310)(20161123558120)(20161123564045)(20161123560045)(20161123562045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(6072148)(201708071742011); SRVR:MWHPR09MB2141; BCL:0; PCL:0; RULEID:; SRVR:MWHPR09MB2141; x-forefront-prvs: 0606BBEB39 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(346002)(39860400002)(376002)(366004)(39380400002)(396003)(199004)(189003)(43544003)(2900100001)(4326008)(54906003)(2950100002)(25786009)(102836004)(186003)(3846002)(8676002)(2906002)(110136005)(59450400001)(6116002)(26005)(81166006)(8936002)(81156014)(97736004)(3660700001)(66066001)(229853002)(76176011)(105586002)(68736007)(86362001)(7696005)(6436002)(5660300001)(74316002)(6246003)(33656002)(99286004)(5250100002)(106356001)(2501003)(413944005)(316002)(7736002)(9686003)(6506007)(53936002)(14454004)(55016002)(3280700002)(478600001)(305945005); DIR:OUT; SFP:1102; SCL:1; SRVR:MWHPR09MB2141; H:BYAPR09MB2773.namprd09.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts) x-microsoft-antispam-message-info: MlP68G8q2aVnaCs19HVN9uZEHxJMta6n6MY7HkQT4o2gd5jfNkYZ0sJ9AvhEcQ4KkRq5iv9wGXdZ3pCVsntowKFI835RTZfKSq7QsO3L3wMOLzSNSIdbui+UW9LVIogvGHt+4b2sAygIy3+2Rz3c92PBiunqV+vZtjwsbtrU3hdjzJW+8s5wW4KDC13OQtVVSNRhJzM6TKABXonTONwbaRHWHSpdziUJRKOT2axD9AtYZo3BgmQrU+JEjCD3sQatt027k7v/3uqQ5fGuL/Uc3PUemTLoqjTpvREA+Il4lEfVwHXWVBD/7LbZewYz6xKFT+S6nWFCOcH4+pRmC/C3Hg== spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: nist.gov X-MS-Exchange-CrossTenant-Network-Message-Id: 9d0588cc-790b-4205-de51-08d58574045f X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Mar 2018 04:12:47.6697 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR09MB2141 Archived-At: Subject: Re: [Sidrops] New Version Notification for draft-sriram-sidrops-drop-invalid-policy-00.txt X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Mar 2018 04:12:52 -0000 Job: Appreciate the comments. Agree with you. Please see my specific responses i= nline below. >Dear Sriram, > >I like the general idea, it would be interesting to see this >standardized in a more formal form.=20 Sounds great. >We think the algorithm in section 3 needs some rework. Agree. > >What if the implementer creates three RIBs: > > Loc-RIB-Validation-State-Valid > Loc-RIB-Validation-State-Unknown > Loc-RIB-Validation-State-Invalid > >A composite Loc-RIB is then created by walking the RIBs in the above >order. Seems to make sense. Welcome the help very much. I'll email you my slides t= omorrow.=20 Please feel free to insert a slide or two on the algorithm that you and Sak= u would like to suggest and also make any other changes you feel appropriate. We can together try and get this in good shape for the discussion in SIDROP= S. > >I don't any role for LOCAL_PREF in this context. I think I might have gotten carried away in plugging in LOCAL_PREF. We discussed this at NIST today. Doug and Oliver also agree with your obser= vation. We agree that the algorithm does not need to involve LOCAL_PREF. I would assume that the algorithm/flowchart that you and Saku come up with would take care of that. Look forward to it. Thanks again. Sriram >Kind regards, > >Job From nobody Thu Mar 8 21:41:16 2018 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 183871242EA; Thu, 8 Mar 2018 21:41:14 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.901 X-Spam-Level: X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nistgov.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2N2ZabEDIKan; Thu, 8 Mar 2018 21:41:12 -0800 (PST) Received: from gcc01-dm2-obe.outbound.protection.outlook.com (mail-dm2gcc01on0102.outbound.protection.outlook.com [23.103.201.102]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DE6181271FD; Thu, 8 Mar 2018 21:41:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nistgov.onmicrosoft.com; s=selector1-nist-gov; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=uVegPkaVgjEf+0+SXIsmw5ytmqcDQi4E5dZxaSdCHCo=; b=FLSuWgNfFdMroy4MSymhftN2nRWWivf4grXw+8XOMkWDvBmopu4MNcZROGkAZ4SoAtwebxNyhF6L7kyCIDzY9J21b6ymajnzX8+hjSxkB8c/8DRlCR06UGlaXi4S1eRCPGf54QQWYH0MwaLsHMq1OFbcgijIvsF57DR0W3xewec= Received: from BYAPR09MB2773.namprd09.prod.outlook.com (52.135.224.26) by BYAPR09MB2776.namprd09.prod.outlook.com (52.135.224.29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.548.13; Fri, 9 Mar 2018 05:41:08 +0000 Received: from BYAPR09MB2773.namprd09.prod.outlook.com ([fe80::d015:9eb2:757:ba95]) by BYAPR09MB2773.namprd09.prod.outlook.com ([fe80::d015:9eb2:757:ba95%13]) with mapi id 15.20.0548.018; Fri, 9 Mar 2018 05:41:08 +0000 From: "Sriram, Kotikalapudi (Fed)" To: Tim Bruijnzeels CC: "sidrops@ietf.org" , "sidrops-chairs@ietf.org" Thread-Topic: [Sidrops] New Version Notification for draft-sriram-sidrops-drop-invalid-policy-00.txt Thread-Index: AQHTtNWhXGiptyuPFE2FzpnwC7YBGqPDZQDegAMD+gCAAOeM1A== Date: Fri, 9 Mar 2018 05:41:08 +0000 Message-ID: References: <152029076512.12908.14537578849320525718.idtracker@ietfa.amsl.com> , <074D75CB-7D34-4838-BEAA-88AE5E044F6C@ripe.net> In-Reply-To: <074D75CB-7D34-4838-BEAA-88AE5E044F6C@ripe.net> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=kotikalapudi.sriram@nist.gov; x-originating-ip: [129.6.222.113] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; BYAPR09MB2776; 7:zCt7NQlm0+zYcuOEhuK3VwSxZ89+Am90l35lUvt0i15yP1IHPNo1f2yUUw4EKKR8UgNYWGdoDYXba7CJ/mhz/UE1DhwV2fyURROLe9m2KBVvLQ+qOkzb34KatQLWhZlw41Zp2gc+uKt9J+g2GsczBUHS51GyQd2ADmHcZysBQNB4zKRyNmhmTEOLodtWFxzWxNb8+14Ks4f3xTetu6eQTMbmdRkwZH3T+/AMvKSmcpD2k894/3KBiWJCufmnlIbd x-ms-exchange-antispam-srfa-diagnostics: SSOS; x-ms-office365-filtering-ht: Tenant x-ms-office365-filtering-correlation-id: 82e94052-f1f4-4dde-650f-08d585805bc3 x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(5600026)(4604075)(3008032)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020); SRVR:BYAPR09MB2776; x-ms-traffictypediagnostic: BYAPR09MB2776: x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(232451576963924)(155532106045638); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040522)(2401047)(8121501046)(5005006)(3002001)(10201501046)(93006095)(93001095)(3231220)(944501244)(52105095)(6055026)(6041310)(20161123558120)(20161123562045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(20161123564045)(6072148)(201708071742011); SRVR:BYAPR09MB2776; BCL:0; PCL:0; RULEID:; SRVR:BYAPR09MB2776; x-forefront-prvs: 0606BBEB39 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39380400002)(396003)(376002)(39860400002)(366004)(346002)(199004)(189003)(14454004)(6246003)(99286004)(86362001)(97736004)(2906002)(106356001)(4326008)(5660300001)(76176011)(316002)(7696005)(478600001)(53936002)(9686003)(105586002)(55016002)(6436002)(54906003)(3846002)(6116002)(6916009)(68736007)(2950100002)(25786009)(74316002)(66066001)(2900100001)(186003)(5250100002)(26005)(8936002)(15650500001)(305945005)(7736002)(3280700002)(81156014)(102836004)(33656002)(81166006)(8676002)(229853002)(59450400001)(6506007)(3660700001); DIR:OUT; SFP:1102; SCL:1; SRVR:BYAPR09MB2776; H:BYAPR09MB2773.namprd09.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts) x-microsoft-antispam-message-info: BLfx5rb9zR6JE+P9xHlO1CyaEjSEXjj/W4uAzoFMzWaysi/jppvWM7gxP8umOtmOAdS1TGnVp0udqs9kfw+4rdD6QIA3Kg8U/tCAVst6dbKNxsvAA3jETkyygaNkVVzzOTy6paIdaOhwgIyDFa125tBU2fJ8EW1wPv1KLJL2tIximEKdMATQS+YAbozQaWpcFk/asmP3jaa18MyAQ07ijzue7yquHkmt9CrMh0xIdam181pp3iII+khN5px4WeM8cLTKgypAvUFr9YF0xOryj6aV+SYtvwtcoLBkW6QnWPSEjRSZaS5R1HtrdZUbiXSsB4mNF/mXV5jFsG4tbmGsSQ== spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: nist.gov X-MS-Exchange-CrossTenant-Network-Message-Id: 82e94052-f1f4-4dde-650f-08d585805bc3 X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Mar 2018 05:41:08.3383 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR09MB2776 Archived-At: Subject: Re: [Sidrops] New Version Notification for draft-sriram-sidrops-drop-invalid-policy-00.txt X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Mar 2018 05:41:14 -0000 Hi Tim: Hi Sriram, > >I think this addresses a concern that blocks uptake for transit networks i= n particular. So I am happy to see discussion on this, and hope that actual= operators will speak to this. Hey Job, glad you did :) > >One remark on the content.. would it make sense to have a different treatm= ent in case an AS0 ROA is issued? I.e. in case an announcement is invalid d= ue to AS0 and there is no valid announcement (there can=92t be) - still dro= p it? This is a good question. It came up also in discussions at NIST. Let me try asking you to share your understanding of the difference=20 between an AS 0 ROA versus a regular ROA for the same prefix.=20 Say: 10.1.0.0/16 is owned by Org. X. Org. X creates a ROA. Consider two cas= es: Case 1: ROA: {10.1.0.0/16, AS 0} vs. Case 2: ROA: {10.1.0.0/16, AS 111} Questions: 1. Do you agree that in each case there can be suballocations,=20 e.g., 10.1.0.0/20 is suballocated to Org. Y? 2. Do you agree that in each case Org. Y is at liberty to originate an upda= te, e.g., Update: 10.1.0.0/20 AS 222 ? =20 3. Let us say that in each case, Org. Y did not create any ROA that would v= alidate Update: 10.1.0.0/20 AS 222. This happened for whatever reason. As a result, this Update is Invalid in b= oth Cases 1 and 2. There are no other routes announced for 10.1.0.0/20.=20 What is fundamentally different about Case 1 that the Update 10.1.0.0/20 AS= 222=20 should be dropped and Org. Y is punished with unreachability, while in Case= 2 Org. Y is not punished but instead the Update is installed in FIB to avoid unreachability? Org. Y is a legitimate owner 10.1.0.0/20 in both cases.=20 If so, why should it get the benefit of doubt in Case 2 but not in Case 1? = =20 As you can see, I am struggling to see what is canonically or fundamentally= different about the AS 0 ROA? Any insight you can provide would be great. (BTW, I have refreshed myself on RFCs 6483 and 6491 before asking these que= stions.) Sriram =20 =20 > >Tim > From nobody Fri Mar 9 06:23:31 2018 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BB75512DA1C; Fri, 9 Mar 2018 06:23:29 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nistgov.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VTGAThOVJgZK; Fri, 9 Mar 2018 06:23:27 -0800 (PST) Received: from gcc01-dm2-obe.outbound.protection.outlook.com (mail-dm2gcc01on0118.outbound.protection.outlook.com [23.103.201.118]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B7B0C12D868; Fri, 9 Mar 2018 06:23:27 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nistgov.onmicrosoft.com; s=selector1-nist-gov; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=Ggc6e1I4qSMtIBGQ+PmgYRklhGthOg0EuITwBJCCGXo=; b=f4KQikXUmzG6uPL2JUkda1RPyZKGgf8bLoaN0Pl+1GKcEq310TDfbNWMLNYkkbQVs481d8jcq2doPtGoCMOvXkmNsAEZmAM2idongVqPyG5o+Uio2mhBNZ408V304mXc6oEnP8Jp6EmxTBH/5l8sNjo+PnLFxZV3FpwbjCAlb+4= Received: from DM5PR0901MB2504.namprd09.prod.outlook.com (52.132.128.29) by DM5PR0901MB2502.namprd09.prod.outlook.com (52.132.128.27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.548.13; Fri, 9 Mar 2018 14:23:26 +0000 Received: from DM5PR0901MB2504.namprd09.prod.outlook.com ([fe80::e90a:b560:7cee:b834]) by DM5PR0901MB2504.namprd09.prod.outlook.com ([fe80::e90a:b560:7cee:b834%13]) with mapi id 15.20.0548.018; Fri, 9 Mar 2018 14:23:25 +0000 From: "Montgomery, Douglas (Fed)" To: "Sriram, Kotikalapudi (Fed)" , "Tim Bruijnzeels" CC: "sidrops@ietf.org" , "sidrops-chairs@ietf.org" Thread-Topic: [Sidrops] New Version Notification for draft-sriram-sidrops-drop-invalid-policy-00.txt Thread-Index: AQHTtNWhMX8Ii2x000qaqhw9uIvabqPDaEWAgAMAtQCAAP/MAIAAPhaA Date: Fri, 9 Mar 2018 14:23:25 +0000 Message-ID: <70613650-C8D6-43D9-8643-5694B77BADA9@nist.gov> References: <152029076512.12908.14537578849320525718.idtracker@ietfa.amsl.com> <074D75CB-7D34-4838-BEAA-88AE5E044F6C@ripe.net> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/10.a.0.180210 authentication-results: spf=none (sender IP is ) smtp.mailfrom=dougm@nist.gov; x-originating-ip: [96.241.62.151] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; DM5PR0901MB2502; 7:V+l+HDPj/DphlcLp5jkiO0BvG97tCo+Knb3vsPa+nXFgTLY/120NR9y3WJegA+vIO1jGCvtLYLWFeY1i0mJONM/Ar8e8+0yxzOnF/Fv1W1LvYQvff8fAaZc7b8AofixPtkFxKk/XnNtpaCPtkBTSqfg5Rod76kMTwv3WLmoInPSM6R5OM0lhdc06LPQX5uO48d8WdiFILw9L7M6tfEFK2HnZt3S+iJjbtvvYpLXAjQV+tGx/1P1mib4Q0L9AXYw9 x-ms-exchange-antispam-srfa-diagnostics: SSOS;SSOR; x-forefront-antispam-report: SFV:SKI; SCL:-1; SFV:NSPM; SFS:(10019020)(376002)(396003)(366004)(39380400002)(39860400002)(346002)(189003)(199004)(305945005)(3846002)(54906003)(99286004)(110136005)(7736002)(14454004)(6116002)(68736007)(76176011)(2950100002)(478600001)(6246003)(82746002)(15650500001)(36756003)(229853002)(3660700001)(106356001)(83716003)(3280700002)(33656002)(6506007)(66066001)(2906002)(58126008)(102836004)(26005)(59450400001)(5250100002)(93886005)(316002)(86362001)(2900100001)(4326008)(6512007)(5660300001)(53936002)(105586002)(97736004)(8936002)(81156014)(25786009)(6486002)(6436002)(81166006)(8676002); DIR:OUT; SFP:1102; SCL:1; SRVR:DM5PR0901MB2502; H:DM5PR0901MB2504.namprd09.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; x-ms-office365-filtering-ht: Tenant x-ms-office365-filtering-correlation-id: 8dee7868-1a82-4cae-4446-08d585c95235 x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(5600026)(4604075)(3008032)(2017052603328)(7153060)(7193020); SRVR:DM5PR0901MB2502; x-ms-traffictypediagnostic: DM5PR0901MB2502: x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(65766998875637)(232451576963924)(100405760836317)(155532106045638); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040522)(2401047)(5005006)(8121501046)(3231220)(944501244)(52105095)(93006095)(93001095)(3002001)(10201501046)(6055026)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123562045)(20161123560045)(20161123564045)(20161123558120)(6072148)(201708071742011); SRVR:DM5PR0901MB2502; BCL:0; PCL:0; RULEID:; SRVR:DM5PR0901MB2502; x-forefront-prvs: 0606BBEB39 received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts) x-microsoft-antispam-message-info: p6tJWJ+x5eXTKiQVm6Dqfi5YkWL9P+FACVuUH2pTIwfogZOwU2fuFKIGwENxMzsiUj6SUavikJ45nr/k/dHRKAhiKBfrF3Qm64SIh6EWR2K2bpjkCWbNlxzArSi6M7/pC2azLRU0Td/OFcxYndPlYSC1sq2/Cgksi1Xqgv3Eozrqdrr8Z/GzGGnFW53Kb7OSGVbkPOLR9rK6AwX6Zma9sf5fiSPdI+PLryghsbj8MnYP14DqEYXczN7Jtms9HmfEWAIkkrewsCYdvMbHeNun6weYwu070geD05S9K0TVe5cdbxhKEJ7LrQjyUKwRodb/csP7e6Jt/j2da93N6fdttw== spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="utf-8" Content-ID: <67CA188B19FB6A49BB033E05B7C81D8E@namprd09.prod.outlook.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-OriginatorOrg: nist.gov X-MS-Exchange-CrossTenant-Network-Message-Id: 8dee7868-1a82-4cae-4446-08d585c95235 X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Mar 2018 14:23:25.5686 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR0901MB2502 Archived-At: Subject: Re: [Sidrops] New Version Notification for draft-sriram-sidrops-drop-invalid-policy-00.txt X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Mar 2018 14:23:30 -0000 TWF5YmUgYW5vdGhlciB3YXkgdG8gcGhyYXNlIHRoaXMgaXMsIGFzIGZhciBhcyB3ZSBjYW4gdGVs bCAoc2VjIDQsIFJGQzY0ODMpIHRoZSBkb2N1bWVudGVkIHVzZSBvZiBBUzAgaXMgYSB1c2FnZSBj b252ZW50aW9uIGF0IGJlc3QsIGkuZS4gZG9lcyBub3QgaGF2ZSBhbnkgc3BlY2lmaWMgbm9ybWF0 aXZlIHJlcXVpcmVtZW50cywgYmV5b25kIG5vcm1hbCBST0EgLyB2YWxpZGF0aW9uIHByb2NlZHVy ZXMuDQoNClRodXMgYSByb3V0ZSBvcmlnaW5hdGlvbiB0aGF0IGlzIElOVkFMSUQgYW5kIGhhcyBh biBBUyAwIFJPQSBpbiBpdHMgc2V0IG9mIGNvdmVyaW5nIFJPQXMsIG1heSB3ZWxsIGhhdmUgb3Ro ZXIgY292ZXJpbmcgUk9BcyB0aGF0IGFyZSBtb3JlIHNwZWNpZmljLCBsZXNzIHNwZWNpZmljLCBh bmQvb3IgdGhlIHNhbWUgbGVuZ3RoIG9mIHRoZSBwcmVmaXggaW4gdGhlIEFTIDAgUk9BLg0KDQpX aGlsZSB3ZSBhZ3JlZSB0aGF0IGFuIEFTIDAgUk9BIGlzIHRob3VnaHQgdG8gaGF2ZSBhbiBleHBs aWNpdCBhbmQgZGlmZmVyZW50IGludGVudCB0aGFuIHR5cGljYWwgUk9BIHVzZXMsIGlmIHdlIGFy ZSB0byBjb25zaWRlciBhY3R1YWxseSB0cmVhdGluZyBpdCBhcyBhIHNwZWNpYWwgY2FzZSBpbiB0 aGUgRElTUiBhbGdvcml0aG0sIHdlIHdvdWxkIGhhdmUgdG8gZGlzY3VzcyB0aGUgdmFyaWV0eSBv ZiBzaXR1YXRpb25zIGluIHdoaWNoIHRoZXkgbWlnaHQgYXBwZWFyLg0KDQpBZnRlciBhIDIgaG91 ciBpbnRlcm5hbCBkaXNjdXNzaW9uIG9mIHRoaXMgeWVzdGVyZGF5LCB3ZSBkaWQgbm90IGNvbWUg dG8gYSBjb25zZW5zdXMgYXMgdG8gaG93IHRvIGFwcHJvYWNoIHRoaXMgKmlmKiBvbmUgd2FudGVk IHRvIHNwZWNpYWwgY2FzZSB0aGlzIHNjZW5hcmlvLg0KDQpTb21lIG9wdGlvbnMgd2UgZGlzY3Vz c2VkIGluY2x1ZGUsIHRyZWF0IEFTIDAgYXMgYSBESVNSIHNwZWNpYWwgY2FzZSBpZjoNCg0KMS4g QVMgMCBpcyB0aGUgb25seSBjb3ZlcmluZyBST0EgZm9yIHRoZSByb3V0ZQ0KMi4gQVMgMCBpcyB0 aGUgbW9zdCBzcGVjaWZpYyBjb3ZlcmluZyBST0EgZm9yIHRoZSByb3V0ZQ0KMy4gQVMgMCBST0Eg ZXhpc3RzIGluIHRoZSBzZXQgb2YgY292ZXJpbmcgUk9Bcw0KDQpBcmd1bWVudHMgY291bGQgYmUg bWFkZSBmb3IgZWFjaCwgYnV0IGFueSBhZ3JlZW1lbnQgdG8gc3BlY2lhbCBjYXNlIEFTIDAgbmVl ZHMgdG8gY29uc2lkZXIgdGhlIHZhcmlldHkgb2YgcG90ZW50aWFsIHVzYWdlIHBhdHRlcm5zLg0K DQpkb3VnbQ0KLS0NCkRvdWcgTW9udGdvbWVyeSwgTWFuYWdlciBJbnRlcm5ldCAgJiBTY2FsYWJs ZSBTeXN0ZW1zIFJlc2VhcmNoIEAgTklTVA0KIA0KDQrvu79PbiAzLzkvMTgsIDEyOjQxIEFNLCAi U3JpcmFtLCBLb3Rpa2FsYXB1ZGkgKEZlZCkiIDxrb3Rpa2FsYXB1ZGkuc3JpcmFtQG5pc3QuZ292 PiB3cm90ZToNCg0KICAgIEhpIFRpbToNCiAgICANCiAgICBIaSBTcmlyYW0sDQogICAgPg0KICAg ID5JIHRoaW5rIHRoaXMgYWRkcmVzc2VzIGEgY29uY2VybiB0aGF0IGJsb2NrcyB1cHRha2UgZm9y IHRyYW5zaXQgbmV0d29ya3MgaW4gcGFydGljdWxhci4gU28gSSBhbSBoYXBweSB0byBzZWUgZGlz Y3Vzc2lvbiBvbiB0aGlzLCBhbmQgaG9wZSB0aGF0IGFjdHVhbCBvcGVyYXRvcnMgd2lsbCBzcGVh ayB0byB0aGlzLiBIZXkgSm9iLCBnbGFkIHlvdSBkaWQgOikNCiAgICANCiAgICA+DQogICAgPk9u ZSByZW1hcmsgb24gdGhlIGNvbnRlbnQuLiB3b3VsZCBpdCBtYWtlIHNlbnNlIHRvIGhhdmUgYSBk aWZmZXJlbnQgdHJlYXRtZW50IGluIGNhc2UgYW4gQVMwIFJPQSBpcyBpc3N1ZWQ/IEkuZS4gaW4g Y2FzZSBhbiBhbm5vdW5jZW1lbnQgaXMgaW52YWxpZCBkdWUgdG8gQVMwIGFuZCB0aGVyZSBpcyBu byB2YWxpZCBhbm5vdW5jZW1lbnQgKHRoZXJlIGNhbuKAmXQgYmUpIC0gc3RpbGwgZHJvcCBpdD8N CiAgICANCiAgICBUaGlzIGlzIGEgZ29vZCBxdWVzdGlvbi4gSXQgY2FtZSB1cCBhbHNvIGluIGRp c2N1c3Npb25zIGF0IE5JU1QuDQogICAgTGV0IG1lIHRyeSBhc2tpbmcgeW91IHRvIHNoYXJlIHlv dXIgdW5kZXJzdGFuZGluZyBvZiB0aGUgZGlmZmVyZW5jZSANCiAgICBiZXR3ZWVuIGFuIEFTIDAg Uk9BIHZlcnN1cyBhIHJlZ3VsYXIgUk9BIGZvciB0aGUgc2FtZSBwcmVmaXguIA0KICAgIA0KICAg IFNheTogMTAuMS4wLjAvMTYgaXMgb3duZWQgYnkgT3JnLiBYLiBPcmcuIFggY3JlYXRlcyBhIFJP QS4gQ29uc2lkZXIgdHdvIGNhc2VzOg0KICAgIENhc2UgMTogUk9BOiB7MTAuMS4wLjAvMTYsIEFT IDB9ICAgdnMuICAgQ2FzZSAyOiBST0E6IHsxMC4xLjAuMC8xNiwgQVMgMTExfQ0KICAgIA0KICAg IFF1ZXN0aW9uczoNCiAgICANCiAgICAxLiBEbyB5b3UgYWdyZWUgdGhhdCBpbiBlYWNoIGNhc2Ug dGhlcmUgY2FuIGJlIHN1YmFsbG9jYXRpb25zLCANCiAgICBlLmcuLCAxMC4xLjAuMC8yMCBpcyBz dWJhbGxvY2F0ZWQgdG8gT3JnLiBZPw0KICAgIA0KICAgIDIuIERvIHlvdSBhZ3JlZSB0aGF0IGlu IGVhY2ggY2FzZSBPcmcuIFkgaXMgYXQgbGliZXJ0eSB0byBvcmlnaW5hdGUgYW4gdXBkYXRlLCBl LmcuLCBVcGRhdGU6IDEwLjEuMC4wLzIwIEFTIDIyMiA/DQogICAgIA0KICAgIDMuIExldCB1cyBz YXkgdGhhdCBpbiBlYWNoIGNhc2UsIE9yZy4gWSBkaWQgbm90IGNyZWF0ZSBhbnkgUk9BIHRoYXQg d291bGQgdmFsaWRhdGUgVXBkYXRlOiAxMC4xLjAuMC8yMCBBUyAyMjIuDQogICAgVGhpcyBoYXBw ZW5lZCBmb3Igd2hhdGV2ZXIgcmVhc29uLiBBcyBhIHJlc3VsdCwgdGhpcyBVcGRhdGUgaXMgSW52 YWxpZCBpbiBib3RoIENhc2VzIDEgYW5kIDIuDQogICAgVGhlcmUgYXJlIG5vIG90aGVyIHJvdXRl cyBhbm5vdW5jZWQgZm9yIDEwLjEuMC4wLzIwLiANCiAgICBXaGF0IGlzIGZ1bmRhbWVudGFsbHkg ZGlmZmVyZW50IGFib3V0IENhc2UgMSB0aGF0IHRoZSBVcGRhdGUgMTAuMS4wLjAvMjAgQVMgMjIy IA0KICAgIHNob3VsZCBiZSBkcm9wcGVkIGFuZCBPcmcuIFkgaXMgcHVuaXNoZWQgd2l0aCB1bnJl YWNoYWJpbGl0eSwgd2hpbGUgaW4gQ2FzZSAyIE9yZy4gWSBpcyBub3QgcHVuaXNoZWQNCiAgICBi dXQgaW5zdGVhZCB0aGUgVXBkYXRlIGlzIGluc3RhbGxlZCBpbiBGSUIgdG8gYXZvaWQgdW5yZWFj aGFiaWxpdHk/DQogICAgT3JnLiBZIGlzIGEgbGVnaXRpbWF0ZSBvd25lciAxMC4xLjAuMC8yMCBp biBib3RoIGNhc2VzLiANCiAgICBJZiBzbywgd2h5IHNob3VsZCBpdCBnZXQgdGhlIGJlbmVmaXQg b2YgZG91YnQgaW4gQ2FzZSAyIGJ1dCBub3QgaW4gQ2FzZSAxPyAgDQogICAgDQogICAgQXMgeW91 IGNhbiBzZWUsIEkgYW0gc3RydWdnbGluZyB0byBzZWUgd2hhdCBpcyBjYW5vbmljYWxseSBvciBm dW5kYW1lbnRhbGx5IGRpZmZlcmVudCBhYm91dCB0aGUgQVMgMCBST0E/DQogICAgQW55IGluc2ln aHQgeW91IGNhbiBwcm92aWRlIHdvdWxkIGJlIGdyZWF0Lg0KICAgIA0KICAgIChCVFcsIEkgaGF2 ZSByZWZyZXNoZWQgbXlzZWxmIG9uIFJGQ3MgNjQ4MyBhbmQgNjQ5MSBiZWZvcmUgYXNraW5nIHRo ZXNlIHF1ZXN0aW9ucy4pDQogICAgDQogICAgU3JpcmFtICANCiAgICAgICANCiAgICA+DQogICAg PlRpbQ0KICAgID4NCiAgICANCg0K From nobody Fri Mar 9 06:27:37 2018 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 02D5E12D779; Fri, 9 Mar 2018 06:27:35 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.909 X-Spam-Level: X-Spam-Status: No, score=-6.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lEUULCUUhcRw; Fri, 9 Mar 2018 06:27:33 -0800 (PST) Received: from molamola.ripe.net (molamola.ripe.net [IPv6:2001:67c:2e8:11::c100:1371]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 46DFB12778E; Fri, 9 Mar 2018 06:27:33 -0800 (PST) Received: from nene.ripe.net ([193.0.23.10]) by molamola.ripe.net with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1euIza-0002EK-Lk; Fri, 09 Mar 2018 15:27:31 +0100 Received: from sslvpn.ripe.net ([193.0.20.230] helo=vpn-234.ripe.net) by nene.ripe.net with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.89) (envelope-from ) id 1euIza-0004gQ-IS; Fri, 09 Mar 2018 15:27:30 +0100 Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\)) From: Tim Bruijnzeels In-Reply-To: <70613650-C8D6-43D9-8643-5694B77BADA9@nist.gov> Date: Fri, 9 Mar 2018 15:27:23 +0100 Cc: "Sriram, Kotikalapudi (Fed)" , "sidrops-chairs@ietf.org" , "sidrops@ietf.org" Content-Transfer-Encoding: quoted-printable Message-Id: <7E7901F9-F3D4-409B-9A11-6C633B9CB33F@ripe.net> References: <152029076512.12908.14537578849320525718.idtracker@ietfa.amsl.com> <074D75CB-7D34-4838-BEAA-88AE5E044F6C@ripe.net> <70613650-C8D6-43D9-8643-5694B77BADA9@nist.gov> To: "Montgomery, Douglas (Fed)" X-Mailer: Apple Mail (2.3445.5.20) X-ACL-Warn: Delaying message X-RIPE-Spam-Level: ------- X-RIPE-Spam-Report: Spam Total Points: -7.5 points pts rule name description ---- ---------------------- ------------------------------------ -7.5 ALL_TRUSTED Passed through trusted hosts only via SMTP -0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay domain X-RIPE-Signature: 784d7acfe6559f2a0b602ec6519a07190995414c40d9e353e0e4b54c0a8f8c12 Archived-At: Subject: Re: [Sidrops] New Version Notification for draft-sriram-sidrops-drop-invalid-policy-00.txt X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Mar 2018 14:27:35 -0000 Hi, First off.. I don=E2=80=99t mean to complicate discussion too much with = an edge case. That said, the intent as I understand it of having an AS0 ROA *only* for = a prefix is to communicate that it should never be routed. The holder = does not intent to announce this space. They may have reserved, or use = it internally, but whatever the case they don=E2=80=99t want it in the = global BGP. Therefore it would make sense to me to drop the =E2=80=98if = still routable=E2=80=99 part for prefixes that covered by (a) AS0 ROA(s) = only. Tim > On 9 Mar 2018, at 15:23, Montgomery, Douglas (Fed) = wrote: >=20 > Maybe another way to phrase this is, as far as we can tell (sec 4, = RFC6483) the documented use of AS0 is a usage convention at best, i.e. = does not have any specific normative requirements, beyond normal ROA / = validation procedures. >=20 > Thus a route origination that is INVALID and has an AS 0 ROA in its = set of covering ROAs, may well have other covering ROAs that are more = specific, less specific, and/or the same length of the prefix in the AS = 0 ROA. >=20 > While we agree that an AS 0 ROA is thought to have an explicit and = different intent than typical ROA uses, if we are to consider actually = treating it as a special case in the DISR algorithm, we would have to = discuss the variety of situations in which they might appear. >=20 > After a 2 hour internal discussion of this yesterday, we did not come = to a consensus as to how to approach this *if* one wanted to special = case this scenario. >=20 > Some options we discussed include, treat AS 0 as a DISR special case = if: >=20 > 1. AS 0 is the only covering ROA for the route > 2. AS 0 is the most specific covering ROA for the route > 3. AS 0 ROA exists in the set of covering ROAs >=20 > Arguments could be made for each, but any agreement to special case AS = 0 needs to consider the variety of potential usage patterns. >=20 > dougm > -- > Doug Montgomery, Manager Internet & Scalable Systems Research @ NIST >=20 >=20 > =EF=BB=BFOn 3/9/18, 12:41 AM, "Sriram, Kotikalapudi (Fed)" = wrote: >=20 > Hi Tim: >=20 > Hi Sriram, >>=20 >> I think this addresses a concern that blocks uptake for transit = networks in particular. So I am happy to see discussion on this, and = hope that actual operators will speak to this. Hey Job, glad you did :) >=20 >>=20 >> One remark on the content.. would it make sense to have a different = treatment in case an AS0 ROA is issued? I.e. in case an announcement is = invalid due to AS0 and there is no valid announcement (there can=E2=80=99t= be) - still drop it? >=20 > This is a good question. It came up also in discussions at NIST. > Let me try asking you to share your understanding of the difference=20= > between an AS 0 ROA versus a regular ROA for the same prefix.=20 >=20 > Say: 10.1.0.0/16 is owned by Org. X. Org. X creates a ROA. Consider = two cases: > Case 1: ROA: {10.1.0.0/16, AS 0} vs. Case 2: ROA: {10.1.0.0/16, = AS 111} >=20 > Questions: >=20 > 1. Do you agree that in each case there can be suballocations,=20 > e.g., 10.1.0.0/20 is suballocated to Org. Y? >=20 > 2. Do you agree that in each case Org. Y is at liberty to originate = an update, e.g., Update: 10.1.0.0/20 AS 222 ? >=20 > 3. Let us say that in each case, Org. Y did not create any ROA that = would validate Update: 10.1.0.0/20 AS 222. > This happened for whatever reason. As a result, this Update is = Invalid in both Cases 1 and 2. > There are no other routes announced for 10.1.0.0/20.=20 > What is fundamentally different about Case 1 that the Update = 10.1.0.0/20 AS 222=20 > should be dropped and Org. Y is punished with unreachability, while = in Case 2 Org. Y is not punished > but instead the Update is installed in FIB to avoid unreachability? > Org. Y is a legitimate owner 10.1.0.0/20 in both cases.=20 > If so, why should it get the benefit of doubt in Case 2 but not in = Case 1? =20 >=20 > As you can see, I am struggling to see what is canonically or = fundamentally different about the AS 0 ROA? > Any insight you can provide would be great. >=20 > (BTW, I have refreshed myself on RFCs 6483 and 6491 before asking = these questions.) >=20 > Sriram =20 >=20 >>=20 >> Tim >>=20 >=20 >=20 > _______________________________________________ > Sidrops mailing list > Sidrops@ietf.org > https://www.ietf.org/mailman/listinfo/sidrops From nobody Fri Mar 9 07:54:30 2018 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 26B16127023; Fri, 9 Mar 2018 07:54:30 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nistgov.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wifQaE8t9W7O; Fri, 9 Mar 2018 07:54:27 -0800 (PST) Received: from gcc01-dm2-obe.outbound.protection.outlook.com (mail-dm2gcc01on0719.outbound.protection.outlook.com [IPv6:2a01:111:f400:fd01::719]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 72687126D85; Fri, 9 Mar 2018 07:54:27 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nistgov.onmicrosoft.com; s=selector1-nist-gov; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=NTnsODelYNEQrHSJ+69vdvYxpPxaUYqzLxsd4ysH8BA=; b=Ij/oH4AVQsYUUXaSL74aKLhzoVKQB9XRRNUb0sMRER9l++2YQv4eiEuJipRU8RLJDMqRXOt5fwACUeukWmOjL5QsoC9W46eLEoCLRMvBVnBJguBM9cmi4GPG3nsrNiKIloOzsfeEBbqoJT0xpwTiVHBYX3gqi0VSWyAVLGMjgMM= Received: from DM5PR0901MB2504.namprd09.prod.outlook.com (52.132.128.29) by DM5PR0901MB2501.namprd09.prod.outlook.com (52.132.128.26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.548.13; Fri, 9 Mar 2018 15:54:26 +0000 Received: from DM5PR0901MB2504.namprd09.prod.outlook.com ([fe80::e90a:b560:7cee:b834]) by DM5PR0901MB2504.namprd09.prod.outlook.com ([fe80::e90a:b560:7cee:b834%13]) with mapi id 15.20.0548.018; Fri, 9 Mar 2018 15:54:25 +0000 From: "Montgomery, Douglas (Fed)" To: Tim Bruijnzeels CC: "Sriram, Kotikalapudi (Fed)" , "sidrops-chairs@ietf.org" , "sidrops@ietf.org" Thread-Topic: [Sidrops] New Version Notification for draft-sriram-sidrops-drop-invalid-policy-00.txt Thread-Index: AQHTtNWhMX8Ii2x000qaqhw9uIvabqPDaEWAgAMAtQCAAP/MAIAAPhaAgABU84D//8R9gA== Date: Fri, 9 Mar 2018 15:54:24 +0000 Message-ID: <63A76236-96BD-45F0-A500-4C7D758CC32C@nist.gov> References: <152029076512.12908.14537578849320525718.idtracker@ietfa.amsl.com> <074D75CB-7D34-4838-BEAA-88AE5E044F6C@ripe.net> <70613650-C8D6-43D9-8643-5694B77BADA9@nist.gov> <7E7901F9-F3D4-409B-9A11-6C633B9CB33F@ripe.net> In-Reply-To: <7E7901F9-F3D4-409B-9A11-6C633B9CB33F@ripe.net> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/10.a.0.180210 x-originating-ip: [2610:20:6222:140:1c34:dcd2:fc2a:7a0b] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; DM5PR0901MB2501; 7:xTJW2hA/6bM11zntUTvPY2CDoz7hzkzIBW7pu2GLh+ZapBN7WRqTcWo1l8N/Qz3/a/L5Xy7J9G3Xrjl5IwrnJ191WUULB+z8MyZQiU+FLl/7pa6x9V113o3h7BscrEosyC49qVyF3v5w/jfdeNTXkcKxrU7cd9Y3EqBk0J2svfkatuzfdvIVi7I8XpKwQ0ZQe8ETXNkrFvb6EAVqJAaS5NxIByQuWf++qFUbY29jmkBCCNlr8lWVV1wxoBVLwXsL x-ms-exchange-antispam-srfa-diagnostics: SSOS;SSOR; x-forefront-antispam-report: SFV:SKI; SCL:-1; SFV:NSPM; SFS:(10019020)(366004)(346002)(39860400002)(39380400002)(396003)(376002)(199004)(189003)(6486002)(14454004)(6436002)(6306002)(6512007)(2900100001)(5250100002)(53936002)(106356001)(102836004)(6506007)(966005)(105586002)(33656002)(2950100002)(6916009)(59450400001)(8676002)(82746002)(68736007)(316002)(229853002)(6116002)(53546011)(25786009)(81166006)(86362001)(45080400002)(54906003)(478600001)(99286004)(6346003)(58126008)(81156014)(93886005)(186003)(76176011)(5660300001)(46003)(2906002)(6246003)(36756003)(305945005)(3660700001)(3280700002)(97736004)(4326008)(8936002)(83716003)(7736002)(15650500001); DIR:OUT; SFP:1102; SCL:1; SRVR:DM5PR0901MB2501; H:DM5PR0901MB2504.namprd09.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; x-ms-office365-filtering-ht: Tenant x-ms-office365-filtering-correlation-id: c10ca46c-7ff1-4b2b-ba3c-08d585d6086f x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(5600026)(4604075)(3008032)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020); SRVR:DM5PR0901MB2501; x-ms-traffictypediagnostic: DM5PR0901MB2501: x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(65766998875637)(232451576963924)(189930954265078)(100405760836317)(219752817060721)(155532106045638); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040522)(2401047)(8121501046)(5005006)(3231220)(944501244)(52105095)(3002001)(93006095)(93001095)(10201501046)(6055026)(6041310)(20161123564045)(20161123558120)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(20161123562045)(6072148)(201708071742011); SRVR:DM5PR0901MB2501; BCL:0; PCL:0; RULEID:; SRVR:DM5PR0901MB2501; x-forefront-prvs: 0606BBEB39 received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts) authentication-results: spf=none (sender IP is ) smtp.mailfrom=dougm@nist.gov; x-microsoft-antispam-message-info: 6kK8JXGtJk8bhOJarUimS6FkzAQucGNQbny8TIHQ9EfH5jf+tRcmNtZvAeHs9rEuCOAyWxVoIi7tWuv0AxwwEQ/GvCbXEoDjb0KjgWtfOGje7RvVrnR1KRJd4hu2T5rPHfgtFrcoRl0+eYmigq1o0wi2JdxyOC7vvVP1YVL6g3qtfsYK2TKRVpIc0eJ8hpFrR2j70Yxft9j45r5wncZYjhsfzKZIKmtkXWwIWFvXlRVpEULr8vdLxEBmM9kgLDImpZpEEeEz/U0i0Vq+TStrBziICaoB1BNB1MUBRI3ewrA4hxC6v79a0pX/tAuXFuAfUgJEHfI2j4D0XOh0tLZk/g== spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-OriginatorOrg: nist.gov X-MS-Exchange-CrossTenant-Network-Message-Id: c10ca46c-7ff1-4b2b-ba3c-08d585d6086f X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Mar 2018 15:54:25.2266 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR0901MB2501 Archived-At: Subject: Re: [Sidrops] New Version Notification for draft-sriram-sidrops-drop-invalid-policy-00.txt X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Mar 2018 15:54:30 -0000 SGkgVGltLA0KDQpZb3UgZGlkIG5vdCBjb21wbGljYXRlIHRoZSBkaXNjdXNzaW9uIC4uLiB3ZSBo YWQgYWxyZWFkeSBkaXNjdXNzZWQgIndoYXQgYWJvdXQgQVMwIiBidXQgc3dlcHQgdGhlIGlzc3Vl IHVuZGVyIHRoZSBydWcgYXQgZmlyc3QuDQoNClNvLCBpbiB5b3VyIGNhc2UsIHlvdSB0aGluayBv cHRpb24gIzEgYmVsb3cgKEFTIDAgaXMgdGhlIG9ubHkgY292ZXJpbmcgUk9BIGZvciB0aGUgcm91 dGUpIHNob3VsZCBnZXQgc3BlY2lhbCBjYXNlZCBpbiBESVNSPw0KDQpDZXJ0YWlubHkgdGhpcyB1 c2FnZSBzY2VuYXJpbyBzZWVtcyBsZXNzIGNvbXBsaWNhdGVkIHRoYW4gdGhlIG90aGVycy4gIA0K DQpJIHdvdWxkIGxpa2UgdG8gbWVudGlvbiB0aGUgZm9sbG93aW5nIHNvIHRoYXQgd2Uga2VlcCBp dCBpbiBtaW5kIGluIGRpc2N1c3Npbmcgc3VjaCB0ZWNobmlxdWVzLg0KDQpUaGVyZSBhcmUgdHdv IGNvbW1vbiBjb25jZXJucyB0aGF0IEkgaGVhciB3aGVuIGRpc2N1c3NpbmcgZW5hYmxpbmcgZmls dGVyaW5nIGJhc2VkIG9uIFJQS0kgZGF0YS4gKDEpIFRoZSBmcmFnaWxpdHkgdGhhdCBtaWdodCBn ZXQgaW50cm9kdWNlZCBpbnRvIHRoZSByb3V0aW5nIHN5c3RlbSAtIG5hbWVseSBSUEtJIGVycm9y cyBtaWdodCBpbXBhY3QgYmFzaWMgcmVhY2hhYmlsaXR5IC0gRElTUiBhbmQgc2ltaWxhciBpZGVh cyBhdHRlbXB0IGFkZHJlc3Mgc29tZSBvZiB0aGVzZSBjb25jZXJucy4gICgyKSBJcyBjb25jZXJu IGZvciB0aGUgImRpYWdub3NhYmlsaXR5IiBvZiB0aGUgcmVzdWx0aW5nIGZpbHRlcmluZyBydWxl cy4gIGkuZS4sIHdoYXQgaW5mb3JtYXRpb24gbXVzdCBvbmUgaGF2ZSB0byB1bmRlcnN0YW5kIHdo eSBhIHJvdXRlIHdhcyBmaWx0ZXJlZC9kZS1wcmVmZmVkIGV0Yy4NCg0KSSB0aGluayB0aGVyZSBp cyBhIHRlbnNpb24gYmV0d2VlbiB0aGVzZSB0d28gY29uY2VybnMuICBBbnkgYXBwcm9hY2ggdG8g aW1wcm92ZSByZXNpbGllbmNlIGhhcyB0byBiZSB3ZWlnaGVkIG9mZiBhZ2FpbnN0IGl0cyBjb21w bGV4aXR5LiANCg0KQ2VydGFpbmx5LCBvcHRpb24gIzEsIHNpbXBsaWZpZXMgdW5kZXJzdGFuZGlu ZyAiV2h5IHdhcyB0aGlzIHJvdXRlIGRyb3BwZWQ/Ii4gDQoNCmRvdWdtDQotLSANCkRvdWdNIGF0 IE5JU1QNCiANCg0K77u/T24gMy85LzE4LCA5OjI3IEFNLCAiVGltIEJydWlqbnplZWxzIiA8dGlt QHJpcGUubmV0PiB3cm90ZToNCg0KICAgIEhpLA0KICAgIA0KICAgIEZpcnN0IG9mZi4uIEkgZG9u 4oCZdCBtZWFuIHRvIGNvbXBsaWNhdGUgZGlzY3Vzc2lvbiB0b28gbXVjaCB3aXRoIGFuIGVkZ2Ug Y2FzZS4NCiAgICANCiAgICBUaGF0IHNhaWQsIHRoZSBpbnRlbnQgYXMgSSB1bmRlcnN0YW5kIGl0 IG9mIGhhdmluZyBhbiBBUzAgUk9BICpvbmx5KiBmb3IgYSBwcmVmaXggaXMgdG8gY29tbXVuaWNh dGUgdGhhdCBpdCBzaG91bGQgbmV2ZXIgYmUgcm91dGVkLiBUaGUgaG9sZGVyIGRvZXMgbm90IGlu dGVudCB0byBhbm5vdW5jZSB0aGlzIHNwYWNlLiBUaGV5IG1heSBoYXZlIHJlc2VydmVkLCBvciB1 c2UgaXQgaW50ZXJuYWxseSwgYnV0IHdoYXRldmVyIHRoZSBjYXNlIHRoZXkgZG9u4oCZdCB3YW50 IGl0IGluIHRoZSBnbG9iYWwgQkdQLiBUaGVyZWZvcmUgaXQgd291bGQgbWFrZSBzZW5zZSB0byBt ZSB0byBkcm9wIHRoZSDigJhpZiBzdGlsbCByb3V0YWJsZeKAmSBwYXJ0IGZvciBwcmVmaXhlcyB0 aGF0IGNvdmVyZWQgYnkgKGEpIEFTMCBST0Eocykgb25seS4NCiAgICANCiAgICBUaW0NCiAgICAN CiAgICA+IE9uIDkgTWFyIDIwMTgsIGF0IDE1OjIzLCBNb250Z29tZXJ5LCBEb3VnbGFzIChGZWQp IDxkb3VnbUBuaXN0Lmdvdj4gd3JvdGU6DQogICAgPiANCiAgICA+IE1heWJlIGFub3RoZXIgd2F5 IHRvIHBocmFzZSB0aGlzIGlzLCBhcyBmYXIgYXMgd2UgY2FuIHRlbGwgKHNlYyA0LCBSRkM2NDgz KSB0aGUgZG9jdW1lbnRlZCB1c2Ugb2YgQVMwIGlzIGEgdXNhZ2UgY29udmVudGlvbiBhdCBiZXN0 LCBpLmUuIGRvZXMgbm90IGhhdmUgYW55IHNwZWNpZmljIG5vcm1hdGl2ZSByZXF1aXJlbWVudHMs IGJleW9uZCBub3JtYWwgUk9BIC8gdmFsaWRhdGlvbiBwcm9jZWR1cmVzLg0KICAgID4gDQogICAg PiBUaHVzIGEgcm91dGUgb3JpZ2luYXRpb24gdGhhdCBpcyBJTlZBTElEIGFuZCBoYXMgYW4gQVMg MCBST0EgaW4gaXRzIHNldCBvZiBjb3ZlcmluZyBST0FzLCBtYXkgd2VsbCBoYXZlIG90aGVyIGNv dmVyaW5nIFJPQXMgdGhhdCBhcmUgbW9yZSBzcGVjaWZpYywgbGVzcyBzcGVjaWZpYywgYW5kL29y IHRoZSBzYW1lIGxlbmd0aCBvZiB0aGUgcHJlZml4IGluIHRoZSBBUyAwIFJPQS4NCiAgICA+IA0K ICAgID4gV2hpbGUgd2UgYWdyZWUgdGhhdCBhbiBBUyAwIFJPQSBpcyB0aG91Z2h0IHRvIGhhdmUg YW4gZXhwbGljaXQgYW5kIGRpZmZlcmVudCBpbnRlbnQgdGhhbiB0eXBpY2FsIFJPQSB1c2VzLCBp ZiB3ZSBhcmUgdG8gY29uc2lkZXIgYWN0dWFsbHkgdHJlYXRpbmcgaXQgYXMgYSBzcGVjaWFsIGNh c2UgaW4gdGhlIERJU1IgYWxnb3JpdGhtLCB3ZSB3b3VsZCBoYXZlIHRvIGRpc2N1c3MgdGhlIHZh cmlldHkgb2Ygc2l0dWF0aW9ucyBpbiB3aGljaCB0aGV5IG1pZ2h0IGFwcGVhci4NCiAgICA+IA0K ICAgID4gQWZ0ZXIgYSAyIGhvdXIgaW50ZXJuYWwgZGlzY3Vzc2lvbiBvZiB0aGlzIHllc3RlcmRh eSwgd2UgZGlkIG5vdCBjb21lIHRvIGEgY29uc2Vuc3VzIGFzIHRvIGhvdyB0byBhcHByb2FjaCB0 aGlzICppZiogb25lIHdhbnRlZCB0byBzcGVjaWFsIGNhc2UgdGhpcyBzY2VuYXJpby4NCiAgICA+ IA0KICAgID4gU29tZSBvcHRpb25zIHdlIGRpc2N1c3NlZCBpbmNsdWRlLCB0cmVhdCBBUyAwIGFz IGEgRElTUiBzcGVjaWFsIGNhc2UgaWY6DQogICAgPiANCiAgICA+IDEuIEFTIDAgaXMgdGhlIG9u bHkgY292ZXJpbmcgUk9BIGZvciB0aGUgcm91dGUNCiAgICA+IDIuIEFTIDAgaXMgdGhlIG1vc3Qg c3BlY2lmaWMgY292ZXJpbmcgUk9BIGZvciB0aGUgcm91dGUNCiAgICA+IDMuIEFTIDAgUk9BIGV4 aXN0cyBpbiB0aGUgc2V0IG9mIGNvdmVyaW5nIFJPQXMNCiAgICA+IA0KICAgID4gQXJndW1lbnRz IGNvdWxkIGJlIG1hZGUgZm9yIGVhY2gsIGJ1dCBhbnkgYWdyZWVtZW50IHRvIHNwZWNpYWwgY2Fz ZSBBUyAwIG5lZWRzIHRvIGNvbnNpZGVyIHRoZSB2YXJpZXR5IG9mIHBvdGVudGlhbCB1c2FnZSBw YXR0ZXJucy4NCiAgICA+IA0KICAgID4gZG91Z20NCiAgICA+IC0tDQogICAgPiBEb3VnIE1vbnRn b21lcnksIE1hbmFnZXIgSW50ZXJuZXQgICYgU2NhbGFibGUgU3lzdGVtcyBSZXNlYXJjaCBAIE5J U1QNCiAgICA+IA0KICAgID4gDQogICAgPiBPbiAzLzkvMTgsIDEyOjQxIEFNLCAiU3JpcmFtLCBL b3Rpa2FsYXB1ZGkgKEZlZCkiIDxrb3Rpa2FsYXB1ZGkuc3JpcmFtQG5pc3QuZ292PiB3cm90ZToN CiAgICA+IA0KICAgID4gICAgSGkgVGltOg0KICAgID4gDQogICAgPiAgICBIaSBTcmlyYW0sDQog ICAgPj4gDQogICAgPj4gSSB0aGluayB0aGlzIGFkZHJlc3NlcyBhIGNvbmNlcm4gdGhhdCBibG9j a3MgdXB0YWtlIGZvciB0cmFuc2l0IG5ldHdvcmtzIGluIHBhcnRpY3VsYXIuIFNvIEkgYW0gaGFw cHkgdG8gc2VlIGRpc2N1c3Npb24gb24gdGhpcywgYW5kIGhvcGUgdGhhdCBhY3R1YWwgb3BlcmF0 b3JzIHdpbGwgc3BlYWsgdG8gdGhpcy4gSGV5IEpvYiwgZ2xhZCB5b3UgZGlkIDopDQogICAgPiAN CiAgICA+PiANCiAgICA+PiBPbmUgcmVtYXJrIG9uIHRoZSBjb250ZW50Li4gd291bGQgaXQgbWFr ZSBzZW5zZSB0byBoYXZlIGEgZGlmZmVyZW50IHRyZWF0bWVudCBpbiBjYXNlIGFuIEFTMCBST0Eg aXMgaXNzdWVkPyBJLmUuIGluIGNhc2UgYW4gYW5ub3VuY2VtZW50IGlzIGludmFsaWQgZHVlIHRv IEFTMCBhbmQgdGhlcmUgaXMgbm8gdmFsaWQgYW5ub3VuY2VtZW50ICh0aGVyZSBjYW7igJl0IGJl KSAtIHN0aWxsIGRyb3AgaXQ/DQogICAgPiANCiAgICA+ICAgIFRoaXMgaXMgYSBnb29kIHF1ZXN0 aW9uLiBJdCBjYW1lIHVwIGFsc28gaW4gZGlzY3Vzc2lvbnMgYXQgTklTVC4NCiAgICA+ICAgIExl dCBtZSB0cnkgYXNraW5nIHlvdSB0byBzaGFyZSB5b3VyIHVuZGVyc3RhbmRpbmcgb2YgdGhlIGRp ZmZlcmVuY2UgDQogICAgPiAgICBiZXR3ZWVuIGFuIEFTIDAgUk9BIHZlcnN1cyBhIHJlZ3VsYXIg Uk9BIGZvciB0aGUgc2FtZSBwcmVmaXguIA0KICAgID4gDQogICAgPiAgICBTYXk6IDEwLjEuMC4w LzE2IGlzIG93bmVkIGJ5IE9yZy4gWC4gT3JnLiBYIGNyZWF0ZXMgYSBST0EuIENvbnNpZGVyIHR3 byBjYXNlczoNCiAgICA+ICAgIENhc2UgMTogUk9BOiB7MTAuMS4wLjAvMTYsIEFTIDB9ICAgdnMu ICAgQ2FzZSAyOiBST0E6IHsxMC4xLjAuMC8xNiwgQVMgMTExfQ0KICAgID4gDQogICAgPiAgICBR dWVzdGlvbnM6DQogICAgPiANCiAgICA+ICAgIDEuIERvIHlvdSBhZ3JlZSB0aGF0IGluIGVhY2gg Y2FzZSB0aGVyZSBjYW4gYmUgc3ViYWxsb2NhdGlvbnMsIA0KICAgID4gICAgZS5nLiwgMTAuMS4w LjAvMjAgaXMgc3ViYWxsb2NhdGVkIHRvIE9yZy4gWT8NCiAgICA+IA0KICAgID4gICAgMi4gRG8g eW91IGFncmVlIHRoYXQgaW4gZWFjaCBjYXNlIE9yZy4gWSBpcyBhdCBsaWJlcnR5IHRvIG9yaWdp bmF0ZSBhbiB1cGRhdGUsIGUuZy4sIFVwZGF0ZTogMTAuMS4wLjAvMjAgQVMgMjIyID8NCiAgICA+ IA0KICAgID4gICAgMy4gTGV0IHVzIHNheSB0aGF0IGluIGVhY2ggY2FzZSwgT3JnLiBZIGRpZCBu b3QgY3JlYXRlIGFueSBST0EgdGhhdCB3b3VsZCB2YWxpZGF0ZSBVcGRhdGU6IDEwLjEuMC4wLzIw IEFTIDIyMi4NCiAgICA+ICAgIFRoaXMgaGFwcGVuZWQgZm9yIHdoYXRldmVyIHJlYXNvbi4gQXMg YSByZXN1bHQsIHRoaXMgVXBkYXRlIGlzIEludmFsaWQgaW4gYm90aCBDYXNlcyAxIGFuZCAyLg0K ICAgID4gICAgVGhlcmUgYXJlIG5vIG90aGVyIHJvdXRlcyBhbm5vdW5jZWQgZm9yIDEwLjEuMC4w LzIwLiANCiAgICA+ICAgIFdoYXQgaXMgZnVuZGFtZW50YWxseSBkaWZmZXJlbnQgYWJvdXQgQ2Fz ZSAxIHRoYXQgdGhlIFVwZGF0ZSAxMC4xLjAuMC8yMCBBUyAyMjIgDQogICAgPiAgICBzaG91bGQg YmUgZHJvcHBlZCBhbmQgT3JnLiBZIGlzIHB1bmlzaGVkIHdpdGggdW5yZWFjaGFiaWxpdHksIHdo aWxlIGluIENhc2UgMiBPcmcuIFkgaXMgbm90IHB1bmlzaGVkDQogICAgPiAgICBidXQgaW5zdGVh ZCB0aGUgVXBkYXRlIGlzIGluc3RhbGxlZCBpbiBGSUIgdG8gYXZvaWQgdW5yZWFjaGFiaWxpdHk/ DQogICAgPiAgICBPcmcuIFkgaXMgYSBsZWdpdGltYXRlIG93bmVyIDEwLjEuMC4wLzIwIGluIGJv dGggY2FzZXMuIA0KICAgID4gICAgSWYgc28sIHdoeSBzaG91bGQgaXQgZ2V0IHRoZSBiZW5lZml0 IG9mIGRvdWJ0IGluIENhc2UgMiBidXQgbm90IGluIENhc2UgMT8gIA0KICAgID4gDQogICAgPiAg ICBBcyB5b3UgY2FuIHNlZSwgSSBhbSBzdHJ1Z2dsaW5nIHRvIHNlZSB3aGF0IGlzIGNhbm9uaWNh bGx5IG9yIGZ1bmRhbWVudGFsbHkgZGlmZmVyZW50IGFib3V0IHRoZSBBUyAwIFJPQT8NCiAgICA+ ICAgIEFueSBpbnNpZ2h0IHlvdSBjYW4gcHJvdmlkZSB3b3VsZCBiZSBncmVhdC4NCiAgICA+IA0K ICAgID4gICAgKEJUVywgSSBoYXZlIHJlZnJlc2hlZCBteXNlbGYgb24gUkZDcyA2NDgzIGFuZCA2 NDkxIGJlZm9yZSBhc2tpbmcgdGhlc2UgcXVlc3Rpb25zLikNCiAgICA+IA0KICAgID4gICAgU3Jp cmFtICANCiAgICA+IA0KICAgID4+IA0KICAgID4+IFRpbQ0KICAgID4+IA0KICAgID4gDQogICAg PiANCiAgICA+IF9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f DQogICAgPiBTaWRyb3BzIG1haWxpbmcgbGlzdA0KICAgID4gU2lkcm9wc0BpZXRmLm9yZw0KICAg ID4gaHR0cHM6Ly9uYTAxLnNhZmVsaW5rcy5wcm90ZWN0aW9uLm91dGxvb2suY29tLz91cmw9aHR0 cHMlM0ElMkYlMkZ3d3cuaWV0Zi5vcmclMkZtYWlsbWFuJTJGbGlzdGluZm8lMkZzaWRyb3BzJmRh dGE9MDIlN0MwMSU3Q2RvdWdtJTQwbmlzdC5nb3YlN0M5NTQzMTYwNmYwMWY0MmFkMDQ3YjA4ZDU4 NWM5ZTc4NSU3QzJhYjVkODJmZDhmYTQ3OTdhOTNlMDU0NjU1YzYxZGVjJTdDMSU3QzAlN0M2MzY1 NjIwMjQ2MzQ2Nzk3NzAmc2RhdGE9dmVVJTJGJTJCVVRKZXoxUU9wZjFqZCUyRjJWcHNQNUlSVGt6 RkROQnpUNUt0OHAyNCUzRCZyZXNlcnZlZD0wDQogICAgDQogICAgDQoNCg== From nobody Fri Mar 9 08:09:32 2018 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C7C5512D954 for ; Fri, 9 Mar 2018 08:09:09 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.909 X-Spam-Level: X-Spam-Status: No, score=-6.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wHZafW8qzVmv for ; Fri, 9 Mar 2018 08:09:08 -0800 (PST) Received: from mahimahi.ripe.net (mahimahi.ripe.net [IPv6:2001:67c:2e8:11::c100:1372]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 76860120713 for ; Fri, 9 Mar 2018 08:09:08 -0800 (PST) Received: from titi.ripe.net ([193.0.23.11]) by mahimahi.ripe.net with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1euKZt-000Bwq-Ld for sidrops@ietf.org; Fri, 09 Mar 2018 17:09:07 +0100 Received: from sslvpn.ripe.net ([193.0.20.230] helo=vpn-234.ripe.net) by titi.ripe.net with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.89) (envelope-from ) id 1euKZt-00018Y-GG; Fri, 09 Mar 2018 17:09:05 +0100 From: Tim Bruijnzeels Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\)) Date: Fri, 9 Mar 2018 17:08:57 +0100 Message-Id: To: SIDR Operations WG X-Mailer: Apple Mail (2.3445.5.20) X-ACL-Warn: Delaying message X-RIPE-Spam-Level: ------- X-RIPE-Spam-Report: Spam Total Points: -7.5 points pts rule name description ---- ---------------------- ------------------------------------ -7.5 ALL_TRUSTED Passed through trusted hosts only via SMTP -0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay domain X-RIPE-Signature: 784d7acfe6559f2a0b602ec6519a07193cbd234aa554df6cd89c1d40316b2cbb Archived-At: Subject: [Sidrops] RPKI Validator beta testing X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Mar 2018 16:09:10 -0000 Hi all, We already reached out to some of you individually, but.. finally the = time has come that we can announce the first beta release of our new = validator. I set up a wiki page on GitHub with details: = https://github.com/RIPE-NCC/rpki-validator-3/wiki/RIPE-NCC-RPKI-Validator-= 3-beta-tester-page As explained on this page, we have the following build flavours for beta = testers: - centos 7 RPM repository - docker image on docker hub - generic build As the project is in beta there may of course still be issues. But by = and large things should work now, and you can expect some more features = in the common weeks. I would like to invite everyone who is interested to give it a try and = let us know what you find: here, personal email or issues on GitHub = (probably most transparent). Thanks! Tim= From nobody Fri Mar 9 08:17:23 2018 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 24A10127978 for ; Fri, 9 Mar 2018 08:17:17 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.901 X-Spam-Level: X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aAQA5z9n_6H6 for ; Fri, 9 Mar 2018 08:17:16 -0800 (PST) Received: from omr-m008e.mx.aol.com (omr-m008e.mx.aol.com [204.29.186.7]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3320012D7F2 for ; Fri, 9 Mar 2018 08:17:16 -0800 (PST) Received: from mtaout-mba02.mx.aol.com (mtaout-mba02.mx.aol.com [172.26.133.110]) by omr-m008e.mx.aol.com (Outbound Mail Relay) with ESMTP id 3D09C3800063; Fri, 9 Mar 2018 11:17:15 -0500 (EST) Received: from iMac-Study.fios-router.home (pool-108-49-30-217.bstnma.fios.verizon.net [108.49.30.217]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mtaout-mba02.mx.aol.com (MUA/Third Party Client Interface) with ESMTPSA id D111338000082; Fri, 9 Mar 2018 11:17:14 -0500 (EST) To: "Montgomery, Douglas (Fed)" , "Sriram, Kotikalapudi (Fed)" , Tim Bruijnzeels Cc: "sidrops-chairs@ietf.org" , "sidrops@ietf.org" References: <152029076512.12908.14537578849320525718.idtracker@ietfa.amsl.com> <074D75CB-7D34-4838-BEAA-88AE5E044F6C@ripe.net> <70613650-C8D6-43D9-8643-5694B77BADA9@nist.gov> From: Stephen Kent Message-ID: <5d2afc8e-7f9a-e2bc-fa84-88b943639bd6@verizon.net> Date: Fri, 9 Mar 2018 11:17:14 -0500 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: <70613650-C8D6-43D9-8643-5694B77BADA9@nist.gov> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US x-aol-global-disposition: G x-aol-sid: 3039ac1a856e5aa2b38a4ce4 X-AOL-IP: 108.49.30.217 Archived-At: Subject: Re: [Sidrops] New Version Notification for draft-sriram-sidrops-drop-invalid-policy-00.txt X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Mar 2018 16:17:17 -0000 Doug, > Maybe another way to phrase this is, as far as we can tell (sec 4, RFC6483) the documented use of AS0 is a usage convention at best, i.e. does not have any specific normative requirements, beyond normal ROA / validation procedures. Since 6483 is informational,  nothing it says is normative. However, RFCs 6491, 7606, and 7607 are standards track and the more relevant documents. Why did you not cite those RFCs and their (normative) statements for how AS 0 is to be treated in the RPKI context? Steve From nobody Fri Mar 9 08:29:38 2018 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1445612D82F; Fri, 9 Mar 2018 08:29:26 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.649 X-Spam-Level: X-Spam-Status: No, score=-1.649 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.25, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mAtiSFFqYMT5; Fri, 9 Mar 2018 08:29:24 -0800 (PST) Received: from hrabosky.cbbtier3.att.net (hrabosky.cbbtier3.att.net [12.0.1.25]) by ietfa.amsl.com (Postfix) with ESMTP id 49B1912D810; Fri, 9 Mar 2018 08:29:16 -0800 (PST) Received: from oz.mt.att.com (zoe.cbbtier3.att.net [12.0.1.45]) by hrabosky.cbbtier3.att.net (Postfix) with ESMTP id 364B31E39D; Fri, 9 Mar 2018 16:29:15 +0000 (UTC) Received: by oz.mt.att.com (Postfix, from userid 1000) id 28898A402C2; Fri, 9 Mar 2018 11:29:15 -0500 (EST) X-Mailer: emacs 24.3.1 (via feedmail 11-beta-1 I); VM 8.2.0b under 24.3.1 (x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <23202.46675.595670.703736@oz.mt.att.com> Date: Fri, 9 Mar 2018 11:29:07 -0500 From: Jay Borkenhagen To: "Sriram, Kotikalapudi (Fed)" Cc: "sidrops@ietf.org" , "sidrops-chairs@ietf.org" In-Reply-To: References: <152029076512.12908.14537578849320525718.idtracker@ietfa.amsl.com> Reply-To: Jay Borkenhagen X-GPG-Fingerprint: DDDB 542E D988 94D0 82D3 D198 7DED 6648 2308 D3C0 Archived-At: Subject: Re: [Sidrops] New Version Notification for draft-sriram-sidrops-drop-invalid-policy-00.txt X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Mar 2018 16:29:35 -0000 Sriram, I can appreciate this motivation for your draft: Suppose Popular Site X does not know what they're doing, and they publish a bad ROA that makes the only route announcement for their address space be invalid. ISP-A competes with ISP-B, and Customer-C multihomes to both. ISP-A implements route origin validation and drops invalid routes -- including that route to X. ISP-B does no route origin validation, so they accept and propagate the route to X. Customer-C does not know or care about origin validation -- they only see that ISP-A cannot reach X while ISP-B can, so Customer-C thinks ISP-A sucks and decides to give ISP-B more business. ISP-A should not be punished for trying to do the right thing, but before we conclude that this situation deserves a technical workaround, consider: (1) Those who care about Internet routing security/sanity should attempt to educate the folks at Popular Site X, to teach them why that ROA is wrong. This education can be done even before lots of providers employ a 'drop invalid' policy -- in fact I know some subscribers to this list have received emails from me saying "Y'know, you're currently announcing some invalids." Later on, that education will happen the hard way when Popular Site X finds they cannot be reached from many networks who by then drop invalids. (2) Who's to say that an invalid-only route is invalid because of a bad ROA, and not because someone other than the legit owner is squatting on that address space? Clearly squatting can happen on Not Found space, too, but there could be reasons why they prefer to squat on this space that happens to be covered by a ROA. I think it's a better outcome for people to realize what a ROA actually means and how it gets used, rather than guessing that someone made a mistake. I'll stop here for now, but I'll also note that I would not want any of my router vendors to implement the DISR Policy. I'll save those reasons for later. Jay B. Sriram, Kotikalapudi (Fed) writes: > We have requested the chairs for time on the SIDROPS meeting agenda to discuss this work: > > https://tools.ietf.org/html/draft-sriram-sidrops-drop-invalid-policy-00 > > The authors would appreciate comments/discussion on the list as well. > > Sriram > ________________________________________ > From: internet-drafts@ietf.org > Sent: Monday, March 5, 2018 5:59 PM > To: Sriram, Kotikalapudi (Fed); Montgomery, Douglas (Fed); Borchert, Oliver (Fed) > Subject: New Version Notification for draft-sriram-sidrops-drop-invalid-policy-00.txt > > A new version of I-D, draft-sriram-sidrops-drop-invalid-policy-00.txt > has been successfully submitted by Kotikalapudi Sriram and posted to the > IETF repository. > > Name: draft-sriram-sidrops-drop-invalid-policy > Revision: 00 > Title: Origin Validation Policy Considerations for Dropping Invalid Routes > Document date: 2018-03-05 > Group: Individual Submission > Pages: 6 > > https://tools.ietf.org/html/draft-sriram-sidrops-drop-invalid-policy-00 > > Abstract: > During incremental deployment of RPKI and Route Origin Authorizations > (and possibly under some transient conditions), network operators > would wish to have a meaningful policy for dropping Invalid routes. > Their goal is to balance (A) dropping Invalid routes so hijacked > routes can be eliminated, versus (B) tolerance for missing or > erroneously created ROAs for customer prefixes. This document > considers a Drop Invalid if Still Routable (DISR) policy that is > based on these considerations. The key principle of DISR policy is > that an Invalid route can be dropped if a Valid or NotFound route > exists for a subsuming less specific prefix. > _______________________________________________ > Sidrops mailing list > Sidrops@ietf.org > https://www.ietf.org/mailman/listinfo/sidrops From nobody Fri Mar 9 08:32:30 2018 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A6F9D12D7F2 for ; Fri, 9 Mar 2018 08:32:28 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.609 X-Spam-Level: X-Spam-Status: No, score=-2.609 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5khBSp-ToDAR for ; Fri, 9 Mar 2018 08:32:26 -0800 (PST) Received: from mail3.mlpsca01.us.to.gin.ntt.net (mail3.mlpsca01.us.to.gin.ntt.net [IPv6:2001:418:3ff:3::22]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1C76612D868 for ; Fri, 9 Mar 2018 08:32:25 -0800 (PST) Received: by mail3.mlpsca01.us.to.gin.ntt.net with esmtpsa (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.90_1) (envelope-from ) id 1euKwR-0002om-2t (job@us.ntt.net) for sidrops@ietf.org; Fri, 09 Mar 2018 16:32:24 +0000 Received: by mail-ot0-f169.google.com with SMTP id 79so9178827oth.11 for ; Fri, 09 Mar 2018 08:32:23 -0800 (PST) X-Gm-Message-State: AElRT7Gamz03h79tJhy3xOGm0WmUgfXs6ilrSPkw1YPXUqDZgR+ZI+2M im4rUltKnF7IczUCrJuPdVjelCBd0LmFJX3LwDXMyw== X-Google-Smtp-Source: AG47ELsZRSj+hPyykhDl1u8pZzAl8kyMtetwtevfluUdOqiTTqUV/IO7xM6Q+h8y6vfYtqZC0Lf2OLFJi0/Zpzt31DA= X-Received: by 10.157.25.203 with SMTP id k69mr6869797otk.275.1520613142395; Fri, 09 Mar 2018 08:32:22 -0800 (PST) MIME-Version: 1.0 References: <152029076512.12908.14537578849320525718.idtracker@ietfa.amsl.com> <23202.46675.595670.703736@oz.mt.att.com> In-Reply-To: <23202.46675.595670.703736@oz.mt.att.com> From: Job Snijders Date: Fri, 09 Mar 2018 16:32:11 +0000 X-Gmail-Original-Message-ID: Message-ID: To: Jay Borkenhagen Cc: "Sriram, Kotikalapudi (Fed)" , "sidrops-chairs@ietf.org" , "sidrops@ietf.org" Content-Type: multipart/alternative; boundary="94eb2c09b6f231c2a10566fd56c3" Archived-At: Subject: Re: [Sidrops] New Version Notification for draft-sriram-sidrops-drop-invalid-policy-00.txt X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Mar 2018 16:32:28 -0000 --94eb2c09b6f231c2a10566fd56c3 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Woah... not only do you not want to use it yourself, but you also want to prevent others from using it? I=E2=80=99d appreciate more elaboration! Out of curiosity, are you doing OV today in your network and dropping invalids? Kind regards, Job On Fri, 9 Mar 2018 at 17:29, Jay Borkenhagen wrote: > Sriram, > > I can appreciate this motivation for your draft: > > Suppose Popular Site X does not know what they're doing, and they > publish a bad ROA that makes the only route announcement for their > address space be invalid. ISP-A competes with ISP-B, and Customer-C > multihomes to both. ISP-A implements route origin validation and > drops invalid routes -- including that route to X. ISP-B does no > route origin validation, so they accept and propagate the route to X. > Customer-C does not know or care about origin validation -- they only > see that ISP-A cannot reach X while ISP-B can, so Customer-C thinks > ISP-A sucks and decides to give ISP-B more business. > > ISP-A should not be punished for trying to do the right thing, but > before we conclude that this situation deserves a technical > workaround, consider: > > (1) Those who care about Internet routing security/sanity should > attempt to educate the folks at Popular Site X, to teach them why that > ROA is wrong. This education can be done even before lots of > providers employ a 'drop invalid' policy -- in fact I know some > subscribers to this list have received emails from me saying "Y'know, > you're currently announcing some invalids." Later on, that > education will happen the hard way when Popular Site X finds they > cannot be reached from many networks who by then drop invalids. > > (2) Who's to say that an invalid-only route is invalid because of a > bad ROA, and not because someone other than the legit owner is > squatting on that address space? Clearly squatting can happen on Not > Found space, too, but there could be reasons why they prefer to squat > on this space that happens to be covered by a ROA. I think it's a > better outcome for people to realize what a ROA actually means and how > it gets used, rather than guessing that someone made a mistake. > > > I'll stop here for now, but I'll also note that I would not want any > of my router vendors to implement the DISR Policy. I'll save those > reasons for later. > > Jay B. > > > > Sriram, Kotikalapudi (Fed) writes: > > We have requested the chairs for time on the SIDROPS meeting agenda to > discuss this work: > > > > https://tools.ietf.org/html/draft-sriram-sidrops-drop-invalid-policy-0= 0 > > > > The authors would appreciate comments/discussion on the list as well. > > > > Sriram > > ________________________________________ > > From: internet-drafts@ietf.org > > Sent: Monday, March 5, 2018 5:59 PM > > To: Sriram, Kotikalapudi (Fed); Montgomery, Douglas (Fed); Borchert, > Oliver (Fed) > > Subject: New Version Notification for > draft-sriram-sidrops-drop-invalid-policy-00.txt > > > > A new version of I-D, draft-sriram-sidrops-drop-invalid-policy-00.txt > > has been successfully submitted by Kotikalapudi Sriram and posted to t= he > > IETF repository. > > > > Name: draft-sriram-sidrops-drop-invalid-policy > > Revision: 00 > > Title: Origin Validation Policy Considerations for Dropping > Invalid Routes > > Document date: 2018-03-05 > > Group: Individual Submission > > Pages: 6 > > > > https://tools.ietf.org/html/draft-sriram-sidrops-drop-invalid-policy-0= 0 > > > > Abstract: > > During incremental deployment of RPKI and Route Origin Authorizatio= ns > > (and possibly under some transient conditions), network operators > > would wish to have a meaningful policy for dropping Invalid routes. > > Their goal is to balance (A) dropping Invalid routes so hijacked > > routes can be eliminated, versus (B) tolerance for missing or > > erroneously created ROAs for customer prefixes. This document > > considers a Drop Invalid if Still Routable (DISR) policy that is > > based on these considerations. The key principle of DISR policy is > > that an Invalid route can be dropped if a Valid or NotFound route > > exists for a subsuming less specific prefix. > > _______________________________________________ > > Sidrops mailing list > > Sidrops@ietf.org > > https://www.ietf.org/mailman/listinfo/sidrops > > _______________________________________________ > Sidrops mailing list > Sidrops@ietf.org > https://www.ietf.org/mailman/listinfo/sidrops > --94eb2c09b6f231c2a10566fd56c3 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Woah... not only do you not want to use it yourself,= but you also want to prevent others from using it?=C2=A0

