From nobody Mon Apr 2 15:56:01 2018 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ABFD112DA15 for ; Mon, 2 Apr 2018 15:55:59 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.911 X-Spam-Level: X-Spam-Status: No, score=-6.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nd286wfiqHfr for ; Mon, 2 Apr 2018 15:55:58 -0700 (PDT) Received: from ran.psg.com (ran.psg.com [IPv6:2001:418:8006::18]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1B6B01252BA for ; Mon, 2 Apr 2018 15:55:58 -0700 (PDT) Received: from localhost ([127.0.0.1] helo=ryuu.rg.net) by ran.psg.com with esmtp (Exim 4.86_2) (envelope-from ) id 1f38Mk-0001Eq-FR; Mon, 02 Apr 2018 22:55:54 +0000 Date: Mon, 02 Apr 2018 15:55:53 -0700 Message-ID: From: Randy Bush To: "Montgomery, Douglas (Fed)" Cc: Keyur Patel , "sidrops@ietf.org" In-Reply-To: <554BE4EF-D381-4CF1-923D-4E38F494915E@nist.gov> References: <554BE4EF-D381-4CF1-923D-4E38F494915E@nist.gov> User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/25.3 Mule/6.0 (HANACHIRUSATO) MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") Content-Type: text/plain; charset=ISO-2022-JP Archived-At: Subject: Re: [Sidrops] WGLC for draft-ietf-sidrops-ov-clarify-00 X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Apr 2018 22:56:00 -0000 > $B!H(BThis means that, on a router, all routes in BGP, absent operator > configuration otherwise, MUST have been marked because they were > either received via BGP (whether eBGP or iBGP), redistributed from > an IGP, static, or directly connected, or any other distribution > into BGP. > > When redistributing into BGP from connected, static, IGP, iBGP, > etc., there is no AS_PATH in the input to allow RPKI validation of > the originating AS. In such cases, the router SHOULD use the AS of > the router's BGP configuration.$B!I(B > > In a situation where internal more specific routes are redistributed > into iBGP for use internal to the AS, but summarized into an aggregate > before being originated in eBGP, and the ROA for the eBGP aggregate is > set tight (e.g., equal to the aggregate length), how do we suggest > this is to be handled? > > For example I use /24s internally, but only originate a /16 > externally, and have a ROA with MaxLength=16. Without further > configuration/action this would result in the internal /24s would be > marked Invalid, but clearly I don$B!G(Bt want them to be deprefed or > dropped. > > The choices seem to be that I have the ability to write route policy > that exempts local routes from the an overall policy (e.g., drop > invalid, unless it is a locally generated iBGP route), or I create > SLURM entries to make the /24s valid, only in my AS, but not in the > public RPKI data? Either of these choices has some configuration > complexity. > > Are there other ways of handling this. Do implementations provide > enough policy knobs to allow me to apply OV policies to some iBGP > routes, but not others (e.g., locally originated)? yes, per-prefix configyration seems to work on the implementations i have used. randy From nobody Tue Apr 3 12:52:33 2018 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B9F1E1267BB for ; Tue, 3 Apr 2018 12:52:31 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=netorgft1331857.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lWQ881WD5w0E for ; Tue, 3 Apr 2018 12:52:29 -0700 (PDT) Received: from NAM03-DM3-obe.outbound.protection.outlook.com (mail-dm3nam03on0068.outbound.protection.outlook.com [104.47.41.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AA4C9124F57 for ; Tue, 3 Apr 2018 12:52:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=NETORGFT1331857.onmicrosoft.com; s=selector1-arrcus-