I=E2=80=99d appreciate more elaboration!= =C2=A0

Out of curiosity,= are you doing OV today in your network and dropping invalids?=C2=A0
<= div dir=3D"auto">
Kind regards,

Job

=
On Fri, 9 Mar 2018 at 17:29, Jay Borkenhagen <jayb@braeburn.org> wrote:
Sriram,

I can appreciate this motivation for your draft:

Suppose Popular Site X does not know what they're doing, and they
publish a bad ROA that makes the only route announcement for their
address space be invalid.=C2=A0 ISP-A competes with ISP-B, and Customer-C multihomes to both.=C2=A0 ISP-A implements route origin validation and
drops invalid routes -- including that route to X.=C2=A0 ISP-B does no
route origin validation, so they accept and propagate the route to X.
Customer-C does not know or care about origin validation -- they only
see that ISP-A cannot reach X while ISP-B can, so Customer-C thinks
ISP-A sucks and decides to give ISP-B more business.

ISP-A should not be punished for trying to do the right thing, but
before we conclude that this situation deserves a technical
workaround, consider:

(1) Those who care about Internet routing security/sanity should
attempt to educate the folks at Popular Site X, to teach them why that
ROA is wrong.=C2=A0 This education can be done even before lots of
providers employ a 'drop invalid' policy -- in fact I know some
subscribers to this list have received emails from me saying "Y'kn= ow,
you're currently announcing some invalids."=C2=A0 Later on, that education will happen the hard way when Popular Site X finds they
cannot be reached from many networks who by then drop invalids.

(2) Who's to say that an invalid-only route is invalid because of a
bad ROA, and not because someone other than the legit owner is
squatting on that address space?=C2=A0 Clearly squatting can happen on Not<= br> Found space, too, but there could be reasons why they prefer to squat
on this space that happens to be covered by a ROA.=C2=A0 I think it's a=
better outcome for people to realize what a ROA actually means and how
it gets used, rather than guessing that someone made a mistake.


I'll stop here for now, but I'll also note that I would not want an= y
of my router vendors to implement the DISR Policy.=C2=A0 I'll save thos= e
reasons for later.

=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 Jay B.



Sriram, Kotikalapudi (Fed) writes:
=C2=A0> We have requested the chairs for time on the SIDROPS meeting age= nda to discuss this work:
=C2=A0>
=C2=A0> https://tools.ietf= .org/html/draft-sriram-sidrops-drop-invalid-policy-00
=C2=A0>
=C2=A0> The authors would appreciate comments/discussion on the list as = well.
=C2=A0>
=C2=A0> Sriram
=C2=A0> ________________________________________
=C2=A0> From: internet-drafts@ietf.org <internet-drafts@ietf.org>
=C2=A0> Sent: Monday, March 5, 2018 5:59 PM
=C2=A0> To: Sriram, Kotikalapudi (Fed); Montgomery, Douglas (Fed); Borch= ert, Oliver (Fed)
=C2=A0> Subject: New Version Notification for draft-sriram-sidrops-drop-= invalid-policy-00.txt
=C2=A0>
=C2=A0> A new version of I-D, draft-sriram-sidrops-drop-invalid-policy-0= 0.txt
=C2=A0> has been successfully submitted by Kotikalapudi Sriram and poste= d to the
=C2=A0> IETF repository.
=C2=A0>
=C2=A0> Name:=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0draft-sriram-sidro= ps-drop-invalid-policy
=C2=A0> Revision:=C2=A0 =C2=A0 =C2=A0 =C2=A000
=C2=A0> Title:=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 Origin Validation Polic= y Considerations for Dropping Invalid Routes
=C2=A0> Document date:=C2=A0 2018-03-05
=C2=A0> Group:=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 Individual Submission =C2=A0> Pages:=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 6
=C2=A0>
=C2=A0> https://tools.ietf= .org/html/draft-sriram-sidrops-drop-invalid-policy-00
=C2=A0>
=C2=A0> Abstract:
=C2=A0>=C2=A0 =C2=A0 During incremental deployment of RPKI and Route Ori= gin Authorizations
=C2=A0>=C2=A0 =C2=A0 (and possibly under some transient conditions), net= work operators
=C2=A0>=C2=A0 =C2=A0 would wish to have a meaningful policy for dropping= Invalid routes.
=C2=A0>=C2=A0 =C2=A0 Their goal is to balance (A) dropping Invalid route= s so hijacked
=C2=A0>=C2=A0 =C2=A0 routes can be eliminated, versus (B) tolerance for = missing or
=C2=A0>=C2=A0 =C2=A0 erroneously created ROAs for customer prefixes.=C2= =A0 This document
=C2=A0>=C2=A0 =C2=A0 considers a Drop Invalid if Still Routable (DISR) p= olicy that is
=C2=A0>=C2=A0 =C2=A0 based on these considerations.=C2=A0 The key princi= ple of DISR policy is
=C2=A0>=C2=A0 =C2=A0 that an Invalid route can be dropped if a Valid or = NotFound route
=C2=A0>=C2=A0 =C2=A0 exists for a subsuming less specific prefix.
=C2=A0> _______________________________________________
=C2=A0> Sidrops mailing list
=C2=A0> Sidrops@ie= tf.org
=C2=A0> https://www.ietf.org/mailman/listinfo/sidrop= s

_______________________________________________
Sidrops mailing list
Sidrops@ietf.org<= br> https://www.ietf.org/mailman/listinfo/sidrops
--94eb2c09b6f231c2a10566fd56c3-- From nobody Fri Mar 9 08:48:51 2018 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CE64412D86B; Fri, 9 Mar 2018 08:48:49 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.901 X-Spam-Level: X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nistgov.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 44EpVqWdstzq; Fri, 9 Mar 2018 08:48:48 -0800 (PST) Received: from gcc01-CY1-obe.outbound.protection.outlook.com (mail-cy1gcc01on0139.outbound.protection.outlook.com [23.103.200.139]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EF16112D82F; Fri, 9 Mar 2018 08:48:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nistgov.onmicrosoft.com; s=selector1-nist-gov; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=h0XHulbxOhxBW+eQLYFdoA4kNb7TLVkeOQzDVG69CIw=; b=AYxpPssgXfeytYpcY6Pc1CTRjdDPyE5jCNK2axSKU/jp5s9utt2lRABRf8LRVjnbdnq4kbUtHY4CSdWd/WfSC6y9keTX4mPKEj+VFXFz8KaeN+J/KqlBDP0pVmoFDCGfKpIDSuAi7phB9w/8tJLD/mXKat8QZcmBWLI9QqnqRPM= Received: from DM5PR0901MB2504.namprd09.prod.outlook.com (52.132.128.29) by DM5PR0901MB2503.namprd09.prod.outlook.com (52.132.128.28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.548.13; Fri, 9 Mar 2018 16:48:45 +0000 Received: from DM5PR0901MB2504.namprd09.prod.outlook.com ([fe80::e90a:b560:7cee:b834]) by DM5PR0901MB2504.namprd09.prod.outlook.com ([fe80::e90a:b560:7cee:b834%13]) with mapi id 15.20.0548.018; Fri, 9 Mar 2018 16:48:45 +0000 From: "Montgomery, Douglas (Fed)" To: Stephen Kent , "Sriram, Kotikalapudi (Fed)" , Tim Bruijnzeels CC: "sidrops-chairs@ietf.org" , "sidrops@ietf.org" Thread-Topic: [Sidrops] New Version Notification for draft-sriram-sidrops-drop-invalid-policy-00.txt Thread-Index: AQHTtNWhMX8Ii2x000qaqhw9uIvabqPDaEWAgAMAtQCAAP/MAIAAPhaAgABzpAD//7T7AA== Date: Fri, 9 Mar 2018 16:48:44 +0000 Message-ID: References: <152029076512.12908.14537578849320525718.idtracker@ietfa.amsl.com> <074D75CB-7D34-4838-BEAA-88AE5E044F6C@ripe.net> <70613650-C8D6-43D9-8643-5694B77BADA9@nist.gov> <5d2afc8e-7f9a-e2bc-fa84-88b943639bd6@verizon.net> In-Reply-To: <5d2afc8e-7f9a-e2bc-fa84-88b943639bd6@verizon.net> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/10.a.0.180210 authentication-results: spf=none (sender IP is ) smtp.mailfrom=dougm@nist.gov; x-originating-ip: [2610:20:6222:140:1c34:dcd2:fc2a:7a0b] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; DM5PR0901MB2503; 7:ubbdk6uxjrb3Cko2Co3J37IBbP4RCrv+tnH4gyJE5gl6Uoma0O2+t0gqrQl1cZUIt477CRY/M29TavrbcVR/GMyzKPI2ZnratOX2WdQOoT5g/nYNmQrYsFeQWyQrDJDNg6pPoZa7AG9UPQNoQiijidMWP0cc1XcvButw/VGA2rM5t4rkw2U8wE2yq6XTApUrOhHLVrurRnj6xrig575e6zrWHPV+5jPpa/t+iQVy4fA63MG8b42TAh8mLp7U+KIn x-ms-exchange-antispam-srfa-diagnostics: SSOS;SSOR; x-forefront-antispam-report: SFV:SKI; SCL:-1; SFV:NSPM; SFS:(10019020)(366004)(346002)(396003)(39380400002)(376002)(39860400002)(189003)(199004)(102836004)(186003)(6246003)(86362001)(2906002)(6512007)(6116002)(6506007)(6486002)(53936002)(2900100001)(316002)(33656002)(229853002)(25786009)(99286004)(4326008)(2950100002)(6436002)(105586002)(82746002)(68736007)(3280700002)(83716003)(97736004)(8656006)(5660300001)(8936002)(8676002)(93886005)(81166006)(81156014)(478600001)(14454004)(46003)(76176011)(36756003)(3660700001)(7736002)(5250100002)(54906003)(106356001)(58126008)(305945005)(110136005); DIR:OUT; SFP:1102; SCL:1; SRVR:DM5PR0901MB2503; H:DM5PR0901MB2504.namprd09.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; x-ms-office365-filtering-ht: Tenant x-ms-office365-filtering-correlation-id: ba2437d4-1078-4ab5-79dd-08d585dd9f70 x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(5600026)(4604075)(3008032)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020); SRVR:DM5PR0901MB2503; x-ms-traffictypediagnostic: DM5PR0901MB2503: x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(88262167912993); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040522)(2401047)(5005006)(8121501046)(3231220)(944501244)(52105095)(3002001)(10201501046)(93006095)(93001095)(6055026)(6041310)(20161123560045)(20161123564045)(20161123562045)(20161123558120)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(6072148)(201708071742011); SRVR:DM5PR0901MB2503; BCL:0; PCL:0; RULEID:; SRVR:DM5PR0901MB2503; x-forefront-prvs: 0606BBEB39 received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts) x-microsoft-antispam-message-info: K6UOwtVAWqPIwwQC4WS4doYeiD5UMX0yzhYWLvUIor/37yRk6K6brxDSEei7W1aIAHfxQHPsS9zVG+df+zp0T20IDTRAdRVVqQE3bbujPSokRfpwymfkKNk2M3uqdyg8hwentDU6Gb5L6Hre4II+lAslNl3x/eDIWs8Q3o4H7UXv+naXQbsgKCC/OADCBWh8rsyhJr4qANFm7vnd8LFQGJcR+IMqh6lC/XpHjeKIdLApNfXaoluOx7E8KIr3UXf6HB0u5pl87vnpYw+AZ2Sxsn3/RBMv32CJF9Oktxkvj9VtMCoPNA3zxbz4Ds46bXezILYtjulE9INr4ZWqUGLUCA== spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-OriginatorOrg: nist.gov X-MS-Exchange-CrossTenant-Network-Message-Id: ba2437d4-1078-4ab5-79dd-08d585dd9f70 X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Mar 2018 16:48:45.0445 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR0901MB2503 Archived-At: Subject: Re: [Sidrops] New Version Notification for draft-sriram-sidrops-drop-invalid-policy-00.txt X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Mar 2018 16:48:50 -0000 VGhhbmtzIFN0ZXZlLA0KDQpZb3UgYXJlIHJpZ2h0IHRoYXQgdGhlIFJGQ3MgYmVsb3cgc2hvdWxk IGJlIHJlZmVyZW5jZWQgYWxzby4gIEhhdmluZyByZXZpZXdlZCB0aGVtIGFnYWluLCBub3RoaW5n IEkgc2FpZCBwcmV2aW91c2x5IHNlZW1zIHRvIGhhdmUgY2hhbmdlZC4gICBBUyAwIGlzIGF0IGJl c3QgYSBzdWdnZXN0ZWQgdXNhZ2UgY29udmVudGlvbi4NCg0KVGhlIHRoaW5nIEkgbGlrZSBhYm91 dCB0aGUgNjQ4MyB0ZXh0IGlzIHRoYXQgaXQgbWFrZXMgZXhwbGljaXQgdGhhdCBST0FzIGNhbiBh bmQgd2lsbCBiZSBjcmVhdGVkIGJlbmVhdGggYW4gQVMgMCBST0EgKG9uZSB1c2FnZSBzY2VuYXJp byBpcyBmb3JjaW5nIHlvdXIgY3VzdG9tZXJzIHRvIGlzc3VlIFJPQXMgYmVmb3JlIGFubm91bmNp bmcgdGhlaXIgcm91dGVzKSBhbmQgdGhhdCBhbGwgb2YgdGhpcyBpcyAiYnkgY29udmVudGlvbiIu ICAgU28gd2hpbGUgbm90IG5vcm1hdGl2ZSwgSSB0aG91Z2ggNjQ4MyBwYWludGVkIHRoZSBiZXN0 IHBpY3R1cmUgb2YgdGhlIGlzc3VlcyB3ZSB3ZXJlIGRpc2N1c3NpbmcuDQoNCmRvdWdtDQotLSAN CkRvdWdNIGF0IE5JU1QNCiANCu+7v09uIDMvOS8xOCwgMTE6MTcgQU0sICJTdGVwaGVuIEtlbnQi IDxzdGtlbnRAdmVyaXpvbi5uZXQ+IHdyb3RlOg0KDQogICAgRG91ZywNCiAgICANCiAgICA+IE1h eWJlIGFub3RoZXIgd2F5IHRvIHBocmFzZSB0aGlzIGlzLCBhcyBmYXIgYXMgd2UgY2FuIHRlbGwg KHNlYyA0LCBSRkM2NDgzKSB0aGUgZG9jdW1lbnRlZCB1c2Ugb2YgQVMwIGlzIGEgdXNhZ2UgY29u dmVudGlvbiBhdCBiZXN0LCBpLmUuIGRvZXMgbm90IGhhdmUgYW55IHNwZWNpZmljIG5vcm1hdGl2 ZSByZXF1aXJlbWVudHMsIGJleW9uZCBub3JtYWwgUk9BIC8gdmFsaWRhdGlvbiBwcm9jZWR1cmVz Lg0KICAgIFNpbmNlIDY0ODMgaXMgaW5mb3JtYXRpb25hbCwgIG5vdGhpbmcgaXQgc2F5cyBpcyBu b3JtYXRpdmUuIEhvd2V2ZXIsIA0KICAgIFJGQ3MgNjQ5MSwgNzYwNiwgYW5kIDc2MDcgYXJlIHN0 YW5kYXJkcyB0cmFjayBhbmQgdGhlIG1vcmUgcmVsZXZhbnQgDQogICAgZG9jdW1lbnRzLiBXaHkg ZGlkIHlvdSBub3QgY2l0ZSB0aG9zZSBSRkNzIGFuZCB0aGVpciAobm9ybWF0aXZlKSANCiAgICBz dGF0ZW1lbnRzIGZvciBob3cgQVMgMCBpcyB0byBiZSB0cmVhdGVkIGluIHRoZSBSUEtJIGNvbnRl eHQ/DQogICAgDQogICAgU3RldmUNCiAgICANCg0K From nobody Fri Mar 9 23:00:11 2018 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BAF11126DEE; Fri, 9 Mar 2018 23:00:09 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.911 X-Spam-Level: X-Spam-Status: No, score=-6.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s_AnJm4rxhDp; Fri, 9 Mar 2018 23:00:08 -0800 (PST) Received: from ran.psg.com (ran.psg.com [IPv6:2001:418:8006::18]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A4FFC126DED; Fri, 9 Mar 2018 23:00:08 -0800 (PST) Received: from localhost ([127.0.0.1] helo=ryuu.rg.net) by ran.psg.com with esmtp (Exim 4.86_2) (envelope-from ) id 1euYU6-000526-S4; Sat, 10 Mar 2018 07:00:03 +0000 Date: Sat, 10 Mar 2018 16:00:01 +0900 Message-ID: From: Randy Bush To: Tim Bruijnzeels Cc: "Sriram, Kotikalapudi (Fed)" , "sidrops-chairs@ietf.org" , "sidrops@ietf.org" In-Reply-To: <074D75CB-7D34-4838-BEAA-88AE5E044F6C@ripe.net> References: <152029076512.12908.14537578849320525718.idtracker@ietfa.amsl.com> <074D75CB-7D34-4838-BEAA-88AE5E044F6C@ripe.net> User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/25.3 Mule/6.0 (HANACHIRUSATO) MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") Content-Type: text/plain; charset=ISO-8859-7 Content-Transfer-Encoding: quoted-printable Archived-At: Subject: Re: [Sidrops] New Version Notification for draft-sriram-sidrops-drop-invalid-policy-00.txt X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 10 Mar 2018 07:00:10 -0000 > in case an announcement is invalid due to AS0 and there is no valid > announcement (there can=A2t be) AS =3D=3D 0 is just a ROA with an AS. there may be other ROAs with other ASs, one or more of which might validate an announcement. randy From nobody Sat Mar 10 04:08:50 2018 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BB31A124217 for ; Sat, 10 Mar 2018 04:08:48 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.668 X-Spam-Level: X-Spam-Status: No, score=-1.668 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, UNPARSEABLE_RELAY=0.001, WEIRD_PORT=0.001] autolearn=no autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tvnuqgsw3wIC for ; Sat, 10 Mar 2018 04:08:47 -0800 (PST) Received: from mail-wm0-f42.google.com (mail-wm0-f42.google.com [74.125.82.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9D2351271FD for ; Sat, 10 Mar 2018 04:08:47 -0800 (PST) Received: by mail-wm0-f42.google.com with SMTP id z81so8354555wmb.4 for ; Sat, 10 Mar 2018 04:08:47 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:content-transfer-encoding :in-reply-to:user-agent; bh=E+ctOvgHUQJUA96ZLfGAzlT6+oOn6Rc4eaG2FHfyUgg=; b=Yj8JcUN1ThzuArTMdmdjILFV2S6FvQPtzWPX0/+spbGsZK1ecDr7nfre9UNLADCsPG U5c7aEBNpThCZbWbWYLjmVDIL5nV/Vdu5oV1GUi6JNPjbqmH2+o3YEDmuQ2bvBqoBR5Z +vG3pHzi3+L2VD5eGgjYZnZXM9UqF/gmkIjQ+MrgeZ08ue5p27Jg0ypHiaskwyLP+8Bw HilQH461Nh2PtBc78+ZHFJSdTUgbToX4QarrHW5tm0atz9nyOHIqfJh+qYec7LFIOdg3 EWyg9464b1tthjb0jabauwO83g3ipiVm/CBQBzNQchWjW1hLoT4VEKmK7xaUHvdDZOGL YhCg== X-Gm-Message-State: AElRT7FyqsG43qnVAgLnO7Dlw7C1A5NdzNIFIlprA2xuztniA/zW5zsK l6yfsyqFcYN6BdJrowe/bDJOpbOQyiM= X-Google-Smtp-Source: AG47ELvVyvB8ZDIsoqXLEK2WzjlCMJLTjqc489n+BelvuZp2qDEPvIgcIjXi6hp7S/6baLoM1yEbQQ== X-Received: by 10.80.165.84 with SMTP id z20mr2781935edb.300.1520683725785; Sat, 10 Mar 2018 04:08:45 -0800 (PST) Received: from vurt.meerval.net (vurt.meerval.net. [192.147.168.22]) by smtp.gmail.com with ESMTPSA id y14sm2376658ede.18.2018.03.10.04.08.44 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Sat, 10 Mar 2018 04:08:45 -0800 (PST) Received: from localhost (vurt.meerval.net [local]) by vurt.meerval.net (OpenSMTPD) with ESMTPA id a75a77b9; Sat, 10 Mar 2018 12:08:44 +0000 (UTC) Date: Sat, 10 Mar 2018 12:08:44 +0000 From: Job Snijders To: Tim Bruijnzeels Cc: "Sriram, Kotikalapudi (Fed)" , "sidrops-chairs@ietf.org" , "sidrops@ietf.org" Message-ID: <20180310120844.GC35705@vurt.meerval.net> References: <152029076512.12908.14537578849320525718.idtracker@ietfa.amsl.com> <074D75CB-7D34-4838-BEAA-88AE5E044F6C@ripe.net> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <074D75CB-7D34-4838-BEAA-88AE5E044F6C@ripe.net> X-Clacks-Overhead: GNU Terry Pratchett User-Agent: Mutt/1.9.3 (2018-01-21) Archived-At: Subject: Re: [Sidrops] New Version Notification for draft-sriram-sidrops-drop-invalid-policy-00.txt X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 10 Mar 2018 12:08:49 -0000 On Thu, Mar 08, 2018 at 03:25:36PM +0100, Tim Bruijnzeels wrote: > I think this addresses a concern that blocks uptake for transit > networks in particular. So I am happy to see discussion on this, and > hope that actual operators will speak to this. Hey Job, glad you did > :) > > One remark on the content.. would it make sense to have a different > treatment in case an AS0 ROA is issued? I.e. in case an announcement > is invalid due to AS0 and there is no valid announcement (there can’t > be) - still drop it? Aside from complications related to AS 0 (it being an unroutable ASN) - there is another type of prefixes where INVALID announcements should never be accepted: IXP Peering LAN prefixes. Take as example the DE-CIX Peering LAN prefix (taken from https://www.peeringdb.com/ix/31) - it is not really globally reachable, and that is the intention. What we see here though that some folks carry it in their IGP http://lg.ring.nlnog.net/prefix_detail/lg01/ipv4?q=80.81.192.0 and seem to advertise it by accident to this collector. These accidental announcements shouldn't be accepted, ever. This is the ROA: http://localcert.ripe.net:8088/roas?q=80.81.192.0 - with the current DSIR idea they _would_ be accepted if I am not mistaken. DE-CIX is not announcing the peering lan prefix for various operational reasons, and the ROA should help supress global visiblity, especially the global visibility of more-specifics. More-specifics of the peering lan are disastrous for IXPs. Kind regards, Job From nobody Sat Mar 10 19:50:23 2018 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 045881270A3 for ; Sat, 10 Mar 2018 19:50:22 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.91 X-Spam-Level: X-Spam-Status: No, score=-6.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, WEIRD_PORT=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W981RzUAu3xh for ; Sat, 10 Mar 2018 19:50:20 -0800 (PST) Received: from ran.psg.com (ran.psg.com [IPv6:2001:418:8006::18]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7DA141200C5 for ; Sat, 10 Mar 2018 19:50:20 -0800 (PST) Received: from localhost ([127.0.0.1] helo=ryuu.rg.net) by ran.psg.com with esmtp (Exim 4.86_2) (envelope-from ) id 1eus03-000340-2U; Sun, 11 Mar 2018 03:50:19 +0000 Date: Sun, 11 Mar 2018 12:50:17 +0900 Message-ID: From: Randy Bush To: Job Snijders Cc: SIDR Operations WG In-Reply-To: <20180310120844.GC35705@vurt.meerval.net> References: <152029076512.12908.14537578849320525718.idtracker@ietfa.amsl.com> <074D75CB-7D34-4838-BEAA-88AE5E044F6C@ripe.net> <20180310120844.GC35705@vurt.meerval.net> User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/25.3 Mule/6.0 (HANACHIRUSATO) MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") Content-Type: text/plain; charset=US-ASCII Archived-At: Subject: Re: [Sidrops] New Version Notification for draft-sriram-sidrops-drop-invalid-policy-00.txt X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 Mar 2018 03:50:22 -0000 > Take as example the DE-CIX Peering LAN prefix (taken from > https://www.peeringdb.com/ix/31) - it is not really globally > reachable, and that is the intention. What we see here though that > some folks carry it in their IGP > http://lg.ring.nlnog.net/prefix_detail/lg01/ipv4?q=80.81.192.0 and > seem to advertise it by accident to this collector. > > These accidental announcements shouldn't be accepted, ever. This is the > ROA: http://localcert.ripe.net:8088/roas?q=80.81.192.0 - with the > current DSIR idea they _would_ be accepted if I am not mistaken. > > DE-CIX is not announcing the peering lan prefix for various operational > reasons, and the ROA should help supress global visiblity, especially > the global visibility of more-specifics. More-specifics of the peering lan > are disastrous for IXPs. who has the authority to issue valid roas for any possibly improper subset of the de-cix lan? if someone else announces a possibly improper subset of that lan, it's a misannouncement and would be marked invalid. if you hear that announcement and believe it, who's the fool? randy From nobody Sat Mar 10 20:51:43 2018 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9E57512025C; Sat, 10 Mar 2018 20:51:42 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.901 X-Spam-Level: X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nistgov.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 11rYRuou2SnZ; Sat, 10 Mar 2018 20:51:40 -0800 (PST) Received: from gcc01-CY1-obe.outbound.protection.outlook.com (mail-cy1gcc01on0115.outbound.protection.outlook.com [23.103.200.115]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 46DB01200C5; Sat, 10 Mar 2018 20:51:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nistgov.onmicrosoft.com; s=selector1-nist-gov; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=3vchkhz6Ecvpd6zEee2SZR/iOD7LpLv273fothWxAIQ=; b=qubhNZVv+di0OKacmrXcU4rB6muCvWyqTpJApeFM4XIoE9zxplkKkpFmjqXweMKznjHFxXk/4O4fTCpxh2SrS7k9SjVYfJNZ2o9BqtDzuyes9gHx0o1Wntl46Oy1eLO2kd9+ybUFG+ospREZsGKyr+kipSrthsBB0lO0UvAP+LU= Received: from BYAPR09MB2773.namprd09.prod.outlook.com (52.135.224.26) by BYAPR09MB2773.namprd09.prod.outlook.com (52.135.224.26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.548.13; Sun, 11 Mar 2018 04:51:36 +0000 Received: from BYAPR09MB2773.namprd09.prod.outlook.com ([fe80::d015:9eb2:757:ba95]) by BYAPR09MB2773.namprd09.prod.outlook.com ([fe80::d015:9eb2:757:ba95%13]) with mapi id 15.20.0548.021; Sun, 11 Mar 2018 04:51:36 +0000 From: "Sriram, Kotikalapudi (Fed)" To: Job Snijders , Tim Bruijnzeels CC: "sidrops-chairs@ietf.org" , "sidrops@ietf.org" Thread-Topic: [Sidrops] New Version Notification for draft-sriram-sidrops-drop-invalid-policy-00.txt Thread-Index: AQHTtNWhXGiptyuPFE2FzpnwC7YBGqPDZQDegAMD+gCAAv5sAIABBZeG Date: Sun, 11 Mar 2018 04:51:36 +0000 Message-ID: References: <152029076512.12908.14537578849320525718.idtracker@ietfa.amsl.com> <074D75CB-7D34-4838-BEAA-88AE5E044F6C@ripe.net>, <20180310120844.GC35705@vurt.meerval.net> In-Reply-To: <20180310120844.GC35705@vurt.meerval.net> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=kotikalapudi.sriram@nist.gov; x-originating-ip: [129.6.222.37] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; BYAPR09MB2773; 7:3o6KKKnUDnwjkNDODgJdlnQgTRd8Tc8axEnwJvvxOQdRzAVj/ICCkj1mnpd0MITojJy4P3dK1J4jKS8HC/b3BHxzoHq4oMC/dRvfEqJaSOrHWkJHwBhNK0Ak7yJSj5Mlo4C3svtfPA0ODUWj3Ggm49WC+2umjTxtZpyzJQALY48vJ8gKxTBp6CkZ5NguxwHdZk0+HUbe1BKvIPVxzi0e/hKAIevVD6dGblIizieRJ6RNoHc4VDUnLLfB5JEHl7IX x-ms-exchange-antispam-srfa-diagnostics: SSOS; x-ms-office365-filtering-ht: Tenant x-ms-office365-filtering-correlation-id: e978bd28-734e-4b75-e4ed-08d5870bc52c x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(5600026)(4604075)(3008032)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020); SRVR:BYAPR09MB2773; x-ms-traffictypediagnostic: BYAPR09MB2773: x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:; x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040522)(2401047)(8121501046)(5005006)(3002001)(93006095)(93001095)(10201501046)(3231220)(944501244)(52105095)(6055026)(6041310)(20161123564045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123562045)(20161123560045)(20161123558120)(6072148)(201708071742011); SRVR:BYAPR09MB2773; BCL:0; PCL:0; RULEID:; SRVR:BYAPR09MB2773; x-forefront-prvs: 0608DEDB67 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(376002)(346002)(396003)(39850400004)(39380400002)(366004)(189003)(199004)(6116002)(8936002)(68736007)(229853002)(106356001)(81166006)(81156014)(9686003)(53936002)(33656002)(74316002)(2900100001)(6506007)(59450400001)(5660300001)(2906002)(7736002)(3280700002)(305945005)(478600001)(4326008)(3846002)(25786009)(97736004)(6436002)(55016002)(8676002)(14454004)(2950100002)(6246003)(5250100002)(3660700001)(66066001)(105586002)(93886005)(186003)(102836004)(110136005)(54906003)(26005)(99286004)(86362001)(316002)(76176011)(7696005); DIR:OUT; SFP:1102; SCL:1; SRVR:BYAPR09MB2773; H:BYAPR09MB2773.namprd09.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts) x-microsoft-antispam-message-info: j+Eo7+R5XTUjwsRVYnrAU80bS/YYF5L/eq42FxPPBfQqI3dR4U0LUbXv/ahnlhrEeJhVzlXuyRrYyqxveGG2b6mesoVmRZPQt1kD2NNnep3zwRub2/qbuYgQy3waMe921yP1a5FkGdm/qgzsDRVLJVnmU1tqkTUqpL8SO6EfAInIKowYfiK2biZhF0qmT8YN61d2F+MHnz7dU665GWEjB+fO1n55Do+8E8dD7ltxjnzpWOm3rvORlh1ycw6XyRrbtoa/q6SUbzkybnA23+l2NIUOewQ/L6wlnG2FlcUYC7iC6eBgy8PLpAPVcyecVnHJRKOyM+/MS7xVbrjgeYMzbA== spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: nist.gov X-MS-Exchange-CrossTenant-Network-Message-Id: e978bd28-734e-4b75-e4ed-08d5870bc52c X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Mar 2018 04:51:36.1955 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR09MB2773 Archived-At: Subject: Re: [Sidrops] New Version Notification for draft-sriram-sidrops-drop-invalid-policy-00.txt X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 Mar 2018 04:51:43 -0000 Job, Tim wrote: >>One remark on the content.. would it make sense to have=20 >>a different treatment in case an AS0 ROA is issued?=20 >>I.e. in case an announcement is invalid due to AS0 and=20 >>there is no valid announcement (there can=92t be) - still drop it? Job wrote: >Aside from complications related to AS 0 (it being an unroutable ASN) - >there is another type of prefixes where INVALID announcements should >never be accepted: IXP Peering LAN prefixes. -- snip -- >DE-CIX is not announcing the peering lan prefix for various operational >reasons, and the ROA should help supress global visiblity, especially >the global visibility of more-specifics. More-specifics of the peering lan >are disastrous for IXPs. This seems like a nice use case for AS 0 ROA and DISR with Tim's suggested = modification. The IXP should create an AS 0 ROA for their LAN prefix. And they should delete the ROA they currently have with their own AS. (IXP is not announcing the LAN prefix.) Then, any announcements of their prefix will be Invalid and dropped by the DISR policy including Tim's suggested modification. Also, with the AS 0 ROA, there is the added advantage that=20 even forged-origin hijacks will be impossible. Sriram From nobody Sun Mar 11 04:00:50 2018 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4CCD3124B0A for ; Sun, 11 Mar 2018 04:00:49 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.668 X-Spam-Level: X-Spam-Status: No, score=-1.668 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, UNPARSEABLE_RELAY=0.001, WEIRD_PORT=0.001] autolearn=no autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WsDKhtTYEJgP for ; Sun, 11 Mar 2018 04:00:48 -0700 (PDT) Received: from mail-wm0-f42.google.com (mail-wm0-f42.google.com [74.125.82.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DC3411201FA for ; Sun, 11 Mar 2018 04:00:47 -0700 (PDT) Received: by mail-wm0-f42.google.com with SMTP id z81so11182917wmb.4 for ; Sun, 11 Mar 2018 04:00:47 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=sd8d8bCYSL41c2obdWjz7CtA9Qk6XJgKaBcFzTKutP4=; b=miKB8PSNcJjxdroOA5VMOT0XJc52bOdhNXoTj4El7lPPgF+VAqLCa89rxDVTa2ECXV X47k8fERzzHoGsfL858BivXLUFzdmtawXRpWHswUCc320rsLJ+dIxwNf5+qPrp4fj8EM hdoaQL6B79mduEyHGBoKgmgUciIZSDkuGzudBY9ZAkI2/ZZPoGWyahk41g22JCoo5VqX YQsBBW+Wz1lyS3Mcs0tUVaZRFEnm6Qb4LHmrQnonoeay1/InzZ4/eWlXzDAGkY3IGjA9 xUB/zfLm2Ti9GhWpdbyZSQvZ7FDEno9hlptogMwX8k56lhX2h/8wU5wuF7q7Tul1zvnh SN7w== X-Gm-Message-State: AElRT7GkELXx5kEeNgOIT3peVqJPFIGzEpVEJwOecAgKart5MWHYSMhC MVW5iUYg5vHNKDLoQJcEwJSp2Q== X-Google-Smtp-Source: AG47ELszUvlc4yeTm7P/xQqryFrTqOnrhy55IoQLLNwtj2jFCyQSeGIuQWnA3DFCjMg4zfrWBhno0Q== X-Received: by 10.80.208.206 with SMTP id g14mr6427616edf.295.1520766046201; Sun, 11 Mar 2018 04:00:46 -0700 (PDT) Received: from vurt.meerval.net (vurt.meerval.net. [192.147.168.22]) by smtp.gmail.com with ESMTPSA id h2sm3369721edc.57.2018.03.11.04.00.43 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Sun, 11 Mar 2018 04:00:43 -0700 (PDT) Received: from localhost (vurt.meerval.net [local]) by vurt.meerval.net (OpenSMTPD) with ESMTPA id 0032b248; Sun, 11 Mar 2018 11:00:42 +0000 (UTC) Date: Sun, 11 Mar 2018 11:00:42 +0000 From: Job Snijders To: Randy Bush Cc: SIDR Operations WG Message-ID: <20180311110042.GF98483@vurt.meerval.net> References: <152029076512.12908.14537578849320525718.idtracker@ietfa.amsl.com> <074D75CB-7D34-4838-BEAA-88AE5E044F6C@ripe.net> <20180310120844.GC35705@vurt.meerval.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Clacks-Overhead: GNU Terry Pratchett User-Agent: Mutt/1.9.4 (2018-02-28) Archived-At: Subject: Re: [Sidrops] New Version Notification for draft-sriram-sidrops-drop-invalid-policy-00.txt X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 Mar 2018 11:00:49 -0000 On Sun, Mar 11, 2018 at 12:50:17PM +0900, Randy Bush wrote: > > Take as example the DE-CIX Peering LAN prefix (taken from > > https://www.peeringdb.com/ix/31) - it is not really globally > > reachable, and that is the intention. What we see here though that > > some folks carry it in their IGP > > http://lg.ring.nlnog.net/prefix_detail/lg01/ipv4?q=80.81.192.0 and > > seem to advertise it by accident to this collector. > > > > These accidental announcements shouldn't be accepted, ever. This is > > the ROA: http://localcert.ripe.net:8088/roas?q=80.81.192.0 - with > > the current DSIR idea they _would_ be accepted if I am not mistaken. > > > > DE-CIX is not announcing the peering lan prefix for various > > operational reasons, and the ROA should help supress global > > visiblity, especially the global visibility of more-specifics. > > More-specifics of the peering lan are disastrous for IXPs. > > who has the authority to issue valid roas for any possibly improper > subset of the de-cix lan? > > if someone else announces a possibly improper subset of that lan, it's > a misannouncement and would be marked invalid. > > if you hear that announcement and believe it, who's the fool? Perhaps what is lacking in the semantics of RPKI is a "kill roa". On the other hand, perhaps IXP Peering LAN prefixes are not a real problem. In NTT's network this type of announcement is dropped regardless of any IRR or RPKI information. I feel AS 0 is being overloaded, AS0's non-routablility is being used in a number of (too many) different ways. Kind regards, Job From nobody Sun Mar 11 06:21:55 2018 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AC833124217 for ; Sun, 11 Mar 2018 06:21:53 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.901 X-Spam-Level: X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=apnic.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KPxTmio30y3y for ; Sun, 11 Mar 2018 06:21:50 -0700 (PDT) Received: from APC01-SG2-obe.outbound.protection.outlook.com (mail-sg2apc01on0087.outbound.protection.outlook.com [104.47.125.87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6BE121201FA for ; Sun, 11 Mar 2018 06:21:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=apnic.onmicrosoft.com; s=selector1-apnic-net; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=H9DpHOGV0EaxIPrZsLGsaYzGOHRi7SeGn/auLG2yLIM=; b=cUSqRkZfy4UX9b+rTkQTTfm4vd0XHz11BiS5OVQlkkT+1XPsrqehGwrwsN+BMQBLppevAYFbHrm9Hhv7PWLY6SNxQZl1AcDZMUtCdVt6Gb1XSWzvERFzI5M6+iSNw0Bv3c2dDo70iqNM+430Yb1c6BHhzUVUbnejiFnzlDvWogY= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=gih@apnic.net; Received: from [IPv6:2620:f:8000:210:a571:7484:c675:4454] (2620:f:8000:210:a571:7484:c675:4454) by SIXPR04MB0698.apcprd04.prod.outlook.com (2a01:111:e400:51ee::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.548.13; Sun, 11 Mar 2018 13:21:44 +0000 Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\)) From: Geoff Huston In-Reply-To: <20180311110042.GF98483@vurt.meerval.net> Date: Sun, 11 Mar 2018 09:21:12 -0400 Cc: Randy Bush , SIDR Operations WG Content-Transfer-Encoding: quoted-printable Message-Id: <06C08F03-6386-414C-B93E-EA3CADC9D996@apnic.net> References: <152029076512.12908.14537578849320525718.idtracker@ietfa.amsl.com> <074D75CB-7D34-4838-BEAA-88AE5E044F6C@ripe.net> <20180310120844.GC35705@vurt.meerval.net> <20180311110042.GF98483@vurt.meerval.net> To: Job Snijders X-Mailer: Apple Mail (2.3445.5.20) X-Originating-IP: [2620:f:8000:210:a571:7484:c675:4454] X-ClientProxiedBy: BL0PR0102CA0003.prod.exchangelabs.com (2603:10b6:207:18::16) To SIXPR04MB0698.apcprd04.prod.outlook.com (2a01:111:e400:51ee::21) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: cd234837-e50c-439d-9838-08d5875309dd X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(5600026)(4604075)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020); SRVR:SIXPR04MB0698; X-Microsoft-Exchange-Diagnostics: 1; SIXPR04MB0698; 3:SXE6gq/a8asrHc1PvdskO1KipZoQw96IuWDHzambJzmTc+8Cem7io8gc2FqxLy6pdZK4ZIyoOtx3pwY3jZpTmE2s2zkEycQaL3lQmm/oULfjQ+p6NMs2oK4fczfd6aEUPxM1rq0Pn4KaBnmC0/msTglUlHTC2GZAseKlPUXjqtQLB49y3un8WJ2aUQEuAYpK0JRFkcuOSrVK7G7O8eBRY/t86xObq8c3Hoy0wkxRDwDoyvB5ObXdp33nUQsh4os9; 25:hqBjIy7NjSVft8sOPXVLSKyl0XuP7Z2KQWDjAqLlsQS/gXVLyQzUEpUriWkGovH0tc7N7HQfc3i8B3wDi/J04E0e1NqNWucWxYzaEx0IslSq15M4c80g3LEj1W59clkChuWEKBkIgAGh7oNy9Gs4KnzPOJOi0GIrnqxwx2Liqx0NLaFPeTRLJs9GDfggPsIQ8sMdBLVZfT/NZg9XitNWZh2pOdvLiAQxaNBJXIrKPbYxTtj8Fzc/2OplmaTPKVFXDexFoTHlNhdtNwN3kVTBSrGp6aXC7VNT6BwCcFVnSS/s19iY0pMCVNlFF06MU6sVd4YMptbM160lnVufhBc1PQ==; 31:OJl1nMiqYKWfpDHttNGKDo/SxwsSK5sbB9zpRheEpSU+BWoSSJDptwEOtQ3HmPVKPFf+pKSBi58+oHueM0NP7GOf3BCpNHmFoR3Ahn/GnqJTPtYBFZzc+pETaQOGCT/gPbTlYtgHnKHmio5b0NgMGQ6rDfSQR8FJOnosPt6itPc4wkQZJ0Ok03+zt11lU2IsjIfhXDewizBAwAgxd1CpFSfl3Pz0dglIOWe94fIukrY= X-MS-TrafficTypeDiagnostic: SIXPR04MB0698: X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(120809045254105); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040522)(2401047)(8121501046)(5005006)(3002001)(93006095)(93001095)(10201501046)(3231220)(944501244)(52105095)(6041310)(20161123562045)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(20161123558120)(6072148)(201708071742011); SRVR:SIXPR04MB0698; BCL:0; PCL:0; RULEID:; SRVR:SIXPR04MB0698; X-Microsoft-Exchange-Diagnostics: 1; SIXPR04MB0698; 4:6YYyBSeU9QQiCEak4uqCkdIw2sB0mV0xupC03jWhj8n7ROHc4IQP4mofn114CfUK7bvl+9xyNAbXeTt3c/pRpymYpEbTC8MJq1PnOFrW0la6N5PdYpfQOQvbIcnLY/w8Chxh5hav6vGa4xd2+rWnodsWPk8OhCOLhaHIhLfTNZ0m8ExQEuDCmsd0nUA6Iq4NebuEuTKoL7mztEyfg25o/aVugcm2lPJiMWFrHCMt3EAyvwsVLQyberiNnaljELszb/0GN5YESMEI3Csstnr5A/A/uEhMGG0xT8swSN89CYlrGpzXgOky/Tdjh+eT1OS8 X-Forefront-PRVS: 0608DEDB67 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(396003)(366004)(39830400003)(376002)(346002)(39380400002)(189003)(199004)(386003)(6916009)(2950100002)(68736007)(4326008)(6246003)(36756003)(229853002)(105586002)(86362001)(25786009)(186003)(82746002)(16526019)(97736004)(53936002)(54906003)(46003)(6306002)(83716003)(6666003)(558084003)(6486002)(52146003)(52116002)(2486003)(316002)(1706002)(52396003)(305945005)(6116002)(7736002)(23676004)(33656002)(57306001)(76176011)(2906002)(93886005)(8746002)(966005)(50466002)(478600001)(47776003)(81156014)(50226002)(81166006)(5660300001)(8676002)(106356001)(8936002)(42262002)(564094006); DIR:OUT; SFP:1101; SCL:1; SRVR:SIXPR04MB0698; H:[IPv6:2620:f:8000:210:a571:7484:c675:4454]; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; Received-SPF: None (protection.outlook.com: apnic.net does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtTSVhQUjA0TUIwNjk4OzIzOk9NbTNmUjh5anllM0pEQXRmb200QUcxNlZj?= =?utf-8?B?a1VVZ0VYV1JsWU4wWHhJS0J4dzNwUCt3SS9TM0hnSllReEFwaXM4V2FUQmNS?= =?utf-8?B?WHpabW9kUVl5MWppeEVkR2ZxRXd5aGZJUHc3SE9MUktzL3ArSWQ2aDlMQUFX?= =?utf-8?B?MXY4WVN6UEdadHFCSzVlaEhkeHhqclpvSjBSdXlXQkJtM3J6dWxWbndKczUy?= =?utf-8?B?U3I0dGpQWnA3aW1wWmlSN29iTVFVZGRYYk9UdUNEQk1DR1c4cFd2aDhIRmEv?= =?utf-8?B?R3pyWDRLWnBUWDU1dTFoU09pd09BcUlzMWhjWWxQSnYxcmVIVVFYTW9SUk1n?= =?utf-8?B?TGNwWEgrMkN4M2JLQ2dEU0ZnNmgrZlF3KzlVTVNCVWRJd2xoOTNHajFhTURu?= =?utf-8?B?QUpST0pWWHN5OU1xLzZRMW5VblZwcmdjcHBNUGVoNGd1UVRmSEhTZFRjTSs1?= =?utf-8?B?Qk16NnJSUDh6WlYvdHhrZVYyUzRwM3BQd0QyWG5WZ0VEazdvajUxSTMvV0hq?= =?utf-8?B?emo1QytVUEh0eXpyMnNXcThOWS9PSThtMnhlbDE5Z25PQ1lUS1FGWnYyOEdX?= =?utf-8?B?Y1BhQXZXWUdpZXlmUzZ3MjBLOTdtWmd0MlVxODdabzRLcmNmRDNyL09Rd2pL?= =?utf-8?B?SytqMDZPaHBpNHp1dXZSQW00RFNFZUxBbFgvWFo4RzU3NG5zMDFFTkNHVDg3?= =?utf-8?B?VnVpN20xd3Z4dDhCb0ZFNFZpa1NCM2FqLzVMY1Y4Qi9kQTc3T0owaGxRN1Fl?= =?utf-8?B?QUREQ3NYUW0vaERJUllmUlZvaE9pUEVWWXJabU0zekhtTmtvbkVIcTRPVkhG?= =?utf-8?B?ZTdOaGxaRFJ5U3pWR2txRU0zQzc1YUl5RWxLZSsxcXhJOG85Um5ZcmV4dURy?= =?utf-8?B?WVhCSGpjbFNYM1YzS0hWMldyOGx1WFBuY1N1VmdaL25kWmlhenRRaER4OW5W?= =?utf-8?B?MU1DMkdZMzdtNmtQcEw1SGJmeDMvbS9xWlEzb0N1bmZrdDlWbVhJNGU3eE1I?= =?utf-8?B?ZjBOcWlyRzFKZnRYdGlFbUwvQ3piRjhnT00vbXVPc1lqMTZTUFNSSFoydjBC?= =?utf-8?B?R092MWgybUpHNjZ6UmlLcVB5cXJvNjEwaHIwR1ZEVHlrbmQ3NGlqU0EvR1JY?= =?utf-8?B?MVB2ZkJDZWhMMlVPdWpEOEZuZWVtTmdmRkh4MDlZMnduMFovOGNRYThBbGxo?= =?utf-8?B?UHUwT1kvNXZUbVhBcEgzWDVMNG9nRDcwcmNlcjZUMHZxVWdBZ3pRSGQ4L3JQ?= =?utf-8?B?dlNERGp5RkpJZGpicWFHYzFoY2ZGNkJFV0RadGYxcnhiaEZKTDRxcko1MFVl?= =?utf-8?B?S1VHdnFabU9vRjJIYjZsN2lXakJmVFNDdjBqY2xyN2R1bzR3VGxFK3dSdnlK?= =?utf-8?B?VXJYNVR5emtoVS81N05nSTBOMFdOU050MnZtMlljVHVOZmNBNnNTVjBkSENQ?= =?utf-8?B?dWlsWXVoaVdNRjZXNWF6N1BkbVN1Sk1qRmRxMWtFN0Z6OGlzMUtTcFZ0Njda?= =?utf-8?B?UllJcFZ3eTdEMXpaQkN2SHJYMGdvRkl5LzgraW4wQlVmYzlESFJkM2tqeWMw?= =?utf-8?B?ZE9oUVpTekYwM3B4ekN1Yitja3luVXA0MG1vcFEzaHJIT0FIbXNtWE1UU0Jj?= =?utf-8?B?ZDNqcjNydTlmaGhTVWtUS2NxM25TVEliNE9pMVN1WFJHN0hGajdEQWNKUTZF?= =?utf-8?B?K2ZPOWlnbTNrYmxKQ1BxMzcxMDV3VWtHRW8rUmJIekxXSzhZMjBydC9QQnY5?= =?utf-8?B?WjNPK1pld29yUk1heXl5ZXJHemFUV2V1dms4NkJYZXI5MHdLd1lRS0ovTmh4?= =?utf-8?B?WWhtbkU3VzZhaEp3blBtUmViNTk4RlZ3ZjJ2NWR1b0duNmc9PQ==?= X-Microsoft-Antispam-Message-Info: 9ucgTDApxkBP437N1QeF0KtCkxoZ6/3eJvY3pdfk0c1VU6FytacAfIRgdqr6Hut4DtIWePvB7WRKX9dOyWTjv4uvA03+bV4pg6CDruj9dAipAr6mDjzwAdiHsfAnTxiz1YaqcIa3yQV2OJInrMKi6bccTrOd6IpuJStYDfjuABq+gVZoYSEuPuEHCNIsvqBv X-Microsoft-Exchange-Diagnostics: 1; SIXPR04MB0698; 6:5wjMOKxq1nzF2swFyEPycdQ4AHRNASxDKH2ItZlZQAblq2c2lfCRN0ybaWXhmUrMK6TNEE0xyxpSaFN+9G26WwP4MNXuLN/QX6wKQVLuhJ8k6fTXGxp02wF4JZGJvBJlnxTx2mZ2ejk48ZfO6gsQ66RUWlD7yNzz7IGnl2/UDDCyLC87za/k8KYoLKaGsawMAc6ZPLjQuuLmaTwb3HoYNBJI9iRCCdJWPyD2sc1pTmdAaQQwXFf4zpN9B/vU0yTpyk1ORk7nLUucZhxOrvPCPpCRa6fBh4ZuQoW81rFv6fu0ku8cAQV4AB5WXtlGZyDS65y1wrDHSBPSnjbkwDmup1Gqe12JDM5IvLWT4ByhHSI=; 5:kswPy/gvMwxTx19o3+gHyg2GRlIB6qGwoPHoWkCrVA81PXDBnyW1zY1S1JalSazRHvurphxx2kblmAUQ3ukbNUztL2lbfyK5RlwlUfyoQfaSxCbT8F7+hfQydJPmhBeIFEdwStk+leHrfYqx/S5z5ZQRLq4CxLz/8clfXkbYQY0=; 24:FuNBYXd+aKu0dp863MTr1NuwuHX6sDrFGOqCMHE469tOpp12TlVbY3CxTRcw55MhFisMHWuTXwhHQmO50W7ExGxoc/7fm74J5uLdiY7+/kI=; 7:B3r253NoSy0sk3vB98xC5sKP0QlbiPQiUdfZ08QOBnvBxBu+OxhewYwgFk2Oy6fExY+sjf6mZckT4sFMc7eVrk9WkWUGO2Mzrh+Bz+Ysbp4YITMsmwPMYR6tWJ+ZkMSTRvBKDXyoHScMPXx5qhtMmfEPJnspxM/7izRRaa9m1h6Yded+iii8ArGTfmTC/1JHIjvDpKcbk56o6vWNUhCizAiQp12TEJWw88xbGh9QUFdBVIr7eIyQmv58R1juhllz SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-OriginatorOrg: apnic.net X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Mar 2018 13:21:44.6595 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: cd234837-e50c-439d-9838-08d5875309dd X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 127d8d0d-7ccf-473d-ab09-6e44ad752ded X-MS-Exchange-Transport-CrossTenantHeadersStamped: SIXPR04MB0698 Archived-At: Subject: Re: [Sidrops] New Version Notification for draft-sriram-sidrops-drop-invalid-policy-00.txt X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 Mar 2018 13:21:54 -0000 >=20 > Perhaps what is lacking in the semantics of RPKI is a "kill roa=E2=80=9D= .=20 https://datatracker.ietf.org/doc/draft-huston-sidr-bogons/ From nobody Sun Mar 11 06:24:54 2018 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E23F1124217 for ; Sun, 11 Mar 2018 06:24:51 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.61 X-Spam-Level: X-Spam-Status: No, score=-2.61 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VU3_psqaTCyS for ; Sun, 11 Mar 2018 06:24:50 -0700 (PDT) Received: from mail3.dllstx09.us.to.gin.ntt.net (mail3.dllstx09.us.to.gin.ntt.net [IPv6:2001:418:3ff:5::26]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 644AE1201FA for ; Sun, 11 Mar 2018 06:24:50 -0700 (PDT) Received: by mail3.dllstx09.us.to.gin.ntt.net with esmtpsa (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.90_1) (envelope-from ) id 1ev0y1-0005lV-U4 (job@us.ntt.net) for sidrops@ietf.org; Sun, 11 Mar 2018 13:24:49 +0000 Received: by mail-ot0-f177.google.com with SMTP id m22so12827898otf.10 for ; Sun, 11 Mar 2018 06:24:49 -0700 (PDT) X-Gm-Message-State: AElRT7G9FQoSsKv7exEewi2zii9xoHuScc2/UFmP0d8tEBChO4kEgWPr ECr23+Qht11DInSAwA3ujbHQ/AlX7fy+ACRbeuNibA== X-Google-Smtp-Source: AG47ELsTQFJa5qckYC0JkVyrFz2te7F8Kfxl3K5UsnrDCYbqaZNN7STWn9VvFUP8IlEwPSlBq9wQGvhhGwrqxMHFaII= X-Received: by 10.157.19.92 with SMTP id q28mr3118894otq.69.1520774689499; Sun, 11 Mar 2018 06:24:49 -0700 (PDT) MIME-Version: 1.0 References: <152029076512.12908.14537578849320525718.idtracker@ietfa.amsl.com> <074D75CB-7D34-4838-BEAA-88AE5E044F6C@ripe.net> <20180310120844.GC35705@vurt.meerval.net> <20180311110042.GF98483@vurt.meerval.net> <06C08F03-6386-414C-B93E-EA3CADC9D996@apnic.net> In-Reply-To: <06C08F03-6386-414C-B93E-EA3CADC9D996@apnic.net> From: Job Snijders Date: Sun, 11 Mar 2018 13:24:39 +0000 X-Gmail-Original-Message-ID: Message-ID: To: Geoff Huston Cc: Job Snijders , Randy Bush , SIDR Operations WG Content-Type: multipart/alternative; boundary="001a1136e05626cb6e056722f322" Archived-At: Subject: Re: [Sidrops] New Version Notification for draft-sriram-sidrops-drop-invalid-policy-00.txt X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 Mar 2018 13:24:52 -0000 --001a1136e05626cb6e056722f322 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Sun, 11 Mar 2018 at 14:21, Geoff Huston wrote: > > > > Perhaps what is lacking in the semantics of RPKI is a "kill roa=E2=80= =9D. > > https://datatracker.ietf.org/doc/draft-huston-sidr-bogons/ What happened to that draft? Kind regards, Job --001a1136e05626cb6e056722f322 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
On Sun, 11 Mar 2018 at 14:21, Geoff Huston <gih@apnic.net> wrote:
>
> Perhaps what is lacking in the semantics of RPKI is a "kill roa= =E2=80=9D.

https://datatracker.ietf.org/doc/draft-hu= ston-sidr-bogons/


What happened to that draft?

Kind regards,
=
Job
--001a1136e05626cb6e056722f322-- From nobody Sun Mar 11 07:15:20 2018 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 39987126FB3 for ; Sun, 11 Mar 2018 07:15:18 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.901 X-Spam-Level: X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=apnic.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NnvS03f68rh5 for ; Sun, 11 Mar 2018 07:15:16 -0700 (PDT) Received: from JPN01-TY1-obe.outbound.protection.outlook.com (mail-ty1jpn01on0076.outbound.protection.outlook.com [104.47.93.76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CAB1F126D05 for ; Sun, 11 Mar 2018 07:15:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=apnic.onmicrosoft.com; s=selector1-apnic-net; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=65KuaT0ADCiJxOcgnHClBLO1SoX35Dt8LDBRT4GNvMM=; b=NOQuJ/eRuKx+wbDK53aTwQS1pCVum53t3CXmxGMTX9NU7rvDOQJY0leinRkA0v3VHCwdvrEp4BUPqx/i5iaiF4AD1FzosT8MYEqZ6VS/mcaVX3NcZyFT4cXTgVsQ7uFEFHaBW0V6aZC+UOIZXC/iRNTbP0Y49n2VjIDB3N53s+E= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=gih@apnic.net; Received: from [10.196.201.186] (199.91.196.113) by TY1PR04MB0703.apcprd04.prod.outlook.com (10.163.246.25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.548.13; Sun, 11 Mar 2018 14:15:09 +0000 Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\)) From: Geoff Huston In-Reply-To: Date: Sun, 11 Mar 2018 10:14:45 -0400 Cc: Randy Bush , SIDR Operations WG Content-Transfer-Encoding: quoted-printable Message-Id: References: <152029076512.12908.14537578849320525718.idtracker@ietfa.amsl.com> <074D75CB-7D34-4838-BEAA-88AE5E044F6C@ripe.net> <20180310120844.GC35705@vurt.meerval.net> <20180311110042.GF98483@vurt.meerval.net> <06C08F03-6386-414C-B93E-EA3CADC9D996@apnic.net> To: Job Snijders X-Mailer: Apple Mail (2.3445.5.20) X-Originating-IP: [199.91.196.113] X-ClientProxiedBy: BN3PR03CA0105.namprd03.prod.outlook.com (10.174.66.23) To TY1PR04MB0703.apcprd04.prod.outlook.com (10.163.246.25) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 7dc2366b-10a0-4d00-8404-08d5875a7fd0 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(5600026)(4604075)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020); SRVR:TY1PR04MB0703; X-Microsoft-Exchange-Diagnostics: 1; TY1PR04MB0703; 3:r9E7fQ83Nu4NpgkCQLE5/tK2/6HtT0McQbNdBHmBkjKYPfARS8KV3+BE0+drCpFbN8lURITGrlb9EcHPbl3rgx60bJuAZuGA3CwG4ZgIEzAyA8Zlpe838IdRUhyBo1OrTM6FNFHOhaRaecwfUVkevOGNM9oy54e/YXGbL1+ehbWcp5v75nPzUoGmZ9iFBm2rLXeXXOYiGb/ChjOA1gp6whqbBtMf9m7h35FqCfhb5PQeGB2eveOHVMxSmb+N4uqk; 25:s73F8V5dCNtfWpAwOKeXcQNguJWfDNj1J2HfRVq3t7kKM1i6ocvpZWQGYpkyNPBp7olBx5P310fQHpoZz0rvLr2KkwOgdkf7lH46nNT9A5S1uePJmesBjqn1/I4tZ7V8f5Ttz9nWcYiMieRiYj7gGs80Dckt6TL/TJouy3fvuqBsAoRatOTz1haY//X+sVPUb2hh8YdMlYvQ9qBrXFOQRn+MkVwLUCqdW/p5gHRfTl18lj6Gu0thhdw+or86KxdPfv41DeGcbAeYQr5KMpbIcjjBx2Uxg/OS7MKm3phe/M3At6RTd0SWsASVoFufNRwOBj9UE9EjAo8yCGiRRTBiIg==; 31:VhVBVTncdCGODdKTQWoakgGQlJQGZq/N+0u5nzsjHGKeIA8J4NQnghiRE69gwfSlkZqAUbwjQ2sox8oxUw67uR6y63aY/xq7ffOhL2rXJL+Gf5dQFyJhaxCDo4ME6/3DR2RGTk2Da0nTQNajwQNDeNJ3U8amYFtXov6Tlhol64sipB4ben3+MOVoaLbGSJcF722TullmDO2sOwYDIjJVaa6E/JByKdTSYOpqRezt5yc= X-MS-TrafficTypeDiagnostic: TY1PR04MB0703: X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(120809045254105); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040522)(2401047)(8121501046)(5005006)(3002001)(93006095)(93001095)(10201501046)(3231220)(944501244)(52105095)(6041310)(20161123564045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123562045)(20161123560045)(20161123558120)(6072148)(201708071742011); SRVR:TY1PR04MB0703; BCL:0; PCL:0; RULEID:; SRVR:TY1PR04MB0703; X-Microsoft-Exchange-Diagnostics: 1; TY1PR04MB0703; 4:NkdTAl2usqwA7FQAQ+16L7Bm6HFaYaAYcQCC8Q0uUf4HgPuoz3uL3BeBnNMPGoph7O36oTbaVBwB4aviZT3lEl6x6I2POre92tZlIi97wVD8WNLK4aYUo+AYQhqebHUG71dRgyEevqbkAZ+qh7o0D9FHXHxmF3l7dafoAC7Yu6gtWA3SJfNfp9tiWSnlcZyGeJB8EHdGLyTjzD/+c5RdyMgkP58ILicMFR02uFS7uB10UtcH4AEZW9tzsrSH34s85pZbJpHIwD2YPPCWljrBNK9feAvkv40AAi7nolgEbeQwUldHDtPX/6sUmlZHQyY+ X-Forefront-PRVS: 0608DEDB67 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(6049001)(39840400004)(376002)(396003)(39380400002)(366004)(346002)(189003)(199004)(5660300001)(76176011)(16576012)(23676004)(2486003)(52146003)(33656002)(2906002)(97736004)(68736007)(50466002)(25786009)(316002)(7736002)(4326008)(6666003)(305945005)(6916009)(53936002)(16526019)(6306002)(186003)(2950100002)(8746002)(81166006)(81156014)(50226002)(26005)(52116002)(8936002)(15650500001)(8676002)(77096007)(6116002)(6246003)(93886005)(3846002)(47776003)(966005)(59450400001)(86362001)(82746002)(386003)(105586002)(53546011)(57306001)(54906003)(229853002)(106356001)(83716003)(90366009)(36756003)(6486002)(66066001)(478600001)(42262002); DIR:OUT; SFP:1101; SCL:1; SRVR:TY1PR04MB0703; H:[10.196.201.186]; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; Received-SPF: None (protection.outlook.com: apnic.net does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtUWTFQUjA0TUIwNzAzOzIzOmRQNExYemREWUw5aHVDMENUUmtoZGpJNzRs?= =?utf-8?B?VUhiN2JhTUc2WmI0SVRxbklHNE1OaTlRN2Ywb1pwMnZtU3lVMWtacjZJT29u?= =?utf-8?B?Mmc1bnFNbVJ6dzVpWmNHK3U5aGs2TTZxakEzWW4xYm5IWTJ2U3V6SjBSZjA3?= =?utf-8?B?bTFlT3pPcFJTUldyYlI5T1dra2pNQUNzN2ZXNExORzhYU3gzcTRjQ0tpTGE4?= =?utf-8?B?eVBwSEpBdFRBQXcwdy9YL2hwT0crd3ZHRStFaVNvUTJzeVB5R3R0QnlLR3A1?= =?utf-8?B?L0REYjFnZ01HVWNwb0RpOGYxZVorT3g5WkY1N3psR2ZMRGxZVGdZZ1pOdDZh?= =?utf-8?B?VFYrSEdvZFV3bWZXaHh6RXZ5WWZFZndwdDhpVUZXbE9KYjBESjBUNm95Y3V4?= =?utf-8?B?aE84bm1FWmE3MlRiL3VKZVBZMSsxZTZzcDFYUmd6cUtWUWsxUXJGSzJLNkFR?= =?utf-8?B?MmxxLzJLaFBUZm44dm1sWUtVbjFOT2hhVVBPcWEwVFcwQ2pMWVNlaDNUdExx?= =?utf-8?B?N2ZnRHNteDljK0JRWHJBZ3pKdExSRENWcnlyLyswekQ0SUg4NHdmZ0x1dTI4?= =?utf-8?B?citzWUhxUDVZdkFWaUpvajJXcGpaNUZIQzBLbFRqRldJYkJ5Y0NOSzVmSExT?= =?utf-8?B?TkcyazA4RmlPdG1QbnZDalNZU0ptRXcxUkwraHdCbGgyZ2RqLzFLcXBpcnYw?= =?utf-8?B?WVZaaThzMjVwaEJrbk9ZNkU0dlJIcTdkdDM1cVJCNk9wTytrdTZBMUxwNTQw?= =?utf-8?B?SE1PNlExV1l0TXZTMEk2NytoVmdTbEVlQ0JsUGl6ZHZaSWw1bzUyNHhyQmFE?= =?utf-8?B?TmQwcm5ENUZiMHF2dWZFWjdqVlUrVU9rZ0hDMXdNZmVLcU9tMnp6WGRQWmNQ?= =?utf-8?B?Y09GT3FYWjBVV0toM2FjSFJGbncyenZmcWN5MnJ0MlllU3VHL3ZPR2FDS0FG?= =?utf-8?B?VGxFT2c2Z2NtekxRU3BWZUdUM09UQnI4dFMwdmc2MTN1M0VtZXVjb01kanNW?= =?utf-8?B?ZVUxcEpCcUd1Z1RLNldvNVpwVFpFbUdVU0tWK2k3WXJMcmd4dlRmTTd1VUQ1?= =?utf-8?B?ejE1RlNUdEJkYkZpbytzUFN5SkU3ZWEzelIzbGVpSngwL2E2dFVIVHdrYlUv?= =?utf-8?B?K2NvSXozNThvMmlsbUxicUJiRVlGbC9teU43ajFmb245WnkyMXB3WUw3UzRL?= =?utf-8?B?VmFxVi94WkZqelRRTkNCaUltelRIbGcwdWRmaUg3OTI1cGVnSkFGMS9xNGk1?= =?utf-8?B?NzVzTTg2cFFkcUVROUcrVUpkaExQZHRrQ1c5QVN0RkZHT3VrWHI0RTdDcE9V?= =?utf-8?B?M1ZUSHEvL3BiZDk3S0M3OWJUSEw4ZWNrdGllelRlQ3Q3VzJERjMyTFB4QnZ2?= =?utf-8?B?Ulg0VDg3QkFvQmdZd2Fkd1BqUTdMc3IxNFVXYjhhU2JtQU1pWFpKeWxtUDgv?= =?utf-8?B?eWQ4RFYzNTNRbU1mNmxnYUlCM29EQW8xWjFlYmkvT3ZrN2ttOUkrYm1wSmlJ?= =?utf-8?B?dHQrVzNLOXBkU2h3eVRvSXFFZHFUWElPUnJrOXJoeG8wOTRpQjFsa3BlSmp0?= =?utf-8?B?Q2NuNzIydHdWNlJHcFNwQ3A2Sk9oV0p2Rk85dEE4ck95ekkvRWFuaGpLZ3hX?= =?utf-8?B?ZktkTmlMUVJUa2F4a2JtNFJ2cDEvYUJiaHFuRzkrM29nT3lVMmNLbFV3YmUv?= =?utf-8?B?UldqcG01OFdEcjdqMHVzSDVxVnQ4ZzBwdEpabTFWS0JQd2J0SkZPZEViZ0t6?= =?utf-8?B?OElIZ09zT2lnY1BVV2xTaXRFT0YzL1hUMWRzdFpKQ28xV3BrSzNCK2pLa0F3?= =?utf-8?B?bytrUFVyOEpZRmw5SWpCN3psZkZDQ1BPbFdvSjFXT1dKQWpBb095YUVlUEpY?= =?utf-8?B?RVN0bUhyMmlWdDBLbjVxeDZDVXR4djJadUVKamRvcldnaWhEaVFHbmo1TWlW?= =?utf-8?B?TDJKOGZSbG5tQzUzMW5NR0ZIWjZNZllpNjUrNlJOWkdwc29pS1hCdTIxeHEr?= =?utf-8?Q?hKRTf4?= X-Microsoft-Antispam-Message-Info: 86ucL0hibheMIf3+l12zAekC8gTL01L4rSlY1DMbu76lpqPJGpu62XKr+w6aGZI0QWjLAWGVAOkSVz01Bhh2X52UHCPD0tkcWtd+XDejWGPiADOmtu5cAPOcvsmZS6TR5XmSVw2rV8MdYi98/J8qIdhlnBIXBQWbexbf8l0dRDlZSU7iHngoFxjyz76LzaJW X-Microsoft-Exchange-Diagnostics: 1; TY1PR04MB0703; 6:k8Q6saw/6t/Zg6hEZKJ3kuVTw+ZxVmoYbDLM61x9+Wcvb2fmSD/luHNu0Tr4/hLyNPKs8aUAjQZLJLOhR9rCXlkLuyh1KwTVRyF1X0TA82YGKH5EnliqpyS7+79c+0OaBP+n1DrzMPYglBnRQLNn1BUMzhCe7zIW8YqiZgt2r3noC5MCTjVSgGuUPUfLsAYxq8K6EWdAouX50wDFPCDdQae+TI1/Wn/hOkm5aZ1hXpA/pSMwNtGdvBXuJKPBPKSbPDQY9ftKM+EBIzQQem6COSpKUMfLkjtdEz/uJkCCUtCQk/zyiI3DmZXBqbaZ9BmYeE+mFTvNJLIowqlk8oOdeHLzIInKQugw3MGmOoVm/Fw=; 5:aoZmUmNrMsReaA50GMPjLElFHwfh+/5YmC4B6nL+gA3qo9kUPu0BU7c2kgcGxpBPBdEKK6iGnIOimCsHkx+ndJHkl6dDDqxYvHSbn9o6FhxzfNh6dNDSkMNRhTfrxyJWIooV4OKL0j9BDmDeJRz17GVo3z18uDL757aE4EJalI8=; 24:EKJzpn1N0IGq3KeizOGgXoUFSGCd3yS53uFh/+28ItH6qPpuqh0mRbRHkWqZQW3V+0fYUPRuVu3VUpD3WvCx3CsPA5Xk31gZYYoEwVpIcMU=; 7:uA2TBa4KR5Fy4VLWm25YCzGclkQDE3qvZHGzg8XiPCyHQ/WPdLCUeMVGIwqrRPc8qdVLnLKD9A9Z6K7yGGA5BL/o1ULLlqoGd2fL169quw/JhOHtVFxtoKqAY5ocQq+J9EEsVJjMKiW2aJ2kbvjmspH5HA+OhnUlGvB+DutM9Ynoh8Zt5MG6p0R2aHuRQDi5JzsJM4MkdaU44rvtK3QJoEEkjKaTVrHA8P0wwbbec0oSSJix7HUk+pSYXIwIMs7S SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-OriginatorOrg: apnic.net X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Mar 2018 14:15:09.3502 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 7dc2366b-10a0-4d00-8404-08d5875a7fd0 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 127d8d0d-7ccf-473d-ab09-6e44ad752ded X-MS-Exchange-Transport-CrossTenantHeadersStamped: TY1PR04MB0703 Archived-At: Subject: Re: [Sidrops] New Version Notification for draft-sriram-sidrops-drop-invalid-policy-00.txt X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 Mar 2018 14:15:18 -0000 > On 11 Mar 2018, at 9:24 am, Job Snijders wrote: >=20 > On Sun, 11 Mar 2018 at 14:21, Geoff Huston wrote: > > > > Perhaps what is lacking in the semantics of RPKI is a "kill roa=E2=80=9D= . >=20 > https://datatracker.ietf.org/doc/draft-huston-sidr-bogons/ >=20 >=20 > What happened to that draft? It was unceremoniously killed due to extreme distaste on the part of = various folk who represented themselves as members of the crypto = zealotry group. I also suspect that the authors=E2=80=99 efforts to use = the term =E2=80=9Cboa constrictor" at least once the draft was seen as a = juvenile attempt at humour. :-) I guess you just had to be there!=20 More seriously, the draft encountered fatal levels of criticism over the = concept of this form of validated negation. g From nobody Sun Mar 11 07:25:06 2018 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 976991271FD for ; Sun, 11 Mar 2018 07:25:05 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.669 X-Spam-Level: X-Spam-Status: No, score=-1.669 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, UNPARSEABLE_RELAY=0.001] autolearn=no autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 45lTSSWlLs08 for ; Sun, 11 Mar 2018 07:25:04 -0700 (PDT) Received: from mail-wm0-f44.google.com (mail-wm0-f44.google.com [74.125.82.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1FDB9127010 for ; Sun, 11 Mar 2018 07:25:04 -0700 (PDT) Received: by mail-wm0-f44.google.com with SMTP id z9so11466249wmb.3 for ; Sun, 11 Mar 2018 07:25:03 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:content-transfer-encoding :in-reply-to:user-agent; bh=MN9P2bxLgD95arZoi9J5rRWV1GThRZ917/Ew2FKNS7g=; b=IZXz8eBnouZ5YCIkFWdJbaTQJeF3bj2uUYoKLUmrzHPLXPn4NYo7oITRGOrs5tp8fJ PJ3azTm3wiOjVaub5StgApdXK330H2jcv2uKdGLpRuxRBiTqfbMVAIp95pfVoBFtXw/J nVLS0rwoZlJ0h/PfAEolqFKC5QfWbA6CukKIjCw/an9tRBaIk9TsGGpkcr3v+FgVzGLB 4HA/d5eQt+Jo/dfM0ITzdx2BwlWrkKX2eBqSqUPy5wea/CJeS8PtwmEAysTsVbWlicXo WlULg1XTEtLDMGnw/wyGgOcfOCD2x1Mu2SRroICQFdfPpv2NL8x1gc1R3RfrN6XlARtP Vgig== X-Gm-Message-State: AElRT7H6tT4bc2P6e8X/+MzGaZtKQ4KFJ9xiKf0N0Xavr0zPZ+QqeNRg XhAd8oPcAYWONW45LFEzH3duTA== X-Google-Smtp-Source: AG47ELtLb/2n8nvtfzEOWnE4AsabBHnArGUs5YH1r86ge4EvhhuCOVoj80FDNWu2gQadY6xbGVlqfg== X-Received: by 10.80.164.82 with SMTP id v18mr6804330edb.115.1520778302340; Sun, 11 Mar 2018 07:25:02 -0700 (PDT) Received: from vurt.meerval.net (vurt.meerval.net. [192.147.168.22]) by smtp.gmail.com with ESMTPSA id f6sm3713943edl.9.2018.03.11.07.25.01 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Sun, 11 Mar 2018 07:25:01 -0700 (PDT) Received: from localhost (vurt.meerval.net [local]) by vurt.meerval.net (OpenSMTPD) with ESMTPA id 0cb21664; Sun, 11 Mar 2018 14:25:00 +0000 (UTC) Date: Sun, 11 Mar 2018 14:25:00 +0000 From: Job Snijders To: Geoff Huston Cc: Randy Bush , SIDR Operations WG Message-ID: <20180311142500.GO98483@vurt.meerval.net> References: <152029076512.12908.14537578849320525718.idtracker@ietfa.amsl.com> <074D75CB-7D34-4838-BEAA-88AE5E044F6C@ripe.net> <20180310120844.GC35705@vurt.meerval.net> <20180311110042.GF98483@vurt.meerval.net> <06C08F03-6386-414C-B93E-EA3CADC9D996@apnic.net> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: X-Clacks-Overhead: GNU Terry Pratchett User-Agent: Mutt/1.9.4 (2018-02-28) Archived-At: Subject: Re: [Sidrops] New Version Notification for draft-sriram-sidrops-drop-invalid-policy-00.txt X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 Mar 2018 14:25:06 -0000 On Sun, Mar 11, 2018 at 10:14:45AM -0400, Geoff Huston wrote: > > On 11 Mar 2018, at 9:24 am, Job Snijders wrote: > > > > On Sun, 11 Mar 2018 at 14:21, Geoff Huston wrote: > > > > > > Perhaps what is lacking in the semantics of RPKI is a "kill roa”. > > > > https://datatracker.ietf.org/doc/draft-huston-sidr-bogons/ > > > > What happened to that draft? > > It was unceremoniously killed due to extreme distaste on the part of > various folk who represented themselves as members of the crypto > zealotry group. I also suspect that the authors’ efforts to use the > term “boa constrictor" at least once the draft was seen as a juvenile > attempt at humour. :-) I guess you just had to be there! > > More seriously, the draft encountered fatal levels of criticism over > the concept of this form of validated negation. Given that ~ 10 years have passed, and there are now give or take 5 autonomous systems doing Origin Validation, perhaps some of the folks involved back then would be willing to reconsider their opinion? :) Kind regards, Job From nobody Mon Mar 12 01:50:48 2018 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A8E671241F5 for ; Mon, 12 Mar 2018 01:50:46 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.91 X-Spam-Level: X-Spam-Status: No, score=-6.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hTqdZKDoW33I for ; Mon, 12 Mar 2018 01:50:45 -0700 (PDT) Received: from mahimahi.ripe.net (mahimahi.ripe.net [IPv6:2001:67c:2e8:11::c100:1372]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E857E12711D for ; Mon, 12 Mar 2018 01:50:44 -0700 (PDT) Received: from nene.ripe.net ([193.0.23.10]) by mahimahi.ripe.net with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1evJAH-0000VI-VZ; Mon, 12 Mar 2018 09:50:42 +0100 Received: from sslvpn.ripe.net ([193.0.20.230] helo=vpn-252.ripe.net) by nene.ripe.net with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.89) (envelope-from ) id 1evJAH-00035R-RR; Mon, 12 Mar 2018 09:50:41 +0100 Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\)) From: Tim Bruijnzeels In-Reply-To: <20180311142500.GO98483@vurt.meerval.net> Date: Mon, 12 Mar 2018 09:50:31 +0100 Cc: Geoff Huston , Randy Bush , SIDR Operations WG Content-Transfer-Encoding: quoted-printable Message-Id: References: <152029076512.12908.14537578849320525718.idtracker@ietfa.amsl.com> <074D75CB-7D34-4838-BEAA-88AE5E044F6C@ripe.net> <20180310120844.GC35705@vurt.meerval.net> <20180311110042.GF98483@vurt.meerval.net> <06C08F03-6386-414C-B93E-EA3CADC9D996@apnic.net> <20180311142500.GO98483@vurt.meerval.net> To: Job Snijders X-Mailer: Apple Mail (2.3445.5.20) X-ACL-Warn: Delaying message X-RIPE-Spam-Level: ------- X-RIPE-Spam-Report: Spam Total Points: -7.5 points pts rule name description ---- ---------------------- ------------------------------------ -7.5 ALL_TRUSTED Passed through trusted hosts only via SMTP -0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay domain X-RIPE-Signature: 784d7acfe6559f2a0b602ec6519a07198bca16526ae952332e3065aa8d8e9303 Archived-At: Subject: Re: [Sidrops] New Version Notification for draft-sriram-sidrops-drop-invalid-policy-00.txt X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Mar 2018 08:50:47 -0000 Hi all, I believe something like this will be needed in case a DISR policy is = used. As currently written the draft leaves any unannounced space = vulnerable to hijacking. The only way really to counter this would be = for the address holder to issue a ROA for their AS and do the public = announcement - as Job pointed out there are operational reasons why this = may not be possible / very undesired. With regards to BOAs - my memory may fail me here because part of the = discussion was from before even my time on this, but I thought it was = concluded that the same could be communicated with an AS0 ROA, so there = was no need for an explicit object type. That said, If I can entertain the thought of a BOA or AS0 (as the only) = ROA for address space.. then the intention would certainly be that an = address holder can indicate that some of their address space should not = appear in the global BGP. Implementing this is not super trivial - = it=E2=80=99s not just another ROA for an AS that happens to be one that = cannot be naturally found. In particular someone could do an = announcement for a large prefix (say a /16 or something) that is less = specific than any ROA issued. It would get RPKI validation state =E2=80=98= not found=E2=80=99 and any otherwise unannounced space would be routed = here. For BOAs / AS0 ROAs to work here the semantics would have to be = changed to something like: if *any* of the address space in a prefix is = covered by a BOA / AS0 ROA *only* then consider it *invalid* =E2=80=94 = or *forbidden* even if we want to recognise this as a different flavour = of invalid. Kind regards, Tim > On 11 Mar 2018, at 15:25, Job Snijders wrote: >=20 > On Sun, Mar 11, 2018 at 10:14:45AM -0400, Geoff Huston wrote: >>> On 11 Mar 2018, at 9:24 am, Job Snijders wrote: >>>=20 >>> On Sun, 11 Mar 2018 at 14:21, Geoff Huston wrote: >>>>=20 >>>> Perhaps what is lacking in the semantics of RPKI is a "kill roa=E2=80= =9D. >>>=20 >>> https://datatracker.ietf.org/doc/draft-huston-sidr-bogons/ >>>=20 >>> What happened to that draft? >>=20 >> It was unceremoniously killed due to extreme distaste on the part of >> various folk who represented themselves as members of the crypto >> zealotry group. I also suspect that the authors=E2=80=99 efforts to = use the >> term =E2=80=9Cboa constrictor" at least once the draft was seen as a = juvenile >> attempt at humour. :-) I guess you just had to be there!=20 >>=20 >> More seriously, the draft encountered fatal levels of criticism over >> the concept of this form of validated negation. >=20 > Given that ~ 10 years have passed, and there are now give or take 5 > autonomous systems doing Origin Validation, perhaps some of the folks > involved back then would be willing to reconsider their opinion? :) >=20 > Kind regards, >=20 > Job >=20 > _______________________________________________ > Sidrops mailing list > Sidrops@ietf.org > https://www.ietf.org/mailman/listinfo/sidrops From nobody Mon Mar 12 12:06:06 2018 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 091751241F8; Mon, 12 Mar 2018 12:06:04 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.901 X-Spam-Level: X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nistgov.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dJzvSLIdmhxb; Mon, 12 Mar 2018 12:06:02 -0700 (PDT) Received: from gcc01-CY1-obe.outbound.protection.outlook.com (mail-cy1gcc01on0118.outbound.protection.outlook.com [23.103.200.118]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D73F3126C3D; Mon, 12 Mar 2018 12:06:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nistgov.onmicrosoft.com; s=selector1-nist-gov; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=ntwpKdAEFlf4//dFgDqJ/1/GK6HxtCmIclPIgi9QW3M=; b=qiJ7dwznBRDG/s4K1EWkwHYpyu6Qkp+7eMmhq5ZbnYi+80i2lGFPMnO9zZVlFDG88O7dSVLwdEy/lz4Se+czgCoXqtI+haX9b8dRcSaAlz0c12Owt0CG8XgrsPmARNxk9tH6QDU3E5+QyxEa6/b4fCSVvFJVbzpb7IR+FCIfc2U= Received: from BYAPR09MB2773.namprd09.prod.outlook.com (52.135.224.26) by BYAPR09MB2773.namprd09.prod.outlook.com (52.135.224.26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.548.13; Mon, 12 Mar 2018 19:06:00 +0000 Received: from BYAPR09MB2773.namprd09.prod.outlook.com ([fe80::d015:9eb2:757:ba95]) by BYAPR09MB2773.namprd09.prod.outlook.com ([fe80::d015:9eb2:757:ba95%13]) with mapi id 15.20.0548.021; Mon, 12 Mar 2018 19:06:00 +0000 From: "Sriram, Kotikalapudi (Fed)" To: Tim Bruijnzeels CC: "sidrops-chairs@ietf.org" , "sidrops@ietf.org" Thread-Topic: [Sidrops] New Version Notification for draft-sriram-sidrops-drop-invalid-policy-00.txt Thread-Index: AQHTtNWhXGiptyuPFE2FzpnwC7YBGqPDZQDegAMD+gCAAv5sAIABBZeGgAJl0QA= Date: Mon, 12 Mar 2018 19:06:00 +0000 Message-ID: References: <152029076512.12908.14537578849320525718.idtracker@ietfa.amsl.com> <074D75CB-7D34-4838-BEAA-88AE5E044F6C@ripe.net>, <20180310120844.GC35705@vurt.meerval.net> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=kotikalapudi.sriram@nist.gov; x-originating-ip: [129.6.140.122] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; BYAPR09MB2773; 7:k8VTYM7qr7LvRRgFekjc2TGhpLRMnfXgOvE+OZdAW0XRJHK+EjwPA+rKusB9xc4yE4tN5c9mOYISXNetLJLPmBhiFPNRRdrrN0wqX8YezFZ9GZyjPcRQYq1qcGJ6GUoU5K7zQqJwrftU6Nm0CCRfxIRSCr6HmZECp92jfUozhrfxEDdychxM03xxhCiMjrdibhEtU2IY3TZRKVnGUJnwt+KJy4/W7MxG/0DlOQPTbWbLqYeD2c1JzaP3VfD0Ns7R x-ms-exchange-antispam-srfa-diagnostics: SSOS; x-ms-office365-filtering-ht: Tenant x-ms-office365-filtering-correlation-id: e843e83d-283f-4498-f9f5-08d5884c4b40 x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(5600026)(4604075)(3008032)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020); SRVR:BYAPR09MB2773; x-ms-traffictypediagnostic: BYAPR09MB2773: x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(232451576963924); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040522)(2401047)(8121501046)(5005006)(3002001)(93006095)(93001095)(10201501046)(3231220)(944501244)(52105095)(6055026)(6041310)(20161123564045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123562045)(20161123560045)(20161123558120)(6072148)(201708071742011); SRVR:BYAPR09MB2773; BCL:0; PCL:0; RULEID:; SRVR:BYAPR09MB2773; x-forefront-prvs: 06098A2863 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(366004)(39380400002)(396003)(346002)(39860400002)(376002)(189003)(199004)(3660700001)(86362001)(6436002)(2950100002)(6916009)(6246003)(55016002)(15650500001)(8676002)(14454004)(7696005)(316002)(105586002)(76176011)(93886005)(102836004)(186003)(99286004)(54906003)(26005)(5250100002)(66066001)(33656002)(53936002)(81166006)(81156014)(9686003)(5660300001)(2900100001)(74316002)(59450400001)(6506007)(68736007)(8936002)(3846002)(6116002)(106356001)(229853002)(25786009)(4326008)(7736002)(478600001)(97736004)(2906002)(3280700002)(305945005); DIR:OUT; SFP:1102; SCL:1; SRVR:BYAPR09MB2773; H:BYAPR09MB2773.namprd09.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts) x-microsoft-antispam-message-info: tc+7IvhTRzLSvitbn/l/IWH3qQiFzW5KaLN9TZuS9pheTLgR8K3Q12Q1dvBq8qFEorAoUP6d6kf+6/TQO64E++Mw2daTyUIuHo+4KFJ6YJAdHauNLjeYazCXeuKZnrhganKwK+7es8cYLbQdsNqPsi/rxNUkS1APQ7yL5yoaaDRIoqcBr/WgQ3mgwJtF6fznWuaRcuSg7o/lg8/pEy/Ki1j4F0OhqB48y4ASm4vgh2icZeO5E07frkbYvO50Fa3Cw6K3KOPaAmY7if+7kJLXfHdp5X0efn24ctIgNE0Bt1Px10yXN+C+xmjkxow2c/tKRXINFPpfHlrI6u0njB3WKA== spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: nist.gov X-MS-Exchange-CrossTenant-Network-Message-Id: e843e83d-283f-4498-f9f5-08d5884c4b40 X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Mar 2018 19:06:00.2515 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR09MB2773 Archived-At: Subject: Re: [Sidrops] New Version Notification for draft-sriram-sidrops-drop-invalid-policy-00.txt X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Mar 2018 19:06:04 -0000 Tim: >For BOAs / AS0 ROAs to work here the semantics would have to be changed to= something like: if *any* of the address space in a prefix is covered by a = BOA / AS0 ROA *only* then consider it *invalid* - or *forbidden* even if we= want to recognise this as a different flavour of invalid. I agree with the spirit of your suggestion. But I feel we need to be=20 careful about the meaning of "Covered by ROA." I can think of a scenario: ROA 1: 10.1.0.0/16 AS 0 =20 ROA 2: 10.1.0.0/18 ML=3D20 AS 64511 ROA 3: 10.1.0.0/22 AS 0 Update: 10.1.0.0/24 with some origin AS (other than AS 0) Update for the /24 is Invalid due to any of the three ROAs. I am pretty sure you want this Update dropped. Right? The definition of "Covered by ROA" matters. Especially, as I am thinking about your emphasis on *only*. "Covered by ROA" is not defined in RFC 6811. Instead "Covered by VRP" is defined (page 5): o Covered: A Route Prefix is said to be Covered by a VRP when the VRP prefix length is less than or equal to the Route prefix length, and the VRP prefix address and the Route prefix address are identical for all bits specified by the VRP prefix length. (That is, the Route prefix is either identical to the VRP prefix or more specific than the VRP prefix.) So I would suggest: ... for the Invalid route in consideration, consider the list of ROAs=20 which make the route Invalid. From this list, consider=20 the subset of ROAs (this may be one ROA or more) with the *most specific p= refix*. If any of the ROAs in this subset contains an AS number that is not AS 0, then proceed to the next step in the algorithm; else, the Invalid route MUST be dropped. Does this work for you? (We can discuss this further in London.) Thank you. Sriram =20 =20 =20 From nobody Tue Mar 13 08:25:28 2018 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8D55B127342; Tue, 13 Mar 2018 08:25:27 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.649 X-Spam-Level: X-Spam-Status: No, score=-1.649 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.25, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id x6DV_o0ymvSH; Tue, 13 Mar 2018 08:25:26 -0700 (PDT) Received: from hrabosky.cbbtier3.att.net (hrabosky.cbbtier3.att.net [12.0.1.25]) by ietfa.amsl.com (Postfix) with ESMTP id D8ED9126C22; Tue, 13 Mar 2018 08:25:25 -0700 (PDT) Received: from oz.mt.att.com (zoe.cbbtier3.att.net [12.0.1.45]) by hrabosky.cbbtier3.att.net (Postfix) with ESMTP id 6C1821EF5C; Tue, 13 Mar 2018 15:25:25 +0000 (UTC) Received: by oz.mt.att.com (Postfix, from userid 1000) id 463B7A4040B; Tue, 13 Mar 2018 11:25:25 -0400 (EDT) X-Mailer: emacs 24.3.1 (via feedmail 11-beta-1 I); VM 8.2.0b under 24.3.1 (x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Message-ID: <23207.60764.835909.816447@oz.mt.att.com> Date: Tue, 13 Mar 2018 11:25:16 -0400 From: Jay Borkenhagen To: Job Snijders Cc: "sidrops-chairs@ietf.org" , "sidrops@ietf.org" In-Reply-To: References: <152029076512.12908.14537578849320525718.idtracker@ietfa.amsl.com> <23202.46675.595670.703736@oz.mt.att.com> Reply-To: Jay Borkenhagen X-GPG-Fingerprint: DDDB 542E D988 94D0 82D3 D198 7DED 6648 2308 D3C0 Archived-At: Subject: Re: [Sidrops] New Version Notification for draft-sriram-sidrops-drop-invalid-policy-00.txt X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Mar 2018 15:25:27 -0000 Job, Whoa yourself. :-) That was a pretty extreme mis-reading of a very small part of my message. My reasons for preferring that my vendors do not implement DISR are: - implementing DISR would require changes to some very key parts of router code. You might be right that there is a straightforward way to do it -- but it's still a change to some critical code, and any bugs introduced there could affect even those not using DISR. - the long-term goal should still be dropping all invalids, including those that DISR would permit. So at best DISR should be only a short-term policy. I don't think DISR is the right policy for anyone to use, for the reasons I cited: (a) it's better to attempt to educate those publishing what appear to be bad ROAs rather than making any assumptions about them, and (b) the invalid-only route could be announced by address squatters -- why assist the squatters=3F I know of no significant ISP networks that are dropping invalids today. (I am not discussing IXPs here.) I also know of no one saying they would be dropping some invalids today if only DISR were available. Before we get hung up on how DISR would be implemented in router code, let's discuss whether it's a policy ISPs should actually deploy. For the reasons I have explained, I say it's not. Out of curiousity, are you attempting to educate those announcing invalids today=3F Thanks. =09=09=09=09=09=09Jay B. Job Snijders writes: > Woah... not only do you not want to use it yourself, but you also wa= nt to > prevent others from using it=3F >=20 > I=E2=80=99d appreciate more elaboration! >=20 > Out of curiosity, are you doing OV today in your network and droppin= g > invalids=3F >=20 > Kind regards, >=20 > Job >=20 > On Fri, 9 Mar 2018 at 17:29, Jay Borkenhagen wro= te: >=20 > > Sriram, > > > > I can appreciate this motivation for your draft: > > > > Suppose Popular Site X does not know what they're doing, and they > > publish a bad ROA that makes the only route announcement for their= > > address space be invalid. ISP-A competes with ISP-B, and Customer= -C > > multihomes to both. ISP-A implements route origin validation and > > drops invalid routes -- including that route to X. ISP-B does no > > route origin validation, so they accept and propagate the route to= X. > > Customer-C does not know or care about origin validation -- they o= nly > > see that ISP-A cannot reach X while ISP-B can, so Customer-C think= s > > ISP-A sucks and decides to give ISP-B more business. > > > > ISP-A should not be punished for trying to do the right thing, but= > > before we conclude that this situation deserves a technical > > workaround, consider: > > > > (1) Those who care about Internet routing security/sanity should > > attempt to educate the folks at Popular Site X, to teach them why = that > > ROA is wrong. This education can be done even before lots of > > providers employ a 'drop invalid' policy -- in fact I know some > > subscribers to this list have received emails from me saying "Y'kn= ow, > > you're currently announcing some invalids." Later on, that > > education will happen the hard way when Popular Site X finds they > > cannot be reached from many networks who by then drop invalids. > > > > (2) Who's to say that an invalid-only route is invalid because of = a > > bad ROA, and not because someone other than the legit owner is > > squatting on that address space=3F Clearly squatting can happen o= n Not > > Found space, too, but there could be reasons why they prefer to sq= uat > > on this space that happens to be covered by a ROA. I think it's a= > > better outcome for people to realize what a ROA actually means and= how > > it gets used, rather than guessing that someone made a mistake. > > > > > > I'll stop here for now, but I'll also note that I would not want a= ny > > of my router vendors to implement the DISR Policy. I'll save thos= e > > reasons for later. > > > > Jay B. > > > > > > > > Sriram, Kotikalapudi (Fed) writes: > > > We have requested the chairs for time on the SIDROPS meeting ag= enda to > > discuss this work: > > > > > > https://tools.ietf.org/html/draft-sriram-sidrops-drop-invalid-p= olicy-00 > > > > > > The authors would appreciate comments/discussion on the list as= well. > > > > > > Sriram > > > =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F= =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F > > > From: internet-drafts@ietf.org > > > Sent: Monday, March 5, 2018 5:59 PM > > > To: Sriram, Kotikalapudi (Fed); Montgomery, Douglas (Fed); Borc= hert, > > Oliver (Fed) > > > Subject: New Version Notification for > > draft-sriram-sidrops-drop-invalid-policy-00.txt > > > > > > A new version of I-D, draft-sriram-sidrops-drop-invalid-policy-= 00.txt > > > has been successfully submitted by Kotikalapudi Sriram and post= ed to the > > > IETF repository. > > > > > > Name: draft-sriram-sidrops-drop-invalid-policy > > > Revision: 00 > > > Title: Origin Validation Policy Considerations for Dro= pping > > Invalid Routes > > > Document date: 2018-03-05 > > > Group: Individual Submission > > > Pages: 6 > > > > > > https://tools.ietf.org/html/draft-sriram-sidrops-drop-invalid-p= olicy-00 > > > > > > Abstract: > > > During incremental deployment of RPKI and Route Origin Autho= rizations > > > (and possibly under some transient conditions), network oper= ators > > > would wish to have a meaningful policy for dropping Invalid = routes. > > > Their goal is to balance (A) dropping Invalid routes so hija= cked > > > routes can be eliminated, versus (B) tolerance for missing o= r > > > erroneously created ROAs for customer prefixes. This docume= nt > > > considers a Drop Invalid if Still Routable (DISR) policy tha= t is > > > based on these considerations. The key principle of DISR po= licy is > > > that an Invalid route can be dropped if a Valid or NotFound = route > > > exists for a subsuming less specific prefix. > > > =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F= =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F= =5F=5F > > > Sidrops mailing list > > > Sidrops@ietf.org > > > https://www.ietf.org/mailman/listinfo/sidrops > > > > =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F= =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F= =5F > > Sidrops mailing list > > Sidrops@ietf.org > > https://www.ietf.org/mailman/listinfo/sidrops > > > =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F= =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F= > Sidrops mailing list > Sidrops@ietf.org > https://www.ietf.org/mailman/listinfo/sidrops From nobody Tue Mar 13 09:05:25 2018 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E3C19124217 for ; Tue, 13 Mar 2018 09:05:23 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.65 X-Spam-Level: X-Spam-Status: No, score=-1.65 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=no autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GXZN6OPQHQqx for ; Tue, 13 Mar 2018 09:05:23 -0700 (PDT) Received: from mail-wr0-f179.google.com (mail-wr0-f179.google.com [209.85.128.179]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D48531201FA for ; Tue, 13 Mar 2018 09:05:22 -0700 (PDT) Received: by mail-wr0-f179.google.com with SMTP id r8so400281wrg.0 for ; Tue, 13 Mar 2018 09:05:22 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=bQNC0ndqE/z1AxDM/Mc9R0zTEaf2ZR2+cynljipbiRE=; b=qU22HikXpRdZ1mfdNg4vGlBN3Vw6m3PnoMlUxF2PATZJCcIe/DGY/JuYFE1dty7HoK 5YA7amtov64UGWxy/MKBArx5IDTwQ6HJLVpUi9t8jQvpM5U21rBqJzBmRAGhhPCgJ1R/ kV289O+8dXsNdG4KnpoEDjFQtCg8kSAAPz0lE2vTS7chqjwJVS27PwsiIUMIpDavtBHk 5deEtV7EJlz9qkjQFklgsimc2X3QQipVV2YjGpcFjKL/fvHfddddGggx06aUf4YGVwbr OWJUXc4EwNQFDXzROaa6wiQaqyB6toY6OHUTgYHwm85ja6pocTCI9ma4WCUdPh6b3fwv Tapg== X-Gm-Message-State: AElRT7Et3QfbZkXWzXX16q7d2ybs4ETbO0m1G/+XcPrth+xqc1XzkBfy zdeAVdQr8ESHxv/aM6UdvPCqH+rezUtMVw== X-Google-Smtp-Source: AG47ELugaYQ0kMP9YLtnss0iGJRj5D9qHnbTiqz2n0i8H9SSqZ4TT+vHHIPNoeHwaFhUWk7so0bLqA== X-Received: by 10.80.204.133 with SMTP id q5mr1444658edi.112.1520957120783; Tue, 13 Mar 2018 09:05:20 -0700 (PDT) Received: from vurt.meerval.net (vurt.meerval.net. [192.147.168.22]) by smtp.gmail.com with ESMTPSA id p7sm451805edc.20.2018.03.13.09.05.18 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 13 Mar 2018 09:05:19 -0700 (PDT) Received: from localhost (vurt.meerval.net [local]) by vurt.meerval.net (OpenSMTPD) with ESMTPA id 38823372; Tue, 13 Mar 2018 16:05:18 +0000 (UTC) Date: Tue, 13 Mar 2018 16:05:17 +0000 From: Job Snijders To: Jay Borkenhagen Cc: "sidrops-chairs@ietf.org" , "sidrops@ietf.org" Message-ID: <20180313160517.GM87414@vurt.meerval.net> References: <152029076512.12908.14537578849320525718.idtracker@ietfa.amsl.com> <23202.46675.595670.703736@oz.mt.att.com> <23207.60764.835909.816447@oz.mt.att.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <23207.60764.835909.816447@oz.mt.att.com> X-Clacks-Overhead: GNU Terry Pratchett User-Agent: Mutt/1.9.4 (2018-02-28) Archived-At: Subject: Re: [Sidrops] New Version Notification for draft-sriram-sidrops-drop-invalid-policy-00.txt X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Mar 2018 16:05:24 -0000 Hi Jay, On Tue, Mar 13, 2018 at 11:25:16AM -0400, Jay Borkenhagen wrote: > My reasons for preferring that my vendors do not implement DISR are: > > - implementing DISR would require changes to some very key parts of > router code. You might be right that there is a straightforward way > to do it -- but it's still a change to some critical code, and any > bugs introduced there could affect even those not using DISR. Eh.... yes... so don't write bugs? Your reasoning applies to any change, in any aspect of a codebase. While your fear may be justified, this type of argument is hard to take into consideration from an IETF perspective. > - the long-term goal should still be dropping all invalids, including > those that DISR would permit. So at best DISR should be only a > short-term policy. Yes. > I don't think DISR is the right policy for anyone to use, for the > reasons I cited: (a) it's better to attempt to educate those > publishing what appear to be bad ROAs rather than making any > assumptions about them, and (b) the invalid-only route could be > announced by address squatters -- why assist the squatters? > > I know of no significant ISP networks that are dropping invalids > today. (I am not discussing IXPs here.) I also know of no one saying > they would be dropping some invalids today if only DISR were > available. I'm certainly struggling to find some kind of pathway towards dropping invalids, and would seriously consider deploying DISR-style filters if they were available to me. > Before we get hung up on how DISR would be implemented in router code, > let's discuss whether it's a policy ISPs should actually deploy. For > the reasons I have explained, I say it's not. Yes - this is the big question. We agree on the observation that nobody is dropping invalids, so we have to ask ourselves: what is the resaon for this? Is there a way to overcome whatever obstacles ISPs see? A problem I see at this point in time is that if there are three networks: A, B & C - and A does origin validation but B does not, then B will be rewarded for mistakes that happen in the administrative domain of C. This makes origin validation a really tough sell. I appreciate that DISR attempts to mitigate some of these concerns - but obviously DISR (in its _current_ form) introduces some problems as well, namely opening up the option to more easily squat on unannounced space. One could consider it a trade-off: does attempting to level the playing field between network A & network B from an incentive perspective, justify a weakening of protection of (perhaps purposefully) unannounced space? > Out of curiousity, are you attempting to educate those announcing > invalids today? Yes. kind regards, Job From nobody Tue Mar 13 09:15:16 2018 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BBD9B120724; Tue, 13 Mar 2018 09:15:14 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.901 X-Spam-Level: X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nistgov.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q_0P6b64vyeo; Tue, 13 Mar 2018 09:15:08 -0700 (PDT) Received: from gcc01-CY1-obe.outbound.protection.outlook.com (mail-cy1gcc01on0101.outbound.protection.outlook.com [23.103.200.101]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D5B49124217; Tue, 13 Mar 2018 09:15:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nistgov.onmicrosoft.com; s=selector1-nist-gov; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=Athyb8vN2V6uT2LJ1eVsvrcRnDKhms5cnfhPlFzNlCc=; b=oJWod7GISw3l09O92MmpJtMBCcDq831iYTVaZHp1BotmrO2EXukA39Zo/3ydyiOladt4CB/L5RYzyxdCDsrOZv3xCpiniZyiF86Dd8twYY0a7MyuOEyGpAOi1izfMPhn1rEJOIEW7q01opLMyrecAOe6cDqod+NVg9gg9tNpzuA= Received: from BN6PR09MB2131.namprd09.prod.outlook.com (10.173.160.147) by BYAPR09MB2776.namprd09.prod.outlook.com (52.135.224.29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.548.13; Tue, 13 Mar 2018 16:15:05 +0000 Received: from BN6PR09MB2131.namprd09.prod.outlook.com ([10.173.160.147]) by BN6PR09MB2131.namprd09.prod.outlook.com ([10.173.160.147]) with mapi id 15.20.0548.021; Tue, 13 Mar 2018 16:15:01 +0000 From: "Borchert, Oliver (Fed)" To: "Sriram, Kotikalapudi (Fed)" , "Tim Bruijnzeels" CC: "sidrops-chairs@ietf.org" , "sidrops@ietf.org" Thread-Topic: [Sidrops] New Version Notification for draft-sriram-sidrops-drop-invalid-policy-00.txt Thread-Index: AQHTtNWhXON2Dcq5nUC1pRJAkmEmtqPDaEWAgAMAtQCAAv5sAIABGDMAgAKBDACAAR+AAA== Date: Tue, 13 Mar 2018 16:15:01 +0000 Message-ID: <31BADAAF-FDAD-4569-A8F9-731885E70BF1@nist.gov> References: <152029076512.12908.14537578849320525718.idtracker@ietfa.amsl.com> <074D75CB-7D34-4838-BEAA-88AE5E044F6C@ripe.net> <20180310120844.GC35705@vurt.meerval.net> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/10.a.0.180210 authentication-results: spf=none (sender IP is ) smtp.mailfrom=oliver.borchert@nist.gov; x-originating-ip: [2610:20:6222:140:15f4:8e1c:6c1c:c84f] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; BYAPR09MB2776; 7:IJGnD3C3GgWOrxQ8M2a18htvWPpdqQ5ulEj3x84cEVcNJ+0ikWOaPU+oL0WntrsAGr3giiaq+pZonGzxqVRsrQdYhdyjAhxAlrzp9HQlKPHSaFxSMSGN/2kxbIUs54irbLHKJsWb23zrJoq+2SWvhmETGZEtP3xbdsQElSzegqezqP+JvTk8mhCmQrQszYsK5LSVAcNTbQH7Cp/Yj2r5NK/JUKHmDeENOauvbnNTIqBQC4K5E2IS5PcUEVq+6WCP x-ms-exchange-antispam-srfa-diagnostics: SSOS;SSOR; x-forefront-antispam-report: SFV:SKI; SCL:-1; SFV:NSPM; SFS:(10019020)(979002)(39860400002)(396003)(346002)(39380400002)(366004)(376002)(199004)(189003)(86362001)(97736004)(105586002)(6486002)(110136005)(58126008)(81156014)(8936002)(82746002)(7736002)(106356001)(316002)(83716003)(46003)(3280700002)(8676002)(6436002)(76176011)(14454004)(6246003)(6512007)(478600001)(54906003)(53936002)(81166006)(99286004)(2900100001)(77096007)(36756003)(3660700001)(2906002)(33656002)(229853002)(305945005)(5660300001)(2950100002)(102836004)(6116002)(93886005)(6506007)(4326008)(68736007)(25786009)(969003)(989001)(999001)(1009001)(1019001); DIR:OUT; SFP:1102; SCL:1; SRVR:BYAPR09MB2776; H:BN6PR09MB2131.namprd09.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; x-ms-office365-filtering-ht: Tenant x-ms-office365-filtering-correlation-id: cf97c538-c660-4a42-488f-08d588fd9313 x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(5600026)(4604075)(3008032)(2017052603328)(7153060)(7193020); SRVR:BYAPR09MB2776; x-ms-traffictypediagnostic: BYAPR09MB2776: x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:; x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040522)(2401047)(8121501046)(5005006)(93006095)(93001095)(10201501046)(3002001)(3231221)(944501244)(52105095)(6055026)(6041310)(20161123560045)(20161123564045)(20161123562045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123558120)(6072148)(201708071742011); SRVR:BYAPR09MB2776; BCL:0; PCL:0; RULEID:; SRVR:BYAPR09MB2776; x-forefront-prvs: 0610D16BBE received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts) x-microsoft-antispam-message-info: FIkrwTdTTKBn71zLc0tXNYYc9JWXZMsrsV5f7ITetz3odK6tZqNtoRLgVBPnd/H0+/h1qxuwr5zln+GHobE2zc6hDxIUELGCbeoYrRaf0t3nXTqBdw/HMirvnol1sc8+cMsG5kvjryro16uWCLo1l4QNg/6DjxXU8cDx60KIhdLlQunPGgqjgj4+9sMXG3D0xp7Y5XjsOPfFFOrM6mcq8UKxnvy1GA1E+NRmitGg6OrWrYg/SmiXsGOe33x5FxFCvYGZIr0SWl5q0/Pp8EFqX8V53ZcKEFb6bhXMfZlcKFDvc5qcTkkZYuCWMCgXG2iDBIpMrHv4o1GGtcwSxUZXcw== spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-OriginatorOrg: nist.gov X-MS-Exchange-CrossTenant-Network-Message-Id: cf97c538-c660-4a42-488f-08d588fd9313 X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Mar 2018 16:15:01.6379 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR09MB2776 Archived-At: Subject: Re: [Sidrops] New Version Notification for draft-sriram-sidrops-drop-invalid-policy-00.txt X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Mar 2018 16:15:15 -0000 SSBiZWxpZXZlLCB0aGUgZW5kIGdvYWwgaW4gbWluZCBzaG91bGQgYmUgImRyb3AgaW52YWxpZCIu IA0KU2FpZCB0aGF0LCBJIGFsc28gZG9u4oCZdCBiZWxpZXZlIHdlIGFyZSB0aGVyZSB5ZXQuIElu IG15IG9waW5pb24sIGR1cmluZyB0aGUgZGVwbG95bWVudA0Kc3RhZ2UsIERJU1IgYWxsb3dzIGEg c2FmZSDigJxkcm9wIGludmFsaWTigJ0gYXMgbG9uZyBhcyBpdCBpcyBzdGlsbCByb3V0YWJsZS4g DQoNCkFuZCB5ZXMsIERJU1IgY2xlYXJseSBkb2VzIHBva2UgaG9sZXMgaW50byB0aGUgZHJhY29u aWFuIOKAnGRyb3AgaW52YWxpZCBwb2xpY3nigJ0uIEkgYWxzbyANCmJlbGlldmUgdGhhdCBhZGRy ZXNzIG93bmVycyBzaG91bGQgaGF2ZSB0byBjYXBhYmlsaXR5IHRvIHNwZWNpZnkgdGhlaXIgYWRk cmVzcyBzcGFjZSBhcyBhIA0K4oCcRElTUiBmcmVlIHpvbmXigJ0uIA0KDQpGb3IgdGhpcyBJIGxv b2sgYXQgQVMtMCBpbiBhIHNvbWV3aGF0IG1vcmUgc2ltcGxpc3RpYyB3YXk6DQoNCldoYXQgaWYg cmVnYXJkaW5nIHRvIERJU1IsIEFTIDAgaXMgZGVmaW5lZCB0aGUgZm9sbG93aW5nIHdheToNCi0g 4oCcQW55IHByZWZpeCB3aXRoIHRoZSB2YWxpZGF0aW9uIHN0YXRlIOKAmGludmFsaWTigJkgYW5k IGNvdmVyZWQgYnkgYW4gQVMtMCBST0EgDQogICAgbXVzdCBiZSBkcm9wcGVkIG9yIGlnbm9yZWQh 4oCdDQoNCkFuZCBpZiBESVNSIGdldHMgZXh0ZW5kZWQgYnk6DQotIOKAnERyb3Agb3IgaWdub3Jl IHJvdXRlcyB3aXRoIHZhbGlkYXRpb24gc3RhdGUg4oCYaW52YWxpZOKAmSBpZiBzdGlsbCByb3V0 YWJsZSBhbmQgDQogICAgTk9UIGNvdmVyZWQgYnkgYW4gQVMgMCBST0Eh4oCdDQoNCkFub3RoZXIg c2ltcGxlciBkZWZpbml0aW9uIGZvciBib3RoIGFib3ZlIGluIG9uZSBjb3VsZCBiZToNCi0g4oCc RElTUiB3aWxsIG5vdCBiZSBlbXBsb3llZCBmb3IgYWRkcmVzcyBzcGFjZSBjb3ZlcmVkIGJ5IGFu IEFTLTAgUk9B4oCdDQoNCkluIHRoZSBsYXRlciBvbmUsIGFuIEFTLTAgUk9BIGRpc2FibGVzIERJ U1IgZm9yIHRoZSBzcGVjaWZpYyBhZGRyZXNzIHNwYWNlIGFuZCBpZiBESVNSIGlzIG5vdA0KZGVw bG95ZWQgYXQgYWxsLCBBUy0wIFJPQSBST1YganVzdCBkb2VzIHRoZSBzYW1lIGFzIGl0IGFscmVh ZHkgZG9lcyB0b2RheSENCg0KVGhpcyBpcyBzaW1wbGUsIHRvIHRoZSBwb2ludCBhbmQgbm90IHJl YWxseSBkaWZmaWN1bHQgdG8gaW1wbGVtZW50LiANCg0KVGhhbmtzLA0KT2xpdmVyDQoNCg0K From nobody Tue Mar 13 17:13:33 2018 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1ABEC12702E for ; Tue, 13 Mar 2018 17:13:32 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uzbtR24u5hKo for ; Tue, 13 Mar 2018 17:13:30 -0700 (PDT) Received: from omr-a011e.mx.aol.com (omr-a011e.mx.aol.com [204.29.186.59]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 15D08127010 for ; Tue, 13 Mar 2018 17:13:30 -0700 (PDT) Received: from mtaout-aaj01.mx.aol.com (mtaout-aaj01.mx.aol.com [172.27.3.205]) by omr-a011e.mx.aol.com (Outbound Mail Relay) with ESMTP id 4CD3038000B3; Tue, 13 Mar 2018 20:13:29 -0400 (EDT) Received: from iMac-Study.fios-router.home (pool-108-49-30-217.bstnma.fios.verizon.net [108.49.30.217]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mtaout-aaj01.mx.aol.com (MUA/Third Party Client Interface) with ESMTPSA id CA26138000084; Tue, 13 Mar 2018 20:13:28 -0400 (EDT) To: "Montgomery, Douglas (Fed)" , "Sriram, Kotikalapudi (Fed)" , Tim Bruijnzeels Cc: "sidrops-chairs@ietf.org" , "sidrops@ietf.org" References: <152029076512.12908.14537578849320525718.idtracker@ietfa.amsl.com> <074D75CB-7D34-4838-BEAA-88AE5E044F6C@ripe.net> <70613650-C8D6-43D9-8643-5694B77BADA9@nist.gov> <5d2afc8e-7f9a-e2bc-fa84-88b943639bd6@verizon.net> From: Stephen Kent Message-ID: Date: Tue, 13 Mar 2018 20:13:28 -0400 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/alternative; boundary="------------F501423371BB2B1D31AC10F4" Content-Language: en-US x-aol-global-disposition: G x-aol-sid: 3039ac1b03cd5aa869283650 X-AOL-IP: 108.49.30.217 Archived-At: Subject: Re: [Sidrops] New Version Notification for draft-sriram-sidrops-drop-invalid-policy-00.txt X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Mar 2018 00:13:32 -0000 This is a multi-part message in MIME format. --------------F501423371BB2B1D31AC10F4 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Doug, I'm puzzled by your interpretation of RFC 7607. Specifically, Section 2 of 7607 says: 2. Behavior A BGP speaker MUST NOT originate or propagate a route with an AS number of zero in the AS_PATH, AS4_PATH, AGGREGATOR, or AS4_AGGREGATOR attributes. An UPDATE message that contains the AS number of zero in the AS_PATH or AGGREGATOR attribute MUST be considered as malformed and be handled by the procedures specified in [RFC7606]. An UPDATE message that contains the AS number of zero in the AS4_PATH or AS4_AGGREGATOR attribute MUST be considered as malformed and be handled by the procedures specified in [RFC6793]. If a BGP speaker receives zero as the peer AS in an OPEN message, it MUST abort the connection and send a NOTIFICATION with Error Code "OPEN Message Error" and subcode "Bad Peer AS" (seeSection 6 of [RFC4271]). A router MUST NOT initiate a connection claiming to be AS 0. This seems pretty definitive, and normative, not just a "usage convention" for AS 0, as you suggest. Steve > Thanks Steve, > > You are right that the RFCs below should be referenced also. Having reviewed them again, nothing I said previously seems to have changed. AS 0 is at best a suggested usage convention. > > The thing I like about the 6483 text is that it makes explicit that ROAs can and will be created beneath an AS 0 ROA (one usage scenario is forcing your customers to issue ROAs before announcing their routes) and that all of this is "by convention". So while not normative, I though 6483 painted the best picture of the issues we were discussing. > > dougm --------------F501423371BB2B1D31AC10F4 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: 8bit
Doug,

I'm puzzled by your interpretation of RFC 7607. Specifically, Section 2 of 7607 says:

 2. Behavior


   A BGP speaker MUST NOT originate or propagate a route with an AS
   number of zero in the AS_PATH, AS4_PATH, AGGREGATOR, or
   AS4_AGGREGATOR attributes.

   An UPDATE message that contains the AS number of zero in the AS_PATH
   or AGGREGATOR attribute MUST be considered as malformed and be
   handled by the procedures specified in [RFC7606].

   An UPDATE message that contains the AS number of zero in the AS4_PATH
   or AS4_AGGREGATOR attribute MUST be considered as malformed and be
   handled by the procedures specified in [RFC6793].

   If a BGP speaker receives zero as the peer AS in an OPEN message, it
   MUST abort the connection and send a NOTIFICATION with Error Code
   "OPEN Message Error" and subcode "Bad Peer AS" (see Section 6 of
   [RFC4271]).  A router MUST NOT initiate a connection claiming to be
   AS 0.

This seems pretty definitive, and normative, not just a "usage convention" for AS 0,
as you suggest.

Steve

Thanks Steve,

You are right that the RFCs below should be referenced also.  Having reviewed them again, nothing I said previously seems to have changed.   AS 0 is at best a suggested usage convention.

The thing I like about the 6483 text is that it makes explicit that ROAs can and will be created beneath an AS 0 ROA (one usage scenario is forcing your customers to issue ROAs before announcing their routes) and that all of this is "by convention".   So while not normative, I though 6483 painted the best picture of the issues we were discussing.

dougm


--------------F501423371BB2B1D31AC10F4-- From nobody Tue Mar 13 17:20:59 2018 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E0031126DFB for ; Tue, 13 Mar 2018 17:20:57 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.65 X-Spam-Level: X-Spam-Status: No, score=-1.65 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=no autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 20nZ7S-_8PhN for ; Tue, 13 Mar 2018 17:20:57 -0700 (PDT) Received: from mail-wr0-f177.google.com (mail-wr0-f177.google.com [209.85.128.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0286D124BFA for ; Tue, 13 Mar 2018 17:20:56 -0700 (PDT) Received: by mail-wr0-f177.google.com with SMTP id z12so2915256wrg.4 for ; Tue, 13 Mar 2018 17:20:56 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=UdY9HWapLQJDqbMWWbY4GrVO8VIRSJ1NBlE0rXOEUEM=; b=PG+T7P9sysrPA0etszNnnqY81VWiL/uQZBLkhOGxwRG6hvY5iCk0WIFwMdvmu5Lk7h rJwCUwvvf/LRQ1ncN6PuvgU9KyxbgDEIo6ByXL5vCV/I+kA972cWEK7VIpcHD1mSpTHG 4+/+RDDhZZXJ1UiqWFve0P+FxWrTT8IoulLwPq7+M+UkEdzfFUIZzoDIuw/i1Mt6E8es Yd3owmp988a1WCnw/qKO6an7/ylQQyXcKohesXXZEVKIWE73XqKu3dAfy/ioF2qzSelQ DPni3l3/RfWYP3ZzP8LxWNNYBA+T7ZyJn9hhlhnretFXuWKIPUDfbvD8sb2OAxXnqD2Y ipaA== X-Gm-Message-State: AElRT7FdnXzo6AXKiZd44CIpMzaTJ55wMANyrpfFtW++ZO7s5Ii/8S94 /cuuF678ttgKt1Pimf2rty715A== X-Google-Smtp-Source: AG47ELuWH0vwuGcXEgv32Ersw62pbZCz1GYMUFPmEnAEeA2p+Hk2WlqmiaakS0JR0yEqSagoe54pIA== X-Received: by 10.80.149.155 with SMTP id w27mr661420eda.33.1520986855315; Tue, 13 Mar 2018 17:20:55 -0700 (PDT) Received: from vurt.meerval.net (vurt.meerval.net. [192.147.168.22]) by smtp.gmail.com with ESMTPSA id v15sm1001220ede.90.2018.03.13.17.20.53 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 13 Mar 2018 17:20:54 -0700 (PDT) Received: from localhost (vurt.meerval.net [local]) by vurt.meerval.net (OpenSMTPD) with ESMTPA id 2bab5e2b; Wed, 14 Mar 2018 00:20:53 +0000 (UTC) Date: Wed, 14 Mar 2018 00:20:53 +0000 From: Job Snijders To: Stephen Kent Cc: "Montgomery, Douglas (Fed)" , "Sriram, Kotikalapudi (Fed)" , Tim Bruijnzeels , "sidrops-chairs@ietf.org" , "sidrops@ietf.org" Message-ID: <20180314002053.GE85809@vurt.meerval.net> References: <152029076512.12908.14537578849320525718.idtracker@ietfa.amsl.com> <074D75CB-7D34-4838-BEAA-88AE5E044F6C@ripe.net> <70613650-C8D6-43D9-8643-5694B77BADA9@nist.gov> <5d2afc8e-7f9a-e2bc-fa84-88b943639bd6@verizon.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Clacks-Overhead: GNU Terry Pratchett User-Agent: Mutt/1.9.4 (2018-02-28) Archived-At: Subject: Re: [Sidrops] New Version Notification for draft-sriram-sidrops-drop-invalid-policy-00.txt X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Mar 2018 00:20:58 -0000 On Tue, Mar 13, 2018 at 08:13:28PM -0400, Stephen Kent wrote: > I'm puzzled by your interpretation of RFC 7607. Specifically, Section > 2 of 7607 says: > > [...] > > This seems pretty definitive, and normative, not just a "usage > convention" for AS 0, as you suggest. The use of AS 0 in ROAs is not the same as the use of AS 0 in BGP UPDATE messages. The former is allowed, the latter is not. Kind regards, Job From nobody Tue Mar 13 19:54:21 2018 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 94927124235; Tue, 13 Mar 2018 19:54:19 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nistgov.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UtdpahkZUqke; Tue, 13 Mar 2018 19:54:16 -0700 (PDT) Received: from gcc01-dm2-obe.outbound.protection.outlook.com (mail-dm2gcc01on0112.outbound.protection.outlook.com [23.103.201.112]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C8ECB1205D3; Tue, 13 Mar 2018 19:54:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nistgov.onmicrosoft.com; s=selector1-nist-gov; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=jWx7xBe/ak/Lzvu/lgQuUtgzY6nWGT1QdMw/GBj5KMo=; b=cM6+6FZ9QZ/OyDXCbLZLkUxBvMdKnuILVNlbiKE3Qe6PIfxpnkJ4zwxOIBa6QuPGta0oxDj0km+u+eOM0N4t4BpPGgYEAa3Fe/cMDXcGXTnks4u9mtZGzTi3Kr6fx1oWuYDRv6QJbihWHAHigUjMjqg31AF5xAHkZWOwZ6T4+/o= Received: from DM5PR0901MB2504.namprd09.prod.outlook.com (52.132.128.29) by DM5PR0901MB2501.namprd09.prod.outlook.com (52.132.128.26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.548.13; Wed, 14 Mar 2018 02:54:13 +0000 Received: from DM5PR0901MB2504.namprd09.prod.outlook.com ([fe80::e90a:b560:7cee:b834]) by DM5PR0901MB2504.namprd09.prod.outlook.com ([fe80::e90a:b560:7cee:b834%13]) with mapi id 15.20.0548.021; Wed, 14 Mar 2018 02:54:12 +0000 From: "Montgomery, Douglas (Fed)" To: Stephen Kent , "Sriram, Kotikalapudi (Fed)" , Tim Bruijnzeels CC: "sidrops-chairs@ietf.org" , "sidrops@ietf.org" Thread-Topic: [Sidrops] New Version Notification for draft-sriram-sidrops-drop-invalid-policy-00.txt Thread-Index: AQHTtNWhMX8Ii2x000qaqhw9uIvabqPDaEWAgAMAtQCAAP/MAIAAPhaAgABzpAD//7T7AIAHGWcA///p2YA= Date: Wed, 14 Mar 2018 02:54:12 +0000 Message-ID: <0A9F6A41-B914-4ED9-989B-DE0736525B2A@nist.gov> References: <152029076512.12908.14537578849320525718.idtracker@ietfa.amsl.com> <074D75CB-7D34-4838-BEAA-88AE5E044F6C@ripe.net> <70613650-C8D6-43D9-8643-5694B77BADA9@nist.gov> <5d2afc8e-7f9a-e2bc-fa84-88b943639bd6@verizon.net> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/10.a.0.180210 x-originating-ip: [96.241.62.151] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; DM5PR0901MB2501; 7:TLE+ZZJ4g/V7Ro8i2NZSYZscKDmEUDMr95dstqSb8xU5PLEyN48x2GD5VJrib+y9qd2+L04whtM8dVRPf0+cQbKssIfnDtNSmLsn76aQUPluAaqrV/hmiUWFnISWJRY6oi+Uf0mZywwc4JoRYlUgfaeityvMUTvaUMnuioyvgYC4EO8e5oeYjkuR72eEhZPVuCH7WVJT4HG1h5kSWKXOLooCj3fWTAbGvobbWm/ezt3ecZ9WmXr1gwmu+u4Pg0Pu x-ms-exchange-antispam-srfa-diagnostics: SSOS;SSOR; x-forefront-antispam-report: SFV:SKI; SCL:-1; SFV:NSPM; SFS:(10019020)(346002)(396003)(39860400002)(39380400002)(376002)(366004)(50084003)(199004)(189003)(110136005)(478600001)(54896002)(6436002)(6306002)(6512007)(6486002)(82746002)(76176011)(93886005)(2906002)(10710500007)(6246003)(53936002)(2900100001)(26005)(105586002)(229853002)(6116002)(3846002)(14454004)(97736004)(106356001)(102836004)(54906003)(5250100002)(2950100002)(58126008)(3660700001)(86362001)(99286004)(8656006)(316002)(53546011)(8936002)(7736002)(68736007)(7110500001)(33656002)(25786009)(6506007)(2420400007)(15650500001)(83716003)(3280700002)(8676002)(66066001)(81166006)(81156014)(5660300001)(4326008)(36756003)(59450400001)(186003); DIR:OUT; SFP:1102; SCL:1; SRVR:DM5PR0901MB2501; H:DM5PR0901MB2504.namprd09.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; x-ms-office365-filtering-ht: Tenant x-ms-office365-filtering-correlation-id: 8419d500-cc4a-4ac8-e742-08d58956de0d x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(5600026)(4604075)(3008032)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020); SRVR:DM5PR0901MB2501; x-ms-traffictypediagnostic: DM5PR0901MB2501: authentication-results: spf=none (sender IP is ) smtp.mailfrom=dougm@nist.gov; x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(28532068793085)(65766998875637)(88262167912993)(21748063052155); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040522)(2401047)(8121501046)(5005006)(93006095)(93001095)(3231221)(944501244)(52105095)(10201501046)(3002001)(6055026)(6041310)(20161123560045)(20161123564045)(20161123562045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123558120)(6072148)(201708071742011); SRVR:DM5PR0901MB2501; BCL:0; PCL:0; RULEID:; SRVR:DM5PR0901MB2501; x-forefront-prvs: 0611A21987 received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts) x-microsoft-antispam-message-info: Spz8+GsQklTUF/dV/FCvVhMF2VjJ5Q3K48mf40W1cOt6oUsOMY8mOJ6wXIbOqgdzGUNXjjttTFAwsMaLikd79tYGRRyZVnWdL9/Xk/wPY4Gr3Yib6CDtQU5Pc+yUIypMBOuANs8dotsidGgBuS9gRUdBo+9380cSMjyZPPzXHXFpjx9laUzSX/K3HbnCRsKH+DvrAPiVBJl2YvbWEcsgEt7JgVvHz5+4e9y4aOmQlG3899EJA8KFzQCLNyEurHVPCCUK8dDVS66QnKynduNwx1dPpzZZXce3WBUv95ohEfuBG6zSXr3GAofUb1piAlRg5/H69qMnpldEeJMGSC1Fww== spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: multipart/alternative; boundary="_000_0A9F6A41B9144ED9989BDE0736525B2Anistgov_" MIME-Version: 1.0 X-OriginatorOrg: nist.gov X-MS-Exchange-CrossTenant-Network-Message-Id: 8419d500-cc4a-4ac8-e742-08d58956de0d X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Mar 2018 02:54:12.7398 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR0901MB2501 Archived-At: Subject: Re: [Sidrops] New Version Notification for draft-sriram-sidrops-drop-invalid-policy-00.txt X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Mar 2018 02:54:20 -0000 --_000_0A9F6A41B9144ED9989BDE0736525B2Anistgov_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 U3RldmUsDQoNClNvcnJ5LCB5ZXMgSSBhZ3JlZSB0aGF0IDc2MDcgdXBkYXRlcyA0MjcxIHRvIG1h a2UgaXQgY2xlYXIgdGhhdCBBUzAgc2hvdWxkIG5vdCBhcHBlYXIgaW4gYSBQQVRILiAgIFNvIGlt cGxlbWVudGF0aW9ucyB0aGF0IGNvbXBseSB3aXRoIGJvdGggNzYwNyBhbmQgNDI3MSBzaG91bGQg aGFuZGxlIEFTMCBpbiBCR1AgYXMgZXhwZWN0ZWQuDQoNCkJ1dCB0aGF0IHdhcyBub3QgbXkgcG9p bnQuICBNeSBwb2ludCB3YXMgd2hhdCDigJx0aGUgbWVhbmluZ+KAnSBvZiBhIFJPQSB3aXRoIEFT MCBpcy4gIEFzIGZhciBhcyBJIGNhbiB0ZWxsIG9uZSBjb3VsZCBlbmNvdW50ZXIgYW4gQVMwIGZv ciBhbiBhZGRyZXNzIGJsb2NrIHdpdGg6DQoNCg0KICAxLiAgVmFsaWQgKG5vbiBBUzApIFJPQXMg YWJvdmUgaXQgKGxlc3Mgc3BlY2lmaWMgYmxvY2spDQogIDIuICBWYWxpZCAobm9uIEFTMCkgUk9B cyBiZWxvdyBpdCAobW9yZSBzcGVjaWZpYyBibG9jaykNCiAgMy4gIFZhbGlkIChub24gQVMwKSBS T0FzIHdpdGggdGhlIHNhbWUgcHJlZml4IGFzIGluIHRoZSBBUzAgUk9BLg0KDQpTbywgZm9yIGV4 YW1wbGUsIGluIGNhc2UgIzIgYWJvdmUgdGhlIHVzZSBjYXNlIG1pZ2h0IGJlIHRvIHByZXZlbnQg c3F1YXR0aW5nIG9uIHVuYW5ub3VuY2VkIGFkZHJlc3Mgc3BhY2UgYnkgY3JlYXRpbmcgYW4gQVMw IFJPQSBmb3IgYW4gZW50aXJlIGFsbG9jYXRpb24sIHRoZW4gY3JlYXRpbmcgbm9uLUFTMCBST0Fz IGZvciB0aGUgc3BlY2lmaWMgc3ViLXByZWZpeGVzIHRoYXQgYXJlIHJvdXRlZC4gIFNvIGNsZWFy bHkgaW50ZW50IG9mIHRoZSBBUzAgUk9BIGluIHRoaXMgY2FzZSBpcyBub3Qg4oCceW91IHNob3Vs ZCBuZXZlciBzZWUgdGhlc2UgYWRkcmVzc2VzIGFubm91bmNlZCBpbiByb3V0aW5n4oCdLiAgT25l IHdvdWxkIGhhdmUgdG8gZXhhbWluZSB0aGUgZnVsbCBjb2xsZWN0aW9uIG9mIGNvdmVyaW5nIFJP QXMgdG8gdW5kZXJzdGFuZCB0aGUgaW50ZW5kZWQgdXNlIGNhc2UuDQoNCkFzIGZhciBhcyBJIGtu b3cgdGhlcmUgYXJlIG5vIHNwZWNpYWwgY2FzZXMgaW4gdGhlIFguNTA5IHZhbGlkYXRpb24gb2Yg UlBLSSBvYmplY3RzIGFzc29jaWF0ZWQgd2l0aCBBUzAsIG5vciBhcmUgdGhlcmUgc3BlY2lhbCBj YXNlcyBpbiB0aGUgQkdQIHByZWZpeCB2YWxpZGF0aW9uIGFsZ29yaXRobSBhc3NvY2lhdGVkIHdp dGggQVMwLiBJIGFtIG5vdCBzdXJlIGlmIGhvc3RlZCBSUEtJIHNlcnZpY2VzIHNwZWNpYWwgY2Fz ZSBBUzAgaW4gYW55IHdheSBpbiB0aGVpciBST0EgY3JlYXRpb24gbG9naWMuDQoNClNvLCB3aGF0 IHdlIGhhdmUgaXMgYW4gQVMgdmFsdWUgdGhhdCB3ZSBoYXZlIHVwZGF0ZWQgNDI3MSB0byBtYWtl IGNsZWFyIHNob3VsZCBuZXZlciBhcHBlYXIgaW4gYW4gQVNfUEFUSC4gICBXZSBsZXZlcmFnZSB0 aGF0IGZhY3QgdG8gbm90ZSB0aGF0IHdlIGNhbiBub3cgY3JlYXRlIFJPQXMgd2l0aCBBUzAgdGhh dCBjYW4gcmVzdWx0IGluIGFuIOKAnElOVkFMSUTigJ0gcmVzdWx0IGluIG9yaWdpbiB2YWxpZGF0 aW9uIGFzIGxvbmcgYXMgdGhlcmUgYXJlIG5vIG90aGVyIGNvdmVyaW5nICYgbWF0Y2hpbmcgUk9B cyB0aGF0IHdvdWxkIHJlc3VsdCBpbiBhIOKAnFZBTElE4oCdLg0KDQpUaHVzIHRoZSBuZXQgZWZm ZWN0IG9mIGEgY292ZXJpbmcgQVMwIFJPQSBjYW7igJl0IGJlIGRldGVybWluZWQgaW4gaXNvbGF0 aW9uLiAgT25lIGhhcyB0byBjb25zaWRlciB0aGUgb3ZlcmFsbCB1c2FnZSBzY2VuYXJpbyB0byB1 bmRlcnN0YW5kIHRoZSByYW1pZmljYXRpb25zLg0KDQpJIGZvdW5kIHRoYXQgUkZDNjQ4MyBleHBs YWluZWQgdGhpcyBuaWNlbHksIG5vdGluZyB0aGF0IGl0IGlzIOKAnGJ5IGNvbnZlbnRpb27igJ0g dGhhdCBBUzAgY2FuIHJlc3VsdCBpbiBJTlZBTElEIGluIHNvbWUgdXNhZ2Ugc2NlbmFyaW9zIGFu ZCBub3Rpbmcgc29tZSBvZiB0aGUgc2NlbmFyaW9zIHdoZXJlIHRoaXMgaXMgbm90IHRoZSBjYXNl Lg0KDQpJIHdpbGwgc2F5IHRoYXQgSSBoYXZlIHNlZW4gYSBmZXcgY29tbWVudHMgaW4gdGhpcyB0 aHJlYWQgd2hlcmUgSSB0aGluayBzb21lIGZvbGtzIGhhdmUgbG9zdCB0cmFjayBvZiB0aGUgZmFj dCB0aGF0Og0KDQoNCihhKSAgICBBIGNvdmVyaW5nIEFTMCBST0EgYWxvbmUgZG9lcyBub3QgZ3Vh cmFudGVlIGFuIElOVkFMSUQgcmVzdWx0LCBhbmQsDQoNCihiKSAgICBBbiBJTlZBTElEIHJlc3Vs dCBkb2VzIG5vdCBndWFyYW50ZWUgdGhhdCB0aGUgdXBkYXRlIHdpdGggYmUgaWdub3JlZCBpbiB0 aGUgZGVjaXNpb24gcHJvY2Vzcy4gVGhhdCB3aWxsIGFsd2F5cyBiZSBzdWJqZWN0IHRvIGxvY2Fs IHBvbGljeS4NCg0KQ29tbWVudHMgYWxvbmcgdGhlIGxpbmVzIG9mIOKAnOKApiBhbiBBUzAgaW1w bGllcyBtdXN0IGRyb3Ag4oCm4oCdIHdvdWxkIGJlIGEgY2hhbmdlIHRvIGJvdGggb2YgdGhlc2Ug ZmFjdHMsIGFuZCB3b3VsZCByZXF1aXJlIHVwZGF0ZXMgdG8gZXhpc3RpbmcgYmFzZSBzcGVjcyB0 byBtYWtlIGl0IHNvLg0KDQpJdCBzaG91bGQgYWxzbyBiZSBub3RlZCB0aGF0IHRoZSBESVNSIGlk ZWEgd2FzIG5vdCBwcm9wb3NpbmcgYW55IGNoYW5nZXMgdG8gbm9ybWF0aXZlIGJlaGF2aW9yIG9m IFJQS0kgb3IgT3JpZ2luIFZhbGlkYXRpb24uICBJbnN0ZWFkIGl0IHdhcyBwcm9wb3NlZCBhcyBh IGZvcm0gb2YgbG9jYWwgcG9saWN5IG1lY2hhbmlzbSBhaW1lZCBhdCByZWR1Y2luZyBvcGVyYXRv cuKAmXMgY29uY2VybnMgYWJvdXQgcG90ZW50aWFsIG5ldHdvcmsgdW5yZWFjaGFiaWxpdHkgdHJp Z2dlcmVkIGJ5IFJQS0kgZXJyb3JzIG9yIG9taXNzaW9ucy4gIEkgZG8gdGhpbmsgaWYgRElTUi1s aWtlIGlkZWFzIGhhdmUgbWVyaXQsIHRoZW4gdGhlIGlkZWEgb2Ygc3BlY2lhbCBjYXNpbmcgQVMw IGluIHRoZSBsb2NhbCBwb2xpY3kgbWlnaHQgaGF2ZSB2YWx1ZSwgYnV0IHdlIG5lZWQgdG8gd29y ayB0aHJvdWdoIHRoZSB0aHJlZSBjYXNlcyBhYm92ZSB0byBiZSBjbGVhciB3aGF0IHRoYXQgc3Bl Y2lhbCBjYXNlIGxvZ2ljIG1pZ2h0IGJlLg0KDQpXaGlsZSBJIGFtIHJhbWJsaW5nLCBJIHNob3Vs ZCBhbHNvIHNheSB0aGF0IEkgYWdyZWUgd2l0aCBKYXkgYW5kIHBvaW50cyB0aGF0IFRpbSBtYWRl IHNvbWUgdGltZSBhZ28gdGhhdCBvbmUgd2FudHMgdG8gYmUgY2FyZWZ1bCB3aXRoIHRoZSB0cmFk ZW9mZnMgb2YgbGVzc2VuaW5nIHRoZSBwb3RlbnRpYWwgaW1wYWN0IG9mIGVycm9ycyBpbiB0aGUg ZGF0YSwgYXMgaXQgaXMgdHlwaWNhbGx5IG9ubHkgdGhlIHRlbnNpb24gY2F1c2VkIGJ5IGEgbmVn YXRpdmUgaW1wYWN0IHRoYXQgaW5zcGlyZXMgcGVvcGxlIHRvIHVwZGF0ZSBhbmQgY29ycmVjdCB0 aGUgZGF0YSBpbiB0aGUgZmlyc3QgcGxhY2UuDQoNCmRvdWdtDQotLQ0KRG91Z00gYXQgTklTVA0K DQpGcm9tOiBTdGVwaGVuIEtlbnQgPHN0a2VudEB2ZXJpem9uLm5ldD4NCkRhdGU6IFR1ZXNkYXks IE1hcmNoIDEzLCAyMDE4IGF0IDg6MTMgUE0NClRvOiBEb3VnIE1vbnRnb21lcnkgPGRvdWdtQG5p c3QuZ292PiwgIlNyaXJhbSwgS290aWthbGFwdWRpIChGZWQpIiA8a290aWthbGFwdWRpLnNyaXJh bUBuaXN0Lmdvdj4sIFRpbSBCcnVpam56ZWVscyA8dGltQHJpcGUubmV0Pg0KQ2M6ICJzaWRyb3Bz LWNoYWlyc0BpZXRmLm9yZyIgPHNpZHJvcHMtY2hhaXJzQGlldGYub3JnPiwgInNpZHJvcHNAaWV0 Zi5vcmciIDxzaWRyb3BzQGlldGYub3JnPg0KU3ViamVjdDogUmU6IFtTaWRyb3BzXSBOZXcgVmVy c2lvbiBOb3RpZmljYXRpb24gZm9yIGRyYWZ0LXNyaXJhbS1zaWRyb3BzLWRyb3AtaW52YWxpZC1w b2xpY3ktMDAudHh0DQoNCkRvdWcsDQoNCkknbSBwdXp6bGVkIGJ5IHlvdXIgaW50ZXJwcmV0YXRp b24gb2YgUkZDIDc2MDcuIFNwZWNpZmljYWxseSwgU2VjdGlvbiAyIG9mIDc2MDcgc2F5czoNCg0K DQoyLiBCZWhhdmlvcg0KDQoNCg0KDQoNCiAgIEEgQkdQIHNwZWFrZXIgTVVTVCBOT1Qgb3JpZ2lu YXRlIG9yIHByb3BhZ2F0ZSBhIHJvdXRlIHdpdGggYW4gQVMNCg0KICAgbnVtYmVyIG9mIHplcm8g aW4gdGhlIEFTX1BBVEgsIEFTNF9QQVRILCBBR0dSRUdBVE9SLCBvcg0KDQogICBBUzRfQUdHUkVH QVRPUiBhdHRyaWJ1dGVzLg0KDQoNCg0KICAgQW4gVVBEQVRFIG1lc3NhZ2UgdGhhdCBjb250YWlu cyB0aGUgQVMgbnVtYmVyIG9mIHplcm8gaW4gdGhlIEFTX1BBVEgNCg0KICAgb3IgQUdHUkVHQVRP UiBhdHRyaWJ1dGUgTVVTVCBiZSBjb25zaWRlcmVkIGFzIG1hbGZvcm1lZCBhbmQgYmUNCg0KICAg aGFuZGxlZCBieSB0aGUgcHJvY2VkdXJlcyBzcGVjaWZpZWQgaW4gW1JGQzc2MDZdLg0KDQoNCg0K ICAgQW4gVVBEQVRFIG1lc3NhZ2UgdGhhdCBjb250YWlucyB0aGUgQVMgbnVtYmVyIG9mIHplcm8g aW4gdGhlIEFTNF9QQVRIDQoNCiAgIG9yIEFTNF9BR0dSRUdBVE9SIGF0dHJpYnV0ZSBNVVNUIGJl IGNvbnNpZGVyZWQgYXMgbWFsZm9ybWVkIGFuZCBiZQ0KDQogICBoYW5kbGVkIGJ5IHRoZSBwcm9j ZWR1cmVzIHNwZWNpZmllZCBpbiBbUkZDNjc5M10uDQoNCg0KDQogICBJZiBhIEJHUCBzcGVha2Vy IHJlY2VpdmVzIHplcm8gYXMgdGhlIHBlZXIgQVMgaW4gYW4gT1BFTiBtZXNzYWdlLCBpdA0KDQog ICBNVVNUIGFib3J0IHRoZSBjb25uZWN0aW9uIGFuZCBzZW5kIGEgTk9USUZJQ0FUSU9OIHdpdGgg RXJyb3IgQ29kZQ0KDQogICAiT1BFTiBNZXNzYWdlIEVycm9yIiBhbmQgc3ViY29kZSAiQmFkIFBl ZXIgQVMiIChzZWUgU2VjdGlvbiA2IG9mDQoNCiAgIFtSRkM0MjcxXSkuICBBIHJvdXRlciBNVVNU IE5PVCBpbml0aWF0ZSBhIGNvbm5lY3Rpb24gY2xhaW1pbmcgdG8gYmUNCg0KICAgQVMgMC4NCg0K DQoNClRoaXMgc2VlbXMgcHJldHR5IGRlZmluaXRpdmUsIGFuZCBub3JtYXRpdmUsIG5vdCBqdXN0 IGEgInVzYWdlIGNvbnZlbnRpb24iIGZvciBBUyAwLA0KDQphcyB5b3Ugc3VnZ2VzdC4NCg0KDQoN ClN0ZXZlDQoNClRoYW5rcyBTdGV2ZSwNCg0KDQoNCllvdSBhcmUgcmlnaHQgdGhhdCB0aGUgUkZD cyBiZWxvdyBzaG91bGQgYmUgcmVmZXJlbmNlZCBhbHNvLiAgSGF2aW5nIHJldmlld2VkIHRoZW0g YWdhaW4sIG5vdGhpbmcgSSBzYWlkIHByZXZpb3VzbHkgc2VlbXMgdG8gaGF2ZSBjaGFuZ2VkLiAg IEFTIDAgaXMgYXQgYmVzdCBhIHN1Z2dlc3RlZCB1c2FnZSBjb252ZW50aW9uLg0KDQoNCg0KVGhl IHRoaW5nIEkgbGlrZSBhYm91dCB0aGUgNjQ4MyB0ZXh0IGlzIHRoYXQgaXQgbWFrZXMgZXhwbGlj aXQgdGhhdCBST0FzIGNhbiBhbmQgd2lsbCBiZSBjcmVhdGVkIGJlbmVhdGggYW4gQVMgMCBST0Eg KG9uZSB1c2FnZSBzY2VuYXJpbyBpcyBmb3JjaW5nIHlvdXIgY3VzdG9tZXJzIHRvIGlzc3VlIFJP QXMgYmVmb3JlIGFubm91bmNpbmcgdGhlaXIgcm91dGVzKSBhbmQgdGhhdCBhbGwgb2YgdGhpcyBp cyAiYnkgY29udmVudGlvbiIuICAgU28gd2hpbGUgbm90IG5vcm1hdGl2ZSwgSSB0aG91Z2ggNjQ4 MyBwYWludGVkIHRoZSBiZXN0IHBpY3R1cmUgb2YgdGhlIGlzc3VlcyB3ZSB3ZXJlIGRpc2N1c3Np bmcuDQoNCg0KDQpkb3VnbQ0KDQoNCg== --_000_0A9F6A41B9144ED9989BDE0736525B2Anistgov_ Content-Type: text/html; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6bz0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6b2ZmaWNlIiB4 bWxuczp3PSJ1cm46c2NoZW1hcy1taWNyb3NvZnQtY29tOm9mZmljZTp3b3JkIiB4bWxuczptPSJo dHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL29mZmljZS8yMDA0LzEyL29tbWwiIHhtbG5zPSJo dHRwOi8vd3d3LnczLm9yZy9UUi9SRUMtaHRtbDQwIj4NCjxoZWFkPg0KPG1ldGEgaHR0cC1lcXVp dj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9dXRmLTgiPg0KPG1l dGEgbmFtZT0iR2VuZXJhdG9yIiBjb250ZW50PSJNaWNyb3NvZnQgV29yZCAxNSAoZmlsdGVyZWQg bWVkaXVtKSI+DQo8c3R5bGU+PCEtLQ0KLyogRm9udCBEZWZpbml0aW9ucyAqLw0KQGZvbnQtZmFj ZQ0KCXtmb250LWZhbWlseTpDb3VyaWVyOw0KCXBhbm9zZS0xOjAgMCAwIDAgMCAwIDAgMCAwIDA7 fQ0KQGZvbnQtZmFjZQ0KCXtmb250LWZhbWlseToiQ2FtYnJpYSBNYXRoIjsNCglwYW5vc2UtMToy IDQgNSAzIDUgNCA2IDMgMiA0O30NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6Q2FsaWJyaTsN CglwYW5vc2UtMToyIDE1IDUgMiAyIDIgNCAzIDIgNDt9DQpAZm9udC1mYWNlDQoJe2ZvbnQtZmFt aWx5OiJUaW1lcyBOZXcgUm9tYW4gXChCb2R5IENTXCkiOw0KCXBhbm9zZS0xOjIgMiA2IDMgNSA0 IDUgMiAzIDQ7fQ0KQGZvbnQtZmFjZQ0KCXtmb250LWZhbWlseTpDb25zb2xhczsNCglwYW5vc2Ut MToyIDExIDYgOSAyIDIgNCAzIDIgNDt9DQovKiBTdHlsZSBEZWZpbml0aW9ucyAqLw0KcC5Nc29O b3JtYWwsIGxpLk1zb05vcm1hbCwgZGl2Lk1zb05vcm1hbA0KCXttYXJnaW46MGluOw0KCW1hcmdp bi1ib3R0b206LjAwMDFwdDsNCglmb250LXNpemU6MTEuMHB0Ow0KCWZvbnQtZmFtaWx5OiJDYWxp YnJpIixzYW5zLXNlcmlmO30NCmgyDQoJe21zby1zdHlsZS1wcmlvcml0eTo5Ow0KCW1zby1zdHls ZS1saW5rOiJIZWFkaW5nIDIgQ2hhciI7DQoJbXNvLW1hcmdpbi10b3AtYWx0OmF1dG87DQoJbWFy Z2luLXJpZ2h0OjBpbjsNCgltc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0bzsNCgltYXJnaW4tbGVm dDowaW47DQoJZm9udC1zaXplOjE4LjBwdDsNCglmb250LWZhbWlseToiQ2FsaWJyaSIsc2Fucy1z ZXJpZjsNCglmb250LXdlaWdodDpib2xkO30NCmE6bGluaywgc3Bhbi5Nc29IeXBlcmxpbmsNCgl7 bXNvLXN0eWxlLXByaW9yaXR5Ojk5Ow0KCWNvbG9yOiMwNTYzQzE7DQoJdGV4dC1kZWNvcmF0aW9u OnVuZGVybGluZTt9DQphOnZpc2l0ZWQsIHNwYW4uTXNvSHlwZXJsaW5rRm9sbG93ZWQNCgl7bXNv LXN0eWxlLXByaW9yaXR5Ojk5Ow0KCWNvbG9yOiM5NTRGNzI7DQoJdGV4dC1kZWNvcmF0aW9uOnVu ZGVybGluZTt9DQpwcmUNCgl7bXNvLXN0eWxlLXByaW9yaXR5Ojk5Ow0KCW1zby1zdHlsZS1saW5r OiJIVE1MIFByZWZvcm1hdHRlZCBDaGFyIjsNCgltYXJnaW46MGluOw0KCW1hcmdpbi1ib3R0b206 LjAwMDFwdDsNCglmb250LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OiJDb3VyaWVyIE5ldyI7 fQ0KcC5Nc29MaXN0UGFyYWdyYXBoLCBsaS5Nc29MaXN0UGFyYWdyYXBoLCBkaXYuTXNvTGlzdFBh cmFncmFwaA0KCXttc28tc3R5bGUtcHJpb3JpdHk6MzQ7DQoJbWFyZ2luLXRvcDowaW47DQoJbWFy Z2luLXJpZ2h0OjBpbjsNCgltYXJnaW4tYm90dG9tOjBpbjsNCgltYXJnaW4tbGVmdDouNWluOw0K CW1hcmdpbi1ib3R0b206LjAwMDFwdDsNCglmb250LXNpemU6MTEuMHB0Ow0KCWZvbnQtZmFtaWx5 OiJDYWxpYnJpIixzYW5zLXNlcmlmO30NCnAubXNvbm9ybWFsMCwgbGkubXNvbm9ybWFsMCwgZGl2 Lm1zb25vcm1hbDANCgl7bXNvLXN0eWxlLW5hbWU6bXNvbm9ybWFsOw0KCW1zby1tYXJnaW4tdG9w LWFsdDphdXRvOw0KCW1hcmdpbi1yaWdodDowaW47DQoJbXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1 dG87DQoJbWFyZ2luLWxlZnQ6MGluOw0KCWZvbnQtc2l6ZToxMS4wcHQ7DQoJZm9udC1mYW1pbHk6 IkNhbGlicmkiLHNhbnMtc2VyaWY7fQ0Kc3Bhbi5IVE1MUHJlZm9ybWF0dGVkQ2hhcg0KCXttc28t c3R5bGUtbmFtZToiSFRNTCBQcmVmb3JtYXR0ZWQgQ2hhciI7DQoJbXNvLXN0eWxlLXByaW9yaXR5 Ojk5Ow0KCW1zby1zdHlsZS1saW5rOiJIVE1MIFByZWZvcm1hdHRlZCI7DQoJZm9udC1mYW1pbHk6 Q29uc29sYXM7fQ0Kc3Bhbi5oMg0KCXttc28tc3R5bGUtbmFtZTpoMjt9DQpzcGFuLkhlYWRpbmcy Q2hhcg0KCXttc28tc3R5bGUtbmFtZToiSGVhZGluZyAyIENoYXIiOw0KCW1zby1zdHlsZS1wcmlv cml0eTo5Ow0KCW1zby1zdHlsZS1saW5rOiJIZWFkaW5nIDIiOw0KCWZvbnQtZmFtaWx5OiJDYWxp YnJpIExpZ2h0IixzYW5zLXNlcmlmOw0KCWNvbG9yOiMyRjU0OTY7fQ0Kc3Bhbi5FbWFpbFN0eWxl MjMNCgl7bXNvLXN0eWxlLXR5cGU6cGVyc29uYWwtcmVwbHk7DQoJZm9udC1mYW1pbHk6Q291cmll cjsNCgljb2xvcjp3aW5kb3d0ZXh0O30NCi5Nc29DaHBEZWZhdWx0DQoJe21zby1zdHlsZS10eXBl OmV4cG9ydC1vbmx5Ow0KCWZvbnQtc2l6ZToxMC4wcHQ7fQ0KQHBhZ2UgV29yZFNlY3Rpb24xDQoJ e3NpemU6OC41aW4gMTEuMGluOw0KCW1hcmdpbjoxLjBpbiAxLjBpbiAxLjBpbiAxLjBpbjt9DQpk aXYuV29yZFNlY3Rpb24xDQoJe3BhZ2U6V29yZFNlY3Rpb24xO30NCi8qIExpc3QgRGVmaW5pdGlv bnMgKi8NCkBsaXN0IGwwDQoJe21zby1saXN0LWlkOjEyNDkzMTYyNDU7DQoJbXNvLWxpc3QtdHlw ZTpoeWJyaWQ7DQoJbXNvLWxpc3QtdGVtcGxhdGUtaWRzOi0xNjUzNDM1NjMyIDY3Njk4NzAzIDY3 Njk4NzEzIDY3Njk4NzE1IDY3Njk4NzAzIDY3Njk4NzEzIDY3Njk4NzE1IDY3Njk4NzAzIDY3Njk4 NzEzIDY3Njk4NzE1O30NCkBsaXN0IGwwOmxldmVsMQ0KCXttc28tbGV2ZWwtdGFiLXN0b3A6bm9u ZTsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LS4yNWlu O30NCkBsaXN0IGwwOmxldmVsMg0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDphbHBoYS1sb3dl cjsNCgltc28tbGV2ZWwtdGFiLXN0b3A6bm9uZTsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9u OmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LS4yNWluO30NCkBsaXN0IGwwOmxldmVsMw0KCXttc28tbGV2 ZWwtbnVtYmVyLWZvcm1hdDpyb21hbi1sb3dlcjsNCgltc28tbGV2ZWwtdGFiLXN0b3A6bm9uZTsN Cgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOnJpZ2h0Ow0KCXRleHQtaW5kZW50Oi05LjBwdDt9 DQpAbGlzdCBsMDpsZXZlbDQNCgl7bXNvLWxldmVsLXRhYi1zdG9wOm5vbmU7DQoJbXNvLWxldmVs LW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjt9DQpAbGlzdCBsMDps ZXZlbDUNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YWxwaGEtbG93ZXI7DQoJbXNvLWxldmVs LXRhYi1zdG9wOm5vbmU7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQt aW5kZW50Oi0uMjVpbjt9DQpAbGlzdCBsMDpsZXZlbDYNCgl7bXNvLWxldmVsLW51bWJlci1mb3Jt YXQ6cm9tYW4tbG93ZXI7DQoJbXNvLWxldmVsLXRhYi1zdG9wOm5vbmU7DQoJbXNvLWxldmVsLW51 bWJlci1wb3NpdGlvbjpyaWdodDsNCgl0ZXh0LWluZGVudDotOS4wcHQ7fQ0KQGxpc3QgbDA6bGV2 ZWw3DQoJe21zby1sZXZlbC10YWItc3RvcDpub25lOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRp b246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47fQ0KQGxpc3QgbDA6bGV2ZWw4DQoJe21zby1s ZXZlbC1udW1iZXItZm9ybWF0OmFscGhhLWxvd2VyOw0KCW1zby1sZXZlbC10YWItc3RvcDpub25l Ow0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47 fQ0KQGxpc3QgbDA6bGV2ZWw5DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OnJvbWFuLWxvd2Vy Ow0KCW1zby1sZXZlbC10YWItc3RvcDpub25lOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246 cmlnaHQ7DQoJdGV4dC1pbmRlbnQ6LTkuMHB0O30NCkBsaXN0IGwxDQoJe21zby1saXN0LWlkOjE3 MTM3MzAzODI7DQoJbXNvLWxpc3QtdHlwZTpoeWJyaWQ7DQoJbXNvLWxpc3QtdGVtcGxhdGUtaWRz Oi00ODUzMDQzNDYgLTYxNzk3OTYwNiA2NzY5ODcxMyA2NzY5ODcxNSA2NzY5ODcwMyA2NzY5ODcx MyA2NzY5ODcxNSA2NzY5ODcwMyA2NzY5ODcxMyA2NzY5ODcxNTt9DQpAbGlzdCBsMTpsZXZlbDEN Cgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YWxwaGEtbG93ZXI7DQoJbXNvLWxldmVsLXRleHQ6 IlwoJTFcKSI7DQoJbXNvLWxldmVsLXRhYi1zdG9wOm5vbmU7DQoJbXNvLWxldmVsLW51bWJlci1w b3NpdGlvbjpsZWZ0Ow0KCW1hcmdpbi1sZWZ0Oi43NWluOw0KCXRleHQtaW5kZW50Oi0uNWluO30N CkBsaXN0IGwxOmxldmVsMg0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDphbHBoYS1sb3dlcjsN Cgltc28tbGV2ZWwtdGFiLXN0b3A6bm9uZTsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxl ZnQ7DQoJdGV4dC1pbmRlbnQ6LS4yNWluO30NCkBsaXN0IGwxOmxldmVsMw0KCXttc28tbGV2ZWwt bnVtYmVyLWZvcm1hdDpyb21hbi1sb3dlcjsNCgltc28tbGV2ZWwtdGFiLXN0b3A6bm9uZTsNCglt c28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOnJpZ2h0Ow0KCXRleHQtaW5kZW50Oi05LjBwdDt9DQpA bGlzdCBsMTpsZXZlbDQNCgl7bXNvLWxldmVsLXRhYi1zdG9wOm5vbmU7DQoJbXNvLWxldmVsLW51 bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjt9DQpAbGlzdCBsMTpsZXZl bDUNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YWxwaGEtbG93ZXI7DQoJbXNvLWxldmVsLXRh Yi1zdG9wOm5vbmU7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5k ZW50Oi0uMjVpbjt9DQpAbGlzdCBsMTpsZXZlbDYNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6 cm9tYW4tbG93ZXI7DQoJbXNvLWxldmVsLXRhYi1zdG9wOm5vbmU7DQoJbXNvLWxldmVsLW51bWJl ci1wb3NpdGlvbjpyaWdodDsNCgl0ZXh0LWluZGVudDotOS4wcHQ7fQ0KQGxpc3QgbDE6bGV2ZWw3 DQoJe21zby1sZXZlbC10YWItc3RvcDpub25lOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246 bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47fQ0KQGxpc3QgbDE6bGV2ZWw4DQoJe21zby1sZXZl bC1udW1iZXItZm9ybWF0OmFscGhhLWxvd2VyOw0KCW1zby1sZXZlbC10YWItc3RvcDpub25lOw0K CW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47fQ0K QGxpc3QgbDE6bGV2ZWw5DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OnJvbWFuLWxvd2VyOw0K CW1zby1sZXZlbC10YWItc3RvcDpub25lOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246cmln aHQ7DQoJdGV4dC1pbmRlbnQ6LTkuMHB0O30NCm9sDQoJe21hcmdpbi1ib3R0b206MGluO30NCnVs DQoJe21hcmdpbi1ib3R0b206MGluO30NCi0tPjwvc3R5bGU+DQo8L2hlYWQ+DQo8Ym9keSBsYW5n PSJFTi1VUyIgbGluaz0iIzA1NjNDMSIgdmxpbms9IiM5NTRGNzIiPg0KPGRpdiBjbGFzcz0iV29y ZFNlY3Rpb24xIj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6 MTIuMHB0O2ZvbnQtZmFtaWx5OkNvdXJpZXIiPlN0ZXZlLDxvOnA+PC9vOnA+PC9zcGFuPjwvcD4N CjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTIuMHB0O2ZvbnQt ZmFtaWx5OkNvdXJpZXIiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTIuMHB0O2ZvbnQtZmFtaWx5OkNvdXJp ZXIiPlNvcnJ5LCB5ZXMgSSBhZ3JlZSB0aGF0IDc2MDcgdXBkYXRlcyA0MjcxIHRvIG1ha2UgaXQg Y2xlYXIgdGhhdCBBUzAgc2hvdWxkIG5vdCBhcHBlYXIgaW4gYSBQQVRILiZuYnNwOyZuYnNwOyBT byBpbXBsZW1lbnRhdGlvbnMgdGhhdCBjb21wbHkgd2l0aCBib3RoIDc2MDcgYW5kIDQyNzEgc2hv dWxkIGhhbmRsZSBBUzAgaW4gQkdQIGFzIGV4cGVjdGVkLjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4N CjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTIuMHB0O2ZvbnQt ZmFtaWx5OkNvdXJpZXIiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTIuMHB0O2ZvbnQtZmFtaWx5OkNvdXJp ZXIiPkJ1dCB0aGF0IHdhcyBub3QgbXkgcG9pbnQuJm5ic3A7IE15IHBvaW50IHdhcyB3aGF0IOKA nHRoZSBtZWFuaW5n4oCdIG9mIGEgUk9BIHdpdGggQVMwIGlzLiZuYnNwOyBBcyBmYXIgYXMgSSBj YW4gdGVsbCBvbmUgY291bGQgZW5jb3VudGVyIGFuIEFTMCBmb3IgYW4gYWRkcmVzcyBibG9jayB3 aXRoOjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0 eWxlPSJmb250LXNpemU6MTIuMHB0O2ZvbnQtZmFtaWx5OkNvdXJpZXIiPjxvOnA+Jm5ic3A7PC9v OnA+PC9zcGFuPjwvcD4NCjxvbCBzdHlsZT0ibWFyZ2luLXRvcDowaW4iIHN0YXJ0PSIxIiB0eXBl PSIxIj4NCjxsaSBjbGFzcz0iTXNvTGlzdFBhcmFncmFwaCIgc3R5bGU9Im1hcmdpbi1sZWZ0OjBp bjttc28tbGlzdDpsMCBsZXZlbDEgbGZvMSI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMi4wcHQ7 Zm9udC1mYW1pbHk6Q291cmllciI+VmFsaWQgKG5vbiBBUzApIFJPQXMgYWJvdmUgaXQgKGxlc3Mg c3BlY2lmaWMgYmxvY2spPG86cD48L286cD48L3NwYW4+PC9saT48bGkgY2xhc3M9Ik1zb0xpc3RQ YXJhZ3JhcGgiIHN0eWxlPSJtYXJnaW4tbGVmdDowaW47bXNvLWxpc3Q6bDAgbGV2ZWwxIGxmbzEi PjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTIuMHB0O2ZvbnQtZmFtaWx5OkNvdXJpZXIiPlZhbGlk IChub24gQVMwKSBST0FzIGJlbG93IGl0IChtb3JlIHNwZWNpZmljIGJsb2NrKTxvOnA+PC9vOnA+ PC9zcGFuPjwvbGk+PGxpIGNsYXNzPSJNc29MaXN0UGFyYWdyYXBoIiBzdHlsZT0ibWFyZ2luLWxl ZnQ6MGluO21zby1saXN0OmwwIGxldmVsMSBsZm8xIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEy LjBwdDtmb250LWZhbWlseTpDb3VyaWVyIj5WYWxpZCAobm9uIEFTMCkgUk9BcyB3aXRoIHRoZSBz YW1lIHByZWZpeCBhcyBpbiB0aGUgQVMwIFJPQS48bzpwPjwvbzpwPjwvc3Bhbj48L2xpPjwvb2w+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEyLjBwdDtmb250 LWZhbWlseTpDb3VyaWVyIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0i TXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEyLjBwdDtmb250LWZhbWlseTpDb3Vy aWVyIj5TbywgZm9yIGV4YW1wbGUsIGluIGNhc2UgIzIgYWJvdmUgdGhlIHVzZSBjYXNlIG1pZ2h0 IGJlIHRvIHByZXZlbnQgc3F1YXR0aW5nIG9uIHVuYW5ub3VuY2VkIGFkZHJlc3Mgc3BhY2UgYnkg Y3JlYXRpbmcgYW4gQVMwIFJPQSBmb3IgYW4gZW50aXJlIGFsbG9jYXRpb24sIHRoZW4gY3JlYXRp bmcgbm9uLUFTMCBST0FzIGZvcg0KIHRoZSBzcGVjaWZpYyBzdWItcHJlZml4ZXMgdGhhdCBhcmUg cm91dGVkLiZuYnNwOyBTbyBjbGVhcmx5IGludGVudCBvZiB0aGUgQVMwIFJPQSBpbiB0aGlzIGNh c2UgaXMgbm90IOKAnHlvdSBzaG91bGQgbmV2ZXIgc2VlIHRoZXNlIGFkZHJlc3NlcyBhbm5vdW5j ZWQgaW4gcm91dGluZ+KAnS4mbmJzcDsgT25lIHdvdWxkIGhhdmUgdG8gZXhhbWluZSB0aGUgZnVs bCBjb2xsZWN0aW9uIG9mIGNvdmVyaW5nIFJPQXMgdG8gdW5kZXJzdGFuZCB0aGUgaW50ZW5kZWQg dXNlIGNhc2UuPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNw YW4gc3R5bGU9ImZvbnQtc2l6ZToxMi4wcHQ7Zm9udC1mYW1pbHk6Q291cmllciI+PG86cD4mbmJz cDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZv bnQtc2l6ZToxMi4wcHQ7Zm9udC1mYW1pbHk6Q291cmllciI+QXMgZmFyIGFzIEkga25vdyB0aGVy ZSBhcmUgbm8gc3BlY2lhbCBjYXNlcyBpbiB0aGUgWC41MDkgdmFsaWRhdGlvbiBvZiBSUEtJIG9i amVjdHMgYXNzb2NpYXRlZCB3aXRoIEFTMCwgbm9yIGFyZSB0aGVyZSBzcGVjaWFsIGNhc2VzIGlu IHRoZSBCR1AgcHJlZml4IHZhbGlkYXRpb24gYWxnb3JpdGhtIGFzc29jaWF0ZWQgd2l0aA0KIEFT MC4gSSBhbSBub3Qgc3VyZSBpZiBob3N0ZWQgUlBLSSBzZXJ2aWNlcyBzcGVjaWFsIGNhc2UgQVMw IGluIGFueSB3YXkgaW4gdGhlaXIgUk9BIGNyZWF0aW9uIGxvZ2ljLjxvOnA+PC9vOnA+PC9zcGFu PjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTIuMHB0 O2ZvbnQtZmFtaWx5OkNvdXJpZXIiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNs YXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTIuMHB0O2ZvbnQtZmFtaWx5 OkNvdXJpZXIiPlNvLCB3aGF0IHdlIGhhdmUgaXMgYW4gQVMgdmFsdWUgdGhhdCB3ZSBoYXZlIHVw ZGF0ZWQgNDI3MSB0byBtYWtlIGNsZWFyIHNob3VsZCBuZXZlciBhcHBlYXIgaW4gYW4gQVNfUEFU SC4mbmJzcDsmbmJzcDsgV2UgbGV2ZXJhZ2UgdGhhdCBmYWN0IHRvIG5vdGUgdGhhdCB3ZSBjYW4g bm93IGNyZWF0ZSBST0FzIHdpdGggQVMwIHRoYXQgY2FuDQogcmVzdWx0IGluIGFuIOKAnElOVkFM SUTigJ0gcmVzdWx0IGluIG9yaWdpbiB2YWxpZGF0aW9uIGFzIGxvbmcgYXMgdGhlcmUgYXJlIG5v IG90aGVyIGNvdmVyaW5nICZhbXA7IG1hdGNoaW5nIFJPQXMgdGhhdCB3b3VsZCByZXN1bHQgaW4g YSDigJxWQUxJROKAnS48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFs Ij48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEyLjBwdDtmb250LWZhbWlseTpDb3VyaWVyIj48bzpw PiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHls ZT0iZm9udC1zaXplOjEyLjBwdDtmb250LWZhbWlseTpDb3VyaWVyIj5UaHVzIHRoZSBuZXQgZWZm ZWN0IG9mIGEgY292ZXJpbmcgQVMwIFJPQSBjYW7igJl0IGJlIGRldGVybWluZWQgaW4gaXNvbGF0 aW9uLiZuYnNwOyBPbmUgaGFzIHRvIGNvbnNpZGVyIHRoZSBvdmVyYWxsIHVzYWdlIHNjZW5hcmlv IHRvIHVuZGVyc3RhbmQgdGhlIHJhbWlmaWNhdGlvbnMuPG86cD48L286cD48L3NwYW4+PC9wPg0K PHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMi4wcHQ7Zm9udC1m YW1pbHk6Q291cmllciI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1z b05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMi4wcHQ7Zm9udC1mYW1pbHk6Q291cmll ciI+SSBmb3VuZCB0aGF0IFJGQzY0ODMgZXhwbGFpbmVkIHRoaXMgbmljZWx5LCBub3RpbmcgdGhh dCBpdCBpcyDigJxieSBjb252ZW50aW9u4oCdIHRoYXQgQVMwIGNhbiByZXN1bHQgaW4gSU5WQUxJ RCBpbiBzb21lIHVzYWdlIHNjZW5hcmlvcyBhbmQgbm90aW5nIHNvbWUgb2YgdGhlIHNjZW5hcmlv cyB3aGVyZSB0aGlzIGlzIG5vdCB0aGUNCiBjYXNlLjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTIuMHB0O2ZvbnQtZmFt aWx5OkNvdXJpZXIiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29O b3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTIuMHB0O2ZvbnQtZmFtaWx5OkNvdXJpZXIi Pkkgd2lsbCBzYXkgdGhhdCBJIGhhdmUgc2VlbiBhIGZldyBjb21tZW50cyBpbiB0aGlzIHRocmVh ZCB3aGVyZSBJIHRoaW5rIHNvbWUgZm9sa3MgaGF2ZSBsb3N0IHRyYWNrIG9mIHRoZSBmYWN0IHRo YXQ6PG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5 bGU9ImZvbnQtc2l6ZToxMi4wcHQ7Zm9udC1mYW1pbHk6Q291cmllciI+PG86cD4mbmJzcDs8L286 cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb0xpc3RQYXJhZ3JhcGgiIHN0eWxlPSJtYXJnaW4t bGVmdDouNzVpbjt0ZXh0LWluZGVudDotLjVpbjttc28tbGlzdDpsMSBsZXZlbDEgbGZvMiI+DQo8 IVtpZiAhc3VwcG9ydExpc3RzXT48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEyLjBwdDtmb250LWZh bWlseTpDb3VyaWVyIj48c3BhbiBzdHlsZT0ibXNvLWxpc3Q6SWdub3JlIj4oYSk8c3BhbiBzdHls ZT0iZm9udDo3LjBwdCAmcXVvdDtUaW1lcyBOZXcgUm9tYW4mcXVvdDsiPiZuYnNwOyZuYnNwOyZu YnNwOw0KPC9zcGFuPjwvc3Bhbj48L3NwYW4+PCFbZW5kaWZdPjxzcGFuIHN0eWxlPSJmb250LXNp emU6MTIuMHB0O2ZvbnQtZmFtaWx5OkNvdXJpZXIiPkEgY292ZXJpbmcgQVMwIFJPQSBhbG9uZSBk b2VzIG5vdCBndWFyYW50ZWUgYW4gSU5WQUxJRCByZXN1bHQsIGFuZCw8bzpwPjwvbzpwPjwvc3Bh bj48L3A+DQo8cCBjbGFzcz0iTXNvTGlzdFBhcmFncmFwaCIgc3R5bGU9Im1hcmdpbi1sZWZ0Oi43 NWluO3RleHQtaW5kZW50Oi0uNWluO21zby1saXN0OmwxIGxldmVsMSBsZm8yIj4NCjwhW2lmICFz dXBwb3J0TGlzdHNdPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTIuMHB0O2ZvbnQtZmFtaWx5OkNv dXJpZXIiPjxzcGFuIHN0eWxlPSJtc28tbGlzdDpJZ25vcmUiPihiKTxzcGFuIHN0eWxlPSJmb250 OjcuMHB0ICZxdW90O1RpbWVzIE5ldyBSb21hbiZxdW90OyI+Jm5ic3A7Jm5ic3A7Jm5ic3A7DQo8 L3NwYW4+PC9zcGFuPjwvc3Bhbj48IVtlbmRpZl0+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMi4w cHQ7Zm9udC1mYW1pbHk6Q291cmllciI+QW4gSU5WQUxJRCByZXN1bHQgZG9lcyBub3QgZ3VhcmFu dGVlIHRoYXQgdGhlIHVwZGF0ZSB3aXRoIGJlIGlnbm9yZWQgaW4gdGhlIGRlY2lzaW9uIHByb2Nl c3MuIFRoYXQgd2lsbCBhbHdheXMgYmUgc3ViamVjdCB0byBsb2NhbCBwb2xpY3kuPG86cD48L286 cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6 ZToxMi4wcHQ7Zm9udC1mYW1pbHk6Q291cmllciI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9w Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMi4wcHQ7Zm9u dC1mYW1pbHk6Q291cmllciI+Q29tbWVudHMgYWxvbmcgdGhlIGxpbmVzIG9mIOKAnOKApiBhbiBB UzAgaW1wbGllcyBtdXN0IGRyb3Ag4oCm4oCdIHdvdWxkIGJlIGEgY2hhbmdlIHRvIGJvdGggb2Yg dGhlc2UgZmFjdHMsIGFuZCB3b3VsZCByZXF1aXJlIHVwZGF0ZXMgdG8gZXhpc3RpbmcgYmFzZSBz cGVjcyB0byBtYWtlIGl0IHNvLjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29O b3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTIuMHB0O2ZvbnQtZmFtaWx5OkNvdXJpZXIi PjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFu IHN0eWxlPSJmb250LXNpemU6MTIuMHB0O2ZvbnQtZmFtaWx5OkNvdXJpZXIiPkl0IHNob3VsZCBh bHNvIGJlIG5vdGVkIHRoYXQgdGhlIERJU1IgaWRlYSB3YXMgbm90IHByb3Bvc2luZyBhbnkgY2hh bmdlcyB0byBub3JtYXRpdmUgYmVoYXZpb3Igb2YgUlBLSSBvciBPcmlnaW4gVmFsaWRhdGlvbi4m bmJzcDsgSW5zdGVhZCBpdCB3YXMgcHJvcG9zZWQgYXMgYSBmb3JtIG9mIGxvY2FsIHBvbGljeSBt ZWNoYW5pc20NCiBhaW1lZCBhdCByZWR1Y2luZyBvcGVyYXRvcuKAmXMgY29uY2VybnMgYWJvdXQg cG90ZW50aWFsIG5ldHdvcmsgdW5yZWFjaGFiaWxpdHkgdHJpZ2dlcmVkIGJ5IFJQS0kgZXJyb3Jz IG9yIG9taXNzaW9ucy4mbmJzcDsgSSBkbyB0aGluayBpZiBESVNSLWxpa2UgaWRlYXMgaGF2ZSBt ZXJpdCwgdGhlbiB0aGUgaWRlYSBvZiBzcGVjaWFsIGNhc2luZyBBUzAgaW4gdGhlIGxvY2FsIHBv bGljeSBtaWdodCBoYXZlIHZhbHVlLCBidXQgd2UgbmVlZCB0byB3b3JrIHRocm91Z2gNCiB0aGUg dGhyZWUgY2FzZXMgYWJvdmUgdG8gYmUgY2xlYXIgd2hhdCB0aGF0IHNwZWNpYWwgY2FzZSBsb2dp YyBtaWdodCBiZS48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48 c3BhbiBzdHlsZT0iZm9udC1zaXplOjEyLjBwdDtmb250LWZhbWlseTpDb3VyaWVyIj48bzpwPiZu YnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0i Zm9udC1zaXplOjEyLjBwdDtmb250LWZhbWlseTpDb3VyaWVyIj5XaGlsZSBJIGFtIHJhbWJsaW5n LCBJIHNob3VsZCBhbHNvIHNheSB0aGF0IEkgYWdyZWUgd2l0aCBKYXkgYW5kIHBvaW50cyB0aGF0 IFRpbSBtYWRlIHNvbWUgdGltZSBhZ28gdGhhdCBvbmUgd2FudHMgdG8gYmUgY2FyZWZ1bCB3aXRo IHRoZSB0cmFkZW9mZnMgb2YgbGVzc2VuaW5nIHRoZSBwb3RlbnRpYWwgaW1wYWN0IG9mDQogZXJy b3JzIGluIHRoZSBkYXRhLCBhcyBpdCBpcyB0eXBpY2FsbHkgb25seSB0aGUgdGVuc2lvbiBjYXVz ZWQgYnkgYSBuZWdhdGl2ZSBpbXBhY3QgdGhhdCBpbnNwaXJlcyBwZW9wbGUgdG8gdXBkYXRlIGFu ZCBjb3JyZWN0IHRoZSBkYXRhIGluIHRoZSBmaXJzdCBwbGFjZS4mbmJzcDsmbmJzcDsNCjxvOnA+ PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250 LXNpemU6MTIuMHB0O2ZvbnQtZmFtaWx5OkNvdXJpZXIiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFu PjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTIuMHB0 O2ZvbnQtZmFtaWx5OkNvdXJpZXIiPmRvdWdtPG86cD48L286cD48L3NwYW4+PC9wPg0KPGRpdj4N CjxwIGNsYXNzPSJNc29Ob3JtYWwiPi0tJm5ic3A7PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0i TXNvTm9ybWFsIj5Eb3VnTSBhdCBOSVNUPG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxwIGNsYXNz PSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTIuMHB0O2ZvbnQtZmFtaWx5OkNv dXJpZXIiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxkaXYgc3R5bGU9ImJvcmRlcjpu b25lO2JvcmRlci10b3A6c29saWQgI0I1QzRERiAxLjBwdDtwYWRkaW5nOjMuMHB0IDBpbiAwaW4g MGluIj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tbGVmdDouNWluIj48Yj48 c3BhbiBzdHlsZT0iZm9udC1zaXplOjEyLjBwdDtjb2xvcjpibGFjayI+RnJvbToNCjwvc3Bhbj48 L2I+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMi4wcHQ7Y29sb3I6YmxhY2siPlN0ZXBoZW4gS2Vu dCAmbHQ7c3RrZW50QHZlcml6b24ubmV0Jmd0Ozxicj4NCjxiPkRhdGU6IDwvYj5UdWVzZGF5LCBN YXJjaCAxMywgMjAxOCBhdCA4OjEzIFBNPGJyPg0KPGI+VG86IDwvYj5Eb3VnIE1vbnRnb21lcnkg Jmx0O2RvdWdtQG5pc3QuZ292Jmd0OywgJnF1b3Q7U3JpcmFtLCBLb3Rpa2FsYXB1ZGkgKEZlZCkm cXVvdDsgJmx0O2tvdGlrYWxhcHVkaS5zcmlyYW1AbmlzdC5nb3YmZ3Q7LCBUaW0gQnJ1aWpuemVl bHMgJmx0O3RpbUByaXBlLm5ldCZndDs8YnI+DQo8Yj5DYzogPC9iPiZxdW90O3NpZHJvcHMtY2hh aXJzQGlldGYub3JnJnF1b3Q7ICZsdDtzaWRyb3BzLWNoYWlyc0BpZXRmLm9yZyZndDssICZxdW90 O3NpZHJvcHNAaWV0Zi5vcmcmcXVvdDsgJmx0O3NpZHJvcHNAaWV0Zi5vcmcmZ3Q7PGJyPg0KPGI+ U3ViamVjdDogPC9iPlJlOiBbU2lkcm9wc10gTmV3IFZlcnNpb24gTm90aWZpY2F0aW9uIGZvciBk cmFmdC1zcmlyYW0tc2lkcm9wcy1kcm9wLWludmFsaWQtcG9saWN5LTAwLnR4dDxvOnA+PC9vOnA+ PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJt YXJnaW4tbGVmdDouNWluIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tbGVmdDouNWluIj48YSBuYW1lPSJfTWFp bE9yaWdpbmFsQm9keSI+RG91Zyw8YnI+DQo8YnI+DQpJJ20gcHV6emxlZCBieSB5b3VyIGludGVy cHJldGF0aW9uIG9mIFJGQyA3NjA3LiBTcGVjaWZpY2FsbHksIFNlY3Rpb24gMiBvZiA3NjA3IHNh eXM6PGJyPg0KPGJyPg0KPGJyPg0KPG86cD48L286cD48L2E+PC9wPg0KPGgyIHN0eWxlPSJtYXJn aW4tbGVmdDouNWluO21zby1saW5lLWhlaWdodC1hbHQ6MHB0Ij48c3BhbiBzdHlsZT0ibXNvLWJv b2ttYXJrOl9NYWlsT3JpZ2luYWxCb2R5Ij48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjBwdDtm b250LWZhbWlseTomcXVvdDtDb3VyaWVyIE5ldyZxdW90Oztjb2xvcjpibGFjayI+Mi4gQmVoYXZp b3I8bzpwPjwvbzpwPjwvc3Bhbj48L3NwYW4+PC9oMj4NCjxwcmUgc3R5bGU9Im1hcmdpbi1sZWZ0 Oi41aW4iPjxzcGFuIHN0eWxlPSJtc28tYm9va21hcms6X01haWxPcmlnaW5hbEJvZHkiPjxzcGFu IHN0eWxlPSJjb2xvcjpibGFjayI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9zcGFuPjwvcHJl Pg0KPHByZSBzdHlsZT0ibWFyZ2luLWxlZnQ6LjVpbiI+PHNwYW4gc3R5bGU9Im1zby1ib29rbWFy azpfTWFpbE9yaWdpbmFsQm9keSI+PHNwYW4gc3R5bGU9ImNvbG9yOmJsYWNrIj48bzpwPiZuYnNw OzwvbzpwPjwvc3Bhbj48L3NwYW4+PC9wcmU+DQo8cHJlIHN0eWxlPSJtYXJnaW4tbGVmdDouNWlu Ij48c3BhbiBzdHlsZT0ibXNvLWJvb2ttYXJrOl9NYWlsT3JpZ2luYWxCb2R5Ij48c3BhbiBzdHls ZT0iY29sb3I6YmxhY2siPiZuYnNwOyZuYnNwOyBBIEJHUCBzcGVha2VyIE1VU1QgTk9UIG9yaWdp bmF0ZSBvciBwcm9wYWdhdGUgYSByb3V0ZSB3aXRoIGFuIEFTPG86cD48L286cD48L3NwYW4+PC9z cGFuPjwvcHJlPg0KPHByZSBzdHlsZT0ibWFyZ2luLWxlZnQ6LjVpbiI+PHNwYW4gc3R5bGU9Im1z by1ib29rbWFyazpfTWFpbE9yaWdpbmFsQm9keSI+PHNwYW4gc3R5bGU9ImNvbG9yOmJsYWNrIj4m bmJzcDsmbmJzcDsgbnVtYmVyIG9mIHplcm8gaW4gdGhlIEFTX1BBVEgsIEFTNF9QQVRILCBBR0dS RUdBVE9SLCBvcjxvOnA+PC9vOnA+PC9zcGFuPjwvc3Bhbj48L3ByZT4NCjxwcmUgc3R5bGU9Im1h cmdpbi1sZWZ0Oi41aW4iPjxzcGFuIHN0eWxlPSJtc28tYm9va21hcms6X01haWxPcmlnaW5hbEJv ZHkiPjxzcGFuIHN0eWxlPSJjb2xvcjpibGFjayI+Jm5ic3A7Jm5ic3A7IEFTNF9BR0dSRUdBVE9S IGF0dHJpYnV0ZXMuPG86cD48L286cD48L3NwYW4+PC9zcGFuPjwvcHJlPg0KPHByZSBzdHlsZT0i bWFyZ2luLWxlZnQ6LjVpbiI+PHNwYW4gc3R5bGU9Im1zby1ib29rbWFyazpfTWFpbE9yaWdpbmFs Qm9keSI+PHNwYW4gc3R5bGU9ImNvbG9yOmJsYWNrIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48 L3NwYW4+PC9wcmU+DQo8cHJlIHN0eWxlPSJtYXJnaW4tbGVmdDouNWluIj48c3BhbiBzdHlsZT0i bXNvLWJvb2ttYXJrOl9NYWlsT3JpZ2luYWxCb2R5Ij48c3BhbiBzdHlsZT0iY29sb3I6YmxhY2si PiZuYnNwOyZuYnNwOyBBbiBVUERBVEUgbWVzc2FnZSB0aGF0IGNvbnRhaW5zIHRoZSBBUyBudW1i ZXIgb2YgemVybyBpbiB0aGUgQVNfUEFUSDxvOnA+PC9vOnA+PC9zcGFuPjwvc3Bhbj48L3ByZT4N CjxwcmUgc3R5bGU9Im1hcmdpbi1sZWZ0Oi41aW4iPjxzcGFuIHN0eWxlPSJtc28tYm9va21hcms6 X01haWxPcmlnaW5hbEJvZHkiPjxzcGFuIHN0eWxlPSJjb2xvcjpibGFjayI+Jm5ic3A7Jm5ic3A7 IG9yIEFHR1JFR0FUT1IgYXR0cmlidXRlIE1VU1QgYmUgY29uc2lkZXJlZCBhcyBtYWxmb3JtZWQg YW5kIGJlPG86cD48L286cD48L3NwYW4+PC9zcGFuPjwvcHJlPg0KPHByZSBzdHlsZT0ibWFyZ2lu LWxlZnQ6LjVpbiI+PHNwYW4gc3R5bGU9Im1zby1ib29rbWFyazpfTWFpbE9yaWdpbmFsQm9keSI+ PHNwYW4gc3R5bGU9ImNvbG9yOmJsYWNrIj4mbmJzcDsmbmJzcDsgaGFuZGxlZCBieSB0aGUgcHJv Y2VkdXJlcyBzcGVjaWZpZWQgaW4gW1JGQzc2MDZdLjxvOnA+PC9vOnA+PC9zcGFuPjwvc3Bhbj48 L3ByZT4NCjxwcmUgc3R5bGU9Im1hcmdpbi1sZWZ0Oi41aW4iPjxzcGFuIHN0eWxlPSJtc28tYm9v a21hcms6X01haWxPcmlnaW5hbEJvZHkiPjxzcGFuIHN0eWxlPSJjb2xvcjpibGFjayI+PG86cD4m bmJzcDs8L286cD48L3NwYW4+PC9zcGFuPjwvcHJlPg0KPHByZSBzdHlsZT0ibWFyZ2luLWxlZnQ6 LjVpbiI+PHNwYW4gc3R5bGU9Im1zby1ib29rbWFyazpfTWFpbE9yaWdpbmFsQm9keSI+PHNwYW4g c3R5bGU9ImNvbG9yOmJsYWNrIj4mbmJzcDsmbmJzcDsgQW4gVVBEQVRFIG1lc3NhZ2UgdGhhdCBj b250YWlucyB0aGUgQVMgbnVtYmVyIG9mIHplcm8gaW4gdGhlIEFTNF9QQVRIPG86cD48L286cD48 L3NwYW4+PC9zcGFuPjwvcHJlPg0KPHByZSBzdHlsZT0ibWFyZ2luLWxlZnQ6LjVpbiI+PHNwYW4g c3R5bGU9Im1zby1ib29rbWFyazpfTWFpbE9yaWdpbmFsQm9keSI+PHNwYW4gc3R5bGU9ImNvbG9y OmJsYWNrIj4mbmJzcDsmbmJzcDsgb3IgQVM0X0FHR1JFR0FUT1IgYXR0cmlidXRlIE1VU1QgYmUg Y29uc2lkZXJlZCBhcyBtYWxmb3JtZWQgYW5kIGJlPG86cD48L286cD48L3NwYW4+PC9zcGFuPjwv cHJlPg0KPHByZSBzdHlsZT0ibWFyZ2luLWxlZnQ6LjVpbiI+PHNwYW4gc3R5bGU9Im1zby1ib29r bWFyazpfTWFpbE9yaWdpbmFsQm9keSI+PHNwYW4gc3R5bGU9ImNvbG9yOmJsYWNrIj4mbmJzcDsm bmJzcDsgaGFuZGxlZCBieSB0aGUgcHJvY2VkdXJlcyBzcGVjaWZpZWQgaW4gW1JGQzY3OTNdLjxv OnA+PC9vOnA+PC9zcGFuPjwvc3Bhbj48L3ByZT4NCjxwcmUgc3R5bGU9Im1hcmdpbi1sZWZ0Oi41 aW4iPjxzcGFuIHN0eWxlPSJtc28tYm9va21hcms6X01haWxPcmlnaW5hbEJvZHkiPjxzcGFuIHN0 eWxlPSJjb2xvcjpibGFjayI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9zcGFuPjwvcHJlPg0K PHByZSBzdHlsZT0ibWFyZ2luLWxlZnQ6LjVpbiI+PHNwYW4gc3R5bGU9Im1zby1ib29rbWFyazpf TWFpbE9yaWdpbmFsQm9keSI+PHNwYW4gc3R5bGU9ImNvbG9yOmJsYWNrIj4mbmJzcDsmbmJzcDsg SWYgYSBCR1Agc3BlYWtlciByZWNlaXZlcyB6ZXJvIGFzIHRoZSBwZWVyIEFTIGluIGFuIE9QRU4g bWVzc2FnZSwgaXQ8bzpwPjwvbzpwPjwvc3Bhbj48L3NwYW4+PC9wcmU+DQo8cHJlIHN0eWxlPSJt YXJnaW4tbGVmdDouNWluIj48c3BhbiBzdHlsZT0ibXNvLWJvb2ttYXJrOl9NYWlsT3JpZ2luYWxC b2R5Ij48c3BhbiBzdHlsZT0iY29sb3I6YmxhY2siPiZuYnNwOyZuYnNwOyBNVVNUIGFib3J0IHRo ZSBjb25uZWN0aW9uIGFuZCBzZW5kIGEgTk9USUZJQ0FUSU9OIHdpdGggRXJyb3IgQ29kZTxvOnA+ PC9vOnA+PC9zcGFuPjwvc3Bhbj48L3ByZT4NCjxwcmUgc3R5bGU9Im1hcmdpbi1sZWZ0Oi41aW4i PjxzcGFuIHN0eWxlPSJtc28tYm9va21hcms6X01haWxPcmlnaW5hbEJvZHkiPjxzcGFuIHN0eWxl PSJjb2xvcjpibGFjayI+Jm5ic3A7Jm5ic3A7ICZxdW90O09QRU4gTWVzc2FnZSBFcnJvciZxdW90 OyBhbmQgc3ViY29kZSAmcXVvdDtCYWQgUGVlciBBUyZxdW90OyAoc2VlIFNlY3Rpb24mbmJzcDs2 IG9mPG86cD48L286cD48L3NwYW4+PC9zcGFuPjwvcHJlPg0KPHByZSBzdHlsZT0ibWFyZ2luLWxl ZnQ6LjVpbiI+PHNwYW4gc3R5bGU9Im1zby1ib29rbWFyazpfTWFpbE9yaWdpbmFsQm9keSI+PHNw YW4gc3R5bGU9ImNvbG9yOmJsYWNrIj4mbmJzcDsmbmJzcDsgW1JGQzQyNzFdKS4mbmJzcDsgQSBy b3V0ZXIgTVVTVCBOT1QgaW5pdGlhdGUgYSBjb25uZWN0aW9uIGNsYWltaW5nIHRvIGJlPG86cD48 L286cD48L3NwYW4+PC9zcGFuPjwvcHJlPg0KPHByZSBzdHlsZT0ibWFyZ2luLWxlZnQ6LjVpbiI+ PHNwYW4gc3R5bGU9Im1zby1ib29rbWFyazpfTWFpbE9yaWdpbmFsQm9keSI+PHNwYW4gc3R5bGU9 ImNvbG9yOmJsYWNrIj4mbmJzcDsmbmJzcDsgQVMgMC48bzpwPjwvbzpwPjwvc3Bhbj48L3NwYW4+ PC9wcmU+DQo8cHJlIHN0eWxlPSJtYXJnaW4tbGVmdDouNWluIj48c3BhbiBzdHlsZT0ibXNvLWJv b2ttYXJrOl9NYWlsT3JpZ2luYWxCb2R5Ij48c3BhbiBzdHlsZT0iY29sb3I6YmxhY2siPjxvOnA+ Jm5ic3A7PC9vOnA+PC9zcGFuPjwvc3Bhbj48L3ByZT4NCjxwcmUgc3R5bGU9Im1hcmdpbi1sZWZ0 Oi41aW4iPjxzcGFuIHN0eWxlPSJtc28tYm9va21hcms6X01haWxPcmlnaW5hbEJvZHkiPjxzcGFu IHN0eWxlPSJjb2xvcjpibGFjayI+VGhpcyBzZWVtcyBwcmV0dHkgZGVmaW5pdGl2ZSwgYW5kIG5v cm1hdGl2ZSwgbm90IGp1c3QgYSAmcXVvdDt1c2FnZSBjb252ZW50aW9uJnF1b3Q7IGZvciBBUyAw LDxvOnA+PC9vOnA+PC9zcGFuPjwvc3Bhbj48L3ByZT4NCjxwcmUgc3R5bGU9Im1hcmdpbi1sZWZ0 Oi41aW4iPjxzcGFuIHN0eWxlPSJtc28tYm9va21hcms6X01haWxPcmlnaW5hbEJvZHkiPjxzcGFu IHN0eWxlPSJjb2xvcjpibGFjayI+YXMgeW91IHN1Z2dlc3QuPG86cD48L286cD48L3NwYW4+PC9z cGFuPjwvcHJlPg0KPHByZSBzdHlsZT0ibWFyZ2luLWxlZnQ6LjVpbiI+PHNwYW4gc3R5bGU9Im1z by1ib29rbWFyazpfTWFpbE9yaWdpbmFsQm9keSI+PHNwYW4gc3R5bGU9ImNvbG9yOmJsYWNrIj48 bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3NwYW4+PC9wcmU+DQo8cHJlIHN0eWxlPSJtYXJnaW4t bGVmdDouNWluIj48c3BhbiBzdHlsZT0ibXNvLWJvb2ttYXJrOl9NYWlsT3JpZ2luYWxCb2R5Ij48 c3BhbiBzdHlsZT0iY29sb3I6YmxhY2siPlN0ZXZlPG86cD48L286cD48L3NwYW4+PC9zcGFuPjwv cHJlPg0KPC9kaXY+DQo8YmxvY2txdW90ZSBzdHlsZT0ibWFyZ2luLXRvcDo1LjBwdDttYXJnaW4t Ym90dG9tOjUuMHB0Ij4NCjxwcmUgc3R5bGU9Im1hcmdpbi1sZWZ0Oi41aW4iPjxzcGFuIHN0eWxl PSJtc28tYm9va21hcms6X01haWxPcmlnaW5hbEJvZHkiPlRoYW5rcyBTdGV2ZSw8bzpwPjwvbzpw Pjwvc3Bhbj48L3ByZT4NCjxwcmUgc3R5bGU9Im1hcmdpbi1sZWZ0Oi41aW4iPjxzcGFuIHN0eWxl PSJtc28tYm9va21hcms6X01haWxPcmlnaW5hbEJvZHkiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFu PjwvcHJlPg0KPHByZSBzdHlsZT0ibWFyZ2luLWxlZnQ6LjVpbiI+PHNwYW4gc3R5bGU9Im1zby1i b29rbWFyazpfTWFpbE9yaWdpbmFsQm9keSI+WW91IGFyZSByaWdodCB0aGF0IHRoZSBSRkNzIGJl bG93IHNob3VsZCBiZSByZWZlcmVuY2VkIGFsc28uJm5ic3A7IEhhdmluZyByZXZpZXdlZCB0aGVt IGFnYWluLCBub3RoaW5nIEkgc2FpZCBwcmV2aW91c2x5IHNlZW1zIHRvIGhhdmUgY2hhbmdlZC4m bmJzcDsmbmJzcDsgQVMgMCBpcyBhdCBiZXN0IGEgc3VnZ2VzdGVkIHVzYWdlIGNvbnZlbnRpb24u PG86cD48L286cD48L3NwYW4+PC9wcmU+DQo8cHJlIHN0eWxlPSJtYXJnaW4tbGVmdDouNWluIj48 c3BhbiBzdHlsZT0ibXNvLWJvb2ttYXJrOl9NYWlsT3JpZ2luYWxCb2R5Ij48bzpwPiZuYnNwOzwv bzpwPjwvc3Bhbj48L3ByZT4NCjxwcmUgc3R5bGU9Im1hcmdpbi1sZWZ0Oi41aW4iPjxzcGFuIHN0 eWxlPSJtc28tYm9va21hcms6X01haWxPcmlnaW5hbEJvZHkiPlRoZSB0aGluZyBJIGxpa2UgYWJv dXQgdGhlIDY0ODMgdGV4dCBpcyB0aGF0IGl0IG1ha2VzIGV4cGxpY2l0IHRoYXQgUk9BcyBjYW4g YW5kIHdpbGwgYmUgY3JlYXRlZCBiZW5lYXRoIGFuIEFTIDAgUk9BIChvbmUgdXNhZ2Ugc2NlbmFy aW8gaXMgZm9yY2luZyB5b3VyIGN1c3RvbWVycyB0byBpc3N1ZSBST0FzIGJlZm9yZSBhbm5vdW5j aW5nIHRoZWlyIHJvdXRlcykgYW5kIHRoYXQgYWxsIG9mIHRoaXMgaXMgJnF1b3Q7YnkgY29udmVu dGlvbiZxdW90Oy4mbmJzcDsmbmJzcDsgU28gd2hpbGUgbm90IG5vcm1hdGl2ZSwgSSB0aG91Z2gg NjQ4MyBwYWludGVkIHRoZSBiZXN0IHBpY3R1cmUgb2YgdGhlIGlzc3VlcyB3ZSB3ZXJlIGRpc2N1 c3NpbmcuPG86cD48L286cD48L3NwYW4+PC9wcmU+DQo8cHJlIHN0eWxlPSJtYXJnaW4tbGVmdDou NWluIj48c3BhbiBzdHlsZT0ibXNvLWJvb2ttYXJrOl9NYWlsT3JpZ2luYWxCb2R5Ij48bzpwPiZu YnNwOzwvbzpwPjwvc3Bhbj48L3ByZT4NCjxwcmUgc3R5bGU9Im1hcmdpbi1sZWZ0Oi41aW4iPjxz cGFuIHN0eWxlPSJtc28tYm9va21hcms6X01haWxPcmlnaW5hbEJvZHkiPmRvdWdtPG86cD48L286 cD48L3NwYW4+PC9wcmU+DQo8L2Jsb2NrcXVvdGU+DQo8cCBzdHlsZT0ibWFyZ2luLWxlZnQ6LjVp biI+PHNwYW4gc3R5bGU9Im1zby1ib29rbWFyazpfTWFpbE9yaWdpbmFsQm9keSI+PG86cD4mbmJz cDs8L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8L2JvZHk+DQo8L2h0bWw+DQo= --_000_0A9F6A41B9144ED9989BDE0736525B2Anistgov_-- From nobody Tue Mar 13 21:13:40 2018 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 96873127076 for ; Tue, 13 Mar 2018 21:13:39 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.911 X-Spam-Level: X-Spam-Status: No, score=-6.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0n0SDLvv53rM for ; Tue, 13 Mar 2018 21:13:38 -0700 (PDT) Received: from ran.psg.com (ran.psg.com [IPv6:2001:418:8006::18]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A4CF0126BF3 for ; Tue, 13 Mar 2018 21:13:38 -0700 (PDT) Received: from localhost ([127.0.0.1] helo=ryuu.rg.net) by ran.psg.com with esmtp (Exim 4.86_2) (envelope-from ) id 1evxnE-0007KM-F5; Wed, 14 Mar 2018 04:13:36 +0000 Date: Wed, 14 Mar 2018 13:13:35 +0900 Message-ID: From: Randy Bush To: Oliver Borchert Cc: sidrops@ietf.org In-Reply-To: <31BADAAF-FDAD-4569-A8F9-731885E70BF1@nist.gov> References: <152029076512.12908.14537578849320525718.idtracker@ietfa.amsl.com> <074D75CB-7D34-4838-BEAA-88AE5E044F6C@ripe.net> <20180310120844.GC35705@vurt.meerval.net> <31BADAAF-FDAD-4569-A8F9-731885E70BF1@nist.gov> User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/25.3 Mule/6.0 (HANACHIRUSATO) MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") Content-Type: text/plain; charset=ISO-2022-JP Archived-At: Subject: Re: [Sidrops] New Version Notification for draft-sriram-sidrops-drop-invalid-policy-00.txt X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Mar 2018 04:13:40 -0000 > DISR allows a safe $B!H(Bdrop invalid$B!I(B as long as it is still routable. read that again with the goal of rpki-based origin validation, stopping accidental mis-originations, in mind. randy From nobody Thu Mar 15 12:03:10 2018 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4976E12EAEC for ; Thu, 15 Mar 2018 12:03:06 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QWNqLVbby7wT for ; Thu, 15 Mar 2018 12:03:05 -0700 (PDT) Received: from omr-m015e.mx.aol.com (omr-m015e.mx.aol.com [204.29.186.15]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 400CC12DB6D for ; Thu, 15 Mar 2018 12:02:46 -0700 (PDT) Received: from mtaout-mbc02.mx.aol.com (mtaout-mbc02.mx.aol.com [172.26.221.142]) by omr-m015e.mx.aol.com (Outbound Mail Relay) with ESMTP id 5AF6E38000D2; Thu, 15 Mar 2018 15:02:45 -0400 (EDT) Received: from iMac-Study.fios-router.home (pool-108-49-30-217.bstnma.fios.verizon.net [108.49.30.217]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mtaout-mbc02.mx.aol.com (MUA/Third Party Client Interface) with ESMTPSA id AE3D43800032C; Thu, 15 Mar 2018 15:02:44 -0400 (EDT) To: "Montgomery, Douglas (Fed)" , "Sriram, Kotikalapudi (Fed)" , Tim Bruijnzeels Cc: "sidrops-chairs@ietf.org" , "sidrops@ietf.org" References: <152029076512.12908.14537578849320525718.idtracker@ietfa.amsl.com> <074D75CB-7D34-4838-BEAA-88AE5E044F6C@ripe.net> <70613650-C8D6-43D9-8643-5694B77BADA9@nist.gov> <5d2afc8e-7f9a-e2bc-fa84-88b943639bd6@verizon.net> <0A9F6A41-B914-4ED9-989B-DE0736525B2A@nist.gov> From: Stephen Kent Message-ID: <67d45b24-734a-4043-f910-85fc8c83810e@verizon.net> Date: Thu, 15 Mar 2018 15:02:44 -0400 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: <0A9F6A41-B914-4ED9-989B-DE0736525B2A@nist.gov> Content-Type: multipart/alternative; boundary="------------223FD24F4D80A8BC207EFB41" Content-Language: en-US x-aol-global-disposition: G x-aol-sid: 3039ac1add8e5aaac3543e39 X-AOL-IP: 108.49.30.217 Archived-At: Subject: Re: [Sidrops] New Version Notification for draft-sriram-sidrops-drop-invalid-policy-00.txt X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Mar 2018 19:03:09 -0000 This is a multi-part message in MIME format. --------------223FD24F4D80A8BC207EFB41 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Doug, Bob, Whoops, you're right. 7607 is not applicable to this discussion, as it is describing Updates not ROAs. My bad. Also, Doug, I reluctantly agree that 6483, as an informational RFC, does not mandate any behavior. The phrase "by convention" describes the suggested ROA length for IPv4 and v6, and suggests that it be used exclusively for an address block, with no more specifics. But, as you noted, there may be a range of cases in which an INR holder might  use an AS 0 ROA and that might cause confusion, absent additional guidance. RFC 6491 (which is standards track) specifies how IANA planned to use AS 0 ROAs to mark all reserved and un-allocated  resources as well as some types of special purpose resources managed by IANA. It seems to imply the processing that it expects of relying parties when these ROAs are encountered, but it fails to provide explicit guidance in this respect. No, I don't recall that the RPKI specifies unique processing for AS 0 ROAs. Steve > --------------223FD24F4D80A8BC207EFB41 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: 8bit
Doug, Bob,

Whoops, you're right. 7607 is not applicable to this discussion, as it is describing Updates not ROAs. My bad.

Also, Doug, I reluctantly agree that 6483, as an informational RFC, does not mandate any behavior. The phrase "by convention" describes the suggested ROA length for IPv4 and v6, and suggests that it be used exclusively for an address block, with no more specifics. But, as you noted, there may be a range of cases in which an INR holder might  use an AS 0 ROA and that might cause confusion, absent additional guidance.

RFC 6491 (which is standards track) specifies how IANA planned to use AS 0 ROAs to mark all reserved and un-allocated  resources as well as some types of special purpose resources managed by IANA. It seems to imply the processing that it expects of relying parties when these ROAs are encountered, but it fails to provide explicit guidance in this respect.

No, I don't recall that the RPKI specifies unique processing for AS 0 ROAs.

Steve

 


--------------223FD24F4D80A8BC207EFB41-- From nobody Thu Mar 15 13:15:44 2018 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D46701205F0 for ; Thu, 15 Mar 2018 13:15:41 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nistgov.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CEDXBi_Vvmu6 for ; Thu, 15 Mar 2018 13:15:38 -0700 (PDT) Received: from GCC01-CY1-obe.outbound.protection.outlook.com (mail-cy1gcc01on0090.outbound.protection.outlook.com [23.103.200.90]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6EA87124BAC for ; Thu, 15 Mar 2018 13:15:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nistgov.onmicrosoft.com; s=selector1-nist-gov; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=WJatZQdxHKQCJtgq3cchBjP2DJ9oaOj6xdAG3twwipQ=; b=SbnRIvbIWw0WypjRVX/i8qmYXaChzfrqBkgpOIaralJyIhpEy0+pxc/PpoEag+T9DaeXeTR9Z9GBJnVTQWLApdKqt9TPgPXhwvFQUINlVcougxUVD2DF0V3UrlDRKVl5b07am4zIhrfoTmz0Yv7dawpwnktCHmORI5+QkLghc68= Received: from DM5PR09MB2137.namprd09.prod.outlook.com (10.173.130.139) by DM5PR09MB2139.namprd09.prod.outlook.com (10.173.130.141) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.567.14; Thu, 15 Mar 2018 20:15:37 +0000 Received: from DM5PR09MB2137.namprd09.prod.outlook.com ([fe80::ac83:90b1:9b37:c9b4]) by DM5PR09MB2137.namprd09.prod.outlook.com ([fe80::ac83:90b1:9b37:c9b4%18]) with mapi id 15.20.0567.018; Thu, 15 Mar 2018 20:15:36 +0000 From: "Borchert, Oliver (Fed)" To: Randy Bush CC: "sidrops@ietf.org" , "Borchert, Oliver (Fed)" Thread-Topic: [Sidrops] New Version Notification for draft-sriram-sidrops-drop-invalid-policy-00.txt Thread-Index: AQHTtNWhXON2Dcq5nUC1pRJAkmEmtqPDaEWAgAMAtQCAAv5sAIABGDMAgAKBDACAAR+AAIABC9OAgAJcD4A= Date: Thu, 15 Mar 2018 20:15:36 +0000 Message-ID: <5E8A17FF-669D-4622-8B46-FD692216544F@nist.gov> References: <152029076512.12908.14537578849320525718.idtracker@ietfa.amsl.com> <074D75CB-7D34-4838-BEAA-88AE5E044F6C@ripe.net> <20180310120844.GC35705@vurt.meerval.net> <31BADAAF-FDAD-4569-A8F9-731885E70BF1@nist.gov> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/10.b.0.180311 x-originating-ip: [2610:20:6222:140:cc31:1de4:ddc3:999e] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; DM5PR09MB2139; 6:zaQBYIKBmn3953eCgWGwc8kecC8gcbnUpwf5RN9FM23jGk8xeSNX3nUPOH0rWWD7ueo4d29HR0aUeI5qXCR9scad1njR8dHRZEHnGCaV9fvoXHo/Bl3xTiJ1bz8L66JILxhdWgm4q2HH/pNoF1aXrG2rlCfTHnO4yLVLGfxcHH7dIDJUEYCVFE1snST+8i4XJ/c3cIjgi7drYx7TiYq/CFmXMw47NEgMVP0Q8Ha1dqYgDwfTl3v9oau8FBrtJ1BiMLNzrUTQVbBd8pb4WRdEZxv3/5gnOs3Z273nTWpHUrihVRKJSlgVgqcwtTKAsjRum739vmZI2KYA2QYgMM0vjUn8sAM9ZcOmkcwcE0DHc7LmC22yR2RZ0zDDyOIDX1fE; 5:hIk8ueucXI2B2RulWTmRpLwsGmrSu4/DZ9Ua/JR/Zz+s8K5y14kGl7WMuli9YNQfwLtjKvcw8cDcepX9ZfT5LIXzi/rjzLNQ7Wkl1slTCNse3xU1vr8sLSj4fOPPjDOaZm8wbnnW2/zbRIFnsovyoIHiybSHII0GUL65Efvsr2c=; 24:qwkUSOJzvkGLklMwbdtf0Oa03ZMks/5U43xmFojYcRfgd0u+3Eo+HpT9pW/Ivh+6/2U0EV3IKsZoS1DEm6D51ntFsbDMy8lR7UbSt2ebP1A=; 7:39r6UfO0BM9muwX2cLnDJp05PgF56bEjUY1nPYgq5c5lkP3NNYpX2tG5itwfhs2fKqYoSmlda+lZ7m01m9dPcYpI6Vr2OOYcF7J1IJy1yh2aLjqoWGQgwrh209o4AGBiBU7VunJjy4DmmKjAsf2cA46f48NVn069E9d2S0Yrck3hgvT8TEgEDjD8+VhPIM7sYnB/LrzzH0hw0yXKwjNkEDeF9ko6hfW/tmelgR87qe/RUvKiTYWY0ymV7HNNxbGi x-ms-exchange-antispam-srfa-diagnostics: SSOS;SSOR; x-forefront-antispam-report: SFV:SKI; SCL:-1; SFV:NSPM; SFS:(10019020)(396003)(376002)(39860400002)(39380400002)(366004)(346002)(189003)(199004)(93886005)(25786009)(478600001)(14454004)(6246003)(68736007)(53936002)(83716003)(102836004)(86362001)(316002)(3660700001)(6512007)(106356001)(107886003)(36756003)(82746002)(6436002)(58126008)(2900100001)(4326008)(8936002)(99286004)(33656002)(186003)(6116002)(5660300001)(6506007)(5250100002)(2906002)(229853002)(305945005)(46003)(3280700002)(81166006)(105586002)(6916009)(2950100002)(81156014)(97736004)(8676002)(7736002)(6486002)(54906003)(76176011); DIR:OUT; SFP:1102; SCL:1; SRVR:DM5PR09MB2139; H:DM5PR09MB2137.namprd09.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; x-ms-office365-filtering-ht: Tenant x-ms-office365-filtering-correlation-id: b5011980-938f-4f87-e52b-08d58ab183a2 x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(5600026)(4604075)(3008032)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020); SRVR:DM5PR09MB2139; x-ms-traffictypediagnostic: DM5PR09MB2139: authentication-results: spf=none (sender IP is ) smtp.mailfrom=oliver.borchert@nist.gov; x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:; x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040522)(2401047)(8121501046)(5005006)(10201501046)(3002001)(93006095)(93001095)(3231221)(944501273)(52105095)(6055026)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(20161123564045)(20161123562045)(20161123558120)(6072148)(201708071742011); SRVR:DM5PR09MB2139; BCL:0; PCL:0; RULEID:; SRVR:DM5PR09MB2139; x-forefront-prvs: 0612E553B4 received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts) x-microsoft-antispam-message-info: pShV2j0ef8CxaYH6VaddJwmjmjgVLXyfivpkUlk6OT5yqAf+tk7rC4BqMkewhUlh5gGoD8ikBYLqDGST/R403c7D+5OyJP8523y2Hkn2f1X0D+evLgYV8gcacSgIWho6cYqMN8jYbYgZXyGHfa4CD3yIn4dkOL7ljJLtyO23HoQYdrZM/xHyPCW//5PpFUM8k+Aw2hgIVn4l4k6cnBQZrf9yNMRLnh4lojpeMcfQLbP6/KkWbNvx6C/RvPdDjPsDdMy59BlI/QosHibRLqdFiQ90sbMJ7j5Wrjoly4oZhfjUi1cAR2qLhfzqm+N2s7SBzTSFHsyj0tD1YzsW+Z3kUQ== spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-OriginatorOrg: nist.gov X-MS-Exchange-CrossTenant-Network-Message-Id: b5011980-938f-4f87-e52b-08d58ab183a2 X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Mar 2018 20:15:36.3878 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR09MB2139 Archived-At: Subject: Re: [Sidrops] New Version Notification for draft-sriram-sidrops-drop-invalid-policy-00.txt X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Mar 2018 20:15:42 -0000 U3VyZSwgaWYgdGhlICJhY2NpZGVudGFsIG1pcy1vcmlnaW5hdGlvbiIgaXMgdGhlIG9ubHkgb3Jp Z2luYXRpb24gbWFkZSwgRElTUiB3aWxsIG5vdCBkcm9wIHRoZSBpbnZhbGlkDQphbmQgUk9WIGRp ZCBub3QgaGVscCBhdCBhbGwgaW4gcHJldmVudGluZyB0aGUgcGFydGljdWxhciAiYWNjaWRlbnRh bCBtaXMtb3JpZ2luYXRpb24iLg0KSWYgb24gdGhlIG90aGVyIGhhbmQgdGhlICJhY2NpZGVudGFs IG1pcy1vcmlnaW5hdGlvbiIgaXMgY292ZXJlZCBieSBhbm90aGVyIHJvdXRlLCBpdCB3aWxsIGJl IGRyb3BwZWQNCmFuZCBpbiB0aGlzIGNhc2UgUk9WIGRpZCBwcmV2ZW50IHRoZSAiIGFjY2lkZW50 YWwgbWlzLW9yaWdpbmF0aW9uIiBmcm9tIGJlaW5nIHByb3BhZ2F0ZWQuDQoNCldoYXQgRElTUiBk b2VzLCBpdCBhbGxvd3MgdG8gZGVwbG95IGEgc29mdGVyICJkcm9wIGludmFsaWQiIHdpdGhvdXQg dGhlIGRhbmdlciBvZiBsb3NpbmcgY29ubmVjdGl2aXR5IA0KdW50aWwgdGhlIG9wZXJhdG9yIGRl Y2lkZXMgdG8gdHVybiBvZmYgRElTUiBhbmQgImRyb3AgaW52YWxpZCIuIA0KDQpBdCB0aGUgZW5k LCBpdCBpcyBhbGwgbG9jYWwgcG9saWN5IHdoYXQgdG8gZG8gd2l0aCBpbnZhbGlkLiBESVNSIGp1 c3QgcHJvdmlkZXMgYSBkZWZpbmVkDQphbGdvcml0aG0gb24gaG93IHRvIGFjdCB1cG9uIFJPViBy ZXN1bHRzIGR1cmluZyB0aGUgZGVwbG95bWVudCBzdGFnZSBieSByZWR1Y2luZyANCmxvc3Mgb2Yg cmVhY2hhYmlsaXR5IGR1ZSB0byAibWlzLWNvbmZpZ3VyYXRpb24iIGxhY2sgb2YgUk9BJ3MgZXRj Lg0KDQpPbGl2ZXINCg0K77u/T24gMy8xNC8xOCwgMTI6MTMgQU0sICJSYW5keSBCdXNoIiA8cmFu ZHlAcHNnLmNvbT4gd3JvdGU6DQoNCiAgICA+IERJU1IgYWxsb3dzIGEgc2FmZSDigJxkcm9wIGlu dmFsaWTigJ0gYXMgbG9uZyBhcyBpdCBpcyBzdGlsbCByb3V0YWJsZS4NCiAgICANCiAgICByZWFk IHRoYXQgYWdhaW4gd2l0aCB0aGUgZ29hbCBvZiBycGtpLWJhc2VkIG9yaWdpbiB2YWxpZGF0aW9u LCBzdG9wcGluZw0KICAgIGFjY2lkZW50YWwgbWlzLW9yaWdpbmF0aW9ucywgaW4gbWluZC4NCiAg ICANCiAgICByYW5keQ0KICAgIA0KDQo= From nobody Thu Mar 15 16:20:59 2018 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 455A7127419 for ; Thu, 15 Mar 2018 16:20:57 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.911 X-Spam-Level: X-Spam-Status: No, score=-1.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lzvFYae2wP0w for ; Thu, 15 Mar 2018 16:20:56 -0700 (PDT) Received: from slice.pfrc.org (slice.pfrc.org [67.207.130.108]) by ietfa.amsl.com (Postfix) with ESMTP id 40C4C120454 for ; Thu, 15 Mar 2018 16:20:56 -0700 (PDT) Received: by slice.pfrc.org (Postfix, from userid 1001) id E65ED1E3FF; Thu, 15 Mar 2018 19:20:56 -0400 (EDT) Date: Thu, 15 Mar 2018 19:20:56 -0400 From: Jeffrey Haas To: Keyur Patel Cc: "sidrops@ietf.org" Message-ID: <20180315232056.GC6209@pfrc.org> References: <5A15A7DD-EE21-499F-8F1C-6E250495E1F6@arrcus.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <5A15A7DD-EE21-499F-8F1C-6E250495E1F6@arrcus.com> User-Agent: Mutt/1.5.21 (2010-09-15) Archived-At: Subject: Re: [Sidrops] WGLC for draft-ietf-sidrops-ov-clarify-00 X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Mar 2018 23:20:57 -0000 On Wed, Feb 28, 2018 at 09:04:13PM +0000, Keyur Patel wrote: > A working group last call has been requested for draft-ietf-sidrops-ov-clarify-00, “Origin Validation Clarifications”. Please reply to the list with your comments. The WGLC will end on March 15, 2018. The document is clear and ready for publication. -- Jeff From nobody Thu Mar 15 16:36:15 2018 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D33BB127599; Thu, 15 Mar 2018 16:36:13 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.91 X-Spam-Level: X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XWy7-VTwrj9x; Thu, 15 Mar 2018 16:36:12 -0700 (PDT) Received: from slice.pfrc.org (slice.pfrc.org [67.207.130.108]) by ietfa.amsl.com (Postfix) with ESMTP id 00D83124239; Thu, 15 Mar 2018 16:36:11 -0700 (PDT) Received: by slice.pfrc.org (Postfix, from userid 1001) id A69801E3FF; Thu, 15 Mar 2018 19:36:12 -0400 (EDT) Date: Thu, 15 Mar 2018 19:36:12 -0400 From: Jeffrey Haas To: "Sriram, Kotikalapudi (Fed)" Cc: "sidrops@ietf.org" , "sidrops-chairs@ietf.org" Message-ID: <20180315233612.GE6209@pfrc.org> References: <152029076512.12908.14537578849320525718.idtracker@ietfa.amsl.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) Archived-At: Subject: Re: [Sidrops] New Version Notification for draft-sriram-sidrops-drop-invalid-policy-00.txt X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Mar 2018 23:36:14 -0000 Sriram, On Tue, Mar 06, 2018 at 04:34:17PM +0000, Sriram, Kotikalapudi (Fed) wrote: > We have requested the chairs for time on the SIDROPS meeting agenda to discuss this work: > > https://tools.ietf.org/html/draft-sriram-sidrops-drop-invalid-policy-00 > > The authors would appreciate comments/discussion on the list as well. I have a concern with one of the terms of your procedure. From section 3: : 4. If selected route is Valid/NotFound, then add the route to Loc- : RIB; Else, if Invalid, then add the route to Loc-RIB only if : there is no existing route in the Loc-RIB for a subsuming Less : Specific prefix. This sort of thing tries to get periodically added to BGP specs. In general, BGP tries *VERY* hard to avoid any sort of cascading dependency between routes due to the ripple effects. Enough so that the following is enshrined in the core spec: RFC 4271, Section 9.1: : The function that calculates the degree of preference for a given : route SHALL NOT use any of the following as its inputs: the existence : of other routes, the non-existence of other routes, or the path : attributes of other routes. I appreciate what you're trying to do here. However, my strong advice is DON'T. -- Jeff From nobody Thu Mar 15 17:02:04 2018 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B8D06127599 for ; Thu, 15 Mar 2018 17:02:02 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.598 X-Spam-Level: X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=instituut-net.20150623.gappssmtp.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fAD4a-glmP4a for ; Thu, 15 Mar 2018 17:02:01 -0700 (PDT) Received: from mail-wm0-x22f.google.com (mail-wm0-x22f.google.com [IPv6:2a00:1450:400c:c09::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B68A9126DD9 for ; Thu, 15 Mar 2018 17:02:00 -0700 (PDT) Received: by mail-wm0-x22f.google.com with SMTP id h76so21271wme.4 for ; Thu, 15 Mar 2018 17:02:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=instituut-net.20150623.gappssmtp.com; s=20150623; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=E1e01hTdx96exBUEoPuwZPvDpqMWlaJUvi//rl+vATw=; b=uoYBK2tvnbFTxMkFIM1lhQWWSQpoaLpkMMu0PNkDzJndiV+G3ODQQ/w/pNRm8T5L2N O67Xq0y6ZXTU2veBNc9HHKNgAleqtB62C1Jn3Gnl4rnScyMsBH/VQfOitS2klfdd9gy/ 1pefzYVnJF6sPnRWgTSHyaJgrex481qTZk0xnXR0kvq/rLx8iau8EjT+T9VeNHOVECFO gJjABHOFhc6u4CIRRAnMyVbb1lj5HATS7hdCO0lxVLh3PZ6PkTMeCzcB+g6bGvEYYX21 6tyDQXjuUeIBaAhaMwa01EfjH5Gpy9M16bEK+liIdVbQt3mrfL8P1SKiPWwHtoX90unu Yacw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=E1e01hTdx96exBUEoPuwZPvDpqMWlaJUvi//rl+vATw=; b=DjaT79AGvoZPvU6u6VYQlTV1/vkelUtjQ2Raebu8FOi2VKgLfh9pUO/R50/6JdaJ/M LuXNYr/2Mdj2LEhaF/yQFNiuQyQrTf3qLNO9GJZWyI336ngGbHjTa3VueY2ZYWcy8bCp R04B2zICznOXCX2b2vD8KL8RTe2CD9qmNGU1DvC+8DjdSm1Ms+XxNQoZf4E83YMkm7Cd Z6F0hFlUR++qOcVFJaKj8OXvh4a8cpzjk+EVSzaq5BX0+HfJCvNEH+LyrasmZDrpTKLP q56+eVmbuCfEEs7H8H9QSMMtsNfs09ptWOzb8vDy2b1MCZeTp+NaqMpFCqZfAjcGGrUK zc5w== X-Gm-Message-State: AElRT7HgX51LgbkhWg0UOxghkF4m5XaTMJH10xSrlv+Fg63dF1X9dgk2 JVFDwjyV4STDyj0/FBM8/+mlMQ== X-Google-Smtp-Source: AG47ELt+uk7oLHlqiPB8y4qEmk2/4y62NgIOuxx+nNMaWBpwdiLZkxlzFdjPMcLx0fdfl+U/6sHVJQ== X-Received: by 10.80.222.131 with SMTP id c3mr210576edl.220.1521158519051; Thu, 15 Mar 2018 17:01:59 -0700 (PDT) Received: from vurt.meerval.net (vurt.meerval.net. [192.147.168.22]) by smtp.gmail.com with ESMTPSA id z4sm3378022edm.44.2018.03.15.17.01.57 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Thu, 15 Mar 2018 17:01:58 -0700 (PDT) Received: from localhost (vurt.meerval.net [local]) by vurt.meerval.net (OpenSMTPD) with ESMTPA id ccf36c31; Fri, 16 Mar 2018 00:01:57 +0000 (UTC) Date: Fri, 16 Mar 2018 00:01:57 +0000 From: Job Snijders To: Jeffrey Haas Cc: "Sriram, Kotikalapudi (Fed)" , "sidrops-chairs@ietf.org" , "sidrops@ietf.org" Message-ID: <20180316000157.GC2536@vurt.meerval.net> References: <152029076512.12908.14537578849320525718.idtracker@ietfa.amsl.com> <20180315233612.GE6209@pfrc.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20180315233612.GE6209@pfrc.org> X-Clacks-Overhead: GNU Terry Pratchett User-Agent: Mutt/1.9.4 (2018-02-28) Archived-At: Subject: Re: [Sidrops] New Version Notification for draft-sriram-sidrops-drop-invalid-policy-00.txt X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Mar 2018 00:02:03 -0000 Dear Jeff, On Thu, Mar 15, 2018 at 07:36:12PM -0400, Jeffrey Haas wrote: > On Tue, Mar 06, 2018 at 04:34:17PM +0000, Sriram, Kotikalapudi (Fed) wrote: > > We have requested the chairs for time on the SIDROPS meeting agenda > > to discuss this work: > > > > https://tools.ietf.org/html/draft-sriram-sidrops-drop-invalid-policy-00 > > > > The authors would appreciate comments/discussion on the list as > > well. > > I have a concern with one of the terms of your procedure. From section 3: > > : 4. If selected route is Valid/NotFound, then add the route to Loc- > : RIB; Else, if Invalid, then add the route to Loc-RIB only if > : there is no existing route in the Loc-RIB for a subsuming Less > : Specific prefix. > > This sort of thing tries to get periodically added to BGP specs. In > general, BGP tries *VERY* hard to avoid any sort of cascading > dependency between routes due to the ripple effects. Enough so that > the following is enshrined in the core spec: > > RFC 4271, Section 9.1: > > : The function that calculates the degree of preference for a given > : route SHALL NOT use any of the following as its inputs: the existence > : of other routes, the non-existence of other routes, or the path > : attributes of other routes. > > I appreciate what you're trying to do here. However, my strong advice > is DON'T. I'd appreciate if you can elaborate more on your advice (perhaps from a protocol architecture perspective). In quite some BGP implementations the concept of "Conditional advertisements" is considered a feature, which is seemingly at odds with RFC 4271 section 9.1. Kind regards, Job From nobody Fri Mar 16 04:06:49 2018 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 68D041270A3 for ; Fri, 16 Mar 2018 04:06:47 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.201 X-Spam-Level: X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lmzxIZH2wrVk for ; Fri, 16 Mar 2018 04:06:45 -0700 (PDT) Received: from mail.netability.ie (mail.netability.ie [IPv6:2a03:8900:0:100::5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 85597126BF7 for ; Fri, 16 Mar 2018 04:06:45 -0700 (PDT) X-Envelope-To: sidrops@ietf.org Received: from crumpet.local (089-101-070074.ntlworld.ie [89.101.70.74] (may be forged)) (authenticated bits=0) by mail.netability.ie (8.15.2/8.15.2) with ESMTPSA id w2GB6gbj096880 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 16 Mar 2018 11:06:42 GMT (envelope-from nick@foobar.org) X-Authentication-Warning: cheesecake.ibn.ie: Host 089-101-070074.ntlworld.ie [89.101.70.74] (may be forged) claimed to be crumpet.local Message-ID: <5AABA541.4020708@foobar.org> Date: Fri, 16 Mar 2018 11:06:41 +0000 From: Nick Hilliard User-Agent: Postbox 5.0.24 (Macintosh/20180302) MIME-Version: 1.0 To: Jeffrey Haas CC: "sidrops@ietf.org" References: <5A15A7DD-EE21-499F-8F1C-6E250495E1F6@arrcus.com> <20180315232056.GC6209@pfrc.org> In-Reply-To: <20180315232056.GC6209@pfrc.org> X-Enigmail-Version: 1.2.3 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Archived-At: Subject: Re: [Sidrops] WGLC for draft-ietf-sidrops-ov-clarify-00 X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Mar 2018 11:06:47 -0000 Jeffrey Haas wrote: > On Wed, Feb 28, 2018 at 09:04:13PM +0000, Keyur Patel wrote: >> A working group last call has been requested for draft-ietf-sidrops-ov-clarify-00, “Origin Validation Clarifications”. Please reply to the list with your comments. The WGLC will end on March 15, 2018. > > The document is clear and ready for publication. Have read the doc and it looks both clear and sensible. Looks good to publish. Nick From nobody Fri Mar 16 06:41:04 2018 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6B4DD128961; Fri, 16 Mar 2018 06:41:03 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.911 X-Spam-Level: X-Spam-Status: No, score=-1.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AehhoYIJpThm; Fri, 16 Mar 2018 06:41:02 -0700 (PDT) Received: from slice.pfrc.org (slice.pfrc.org [67.207.130.108]) by ietfa.amsl.com (Postfix) with ESMTP id 72F5E126CD8; Fri, 16 Mar 2018 06:41:02 -0700 (PDT) Received: by slice.pfrc.org (Postfix, from userid 1001) id 001571E3FE; Fri, 16 Mar 2018 09:41:03 -0400 (EDT) Date: Fri, 16 Mar 2018 09:41:03 -0400 From: Jeffrey Haas To: Job Snijders Cc: "Sriram, Kotikalapudi (Fed)" , "sidrops-chairs@ietf.org" , "sidrops@ietf.org" Message-ID: <20180316134103.GF6209@pfrc.org> References: <152029076512.12908.14537578849320525718.idtracker@ietfa.amsl.com> <20180315233612.GE6209@pfrc.org> <20180316000157.GC2536@vurt.meerval.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20180316000157.GC2536@vurt.meerval.net> User-Agent: Mutt/1.5.21 (2010-09-15) Archived-At: Subject: Re: [Sidrops] New Version Notification for draft-sriram-sidrops-drop-invalid-policy-00.txt X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Mar 2018 13:41:03 -0000 On Fri, Mar 16, 2018 at 12:01:57AM +0000, Job Snijders wrote: > On Thu, Mar 15, 2018 at 07:36:12PM -0400, Jeffrey Haas wrote: > > RFC 4271, Section 9.1: > > > > : The function that calculates the degree of preference for a given > > : route SHALL NOT use any of the following as its inputs: the existence > > : of other routes, the non-existence of other routes, or the path > > : attributes of other routes. > > > > I appreciate what you're trying to do here. However, my strong advice > > is DON'T. > > I'd appreciate if you can elaborate more on your advice (perhaps from a > protocol architecture perspective). In quite some BGP implementations > the concept of "Conditional advertisements" is considered a feature, > which is seemingly at odds with RFC 4271 section 9.1. Conditional advertisement (insertion into the adj-ribs-out) is very different than impacting the route selection of loc-rib itself. Hopefully this clarifies the issue. -- Jeff From nobody Fri Mar 16 10:03:40 2018 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 863C512711D; Fri, 16 Mar 2018 10:03:38 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.901 X-Spam-Level: X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nistgov.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eHo7FiGPGTcm; Fri, 16 Mar 2018 10:03:35 -0700 (PDT) Received: from GCC01-DM2-obe.outbound.protection.outlook.com (mail-dm2gcc01on0123.outbound.protection.outlook.com [23.103.201.123]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 74D601200C5; Fri, 16 Mar 2018 10:03:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nistgov.onmicrosoft.com; s=selector1-nist-gov; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=Q45lduVfopi2e6FJeVUdgt0jV0D2vkSMhPbJvjFqLJg=; b=wF/rzWRsDNCCGSCg80Vj954cpq0aZI4k1x7/Yf3ISj5rBoXqrt2mccPG46Esruoc6np2V4yEGmJ0nAzCNWUrtdwLqOuu31RpkLU1y8qud31asT51BAwdukTYyOIUJAjgiPUzh6II5gyAO1xpNgTtBIet9Ao1EOatrPdk73yJjM4= Received: from BN6PR09MB2131.namprd09.prod.outlook.com (10.173.160.147) by BN6PR09MB2132.namprd09.prod.outlook.com (10.173.160.148) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.588.14; Fri, 16 Mar 2018 17:03:33 +0000 Received: from BN6PR09MB2131.namprd09.prod.outlook.com ([10.173.160.147]) by BN6PR09MB2131.namprd09.prod.outlook.com ([10.173.160.147]) with mapi id 15.20.0588.016; Fri, 16 Mar 2018 17:03:33 +0000 From: "Borchert, Oliver (Fed)" To: "Roque Gagliano (rogaglia)" , Job Snijders , "sidrops@ietf.org" , "draft-yossigi-rpkimaxlen@ietf.org" , "Ben Maddison" Thread-Topic: [Sidrops] Fwd: New Version Notification for draft-yossigi-rpkimaxlen-02.txt Thread-Index: AQHTtK3v3uu+G78RWkinVMloCmIFZaPCMuqAgBCyGAA= Date: Fri, 16 Mar 2018 17:03:33 +0000 Message-ID: References: <152027339832.14543.8814801305512518546.idtracker@ietfa.amsl.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/10.b.0.180311 authentication-results: spf=none (sender IP is ) smtp.mailfrom=oliver.borchert@nist.gov; x-originating-ip: [2610:20:6222:140:6c6a:8c10:cc8e:876e] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; BN6PR09MB2132; 7:JMU5JZ7fL/QdZI1gGXE5BIXd+12KnYqsSzkYGxVQ0vI/7RGY6iduGIZYi8noMa/+ZVY+042m33pQO1JB+K7qdgdRUqCc1pysTrio5pHBLkV9IT1uJT4Sy6yoP8FbBkPbhcFeOhUEQH0GkDSheKemyFZV7mZXJMBmLCt5kDzxBEtnO7aDQ8KDhulpfhS/FQd2uayI4Ihbp0etSnbd2XoIOQzQZWwPNXIEvPcoriJ8WqQGtcXWElUWeO3c7/kAPyA/ x-ms-exchange-antispam-srfa-diagnostics: SSOS; x-ms-office365-filtering-ht: Tenant x-ms-office365-filtering-correlation-id: 588b4579-1050-43d5-6a7d-08d58b5fd9be x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(5600026)(4604075)(3008032)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020); SRVR:BN6PR09MB2132; x-ms-traffictypediagnostic: BN6PR09MB2132: x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(65766998875637)(189930954265078)(238701278423138)(95692535739014)(219752817060721); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040522)(2401047)(8121501046)(5005006)(93006095)(93001095)(3231221)(944501281)(52105095)(3002001)(10201501046)(6055026)(6041310)(20161123562045)(20161123564045)(20161123558120)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(6072148)(201708071742011); SRVR:BN6PR09MB2132; BCL:0; PCL:0; RULEID:; SRVR:BN6PR09MB2132; x-forefront-prvs: 0613912E23 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39860400002)(396003)(376002)(39380400002)(346002)(366004)(377424004)(22974007)(189003)(199004)(6486002)(6436002)(2906002)(2950100002)(15650500001)(14454004)(6246003)(33656002)(25786009)(106356001)(45080400002)(76176011)(68736007)(53936002)(3660700001)(966005)(97736004)(478600001)(3280700002)(6306002)(36756003)(82746002)(229853002)(6116002)(6512007)(305945005)(186003)(77096007)(83716003)(2201001)(8676002)(575784001)(86362001)(105586002)(7736002)(8936002)(59450400001)(316002)(5660300001)(99286004)(2501003)(81166006)(2900100001)(81156014)(110136005)(6506007)(53546011)(58126008)(46003)(102836004); DIR:OUT; SFP:1102; SCL:1; SRVR:BN6PR09MB2132; H:BN6PR09MB2131.namprd09.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts) x-microsoft-antispam-message-info: Xuj+KN6R/izjxCpjG8tGbiVE5t7Jqm2Ou3Jg7rNzDCcM4iASASyAJv40n8ZqhhePZ3IFMa9Fm7JVgN2Wdgb2XB1Ga4KHutzqXijSMGGLko6Un0+nfhF2V6zUG9erLu5kfe8LgOwcEmQhc0d0XiQbgQD0DS8sRFooINDK6GJ/RyCwhvdiv5/ZQweI07NtwwP0sqVHUbGAswTTNxf6qv/6Y2NljlSWflBXEKQe+NzFeXY8AvdkPIkigGdEQOuTKmIQo/cHRDF0yg6C1Z1KC2dGppygzx14e0ru/TOAmnmukFEcMdAxu8qembVI8nnsjuRFRYeVXmk0eshnotnjvqV/UQ== spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="utf-8" Content-ID: <70565A3A89A636499D51A57CEC6A5D58@namprd09.prod.outlook.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-OriginatorOrg: nist.gov X-MS-Exchange-CrossTenant-Network-Message-Id: 588b4579-1050-43d5-6a7d-08d58b5fd9be X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Mar 2018 17:03:33.2675 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR09MB2132 Archived-At: Subject: Re: [Sidrops] Fwd: New Version Notification for draft-yossigi-rpkimaxlen-02.txt X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Mar 2018 17:03:39 -0000 SSByZWFkIHRocm91Z2ggdGhlIGRyYWZ0IGFuZCBmaW5kIGl0IGltcG9ydGFudC4gDQpJIGFncmVl IG9uIGFkb3B0aW9uIGFzIHdlbGwsDQoNCk9saXZlcg0KDQrvu79PbiAzLzUvMTgsIDU6MDYgUE0s ICJTaWRyb3BzIG9uIGJlaGFsZiBvZiBSb3F1ZSBHYWdsaWFubyAocm9nYWdsaWEpIiA8c2lkcm9w cy1ib3VuY2VzQGlldGYub3JnIG9uIGJlaGFsZiBvZiByb2dhZ2xpYUBjaXNjby5jb20+IHdyb3Rl Og0KDQogICAgSGkgSm9iLA0KICAgIA0KICAgIEkgYWdyZWUgb24gYWRvcHRpb24uDQogICAgDQog ICAgUm9xdWUNCiAgICANCiAgICDigJQgDQogICAgUm9xdWUgR2FnbGlhbm8NCiAgICANCiAgICBB dXRvbWF0aW9uIFNvZnR3YXJlIEFyY2hpdGVjdCBFTUVBUg0KICAgIA0KICAgICs0MSA3NiA0NDkg ODg2Nw0KICAgICANCiAgICBKb2luIHRoZSBOU08gRGlnaXRhbCBFY29zeXN0ZW06DQogICAgTlNP IG9uIERldk5ldDogaHR0cHM6Ly9uYTAxLnNhZmVsaW5rcy5wcm90ZWN0aW9uLm91dGxvb2suY29t Lz91cmw9d3d3LmNpc2NvLmNvbSUyRmdvJTJGbnNvZGV2bmV0JmRhdGE9MDIlN0MwMSU3Q29saXZl ci5ib3JjaGVydCU0MG5pc3QuZ292JTdDMmQ4OTk2NDY1ZjY2NDYzN2M0YTcwOGQ1ODJlNTU4ZWMl N0MyYWI1ZDgyZmQ4ZmE0Nzk3YTkzZTA1NDY1NWM2MWRlYyU3QzElN0MwJTdDNjM2NTU4ODQzOTA2 MDc2NjE3JnNkYXRhPXd0RlNHYVc3UlFTV3MlMkZ4ZEx4JTJCWkdMdXFyMGdiTCUyRmZvZlU4Tmt0 RkVKV1ElM0QmcmVzZXJ2ZWQ9MCA8aHR0cHM6Ly9uYTAxLnNhZmVsaW5rcy5wcm90ZWN0aW9uLm91 dGxvb2suY29tLz91cmw9aHR0cCUzQSUyRiUyRnd3dy5jaXNjby5jb20lMkZnbyUyRm5zb2Rldm5l dCZkYXRhPTAyJTdDMDElN0NvbGl2ZXIuYm9yY2hlcnQlNDBuaXN0LmdvdiU3QzJkODk5NjQ2NWY2 NjQ2MzdjNGE3MDhkNTgyZTU1OGVjJTdDMmFiNWQ4MmZkOGZhNDc5N2E5M2UwNTQ2NTVjNjFkZWMl N0MxJTdDMCU3QzYzNjU1ODg0MzkwNjA3NjYxNyZzZGF0YT1NRXdkeXJCNEQ2ZHpzeFhsUXMlMkZm ZVA0RHdGRHNKSFAlMkJIUTd2V1UwWWFwMCUzRCZyZXNlcnZlZD0wPg0KICAgIE5TTyBEZXZlbG9w ZXIgSHViOiBodHRwczovL25hMDEuc2FmZWxpbmtzLnByb3RlY3Rpb24ub3V0bG9vay5jb20vP3Vy bD13d3cuY2lzY28uY29tJTJGZ28lMkZuc29odWImZGF0YT0wMiU3QzAxJTdDb2xpdmVyLmJvcmNo ZXJ0JTQwbmlzdC5nb3YlN0MyZDg5OTY0NjVmNjY0NjM3YzRhNzA4ZDU4MmU1NThlYyU3QzJhYjVk ODJmZDhmYTQ3OTdhOTNlMDU0NjU1YzYxZGVjJTdDMSU3QzAlN0M2MzY1NTg4NDM5MDYwNzY2MTcm c2RhdGE9bnlXVjZ1Uk9iakgxMDRkJTJCWDJ6b3haQXFlRG5BekN5amlUSmpMOXUxdkRNJTNEJnJl c2VydmVkPTAgPGh0dHBzOi8vbmEwMS5zYWZlbGlua3MucHJvdGVjdGlvbi5vdXRsb29rLmNvbS8/ dXJsPWh0dHAlM0ElMkYlMkZ3d3cuY2lzY28uY29tJTJGZ28lMkZuc29odWImZGF0YT0wMiU3QzAx JTdDb2xpdmVyLmJvcmNoZXJ0JTQwbmlzdC5nb3YlN0MyZDg5OTY0NjVmNjY0NjM3YzRhNzA4ZDU4 MmU1NThlYyU3QzJhYjVkODJmZDhmYTQ3OTdhOTNlMDU0NjU1YzYxZGVjJTdDMSU3QzAlN0M2MzY1 NTg4NDM5MDYwNzY2MTcmc2RhdGE9UGRqa0VPdlJnOERIUGpPTktHd3FNdnU2QllHUWJvaVJodjdZ akM4dUZwZyUzRCZyZXNlcnZlZD0wPg0KICAgIA0KICAgICANCiAgICBPbiAwNS8wMy8xOCAxOTox NSwgIlNpZHJvcHMgb24gYmVoYWxmIG9mIEpvYiBTbmlqZGVycyIgPHNpZHJvcHMtYm91bmNlc0Bp ZXRmLm9yZyBvbiBiZWhhbGYgb2Ygam9iQG50dC5uZXQ+IHdyb3RlOg0KICAgIA0KICAgICAgICBE ZWFyIHdvcmtpbmcgZ3JvdXAsDQogICAgICAgIA0KICAgICAgICBUaGlzIGRvY3VtZW50IGhhcyBn b25lIHRocm91Z2ggYSBudW1iZXIgb2YgcmV2aXNpb25zIG91dHNpZGUgdGhlIHdvcmtpbmcgZ3Jv dXAuDQogICAgICAgIA0KICAgICAgICBBcyBhdXRob3JzIHdlIHRoaW5rIGl0IG1heSBiZSB0aW1l IHRvIGNvbnNpZGVyIGEgY2FsbCBmb3IgYWRvcHRpb24gYW5kDQogICAgICAgIGNvbnRpbnVlIHdv cmsgb24gdGhpcyBkb2N1bWVudCBpbiBjb250ZXh0IG9mIHRoZSB3b3JraW5nIGdyb3VwLg0KICAg ICAgICANCiAgICAgICAgVGhvdWdodHM/DQogICAgICAgIA0KICAgICAgICBLaW5kIHJlZ2FyZHMs DQogICAgICAgIA0KICAgICAgICBKb2INCiAgICAgICAgDQogICAgICAgIA0KICAgICAgICAtLS0t LS0tLS0tIEZvcndhcmRlZCBtZXNzYWdlIC0tLS0tLS0tLS0NCiAgICAgICAgRnJvbTogIDxpbnRl cm5ldC1kcmFmdHNAaWV0Zi5vcmc+DQogICAgICAgIERhdGU6IE1vbiwgTWFyIDUsIDIwMTggYXQg NzowOSBQTQ0KICAgICAgICBTdWJqZWN0OiBOZXcgVmVyc2lvbiBOb3RpZmljYXRpb24gZm9yIGRy YWZ0LXlvc3NpZ2ktcnBraW1heGxlbi0wMi50eHQNCiAgICAgICAgVG86IEpvYiBTbmlqZGVycyA8 am9iQG50dC5uZXQ+LCBLb3Rpa2FsYXB1ZGkgU3JpcmFtDQogICAgICAgIDxrb3Rpa2FsYXB1ZGku c3JpcmFtQG5pc3QuZ292PiwgQmVuIE1hZGRpc29uIDxiZW5tQHdvcmtvbmxpbmUuY28uemE+LA0K ICAgICAgICBZb3NzaSBHaWxhZCA8eW9zc2lnaUBidS5lZHU+LCBTaGFyb24gR29sZGJlcmcgPGdv bGRiZUBjcy5idS5lZHU+DQogICAgICAgIA0KICAgICAgICBBIG5ldyB2ZXJzaW9uIG9mIEktRCwg ZHJhZnQteW9zc2lnaS1ycGtpbWF4bGVuLTAyLnR4dA0KICAgICAgICBoYXMgYmVlbiBzdWNjZXNz ZnVsbHkgc3VibWl0dGVkIGJ5IEpvYiBTbmlqZGVycyBhbmQgcG9zdGVkIHRvIHRoZQ0KICAgICAg ICBJRVRGIHJlcG9zaXRvcnkuDQogICAgICAgIA0KICAgICAgICBOYW1lOiAgICAgICAgICAgZHJh ZnQteW9zc2lnaS1ycGtpbWF4bGVuDQogICAgICAgIFJldmlzaW9uOiAgICAgICAwMg0KICAgICAg ICBUaXRsZTogICAgICAgICAgVGhlIFVzZSBvZiBNYXhsZW5ndGggaW4gdGhlIFJQS0kNCiAgICAg ICAgRG9jdW1lbnQgZGF0ZTogIDIwMTgtMDMtMDUNCiAgICAgICAgR3JvdXA6ICAgICAgICAgIElu ZGl2aWR1YWwgU3VibWlzc2lvbg0KICAgICAgICBQYWdlczogICAgICAgICAgMTANCiAgICAgICAg VVJMOg0KICAgICAgICBodHRwczovL25hMDEuc2FmZWxpbmtzLnByb3RlY3Rpb24ub3V0bG9vay5j b20vP3VybD1odHRwcyUzQSUyRiUyRnd3dy5pZXRmLm9yZyUyRmludGVybmV0LWRyYWZ0cyUyRmRy YWZ0LXlvc3NpZ2ktcnBraW1heGxlbi0wMi50eHQmZGF0YT0wMiU3QzAxJTdDb2xpdmVyLmJvcmNo ZXJ0JTQwbmlzdC5nb3YlN0MyZDg5OTY0NjVmNjY0NjM3YzRhNzA4ZDU4MmU1NThlYyU3QzJhYjVk ODJmZDhmYTQ3OTdhOTNlMDU0NjU1YzYxZGVjJTdDMSU3QzAlN0M2MzY1NTg4NDM5MDYwNzY2MTcm c2RhdGE9T1dCNXluZUlOUUxwNXR6WVFRdlpnNmtvTjNiSHk3YXNOOUpIYnYlMkZKUk5rJTNEJnJl c2VydmVkPTANCiAgICAgICAgU3RhdHVzOiAgICAgICAgIGh0dHBzOi8vbmEwMS5zYWZlbGlua3Mu cHJvdGVjdGlvbi5vdXRsb29rLmNvbS8/dXJsPWh0dHBzJTNBJTJGJTJGZGF0YXRyYWNrZXIuaWV0 Zi5vcmclMkZkb2MlMkZkcmFmdC15b3NzaWdpLXJwa2ltYXhsZW4lMkYmZGF0YT0wMiU3QzAxJTdD b2xpdmVyLmJvcmNoZXJ0JTQwbmlzdC5nb3YlN0MyZDg5OTY0NjVmNjY0NjM3YzRhNzA4ZDU4MmU1 NThlYyU3QzJhYjVkODJmZDhmYTQ3OTdhOTNlMDU0NjU1YzYxZGVjJTdDMSU3QzAlN0M2MzY1NTg4 NDM5MDYwNzY2MTcmc2RhdGE9MjI1VEJQdnBJVmk2Nkk3U0s2QU5aNDhKNTZDanFoZ3hlMjFGeGNp VnJuZyUzRCZyZXNlcnZlZD0wDQogICAgICAgIEh0bWxpemVkOiAgICAgICBodHRwczovL25hMDEu c2FmZWxpbmtzLnByb3RlY3Rpb24ub3V0bG9vay5jb20vP3VybD1odHRwcyUzQSUyRiUyRnRvb2xz LmlldGYub3JnJTJGaHRtbCUyRmRyYWZ0LXlvc3NpZ2ktcnBraW1heGxlbi0wMiZkYXRhPTAyJTdD MDElN0NvbGl2ZXIuYm9yY2hlcnQlNDBuaXN0LmdvdiU3QzJkODk5NjQ2NWY2NjQ2MzdjNGE3MDhk NTgyZTU1OGVjJTdDMmFiNWQ4MmZkOGZhNDc5N2E5M2UwNTQ2NTVjNjFkZWMlN0MxJTdDMCU3QzYz NjU1ODg0MzkwNjA3NjYxNyZzZGF0YT02QUJjUWJPbTdmMmFUbVcyRVZWbXdVS2s5WVFNQmI0c2JL WXo2dzZWcUdVJTNEJnJlc2VydmVkPTANCiAgICAgICAgSHRtbGl6ZWQ6DQogICAgICAgIGh0dHBz Oi8vbmEwMS5zYWZlbGlua3MucHJvdGVjdGlvbi5vdXRsb29rLmNvbS8/dXJsPWh0dHBzJTNBJTJG JTJGZGF0YXRyYWNrZXIuaWV0Zi5vcmclMkZkb2MlMkZodG1sJTJGZHJhZnQteW9zc2lnaS1ycGtp bWF4bGVuLTAyJmRhdGE9MDIlN0MwMSU3Q29saXZlci5ib3JjaGVydCU0MG5pc3QuZ292JTdDMmQ4 OTk2NDY1ZjY2NDYzN2M0YTcwOGQ1ODJlNTU4ZWMlN0MyYWI1ZDgyZmQ4ZmE0Nzk3YTkzZTA1NDY1 NWM2MWRlYyU3QzElN0MwJTdDNjM2NTU4ODQzOTA2MDc2NjE3JnNkYXRhPU5NYWUwVTE5NkRpJTJG QyUyQmRaQlJvN0lIJTJCRFdEMXFqeUhtUzVpWG5tWk5wc0ElM0QmcmVzZXJ2ZWQ9MA0KICAgICAg ICBEaWZmOiAgICAgICAgICAgaHR0cHM6Ly9uYTAxLnNhZmVsaW5rcy5wcm90ZWN0aW9uLm91dGxv b2suY29tLz91cmw9aHR0cHMlM0ElMkYlMkZ3d3cuaWV0Zi5vcmclMkZyZmNkaWZmJTNGdXJsMiUz RGRyYWZ0LXlvc3NpZ2ktcnBraW1heGxlbi0wMiZkYXRhPTAyJTdDMDElN0NvbGl2ZXIuYm9yY2hl cnQlNDBuaXN0LmdvdiU3QzJkODk5NjQ2NWY2NjQ2MzdjNGE3MDhkNTgyZTU1OGVjJTdDMmFiNWQ4 MmZkOGZhNDc5N2E5M2UwNTQ2NTVjNjFkZWMlN0MxJTdDMCU3QzYzNjU1ODg0MzkwNjA3NjYxNyZz ZGF0YT0xRWFsUzRVMUR2cWljaSUyRloyeUZYRjliQksxWnNpNHc1ZXl1dkxld0p5Nm8lM0QmcmVz ZXJ2ZWQ9MA0KICAgICAgICANCiAgICAgICAgQWJzdHJhY3Q6DQogICAgICAgICAgIFRoaXMgZG9j dW1lbnQgcmVjb21tZW5kcyB0aGF0IG9wZXJhdG9ycyBhdm9pZCB1c2luZyB0aGUgbWF4TGVuZ3Ro DQogICAgICAgICAgIGF0dHJpYnV0ZSB3aGVuIGlzc3VpbmcgUm91dGUgT3JpZ2luIEF1dGhvcml6 YXRpb25zIChST0FzKSBpbiB0aGUNCiAgICAgICAgICAgUmVzb3VyY2UgUHVibGljIEtleSBJbmZy YXN0cnVjdHVyZSAoUlBLSSkuICBUaGVzZSByZWNvbW1lbmRhdGlvbnMNCiAgICAgICAgICAgY29t cGxlbWVudCB0aG9zZSBpbiBbUkZDNzExNV0uDQogICAgICAgIA0KICAgICAgICANCiAgICAgICAg UGxlYXNlIG5vdGUgdGhhdCBpdCBtYXkgdGFrZSBhIGNvdXBsZSBvZiBtaW51dGVzIGZyb20gdGhl IHRpbWUgb2Ygc3VibWlzc2lvbg0KICAgICAgICB1bnRpbCB0aGUgaHRtbGl6ZWQgdmVyc2lvbiBh bmQgZGlmZiBhcmUgYXZhaWxhYmxlIGF0IHRvb2xzLmlldGYub3JnLg0KICAgICAgICANCiAgICAg ICAgVGhlIElFVEYgU2VjcmV0YXJpYXQNCiAgICAgICAgDQogICAgICAgIF9fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fDQogICAgICAgIFNpZHJvcHMgbWFpbGlu ZyBsaXN0DQogICAgICAgIFNpZHJvcHNAaWV0Zi5vcmcNCiAgICAgICAgaHR0cHM6Ly9uYTAxLnNh ZmVsaW5rcy5wcm90ZWN0aW9uLm91dGxvb2suY29tLz91cmw9aHR0cHMlM0ElMkYlMkZ3d3cuaWV0 Zi5vcmclMkZtYWlsbWFuJTJGbGlzdGluZm8lMkZzaWRyb3BzJmRhdGE9MDIlN0MwMSU3Q29saXZl ci5ib3JjaGVydCU0MG5pc3QuZ292JTdDMmQ4OTk2NDY1ZjY2NDYzN2M0YTcwOGQ1ODJlNTU4ZWMl N0MyYWI1ZDgyZmQ4ZmE0Nzk3YTkzZTA1NDY1NWM2MWRlYyU3QzElN0MwJTdDNjM2NTU4ODQzOTA2 MDc2NjE3JnNkYXRhPVRsM1oxWGVId1hzWGklMkZiN2pqa04zOHolMkI4bVJQSiUyQnU0NE5CYUU4 TGloWGslM0QmcmVzZXJ2ZWQ9MA0KICAgICAgICANCiAgICANCiAgICBfX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXw0KICAgIFNpZHJvcHMgbWFpbGluZyBsaXN0 DQogICAgU2lkcm9wc0BpZXRmLm9yZw0KICAgIGh0dHBzOi8vbmEwMS5zYWZlbGlua3MucHJvdGVj dGlvbi5vdXRsb29rLmNvbS8/dXJsPWh0dHBzJTNBJTJGJTJGd3d3LmlldGYub3JnJTJGbWFpbG1h biUyRmxpc3RpbmZvJTJGc2lkcm9wcyZkYXRhPTAyJTdDMDElN0NvbGl2ZXIuYm9yY2hlcnQlNDBu aXN0LmdvdiU3QzJkODk5NjQ2NWY2NjQ2MzdjNGE3MDhkNTgyZTU1OGVjJTdDMmFiNWQ4MmZkOGZh NDc5N2E5M2UwNTQ2NTVjNjFkZWMlN0MxJTdDMCU3QzYzNjU1ODg0MzkwNjA3NjYxNyZzZGF0YT1U bDNaMVhlSHdYc1hpJTJGYjdqamtOMzh6JTJCOG1SUEolMkJ1NDROQmFFOExpaFhrJTNEJnJlc2Vy dmVkPTANCiAgICANCg0K From nobody Tue Mar 20 10:55:28 2018 Return-Path: X-Original-To: sidrops@ietf.org Delivered-To: sidrops@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id CF3A8127867; Tue, 20 Mar 2018 10:55:22 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: Cc: sidrops@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.75.2 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <152156852282.9718.17979378342549168289@ietfa.amsl.com> Date: Tue, 20 Mar 2018 10:55:22 -0700 Archived-At: Subject: [Sidrops] I-D Action: draft-ietf-sidrops-https-tal-00.txt X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Mar 2018 17:55:23 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the SIDR Operations WG of the IETF. Title : Resource Public Key Infrastructure (RPKI) Trust Anchor Locator Authors : Tim Bruijnzeels George Michaelson Filename : draft-ietf-sidrops-https-tal-00.txt Pages : 9 Date : 2018-03-20 Abstract: This document defines a Trust Anchor Locator (TAL) for the Resource Public Key Infrastructure (RPKI). This document obsoletes RFC 7730 by adding support for HTTPS URIs in a TAL. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-sidrops-https-tal/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-sidrops-https-tal-00 https://datatracker.ietf.org/doc/html/draft-ietf-sidrops-https-tal-00 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Tue Mar 20 11:57:59 2018 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0B5AE12895E for ; Tue, 20 Mar 2018 11:57:57 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.651 X-Spam-Level: X-Spam-Status: No, score=-1.651 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249] autolearn=no autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aIPGY1GvVKyD for ; Tue, 20 Mar 2018 11:57:56 -0700 (PDT) Received: from hrabosky.cbbtier3.att.net (hrabosky.cbbtier3.att.net [12.0.1.25]) by ietfa.amsl.com (Postfix) with ESMTP id 386E6127AD4 for ; Tue, 20 Mar 2018 11:57:56 -0700 (PDT) Received: from oz.mt.att.com (zoe.cbbtier3.att.net [12.0.1.45]) by hrabosky.cbbtier3.att.net (Postfix) with ESMTP id BA24A1E7BA for ; Tue, 20 Mar 2018 18:57:55 +0000 (UTC) Received: by oz.mt.att.com (Postfix, from userid 1000) id 9E97BA4034A; Tue, 20 Mar 2018 14:57:55 -0400 (EDT) X-Mailer: emacs 24.3.1 (via feedmail 11-beta-1 I); VM 8.2.0b under 24.3.1 (x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Message-ID: <23217.22959.533753.794971@oz.mt.att.com> Date: Tue, 20 Mar 2018 14:57:51 -0400 From: Jay Borkenhagen To: In-Reply-To: <5AABA541.4020708@foobar.org> References: <5A15A7DD-EE21-499F-8F1C-6E250495E1F6@arrcus.com> <20180315232056.GC6209@pfrc.org> <5AABA541.4020708@foobar.org> Reply-To: Jay Borkenhagen X-GPG-Fingerprint: DDDB 542E D988 94D0 82D3 D198 7DED 6648 2308 D3C0 Archived-At: Subject: Re: [Sidrops] WGLC for draft-ietf-sidrops-ov-clarify-00 X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Mar 2018 18:57:57 -0000 Nick Hilliard writes: > Jeffrey Haas wrote: > > On Wed, Feb 28, 2018 at 09:04:13PM +0000, Keyur Patel wrote: > >> A working group last call has been requested for draft-ietf-sidro= ps-ov-clarify-00, =E2=80=9COrigin Validation Clarifications=E2=80=9D. P= lease reply to the list with your comments. The WGLC will end on March = 15, 2018. > >=20 > > The document is clear and ready for publication. >=20 > Have read the doc and it looks both clear and sensible. Looks good = to > publish. >=20 I agree: it's clear, sensible, and needed. It's ready to publish.=20 =09 =09 =09 =09 =09 =09 Jay B. From nobody Wed Mar 21 05:31:29 2018 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DAE9512D88D for ; Wed, 21 Mar 2018 05:31:28 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.21 X-Spam-Level: X-Spam-Status: No, score=-4.21 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PHIw1euG3vRu for ; Wed, 21 Mar 2018 05:31:26 -0700 (PDT) Received: from outpost1.zedat.fu-berlin.de (outpost1.zedat.fu-berlin.de [130.133.4.66]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5C39612D951 for ; Wed, 21 Mar 2018 05:31:25 -0700 (PDT) Received: from inpost2.zedat.fu-berlin.de ([130.133.4.69]) by outpost.zedat.fu-berlin.de (Exim 4.85) with esmtps (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (envelope-from ) id <1eyctn-000Cwz-Kg>; Wed, 21 Mar 2018 13:31:23 +0100 Received: from dhcp-8452.meeting.ietf.org ([31.133.132.82] helo=mw-x1.meeting.ietf.org) by inpost2.zedat.fu-berlin.de (Exim 4.85) with esmtpsa (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (envelope-from ) id <1eyctn-003Vg0-DR>; Wed, 21 Mar 2018 13:31:23 +0100 Date: Wed, 21 Mar 2018 12:31:21 +0000 From: Matthias Waehlisch To: Keyur Patel cc: "sidrops@ietf.org" In-Reply-To: <5A15A7DD-EE21-499F-8F1C-6E250495E1F6@arrcus.com> Message-ID: References: <5A15A7DD-EE21-499F-8F1C-6E250495E1F6@arrcus.com> User-Agent: Alpine 2.00 (WNT 1167 2008-08-23) X-X-Sender: waehl@mail.zedat.fu-berlin.de MIME-Version: 1.0 Content-Type: MULTIPART/MIXED; BOUNDARY="475780686-1647-1521630848=:5152" Content-ID: X-Originating-IP: 31.133.132.82 Archived-At: Subject: Re: [Sidrops] WGLC for draft-ietf-sidrops-ov-clarify-00 X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Mar 2018 12:31:29 -0000 This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. --475780686-1647-1521630848=:5152 Content-Type: TEXT/PLAIN; CHARSET=UTF-8 Content-Transfer-Encoding: 8BIT Content-ID: I read the draft and gave some minor comments directly to the author. It's ready to publish. Cheers matthias On Wed, 28 Feb 2018, Keyur Patel wrote: > > Hi Folks: > >   > > A working group last call has been requested for draft-ietf-sidrops-ov-clarify-00, > “Origin Validation Clarifications”. Please reply to the list with your comments. The WGLC > will end on March 15, 2018. > >   > > The draft can be found at: > https://datatracker.ietf.org/doc/draft-ietf-sidrops-ov-clarify/. > >   > > Randy as an author of this document it would be great if you can please confirm that any > relevant IPR has been disclosed. > >   > > Regards, > > Keyur > > > -- Matthias Waehlisch . Freie Universitaet Berlin, Computer Science .. http://www.cs.fu-berlin.de/~waehl --475780686-1647-1521630848=:5152-- From nobody Wed Mar 21 08:52:54 2018 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 29A60126D74 for ; Wed, 21 Mar 2018 08:52:53 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.911 X-Spam-Level: X-Spam-Status: No, score=-6.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j5EU3r99d__O for ; Wed, 21 Mar 2018 08:52:52 -0700 (PDT) Received: from ran.psg.com (ran.psg.com [IPv6:2001:418:8006::18]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CD561124B18 for ; Wed, 21 Mar 2018 08:52:51 -0700 (PDT) Received: from localhost ([127.0.0.1] helo=ryuu.rg.net) by ran.psg.com with esmtp (Exim 4.86_2) (envelope-from ) id 1eyg2i-0001dr-0v; Wed, 21 Mar 2018 15:52:48 +0000 Date: Wed, 21 Mar 2018 15:52:47 +0000 Message-ID: From: Randy Bush To: Matthias Waehlisch Cc: Keyur Patel , "sidrops@ietf.org" In-Reply-To: References: <5A15A7DD-EE21-499F-8F1C-6E250495E1F6@arrcus.com> User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/25.3 Mule/6.0 (HANACHIRUSATO) MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") Content-Type: text/plain; charset=US-ASCII Archived-At: Subject: Re: [Sidrops] WGLC for draft-ietf-sidrops-ov-clarify-00 X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Mar 2018 15:52:53 -0000 > I read the draft and gave some minor comments directly to the author. consequently, a -01 is in an emacs buffer A router SHOULD validate and mark all routes in its BGP, no matter how received; otherwise the operator does not have the ability to drop Invalid routes; and is therefore liable to complaints from neighbors about propagation of invalid routes. randy From nobody Wed Mar 21 10:05:19 2018 Return-Path: X-Original-To: sidrops@ietf.org Delivered-To: sidrops@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id E27E7126CC7; Wed, 21 Mar 2018 10:05:13 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: Cc: sidrops@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.76.0 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <152165191386.7433.11620101858268293110@ietfa.amsl.com> Date: Wed, 21 Mar 2018 10:05:13 -0700 Archived-At: Subject: [Sidrops] I-D Action: draft-ietf-sidrops-validating-bgp-speaker-02.txt X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Mar 2018 17:05:14 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the SIDR Operations WG of the IETF. Title : Signaling Prefix Origin Validation Results from an RPKI Origin Validating BGP Speaker to BGP Peers Authors : Thomas King Christoph Dietzel Daniel Kopp Aristidis Lambrianidis Arnaud Fenioux Filename : draft-ietf-sidrops-validating-bgp-speaker-02.txt Pages : 8 Date : 2018-03-21 Abstract: This document defines a new BGP transitive extended community, as well as its usage, to signal prefix origin validation results from an RPKI Origin validating BGP speaker to other BGP peers. Upon reception of prefix origin validation results, peers can use this information in their local routing decision process. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-sidrops-validating-bgp-speaker/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-sidrops-validating-bgp-speaker-02 https://datatracker.ietf.org/doc/html/draft-ietf-sidrops-validating-bgp-speaker-02 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-sidrops-validating-bgp-speaker-02 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Wed Mar 21 10:15:44 2018 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 35C2E12E043 for ; Wed, 21 Mar 2018 10:15:43 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.91 X-Spam-Level: X-Spam-Status: No, score=-6.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yd5PyRIeh7sf for ; Wed, 21 Mar 2018 10:15:40 -0700 (PDT) Received: from deliverix-glo-01.ams-ix.net (smtp.ams-ix.net [IPv6:2001:67c:1a8:a101::72]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 226F712751F for ; Wed, 21 Mar 2018 10:15:40 -0700 (PDT) Received: from dhcp-80cb.meeting.ietf.org (dhcp-80cb.meeting.ietf.org [31.133.128.203]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: alam394) by deliverix-glo-01.ams-ix.net (Postfix) with ESMTPSA id 9E38621161 for ; Wed, 21 Mar 2018 18:15:38 +0100 (CET) From: Aris Lambrianidis Content-Type: multipart/signed; boundary="Apple-Mail=_BCE8DFEE-E6A8-4469-AEF5-37430C5B4FA8"; protocol="application/pgp-signature"; micalg=pgp-sha256 Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\)) Date: Wed, 21 Mar 2018 17:15:36 +0000 References: <152165191386.7433.11620101858268293110@ietfa.amsl.com> To: sidrops@ietf.org In-Reply-To: <152165191386.7433.11620101858268293110@ietfa.amsl.com> Message-Id: <764CCF12-A0CA-46BF-AD85-E7D35C25BF12@ams-ix.net> X-Mailer: Apple Mail (2.3445.5.20) Archived-At: Subject: Re: [Sidrops] I-D Action: draft-ietf-sidrops-validating-bgp-speaker-02.txt X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Mar 2018 17:15:43 -0000 --Apple-Mail=_BCE8DFEE-E6A8-4469-AEF5-37430C5B4FA8 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Esteemed WG members, In the past couple of days we worked on simplifying the language and = nomenclature, as well as consolidating on using a standard 4 Octet AS Specific BGP Extended = Community, per the recommendation of Job Snijders. For those of you who are not already aware, we will have a short = presentation at tomorrow=E2=80=99s session, but constructive commenting is always welcome, in person or on = the list. Bonus points if it=E2=80=99s coming from people not having voiced their = opinion so far. On behalf of the authors, Aris > On 21 Mar 2018, at 17:05, internet-drafts@ietf.org wrote: >=20 >=20 > A New Internet-Draft is available from the on-line Internet-Drafts = directories. > This draft is a work item of the SIDR Operations WG of the IETF. >=20 > Title : Signaling Prefix Origin Validation Results = from an RPKI Origin Validating BGP Speaker to BGP Peers > Authors : Thomas King > Christoph Dietzel > Daniel Kopp > Aristidis Lambrianidis > Arnaud Fenioux > Filename : = draft-ietf-sidrops-validating-bgp-speaker-02.txt > Pages : 8 > Date : 2018-03-21 >=20 > Abstract: > This document defines a new BGP transitive extended community, as > well as its usage, to signal prefix origin validation results from = an > RPKI Origin validating BGP speaker to other BGP peers. Upon > reception of prefix origin validation results, peers can use this > information in their local routing decision process. >=20 >=20 >=20 > The IETF datatracker status page for this draft is: > = https://datatracker.ietf.org/doc/draft-ietf-sidrops-validating-bgp-speaker= / >=20 > There are also htmlized versions available at: > = https://tools.ietf.org/html/draft-ietf-sidrops-validating-bgp-speaker-02 > = https://datatracker.ietf.org/doc/html/draft-ietf-sidrops-validating-bgp-sp= eaker-02 >=20 > A diff from the previous version is available at: > = https://www.ietf.org/rfcdiff?url2=3Ddraft-ietf-sidrops-validating-bgp-spea= ker-02 >=20 >=20 > Please note that it may take a couple of minutes from the time of = submission > until the htmlized version and diff are available at tools.ietf.org. >=20 > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ >=20 > _______________________________________________ > Sidrops mailing list > Sidrops@ietf.org > https://www.ietf.org/mailman/listinfo/sidrops --Apple-Mail=_BCE8DFEE-E6A8-4469-AEF5-37430C5B4FA8 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIzBAEBCAAdFiEEUp/VqpxRPGaBN5IfD0He/2W1GqwFAlqykzgACgkQD0He/2W1 Gqx/HA//di/zKuoJ4EhjjrV1MMjAmCSg1IJ6IsSWbKJ8p79Tte8qG5AUBIrsbbSX EB40lMZQs8TSMl26FZh5Q7tXp18OzE5FjJUNFL7BXZ8fkGtttAoZqHA39WbfjZ6t gYtdzGu60+bH+tU89z1zR8L8DsWnPeOEtn57Gy8r+ZEQjXNPagHa2mhj+BtUzViX xV+mB9UUQXx5Q4yosT9OHWXxuoLl5A46wdG/+bYK+3i+k3Vr3pB9ef01vSSxv7I/ KhoIFKY+9Sw4biltROmwgbx3MsL+r+GDRkufb3lc8W6Sx2ee0jiQAPPapOV7eaOR 41u+BKgYcUQ/ahNpzMxzyRY0DREXqoXQKssSBuOvRjX5A6A0Wl9RdhQGX0OeCrte /6zxO7rtg2L8d+l5ptVR5dCpniLyUXDqhfE/1j84uiw/Y/XeSOTXWd9roAsWgk7D UqJ2myGeJXrylefm5TdPO8i0yUu01QEIr/uE7WKqIfKZmNfeH1TMAwTV48i2bXqj X/SBif5Y/QdO/ybMGFjtPJD1lkyQjFfJST4Xs/BtNgD8JLFa7Vu0j75xlpeKt5Jr 8A9FVU7Uh3/7KLbNE2prkYU29Eij+Oo7kPyyxO6/vz6EH+zIxtqpGVEVZllY4HO4 /j8LIoLCJy+XK4jrck/ltXT3oCM9SiD/6UHfCXxlqLUaimBxMnE= =Srp0 -----END PGP SIGNATURE----- --Apple-Mail=_BCE8DFEE-E6A8-4469-AEF5-37430C5B4FA8-- From nobody Thu Mar 22 06:26:26 2018 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B71CD127010 for ; Thu, 22 Mar 2018 06:26:24 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.111 X-Spam-Level: X-Spam-Status: No, score=-1.111 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_ADSP_ALL=0.8, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qK7n-T60gGbr for ; Thu, 22 Mar 2018 06:26:23 -0700 (PDT) Received: from relay.kvm02.ops-netman.net (relay.ops-netman.net [192.110.255.59]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D7C421200C5 for ; Thu, 22 Mar 2018 06:26:23 -0700 (PDT) Received: from mail.ops-netman.net (mailserver.ops-netman.net [199.168.90.119]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by relay.kvm02.ops-netman.net (Postfix) with ESMTPS id 2388F40127 for ; Thu, 22 Mar 2018 13:26:22 +0000 (UTC) Received: from morrowc-glaptop2.ops-netman.net (unknown [IPv6:2001:67c:370:128:3e9f:6d3c:7e57:d955]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.ops-netman.net (Postfix) with ESMTPSA id 858DC7F91C for ; Thu, 22 Mar 2018 13:26:20 +0000 (UTC) Authentication-Results: mail.ops-netman.net; dkim=none reason="no signature"; dkim-adsp=fail (unprotected policy); dkim-atps=neutral Date: Thu, 22 Mar 2018 13:26:16 +0000 Message-ID: From: Chris Morrow To: sidrops@ietf.org User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/25.2 Mule/6.0 (HANACHIRUSATO) Organization: Operations Network Management, Ltd. MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") Content-Type: text/plain; charset=US-ASCII Archived-At: Subject: [Sidrops] Slids for today's meeting X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Mar 2018 13:26:25 -0000 Are all uploaded, save one which is awaiting conversion. -chris From nobody Thu Mar 22 07:47:15 2018 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 92CA912D87E for ; Thu, 22 Mar 2018 07:47:13 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.999 X-Spam-Level: X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B3wkqeAthoBJ for ; Thu, 22 Mar 2018 07:47:12 -0700 (PDT) Received: from mail-vk0-x234.google.com (mail-vk0-x234.google.com [IPv6:2607:f8b0:400c:c05::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C9459126DFB for ; Thu, 22 Mar 2018 07:47:11 -0700 (PDT) Received: by mail-vk0-x234.google.com with SMTP id k187so5353754vke.12 for ; Thu, 22 Mar 2018 07:47:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=mlXyW7y1yVhOn1HJuG3W1evMIz36MLuSCfy7842qXYA=; b=olXPLzj9aOAhXtiM002obSVFZGsDwy/Xw8ENxYUMUM4QmLAa6uHSYMoMaIQcijRLRo Eed65jE0FiTwmcdjkCDj/1VGy+pEOQGHZe10YNqGA6H4tauFas/D7Lcfb7Kp0DXUAoa/ XUAHFxpMukZ33edFd8dtgQcD9B+5PjRUn/VFWDVaZt24ZRj+gpGtxMbtPyfDpL6x1FUg PJy/6dNGPMN0qcKS631m77ZYfKUpli+z0CkExl4Om/pe9+AD1AqUeCFqnvF04iuHI+x+ cPQ050YeSaX4ASurlWqf1jHl8PPxYig7I09pyktj4SFG/kmLGjyVVD36y0prh3T2b8FJ daWQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=mlXyW7y1yVhOn1HJuG3W1evMIz36MLuSCfy7842qXYA=; b=bDP2NsAoN6jhkE1oYuEnX3IhBxLxh0PjR3ybvL1AOlVpfNmDA7qZvtITx5TbA3gPQS YnqAJrumb69ycESufwAZ9H7/QApEfNZGN0ouNK7uo7UpsKOSRddmgvqcRqqd3r11Q3Qv YsP+FNYVqMVhOsyqsXAG/xDzlidqX64DpAyvp28xEysBjoQomJYUc3lr5SqcRfWWcJld N34W+jtC4Cj9aSGsD7Zqt/upmATMaEwcPJwsMXnlCtYQPE4IxGUG/BuW5hr3cPJ1XmEX HfO4pQOWZ7xgcwKBxj4Q1ZUbBXkdQjCOvYkFkRi67nQE2BrkfYHedXFRnq4KGGOv+9h5 GN6g== X-Gm-Message-State: AElRT7GVY2aEby8BaWITKJE0A1mtrTocvXK0vEN2GlejmeZwuhUhQkvK +eYZBUK0NaRt34sEe67QNh3E+DDmpD6ZM9OqoY00gw== X-Google-Smtp-Source: AG47ELsLYmH6b9BZDljgb6aJNpQI2PZOLmh9hNwh/BWC3zhResbPGQ5Bl9Vte1zdLPHfSNnY17SvD358ua5PIXFpK4Q= X-Received: by 10.31.223.129 with SMTP id w123mr727152vkg.9.1521730030604; Thu, 22 Mar 2018 07:47:10 -0700 (PDT) MIME-Version: 1.0 Received: by 10.159.59.139 with HTTP; Thu, 22 Mar 2018 07:47:10 -0700 (PDT) In-Reply-To: References: From: Christopher Morrow Date: Thu, 22 Mar 2018 14:47:10 +0000 Message-ID: To: sidrops@ietf.org Content-Type: multipart/alternative; boundary="94eb2c07dc90eb17dd05680161e3" Archived-At: Subject: Re: [Sidrops] Slids for today's meeting X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Mar 2018 14:47:14 -0000 --94eb2c07dc90eb17dd05680161e3 Content-Type: text/plain; charset="UTF-8" s/Slids/Slides/ On Thu, Mar 22, 2018 at 1:26 PM, Chris Morrow wrote: > > Are all uploaded, save one which is awaiting conversion. > > -chris > > _______________________________________________ > Sidrops mailing list > Sidrops@ietf.org > https://www.ietf.org/mailman/listinfo/sidrops > --94eb2c07dc90eb17dd05680161e3 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
<shamecube>
s/Slids/Slides/
</shame= cube>

On Thu, Mar 22, 2018 at 1:26 PM, Chris Morrow <morrowc@ops-netman.= net> wrote:

Are all uploaded, save one which is awaiting conversion.

-chris

_______________________________________________
Sidrops mailing list
Sidrops@ietf.org
https://www.ietf.org/mailman/listinfo/sidrops<= br>

--94eb2c07dc90eb17dd05680161e3-- From nobody Thu Mar 22 11:41:53 2018 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ACBBD1242EA for ; Thu, 22 Mar 2018 11:41:52 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.91 X-Spam-Level: X-Spam-Status: No, score=-6.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6Tc3aY-Zfo6o for ; Thu, 22 Mar 2018 11:41:50 -0700 (PDT) Received: from molamola.ripe.net (molamola.ripe.net [IPv6:2001:67c:2e8:11::c100:1371]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EDE57126B6E for ; Thu, 22 Mar 2018 11:41:42 -0700 (PDT) Received: from nene.ripe.net ([193.0.23.10]) by molamola.ripe.net with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ez59g-0000ov-MK for sidrops@ietf.org; Thu, 22 Mar 2018 19:41:41 +0100 Received: from sslvpn.ripe.net ([193.0.20.230] helo=vpn-175.ripe.net) by nene.ripe.net with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.89) (envelope-from ) id 1ez59K-0006Wn-Um; Thu, 22 Mar 2018 19:41:40 +0100 Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\)) From: Tim Bruijnzeels In-Reply-To: <152156852282.9718.17979378342549168289@ietfa.amsl.com> Date: Thu, 22 Mar 2018 18:41:13 +0000 Content-Transfer-Encoding: quoted-printable Message-Id: <370E65A6-1AFB-4830-9EC4-293F6B6905B9@ripe.net> References: <152156852282.9718.17979378342549168289@ietfa.amsl.com> To: SIDR Operations WG X-Mailer: Apple Mail (2.3445.5.20) X-ACL-Warn: Delaying message X-RIPE-Spam-Level: ------- X-RIPE-Spam-Report: Spam Total Points: -7.5 points pts rule name description ---- ---------------------- ------------------------------------ -7.5 ALL_TRUSTED Passed through trusted hosts only via SMTP -0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay domain X-RIPE-Signature: 784d7acfe6559f2a0b602ec6519a07195167bf847dc70d26018f87efda4524b0 Archived-At: Subject: Re: [Sidrops] I-D Action: draft-ietf-sidrops-https-tal-00.txt X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Mar 2018 18:41:53 -0000 Dear WG, As presented today, this is the adopted document that obsolete RFC7730 = and allows the use of HTTPS in TALs. The document obsoletes rather than updates because it would have become = unreadable otherwise. There are a number of references to rsync in = various parts of 7730. That said, the changes here are minimal. If any = of the original authors of RFC7730 want to be on the list they can be = added, alternatively I can extend the acknowledgment section. As mentioned please review the text of section 4 (see below). If there = are no objections in the next two weeks, then I will remove the first = paragraph, upload an -01 version and ask for last call. Kind regards Tim > 4. HTTPS Considerations >=20 >=20 > REMOVE LATER: The following text is inspired by the equivalent > section in [RFC8182], but adapted for this case. >=20 > Note that a Man in the Middle (MITM) cannot produce a CA = certificate > that would be considered valid according to the process described = in > Section 3. However, a MITM can perform withhold or replay attacks > targeting a Relying Party and keep the Relying Party from learning > about an update CA certificate. Because of this, Relying Parties > SHOULD do TLS certificate and host name validation when they fetch = a > CA certificate using an HTTPS URI on a TAL. >=20 > Relying Party tools SHOULD log any TLS certificate or host name > validation issues found, so that an operator can investigate the > cause. However, such validation issues are often due to > configuration errors or a lack of a common TLS trust anchor. In > these cases, it is better if the Relying Party retrieves the CA > certificate regardless and performs validation on it. Therefore, = the > Relying Party MUST continue to retrieve the data in case of errors. >=20 > It is RECOMMENDED that Relying Parties and Repository Servers = follow > the Best Current Practices outlined in [RFC7525] on the use of HTTP > over TLS (HTTPS) [RFC7230]. Relying Parties SHOULD do TLS > certificate and host name validation using subjectAltName dNSName > identities as described in [RFC6125]. The rules and guidelines > defined in [RFC6125] apply here, with the following considerations: >=20 > o Relying Parties and Repository Servers SHOULD support the DNS-ID > identifier type. The DNS-ID identifier type SHOULD be present = in > Repository Server certificates. >=20 > o DNS names in Repository Server certificates SHOULD NOT contain = the > wildcard character "*". >=20 > o A Common Name (CN) field may be present in a Repository Server > certificate's subject name but SHOULD NOT be used for > authentication within the rules described in [RFC6125]. >=20 > o This protocol does not require the use of SRV-IDs. >=20 > o This protocol does not require the use of URI-IDs. >=20 > Note, however, that this validation is done on a best-effort basis > and serves to highlight potential issues, but CA certificate > validation in relation to a TAL as described in Section 3 does not > depend on this. Therefore, Relying Parties MAY deviate from the > validation steps listed above. > On 20 Mar 2018, at 17:55, internet-drafts@ietf.org wrote: >=20 >=20 > A New Internet-Draft is available from the on-line Internet-Drafts = directories. > This draft is a work item of the SIDR Operations WG of the IETF. >=20 > Title : Resource Public Key Infrastructure (RPKI) = Trust Anchor Locator > Authors : Tim Bruijnzeels > George Michaelson > Filename : draft-ietf-sidrops-https-tal-00.txt > Pages : 9 > Date : 2018-03-20 >=20 > Abstract: > This document defines a Trust Anchor Locator (TAL) for the Resource > Public Key Infrastructure (RPKI). This document obsoletes RFC 7730 > by adding support for HTTPS URIs in a TAL. >=20 >=20 > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-sidrops-https-tal/ >=20 > There are also htmlized versions available at: > https://tools.ietf.org/html/draft-ietf-sidrops-https-tal-00 > https://datatracker.ietf.org/doc/html/draft-ietf-sidrops-https-tal-00 >=20 >=20 > Please note that it may take a couple of minutes from the time of = submission > until the htmlized version and diff are available at tools.ietf.org. >=20 > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ >=20 > _______________________________________________ > Sidrops mailing list > Sidrops@ietf.org > https://www.ietf.org/mailman/listinfo/sidrops >=20 From nobody Thu Mar 22 11:42:14 2018 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EE9101242EA for ; Thu, 22 Mar 2018 11:42:13 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.91 X-Spam-Level: X-Spam-Status: No, score=-6.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Zw69KpIJ7O-7 for ; Thu, 22 Mar 2018 11:42:11 -0700 (PDT) Received: from molamola.ripe.net (molamola.ripe.net [IPv6:2001:67c:2e8:11::c100:1371]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E9BFE126B6E for ; Thu, 22 Mar 2018 11:42:10 -0700 (PDT) Received: from nene.ripe.net ([193.0.23.10]) by molamola.ripe.net with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ez5A8-0000pL-O3 for sidrops@ietf.org; Thu, 22 Mar 2018 19:42:09 +0100 Received: from sslvpn.ripe.net ([193.0.20.230] helo=vpn-175.ripe.net) by nene.ripe.net with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.89) (envelope-from ) id 1ez5A8-0006bB-7a; Thu, 22 Mar 2018 19:42:08 +0100 Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\)) From: Tim Bruijnzeels In-Reply-To: <152156852282.9718.17979378342549168289@ietfa.amsl.com> Date: Thu, 22 Mar 2018 18:42:02 +0000 Content-Transfer-Encoding: quoted-printable Message-Id: <83CBED5C-F8FF-4037-9C24-412A507B72BB@ripe.net> References: <152156852282.9718.17979378342549168289@ietfa.amsl.com> To: SIDR Operations WG X-Mailer: Apple Mail (2.3445.5.20) X-ACL-Warn: Delaying message X-RIPE-Spam-Level: ------- X-RIPE-Spam-Report: Spam Total Points: -7.5 points pts rule name description ---- ---------------------- ------------------------------------ -7.5 ALL_TRUSTED Passed through trusted hosts only via SMTP -0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay domain X-RIPE-Signature: 784d7acfe6559f2a0b602ec6519a071986514e501c539da851d75121df8dbbf7 Archived-At: Subject: Re: [Sidrops] I-D Action: draft-ietf-sidrops-https-tal-00.txt X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Mar 2018 18:42:14 -0000 Dear WG, As presented today, this is the adopted document that obsolete RFC7730 = and allows the use of HTTPS in TALs. The document obsoletes rather than updates because it would have become = unreadable otherwise. There are a number of references to rsync in = various parts of 7730. That said, the changes here are minimal. If any = of the original authors of RFC7730 want to be on the list they can be = added, alternatively I can extend the acknowledgment section. As mentioned please review the text of section 4 (see below). If there = are no objections in the next two weeks, then I will remove the first = paragraph, upload an -01 version and ask for last call. Kind regards Tim > 4. HTTPS Considerations >=20 >=20 > REMOVE LATER: The following text is inspired by the equivalent > section in [RFC8182], but adapted for this case. >=20 > Note that a Man in the Middle (MITM) cannot produce a CA certificate > that would be considered valid according to the process described in > Section 3. However, a MITM can perform withhold or replay attacks > targeting a Relying Party and keep the Relying Party from learning > about an update CA certificate. Because of this, Relying Parties > SHOULD do TLS certificate and host name validation when they fetch a > CA certificate using an HTTPS URI on a TAL. >=20 > Relying Party tools SHOULD log any TLS certificate or host name > validation issues found, so that an operator can investigate the > cause. However, such validation issues are often due to > configuration errors or a lack of a common TLS trust anchor. In > these cases, it is better if the Relying Party retrieves the CA > certificate regardless and performs validation on it. Therefore, = the > Relying Party MUST continue to retrieve the data in case of errors. >=20 > It is RECOMMENDED that Relying Parties and Repository Servers follow > the Best Current Practices outlined in [RFC7525] on the use of HTTP > over TLS (HTTPS) [RFC7230]. Relying Parties SHOULD do TLS > certificate and host name validation using subjectAltName dNSName > identities as described in [RFC6125]. The rules and guidelines > defined in [RFC6125] apply here, with the following considerations: >=20 > o Relying Parties and Repository Servers SHOULD support the DNS-ID > identifier type. The DNS-ID identifier type SHOULD be present in > Repository Server certificates. >=20 > o DNS names in Repository Server certificates SHOULD NOT contain = the > wildcard character "*". >=20 > o A Common Name (CN) field may be present in a Repository Server > certificate's subject name but SHOULD NOT be used for > authentication within the rules described in [RFC6125]. >=20 > o This protocol does not require the use of SRV-IDs. >=20 > o This protocol does not require the use of URI-IDs. >=20 > Note, however, that this validation is done on a best-effort basis > and serves to highlight potential issues, but CA certificate > validation in relation to a TAL as described in Section 3 does not > depend on this. Therefore, Relying Parties MAY deviate from the > validation steps listed above. > On 20 Mar 2018, at 17:55, internet-drafts@ietf.org wrote: >=20 >=20 > A New Internet-Draft is available from the on-line Internet-Drafts = directories. > This draft is a work item of the SIDR Operations WG of the IETF. >=20 > Title : Resource Public Key Infrastructure (RPKI) = Trust Anchor Locator > Authors : Tim Bruijnzeels > George Michaelson > Filename : draft-ietf-sidrops-https-tal-00.txt > Pages : 9 > Date : 2018-03-20 >=20 > Abstract: > This document defines a Trust Anchor Locator (TAL) for the Resource > Public Key Infrastructure (RPKI). This document obsoletes RFC 7730 > by adding support for HTTPS URIs in a TAL. >=20 >=20 > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-sidrops-https-tal/ >=20 > There are also htmlized versions available at: > https://tools.ietf.org/html/draft-ietf-sidrops-https-tal-00 > https://datatracker.ietf.org/doc/html/draft-ietf-sidrops-https-tal-00 >=20 >=20 > Please note that it may take a couple of minutes from the time of = submission > until the htmlized version and diff are available at tools.ietf.org. >=20 > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ >=20 > _______________________________________________ > Sidrops mailing list > Sidrops@ietf.org > https://www.ietf.org/mailman/listinfo/sidrops >=20 From nobody Mon Mar 26 09:27:35 2018 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 37E7012946D for ; Mon, 26 Mar 2018 09:27:33 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KTqoQ7M795jy for ; Mon, 26 Mar 2018 09:27:31 -0700 (PDT) Received: from mail-pl0-x22c.google.com (mail-pl0-x22c.google.com [IPv6:2607:f8b0:400e:c01::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 72E461270B4 for ; Mon, 26 Mar 2018 09:27:31 -0700 (PDT) Received: by mail-pl0-x22c.google.com with SMTP id p9-v6so12252983pls.2 for ; Mon, 26 Mar 2018 09:27:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=pWuAVqsJLLsFxVkFGXepPbzcZp7r/JAUeG0RUx417M4=; b=jZQ0YxUiiAclrNf5xQpFjigoh2lLhiPdHbPt04L2tOrvlwycxCqWhIctp14KpmSe2H Bc5hfv98Moi5krQPWWt/4U0x33oQPWp49hAg7z3n0jgbnBwNOj3b5sfj/zlkL/ckpLfT NJVsNj4KKX18NTy3A6n98Le9NFNhsA6qjOn5Y= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=pWuAVqsJLLsFxVkFGXepPbzcZp7r/JAUeG0RUx417M4=; b=sRpO4Dj1n11hbgcNPXaJipB4Kf/J8avmywPcRYWpRSV1GY9/dVdSv0QXDpjDhILFMA 3wha3IzD2XGTaLpAShTLm/XDakT3RWP+xfVhAtpyOsg2pJj6Jc6j/ylixur8pD0xOQz5 SIPhDsLHab9psrJAGrLkiGlslmwxiTfcEUwFs5dwTn2Dx56Tsb3DXUtzLn6FPyU6tW+O 3CmRbg8O6Zdt1wE6BQylZKIAXY+cgTsScEbA2W9PKnNNORWqbUAtu3Ot6SeMJhOgSfPm LQXTK+24dLFKvY2NDKjO+hJuawtzosGNlN9Cy84R4UpAalSgRWKVvtiQnU9e5Nef7YsD u+Kg== X-Gm-Message-State: AElRT7FFkwuGvAiVIZu/WVTlu+bcs4FmuUzogMUTuk4l4d5pBy74iY6l xmwlKrLpI1fTRtSsE4reY23u/0u2iqo= X-Google-Smtp-Source: AG47ELsrMogKCGWUX7hqF1jYgVkqUvORGUoS/Y8snrojJyLN5VruvlqR/lUtIzoTa1KrSNvZmzeb0g== X-Received: by 2002:a17:902:1e2:: with SMTP id b89-v6mr29210442plb.389.1522081651131; Mon, 26 Mar 2018 09:27:31 -0700 (PDT) Received: from [5.5.33.91] (vpn.snozzages.com. [204.42.252.17]) by smtp.gmail.com with ESMTPSA id l129sm33734987pfl.82.2018.03.26.09.27.28 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 26 Mar 2018 09:27:30 -0700 (PDT) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\)) From: Sean Turner In-Reply-To: <5A15A7DD-EE21-499F-8F1C-6E250495E1F6@arrcus.com> Date: Mon, 26 Mar 2018 17:27:23 +0100 Cc: "sidrops@ietf.org" Content-Transfer-Encoding: quoted-printable Message-Id: <8D3BEEE6-BF3D-443C-817E-5F78B9B5C410@sn3rd.com> References: <5A15A7DD-EE21-499F-8F1C-6E250495E1F6@arrcus.com> To: Keyur Patel X-Mailer: Apple Mail (2.3445.5.20) Archived-At: Subject: Re: [Sidrops] WGLC for draft-ietf-sidrops-ov-clarify-00 X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Mar 2018 16:27:33 -0000 I finally got around to reading the draft and think it looks good to go. spt > On Feb 28, 2018, at 21:04, Keyur Patel wrote: >=20 > Hi Folks: > =20 > A working group last call has been requested for = draft-ietf-sidrops-ov-clarify-00, =E2=80=9COrigin Validation = Clarifications=E2=80=9D. Please reply to the list with your comments. = The WGLC will end on March 15, 2018. > =20 > The draft can be found at: = https://datatracker.ietf.org/doc/draft-ietf-sidrops-ov-clarify/. > =20 > Randy as an author of this document it would be great if you can = please confirm that any relevant IPR has been disclosed. > =20 > Regards, > Keyur > _______________________________________________ > Sidrops mailing list > Sidrops@ietf.org > https://www.ietf.org/mailman/listinfo/sidrops From nobody Thu Mar 29 12:01:28 2018 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1011412E03C for ; Thu, 29 Mar 2018 12:01:27 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nistgov.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SVn03l02__iu for ; Thu, 29 Mar 2018 12:01:24 -0700 (PDT) Received: from GCC01-CY1-obe.outbound.protection.outlook.com (mail-cy1gcc01on0114.outbound.protection.outlook.com [23.103.200.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6AAAA12E04A for ; Thu, 29 Mar 2018 12:00:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nistgov.onmicrosoft.com; s=selector1-nist-gov; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=JqBNNA3PZaDdO3OIpbcx9HxbiWuxOQxurUnnehw+7PM=; b=Znck8+uQcP6Jzzg8OT3SDxO2+ZnzL72GrIUdi9ZsbNr/BVxOEDWqPIt/3Vi+mSaz+VWSrRGcrWERLhKbUpB9se3pA0XBoUFA6Z2jeLXGJmChjIDlOZee7nSAg2OGleEqkyj7eDrjYqKR/8uiEvpUaSotmUo/QRYuLQ0TV2+YnmE= Received: from DM5PR0901MB2504.namprd09.prod.outlook.com (52.132.128.29) by DM5PR0901MB2502.namprd09.prod.outlook.com (52.132.128.27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.609.10; Thu, 29 Mar 2018 19:00:53 +0000 Received: from DM5PR0901MB2504.namprd09.prod.outlook.com ([fe80::9488:d152:3866:11a]) by DM5PR0901MB2504.namprd09.prod.outlook.com ([fe80::9488:d152:3866:11a%13]) with mapi id 15.20.0609.012; Thu, 29 Mar 2018 19:00:53 +0000 From: "Montgomery, Douglas (Fed)" To: Keyur Patel , "sidrops@ietf.org" Thread-Topic: [Sidrops] WGLC for draft-ietf-sidrops-ov-clarify-00 Thread-Index: AQHTx5BCLLXyyccDFEGWb9Niqjyh2A== Date: Thu, 29 Mar 2018 19:00:53 +0000 Message-ID: <554BE4EF-D381-4CF1-923D-4E38F494915E@nist.gov> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/10.b.0.180311 authentication-results: spf=none (sender IP is ) smtp.mailfrom=dougm@nist.gov; x-originating-ip: [2610:20:6222:140:b150:c0ec:a8e9:87b1] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; DM5PR0901MB2502; 7:PIelohserh67Pj0cYckRc+I6tcUQMn5WqwR1qLwJrjckSs6nJK5l9JZEydsshJzhdF219rPh7uy8HiS8aKpCCjRKehPlJTE7wC/iyfz3gg+WCLo5KbFmq7DYUA0WmEoDrUflz1m4evhtV8hM9KdNZDQUIS+iFa4Ygtm8BaqPJ+n8lJaO4n32kxIte+Cx5QDHxZsdefxvwlCHlmgXGbdpeudoS4d6LLQL0Ir1VFu1Abw+WULfo4NTs+y54bfkLhwY x-ms-exchange-antispam-srfa-diagnostics: SOS; x-ms-office365-filtering-ht: Tenant x-ms-office365-filtering-correlation-id: 210cb608-e34f-4098-72cd-08d595a76584 x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(5600026)(4604075)(3008032)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020); SRVR:DM5PR0901MB2502; x-ms-traffictypediagnostic: DM5PR0901MB2502: x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(28532068793085)(120809045254105)(189930954265078)(219752817060721)(21748063052155); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040522)(2401047)(5005006)(8121501046)(93006095)(93001095)(10201501046)(3002001)(3231221)(944501327)(52105095)(6055026)(6041310)(20161123560045)(20161123558120)(20161123564045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123562045)(6072148)(201708071742011); SRVR:DM5PR0901MB2502; BCL:0; PCL:0; RULEID:; SRVR:DM5PR0901MB2502; x-forefront-prvs: 0626C21B10 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(346002)(376002)(396003)(366004)(39860400002)(39380400002)(199004)(189003)(7736002)(5660300001)(86362001)(99286004)(6512007)(54896002)(53546011)(6506007)(966005)(2900100001)(6246003)(46003)(6486002)(486005)(83716003)(186003)(68736007)(236005)(6436002)(486005)(106356001)(606006)(6306002)(8936002)(102836004)(82746002)(25786009)(53936002)(5250100002)(36756003)(33656002)(6116002)(3280700002)(58126008)(97736004)(2906002)(81156014)(81166006)(8676002)(14454004)(105586002)(3660700001)(2616005)(110136005)(229853002)(2501003)(476003)(316002)(478600001); DIR:OUT; SFP:1102; SCL:1; SRVR:DM5PR0901MB2502; H:DM5PR0901MB2504.namprd09.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts) x-microsoft-antispam-message-info: UJzmfLf4qI9aaS66FCl2a31B4JzNAuRSxdy1iUEHErVrl1ssmdwvp9iovGWLEQxCkI74L/ZMDL10c69Z2iP1cM86IyEUSYOSKq4qvXTCqHqY8WU8H66KFtFaeahQeQECufQrKDgdWc9WhcmxAh5IXy1GibhAdTkG4baccTR7aO6HQMUo1jWfGm4lHHc31zsGsNATQT8tOQ7+0FJN+uEVBqjEztKiPE0bt3EKv9h81zI3mEXfjJcL5Ez9HbPjO3f3OK0rhmUwul4b1DqoWw/X8cH0m3EJ3hEfcfwK2YkH0JrGLmFwrg9qHiYMTv6WEOk7fSzNoXz8II66d0abEPiihw== spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: multipart/alternative; boundary="_000_554BE4EFD3814CF1923D4E38F494915Enistgov_" MIME-Version: 1.0 X-OriginatorOrg: nist.gov X-MS-Exchange-CrossTenant-Network-Message-Id: 210cb608-e34f-4098-72cd-08d595a76584 X-MS-Exchange-CrossTenant-originalarrivaltime: 29 Mar 2018 19:00:53.7736 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR0901MB2502 Archived-At: Subject: Re: [Sidrops] WGLC for draft-ietf-sidrops-ov-clarify-00 X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 Mar 2018 19:01:27 -0000 --_000_554BE4EFD3814CF1923D4E38F494915Enistgov_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 U29ycnkgZm9yIGJlaW5nIGxhdGUgb24gdGhlIGNhbGwgZm9yIGNvbW1lbnRzLCBidXQgSSBoYXZl IGEgcXVlc3Rpb24gYWJvdXQgdGhlIGRyYWZ0IGFuZCB0aGUgaW1wbGljYXRpb25zIGZvciBPViB0 aGF0IEkgd2FudGVkIHRvIGRpc2N1c3MuDQoNClRoZSBuZXcgZHJhZnQgbWFrZXMgaXQgY2xlYXIg dGhhdCByb3V0ZXMgdGhhdCBvcmlnaW5hdGUgaW50ZXJuYWwgdG8gYW4gQVMgdGhhdCBnZXQgZGlz dHJpYnV0ZWQgaW50byBpQkdQIE1VU1QgYmUgbWFya2VkIGJ5IGRlZmF1bHQuDQoNCg0K4oCcIFRo aXMgbWVhbnMgdGhhdCwgb24gYSByb3V0ZXIsIGFsbCByb3V0ZXMgaW4gQkdQLCBhYnNlbnQgb3Bl cmF0b3INCiAgIGNvbmZpZ3VyYXRpb24gb3RoZXJ3aXNlLCBNVVNUIGhhdmUgYmVlbiBtYXJrZWQg YmVjYXVzZSB0aGV5IHdlcmUNCiAgIGVpdGhlciByZWNlaXZlZCB2aWEgQkdQICh3aGV0aGVyIGVC R1Agb3IgaUJHUCksIHJlZGlzdHJpYnV0ZWQgZnJvbSBhbg0KICAgSUdQLCBzdGF0aWMsIG9yIGRp cmVjdGx5IGNvbm5lY3RlZCwgb3IgYW55IG90aGVyIGRpc3RyaWJ1dGlvbiBpbnRvDQogICBCR1Au DQoNCiAgIFdoZW4gcmVkaXN0cmlidXRpbmcgaW50byBCR1AgZnJvbSBjb25uZWN0ZWQsIHN0YXRp YywgSUdQLCBpQkdQLCBldGMuLA0KICAgdGhlcmUgaXMgbm8gQVNfUEFUSCBpbiB0aGUgaW5wdXQg dG8gYWxsb3cgUlBLSSB2YWxpZGF0aW9uIG9mIHRoZQ0KICAgb3JpZ2luYXRpbmcgQVMuICBJbiBz dWNoIGNhc2VzLCB0aGUgcm91dGVyIFNIT1VMRCB1c2UgdGhlIEFTIG9mIHRoZQ0KICAgcm91dGVy J3MgQkdQIGNvbmZpZ3VyYXRpb24u4oCdDQoNCkluIGEgc2l0dWF0aW9uIHdoZXJlIGludGVybmFs IG1vcmUgc3BlY2lmaWMgcm91dGVzIGFyZSByZWRpc3RyaWJ1dGVkIGludG8gaUJHUCBmb3IgdXNl IGludGVybmFsIHRvIHRoZSBBUywgYnV0IHN1bW1hcml6ZWQgaW50byBhbiBhZ2dyZWdhdGUgYmVm b3JlIGJlaW5nIG9yaWdpbmF0ZWQgaW4gZUJHUCwgYW5kIHRoZSBST0EgZm9yIHRoZSBlQkdQIGFn Z3JlZ2F0ZSBpcyBzZXQgdGlnaHQgKGUuZy4sIGVxdWFsIHRvIHRoZSBhZ2dyZWdhdGUgbGVuZ3Ro KSwgaG93IGRvIHdlIHN1Z2dlc3QgdGhpcyBpcyB0byBiZSBoYW5kbGVkPw0KDQpGb3IgZXhhbXBs ZSBJIHVzZSAvMjRzIGludGVybmFsbHksIGJ1dCBvbmx5IG9yaWdpbmF0ZSBhIC8xNiBleHRlcm5h bGx5LCBhbmQgaGF2ZSBhIFJPQSB3aXRoIE1heExlbmd0aD0xNi4gICBXaXRob3V0IGZ1cnRoZXIg Y29uZmlndXJhdGlvbi9hY3Rpb24gdGhpcyB3b3VsZCByZXN1bHQgaW4gdGhlIGludGVybmFsIC8y NHMgd291bGQgYmUgbWFya2VkIEludmFsaWQsIGJ1dCBjbGVhcmx5IEkgZG9u4oCZdCB3YW50IHRo ZW0gdG8gYmUgZGVwcmVmZWQgb3IgZHJvcHBlZC4NCg0KVGhlIGNob2ljZXMgc2VlbSB0byBiZSB0 aGF0IEkgaGF2ZSB0aGUgYWJpbGl0eSB0byB3cml0ZSByb3V0ZSBwb2xpY3kgdGhhdCBleGVtcHRz IGxvY2FsIHJvdXRlcyBmcm9tIHRoZSBhbiBvdmVyYWxsIHBvbGljeSAoZS5nLiwgZHJvcCBpbnZh bGlkLCB1bmxlc3MgaXQgaXMgYSBsb2NhbGx5IGdlbmVyYXRlZCBpQkdQIHJvdXRlKSwgb3IgSSBj cmVhdGUgU0xVUk0gZW50cmllcyB0byBtYWtlIHRoZSAvMjRzIHZhbGlkLCBvbmx5IGluIG15IEFT LCBidXQgbm90IGluIHRoZSBwdWJsaWMgUlBLSSBkYXRhPyAgIEVpdGhlciBvZiB0aGVzZSBjaG9p Y2VzIGhhcyBzb21lIGNvbmZpZ3VyYXRpb24gY29tcGxleGl0eS4NCg0KQXJlIHRoZXJlIG90aGVy IHdheXMgb2YgaGFuZGxpbmcgdGhpcy4gICBEbyBpbXBsZW1lbnRhdGlvbnMgcHJvdmlkZSBlbm91 Z2ggcG9saWN5IGtub2JzIHRvIGFsbG93IG1lIHRvIGFwcGx5IE9WIHBvbGljaWVzIHRvIHNvbWUg aUJHUCByb3V0ZXMsIGJ1dCBub3Qgb3RoZXJzIChlLmcuLCBsb2NhbGx5IG9yaWdpbmF0ZWQpPw0K DQpkb3VnbQ0KLS0NCkRvdWcgTW9udGdvbWVyeSwgTWFuYWdlciBJbnRlcm5ldCAgJiBTY2FsYWJs ZSBTeXN0ZW1zIFJlc2VhcmNoIEAgTklTVA0KDQpGcm9tOiBTaWRyb3BzIDxzaWRyb3BzLWJvdW5j ZXNAaWV0Zi5vcmc+IG9uIGJlaGFsZiBvZiBLZXl1ciBQYXRlbCA8a2V5dXJAYXJyY3VzLmNvbT4N CkRhdGU6IFdlZG5lc2RheSwgRmVicnVhcnkgMjgsIDIwMTggYXQgNDowNCBQTQ0KVG86ICJzaWRy b3BzQGlldGYub3JnIiA8c2lkcm9wc0BpZXRmLm9yZz4NClN1YmplY3Q6IFtTaWRyb3BzXSBXR0xD IGZvciBkcmFmdC1pZXRmLXNpZHJvcHMtb3YtY2xhcmlmeS0wMA0KDQpUaGUgZHJhZnQgY2FuIGJl IGZvdW5kIGF0OiBodHRwczovL2RhdGF0cmFja2VyLmlldGYub3JnL2RvYy9kcmFmdC1pZXRmLXNp ZHJvcHMtb3YtY2xhcmlmeS88aHR0cHM6Ly9uYTAxLnNhZmVsaW5rcy5wcm90ZWN0aW9uLm91dGxv b2suY29tLz91cmw9aHR0cHMlM0ElMkYlMkZkYXRhdHJhY2tlci5pZXRmLm9yZyUyRmRvYyUyRmRy YWZ0LWlldGYtc2lkcm9wcy1vdi1jbGFyaWZ5JTJGJmRhdGE9MDIlN0MwMSU3Q2RvdWdtJTQwbmlz dC5nb3YlN0M1NjhhMDAwNDllYzA0NzdmM2U5YTA4ZDU3ZWVlZDcxNiU3QzJhYjVkODJmZDhmYTQ3 OTdhOTNlMDU0NjU1YzYxZGVjJTdDMSU3QzAlN0M2MzY1NTQ0ODY2Mzk4MTAyNjEmc2RhdGE9cWRi VWZPOVVtVWlsMGlmSmk1OTFvJTJGOGNJVlkyTDUlMkJhR29RYzBQRjU5ckElM0QmcmVzZXJ2ZWQ9 MD4uDQo= --_000_554BE4EFD3814CF1923D4E38F494915Enistgov_ Content-Type: text/html; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6bz0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6b2ZmaWNlIiB4 bWxuczp3PSJ1cm46c2NoZW1hcy1taWNyb3NvZnQtY29tOm9mZmljZTp3b3JkIiB4bWxuczptPSJo dHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL29mZmljZS8yMDA0LzEyL29tbWwiIHhtbG5zPSJo dHRwOi8vd3d3LnczLm9yZy9UUi9SRUMtaHRtbDQwIj4NCjxoZWFkPg0KPG1ldGEgaHR0cC1lcXVp dj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9dXRmLTgiPg0KPG1l dGEgbmFtZT0iR2VuZXJhdG9yIiBjb250ZW50PSJNaWNyb3NvZnQgV29yZCAxNSAoZmlsdGVyZWQg bWVkaXVtKSI+DQo8c3R5bGU+PCEtLQ0KLyogRm9udCBEZWZpbml0aW9ucyAqLw0KQGZvbnQtZmFj ZQ0KCXtmb250LWZhbWlseTpDb3VyaWVyOw0KCXBhbm9zZS0xOjAgMCAwIDAgMCAwIDAgMCAwIDA7 fQ0KQGZvbnQtZmFjZQ0KCXtmb250LWZhbWlseToiQ2FtYnJpYSBNYXRoIjsNCglwYW5vc2UtMToy IDQgNSAzIDUgNCA2IDMgMiA0O30NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6Q2FsaWJyaTsN CglwYW5vc2UtMToyIDE1IDUgMiAyIDIgNCAzIDIgNDt9DQpAZm9udC1mYWNlDQoJe2ZvbnQtZmFt aWx5OiJUaW1lcyBOZXcgUm9tYW4gXChCb2R5IENTXCkiOw0KCXBhbm9zZS0xOjIgMiA2IDMgNSA0 IDUgMiAzIDQ7fQ0KLyogU3R5bGUgRGVmaW5pdGlvbnMgKi8NCnAuTXNvTm9ybWFsLCBsaS5Nc29O b3JtYWwsIGRpdi5Nc29Ob3JtYWwNCgl7bWFyZ2luOjBpbjsNCgltYXJnaW4tYm90dG9tOi4wMDAx cHQ7DQoJZm9udC1zaXplOjExLjBwdDsNCglmb250LWZhbWlseToiQ2FsaWJyaSIsc2Fucy1zZXJp Zjt9DQphOmxpbmssIHNwYW4uTXNvSHlwZXJsaW5rDQoJe21zby1zdHlsZS1wcmlvcml0eTo5OTsN Cgljb2xvcjpibHVlOw0KCXRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7fQ0KYTp2aXNpdGVkLCBz cGFuLk1zb0h5cGVybGlua0ZvbGxvd2VkDQoJe21zby1zdHlsZS1wcmlvcml0eTo5OTsNCgljb2xv cjpwdXJwbGU7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQpwcmUNCgl7bXNvLXN0eWxl LXByaW9yaXR5Ojk5Ow0KCW1zby1zdHlsZS1saW5rOiJIVE1MIFByZWZvcm1hdHRlZCBDaGFyIjsN CgltYXJnaW46MGluOw0KCW1hcmdpbi1ib3R0b206LjAwMDFwdDsNCglmb250LXNpemU6MTAuMHB0 Ow0KCWZvbnQtZmFtaWx5OiJDb3VyaWVyIE5ldyI7fQ0KcC5tc29ub3JtYWwwLCBsaS5tc29ub3Jt YWwwLCBkaXYubXNvbm9ybWFsMA0KCXttc28tc3R5bGUtbmFtZTptc29ub3JtYWw7DQoJbXNvLW1h cmdpbi10b3AtYWx0OmF1dG87DQoJbWFyZ2luLXJpZ2h0OjBpbjsNCgltc28tbWFyZ2luLWJvdHRv bS1hbHQ6YXV0bzsNCgltYXJnaW4tbGVmdDowaW47DQoJZm9udC1zaXplOjExLjBwdDsNCglmb250 LWZhbWlseToiQ2FsaWJyaSIsc2Fucy1zZXJpZjt9DQpzcGFuLmFwcGxlLWNvbnZlcnRlZC1zcGFj ZQ0KCXttc28tc3R5bGUtbmFtZTphcHBsZS1jb252ZXJ0ZWQtc3BhY2U7fQ0Kc3Bhbi5FbWFpbFN0 eWxlMTkNCgl7bXNvLXN0eWxlLXR5cGU6cGVyc29uYWwtcmVwbHk7DQoJZm9udC1mYW1pbHk6Q291 cmllcjsNCgljb2xvcjp3aW5kb3d0ZXh0O30NCnNwYW4uSFRNTFByZWZvcm1hdHRlZENoYXINCgl7 bXNvLXN0eWxlLW5hbWU6IkhUTUwgUHJlZm9ybWF0dGVkIENoYXIiOw0KCW1zby1zdHlsZS1wcmlv cml0eTo5OTsNCgltc28tc3R5bGUtbGluazoiSFRNTCBQcmVmb3JtYXR0ZWQiOw0KCWZvbnQtZmFt aWx5OiJDb3VyaWVyIE5ldyI7fQ0KLk1zb0NocERlZmF1bHQNCgl7bXNvLXN0eWxlLXR5cGU6ZXhw b3J0LW9ubHk7DQoJZm9udC1zaXplOjEwLjBwdDt9DQpAcGFnZSBXb3JkU2VjdGlvbjENCgl7c2l6 ZTo4LjVpbiAxMS4waW47DQoJbWFyZ2luOjEuMGluIDEuMGluIDEuMGluIDEuMGluO30NCmRpdi5X b3JkU2VjdGlvbjENCgl7cGFnZTpXb3JkU2VjdGlvbjE7fQ0KLS0+PC9zdHlsZT4NCjwvaGVhZD4N Cjxib2R5IGxhbmc9IkVOLVVTIiBsaW5rPSJibHVlIiB2bGluaz0icHVycGxlIj4NCjxkaXYgY2xh c3M9IldvcmRTZWN0aW9uMSI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9u dC1zaXplOjEyLjBwdDtmb250LWZhbWlseTpDb3VyaWVyIj5Tb3JyeSBmb3IgYmVpbmcgbGF0ZSBv biB0aGUgY2FsbCBmb3IgY29tbWVudHMsIGJ1dCBJIGhhdmUgYSBxdWVzdGlvbiBhYm91dCB0aGUg ZHJhZnQgYW5kIHRoZSBpbXBsaWNhdGlvbnMgZm9yIE9WIHRoYXQgSSB3YW50ZWQgdG8gZGlzY3Vz cy48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHls ZT0iZm9udC1zaXplOjEyLjBwdDtmb250LWZhbWlseTpDb3VyaWVyIj48bzpwPiZuYnNwOzwvbzpw Pjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXpl OjEyLjBwdDtmb250LWZhbWlseTpDb3VyaWVyIj5UaGUgbmV3IGRyYWZ0IG1ha2VzIGl0IGNsZWFy IHRoYXQgcm91dGVzIHRoYXQgb3JpZ2luYXRlIGludGVybmFsIHRvIGFuIEFTIHRoYXQgZ2V0IGRp c3RyaWJ1dGVkIGludG8gaUJHUCBNVVNUIGJlIG1hcmtlZCBieSBkZWZhdWx0LjxvOnA+PC9vOnA+ PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6 MTIuMHB0O2ZvbnQtZmFtaWx5OkNvdXJpZXIiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4N CjxwcmU+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMi4wcHQ7Zm9udC1mYW1pbHk6Q291cmllciI+ 4oCcIDwvc3Bhbj48c3BhbiBzdHlsZT0iY29sb3I6YmxhY2siPlRoaXMgbWVhbnMgdGhhdCwgb24g YSByb3V0ZXIsIGFsbCByb3V0ZXMgaW4gQkdQLCBhYnNlbnQgb3BlcmF0b3I8bzpwPjwvbzpwPjwv c3Bhbj48L3ByZT4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6 MTAuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NvdXJpZXIgTmV3JnF1b3Q7O2NvbG9yOmJsYWNrIj4m bmJzcDsmbmJzcDsgY29uZmlndXJhdGlvbiBvdGhlcndpc2UsIE1VU1QgaGF2ZSBiZWVuIG1hcmtl ZCBiZWNhdXNlIHRoZXkgd2VyZTxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29O b3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0Nv dXJpZXIgTmV3JnF1b3Q7O2NvbG9yOmJsYWNrIj4mbmJzcDsmbmJzcDsgZWl0aGVyIHJlY2VpdmVk IHZpYSBCR1AgKHdoZXRoZXIgZUJHUCBvciBpQkdQKSwgcmVkaXN0cmlidXRlZCBmcm9tIGFuPG86 cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZv bnQtc2l6ZToxMC4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q291cmllciBOZXcmcXVvdDs7Y29sb3I6 YmxhY2siPiZuYnNwOyZuYnNwOyBJR1AsIHN0YXRpYywgb3IgZGlyZWN0bHkgY29ubmVjdGVkLCBv ciBhbnkgb3RoZXIgZGlzdHJpYnV0aW9uIGludG88bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjBwdDtmb250LWZhbWls eTomcXVvdDtDb3VyaWVyIE5ldyZxdW90Oztjb2xvcjpibGFjayI+Jm5ic3A7Jm5ic3A7IEJHUC48 bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0i Zm9udC1zaXplOjEwLjBwdDtmb250LWZhbWlseTomcXVvdDtDb3VyaWVyIE5ldyZxdW90Oztjb2xv cjpibGFjayI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1h bCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q291cmll ciBOZXcmcXVvdDs7Y29sb3I6YmxhY2siPiZuYnNwOyZuYnNwOyBXaGVuIHJlZGlzdHJpYnV0aW5n IGludG8gQkdQIGZyb20gY29ubmVjdGVkLCBzdGF0aWMsIElHUCwgaUJHUCwgZXRjLiw8bzpwPjwv bzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1z aXplOjEwLjBwdDtmb250LWZhbWlseTomcXVvdDtDb3VyaWVyIE5ldyZxdW90Oztjb2xvcjpibGFj ayI+Jm5ic3A7Jm5ic3A7IHRoZXJlIGlzIG5vIEFTX1BBVEggaW4gdGhlIGlucHV0IHRvIGFsbG93 IFJQS0kgdmFsaWRhdGlvbiBvZiB0aGU8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0i TXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjBwdDtmb250LWZhbWlseTomcXVv dDtDb3VyaWVyIE5ldyZxdW90Oztjb2xvcjpibGFjayI+Jm5ic3A7Jm5ic3A7IG9yaWdpbmF0aW5n IEFTLiZuYnNwOyBJbiBzdWNoIGNhc2VzLCB0aGUgcm91dGVyIFNIT1VMRCB1c2UgdGhlIEFTIG9m IHRoZTxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0 eWxlPSJmb250LXNpemU6MTAuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NvdXJpZXIgTmV3JnF1b3Q7 O2NvbG9yOmJsYWNrIj4mbmJzcDsmbmJzcDsgcm91dGVyJ3MgQkdQIGNvbmZpZ3VyYXRpb24u4oCd PG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9 ImZvbnQtc2l6ZToxMi4wcHQ7Zm9udC1mYW1pbHk6Q291cmllciI+PG86cD4mbmJzcDs8L286cD48 L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTox Mi4wcHQ7Zm9udC1mYW1pbHk6Q291cmllciI+SW4gYSBzaXR1YXRpb24gd2hlcmUgaW50ZXJuYWwg bW9yZSBzcGVjaWZpYyByb3V0ZXMgYXJlIHJlZGlzdHJpYnV0ZWQgaW50byBpQkdQIGZvciB1c2Ug aW50ZXJuYWwgdG8gdGhlIEFTLCBidXQgc3VtbWFyaXplZCBpbnRvIGFuIGFnZ3JlZ2F0ZSBiZWZv cmUgYmVpbmcgb3JpZ2luYXRlZCBpbiBlQkdQLCBhbmQgdGhlIFJPQQ0KIGZvciB0aGUgZUJHUCBh Z2dyZWdhdGUgaXMgc2V0IHRpZ2h0IChlLmcuLCBlcXVhbCB0byB0aGUgYWdncmVnYXRlIGxlbmd0 aCksIGhvdyBkbyB3ZSBzdWdnZXN0IHRoaXMgaXMgdG8gYmUgaGFuZGxlZD88bzpwPjwvbzpwPjwv c3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEy LjBwdDtmb250LWZhbWlseTpDb3VyaWVyIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEyLjBwdDtmb250LWZh bWlseTpDb3VyaWVyIj5Gb3IgZXhhbXBsZSBJIHVzZSAvMjRzIGludGVybmFsbHksIGJ1dCBvbmx5 IG9yaWdpbmF0ZSBhIC8xNiBleHRlcm5hbGx5LCBhbmQgaGF2ZSBhIFJPQSB3aXRoIE1heExlbmd0 aD0xNi4mbmJzcDsmbmJzcDsgV2l0aG91dCBmdXJ0aGVyIGNvbmZpZ3VyYXRpb24vYWN0aW9uIHRo aXMgd291bGQgcmVzdWx0IGluIHRoZSBpbnRlcm5hbCAvMjRzIHdvdWxkDQogYmUgbWFya2VkIElu dmFsaWQsIGJ1dCBjbGVhcmx5IEkgZG9u4oCZdCB3YW50IHRoZW0gdG8gYmUgZGVwcmVmZWQgb3Ig ZHJvcHBlZC48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3Bh biBzdHlsZT0iZm9udC1zaXplOjEyLjBwdDtmb250LWZhbWlseTpDb3VyaWVyIj48bzpwPiZuYnNw OzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9u dC1zaXplOjEyLjBwdDtmb250LWZhbWlseTpDb3VyaWVyIj5UaGUgY2hvaWNlcyBzZWVtIHRvIGJl IHRoYXQgSSBoYXZlIHRoZSBhYmlsaXR5IHRvIHdyaXRlIHJvdXRlIHBvbGljeSB0aGF0IGV4ZW1w dHMgbG9jYWwgcm91dGVzIGZyb20gdGhlIGFuIG92ZXJhbGwgcG9saWN5IChlLmcuLCBkcm9wIGlu dmFsaWQsIHVubGVzcyBpdCBpcyBhIGxvY2FsbHkgZ2VuZXJhdGVkIGlCR1Agcm91dGUpLA0KIG9y IEkgY3JlYXRlIFNMVVJNIGVudHJpZXMgdG8gbWFrZSB0aGUgLzI0cyB2YWxpZCwgb25seSBpbiBt eSBBUywgYnV0IG5vdCBpbiB0aGUgcHVibGljIFJQS0kgZGF0YT8mbmJzcDsmbmJzcDsgRWl0aGVy IG9mIHRoZXNlIGNob2ljZXMgaGFzIHNvbWUgY29uZmlndXJhdGlvbiBjb21wbGV4aXR5LjxvOnA+ PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250 LXNpemU6MTIuMHB0O2ZvbnQtZmFtaWx5OkNvdXJpZXIiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFu PjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTIuMHB0 O2ZvbnQtZmFtaWx5OkNvdXJpZXIiPkFyZSB0aGVyZSBvdGhlciB3YXlzIG9mIGhhbmRsaW5nIHRo aXMuJm5ic3A7Jm5ic3A7IERvIGltcGxlbWVudGF0aW9ucyBwcm92aWRlIGVub3VnaCBwb2xpY3kg a25vYnMgdG8gYWxsb3cgbWUgdG8gYXBwbHkgT1YgcG9saWNpZXMgdG8gc29tZSBpQkdQIHJvdXRl cywgYnV0IG5vdCBvdGhlcnMgKGUuZy4sIGxvY2FsbHkgb3JpZ2luYXRlZCk/PG86cD48L286cD48 L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTox Mi4wcHQ7Zm9udC1mYW1pbHk6Q291cmllciI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0K PHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMi4wcHQ7Zm9udC1m YW1pbHk6Q291cmllciI+ZG91Z208bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8ZGl2Pg0KPHAgY2xh c3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImNvbG9yOmJsYWNrIj4tLTxvOnA+PC9vOnA+PC9z cGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJjb2xvcjpibGFjayI+ RG91ZyBNb250Z29tZXJ5LCBNYW5hZ2VyIEludGVybmV0Jm5ic3A7ICZhbXA7IFNjYWxhYmxlIFN5 c3RlbXMgUmVzZWFyY2ggQCBOSVNUPG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEyLjBwdDtmb250LWZhbWls eTpDb3VyaWVyIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8ZGl2IHN0eWxlPSJib3Jk ZXI6bm9uZTtib3JkZXItdG9wOnNvbGlkICNCNUM0REYgMS4wcHQ7cGFkZGluZzozLjBwdCAwaW4g MGluIDBpbiI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luLWxlZnQ6LjVpbiI+ PGI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMi4wcHQ7Y29sb3I6YmxhY2siPkZyb206DQo8L3Nw YW4+PC9iPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTIuMHB0O2NvbG9yOmJsYWNrIj5TaWRyb3Bz ICZsdDtzaWRyb3BzLWJvdW5jZXNAaWV0Zi5vcmcmZ3Q7IG9uIGJlaGFsZiBvZiBLZXl1ciBQYXRl bCAmbHQ7a2V5dXJAYXJyY3VzLmNvbSZndDs8YnI+DQo8Yj5EYXRlOiA8L2I+V2VkbmVzZGF5LCBG ZWJydWFyeSAyOCwgMjAxOCBhdCA0OjA0IFBNPGJyPg0KPGI+VG86IDwvYj4mcXVvdDtzaWRyb3Bz QGlldGYub3JnJnF1b3Q7ICZsdDtzaWRyb3BzQGlldGYub3JnJmd0Ozxicj4NCjxiPlN1YmplY3Q6 IDwvYj5bU2lkcm9wc10gV0dMQyBmb3IgZHJhZnQtaWV0Zi1zaWRyb3BzLW92LWNsYXJpZnktMDA8 bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFs IiBzdHlsZT0ibWFyZ2luLWxlZnQ6LjVpbiI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8L2Rpdj4N CjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tbGVmdDouNWluIj48YSBuYW1lPSJf TWFpbE9yaWdpbmFsQm9keSI+PHNwYW4gc3R5bGU9ImNvbG9yOmJsYWNrO2JhY2tncm91bmQ6d2hp dGUiPlRoZSBkcmFmdCBjYW4gYmUgZm91bmQgYXQ6PHNwYW4gY2xhc3M9ImFwcGxlLWNvbnZlcnRl ZC1zcGFjZSI+Jm5ic3A7PC9zcGFuPjwvc3Bhbj48L2E+PHNwYW4gc3R5bGU9Im1zby1ib29rbWFy azpfTWFpbE9yaWdpbmFsQm9keSI+PC9zcGFuPjxhIGhyZWY9Imh0dHBzOi8vbmEwMS5zYWZlbGlu a3MucHJvdGVjdGlvbi5vdXRsb29rLmNvbS8/dXJsPWh0dHBzJTNBJTJGJTJGZGF0YXRyYWNrZXIu aWV0Zi5vcmclMkZkb2MlMkZkcmFmdC1pZXRmLXNpZHJvcHMtb3YtY2xhcmlmeSUyRiZhbXA7ZGF0 YT0wMiU3QzAxJTdDZG91Z20lNDBuaXN0LmdvdiU3QzU2OGEwMDA0OWVjMDQ3N2YzZTlhMDhkNTdl ZWVkNzE2JTdDMmFiNWQ4MmZkOGZhNDc5N2E5M2UwNTQ2NTVjNjFkZWMlN0MxJTdDMCU3QzYzNjU1 NDQ4NjYzOTgxMDI2MSZhbXA7c2RhdGE9cWRiVWZPOVVtVWlsMGlmSmk1OTFvJTJGOGNJVlkyTDUl MkJhR29RYzBQRjU5ckElM0QmYW1wO3Jlc2VydmVkPTAiPjxzcGFuIHN0eWxlPSJtc28tYm9va21h cms6X01haWxPcmlnaW5hbEJvZHkiPjxzcGFuIHN0eWxlPSJjb2xvcjojOTU0RjcyIj5odHRwczov L2RhdGF0cmFja2VyLmlldGYub3JnL2RvYy9kcmFmdC1pZXRmLXNpZHJvcHMtb3YtY2xhcmlmeS88 L3NwYW4+PC9zcGFuPjxzcGFuIHN0eWxlPSJtc28tYm9va21hcms6X01haWxPcmlnaW5hbEJvZHki Pjwvc3Bhbj48L2E+PHNwYW4gc3R5bGU9Im1zby1ib29rbWFyazpfTWFpbE9yaWdpbmFsQm9keSI+ PHNwYW4gc3R5bGU9ImNvbG9yOmJsYWNrO2JhY2tncm91bmQ6d2hpdGUiPi48L3NwYW4+PC9zcGFu PjxzcGFuIHN0eWxlPSJtc28tYm9va21hcms6X01haWxPcmlnaW5hbEJvZHkiPjwvc3Bhbj48bzpw PjwvbzpwPjwvcD4NCjwvZGl2Pg0KPC9ib2R5Pg0KPC9odG1sPg0K --_000_554BE4EFD3814CF1923D4E38F494915Enistgov_-- From nobody Fri Mar 30 03:45:16 2018 Return-Path: X-Original-To: sidrops@ietf.org Delivered-To: sidrops@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 5F44912D7E2; Fri, 30 Mar 2018 03:45:00 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: Cc: sidrops@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.76.2 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <152240670034.20402.12145772739277753805@ietfa.amsl.com> Date: Fri, 30 Mar 2018 03:45:00 -0700 Archived-At: Subject: [Sidrops] I-D Action: draft-ietf-sidrops-https-tal-01.txt X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Mar 2018 10:45:00 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the SIDR Operations WG of the IETF. Title : Resource Public Key Infrastructure (RPKI) Trust Anchor Locator Authors : Geoff Huston Samuel Weiler George Michaelson Stephen Kent Tim Bruijnzeels Filename : draft-ietf-sidrops-https-tal-01.txt Pages : 10 Date : 2018-03-30 Abstract: This document defines a Trust Anchor Locator (TAL) for the Resource Public Key Infrastructure (RPKI). This document obsoletes RFC 7730 by adding support for HTTPS URIs in a TAL. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-sidrops-https-tal/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-sidrops-https-tal-01 https://datatracker.ietf.org/doc/html/draft-ietf-sidrops-https-tal-01 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-sidrops-https-tal-01 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Fri Mar 30 03:59:59 2018 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 507B812D77D for ; Fri, 30 Mar 2018 03:59:57 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.91 X-Spam-Level: X-Spam-Status: No, score=-6.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dCyBLoeyZD6E for ; Fri, 30 Mar 2018 03:59:55 -0700 (PDT) Received: from molamola.ripe.net (molamola.ripe.net [IPv6:2001:67c:2e8:11::c100:1371]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 610CC1200A0 for ; Fri, 30 Mar 2018 03:59:55 -0700 (PDT) Received: from nene.ripe.net ([193.0.23.10]) by molamola.ripe.net with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1f1rlB-000CPv-5j for sidrops@ietf.org; Fri, 30 Mar 2018 12:59:54 +0200 Received: from sslvpn.ripe.net ([193.0.20.230] helo=vpn-68.ripe.net) by nene.ripe.net with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.89) (envelope-from ) id 1f1rlB-0008Jr-1a; Fri, 30 Mar 2018 12:59:53 +0200 Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\)) From: Tim Bruijnzeels In-Reply-To: <152240670034.20402.12145772739277753805@ietfa.amsl.com> Date: Fri, 30 Mar 2018 12:59:34 +0200 Content-Transfer-Encoding: quoted-printable Message-Id: <507399A6-FCEB-499A-A552-F07C872CAD3E@ripe.net> References: <152240670034.20402.12145772739277753805@ietfa.amsl.com> To: SIDR Operations WG X-Mailer: Apple Mail (2.3445.5.20) X-ACL-Warn: Delaying message X-RIPE-Spam-Level: ------- X-RIPE-Spam-Report: Spam Total Points: -7.5 points pts rule name description ---- ---------------------- ------------------------------------ -7.5 ALL_TRUSTED Passed through trusted hosts only via SMTP -0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay domain X-RIPE-Signature: 784d7acfe6559f2a0b602ec6519a0719543fd4eb23beb578612763de6410018e Archived-At: Subject: Re: [Sidrops] I-D Action: draft-ietf-sidrops-https-tal-01.txt X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Mar 2018 10:59:57 -0000 Dear WG, This -01 version reinstates the RFC7730 authors in the original order, = with myself added to the end. Other than the following remark has been removed from the HTTPS = Considerations section: REMOVE LATER: The following text is inspired by the equivalent = =09 section in [RFC8182], but adapted for this case. As before, please have a look at the HTTPS Considerations section and = speak up if you see anything here that you wish to discuss. In a = nutshell this text says that it=E2=80=99s good to an RP SHOULD do best = effort TLS verification and warn in case of issues, but MUST continue to = retrieve data because a retrieved Trust Anchor certificate can still be = verified and used even if the channel isn=E2=80=99t trusted. But then of = course worded more formally, and including pointers that were added = during the IESG review of RFC8182. If I don=E2=80=99t hear any other remarks and if none of the re-instated = authors prefer to be acknowledged instead, then I will ask the co-chairs = for last call on this in a week or two from now, Kind regards Tim Bruijnzeels > On 30 Mar 2018, at 12:45, internet-drafts@ietf.org wrote: >=20 >=20 > A New Internet-Draft is available from the on-line Internet-Drafts = directories. > This draft is a work item of the SIDR Operations WG of the IETF. >=20 > Title : Resource Public Key Infrastructure (RPKI) = Trust Anchor Locator > Authors : Geoff Huston > Samuel Weiler > George Michaelson > Stephen Kent > Tim Bruijnzeels > Filename : draft-ietf-sidrops-https-tal-01.txt > Pages : 10 > Date : 2018-03-30 >=20 > Abstract: > This document defines a Trust Anchor Locator (TAL) for the Resource > Public Key Infrastructure (RPKI). This document obsoletes RFC 7730 > by adding support for HTTPS URIs in a TAL. >=20 >=20 > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-sidrops-https-tal/ >=20 > There are also htmlized versions available at: > https://tools.ietf.org/html/draft-ietf-sidrops-https-tal-01 > https://datatracker.ietf.org/doc/html/draft-ietf-sidrops-https-tal-01 >=20 > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=3Ddraft-ietf-sidrops-https-tal-01 >=20 >=20 > Please note that it may take a couple of minutes from the time of = submission > until the htmlized version and diff are available at tools.ietf.org. >=20 > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ >=20 > _______________________________________________ > Sidrops mailing list > Sidrops@ietf.org > https://www.ietf.org/mailman/listinfo/sidrops >=20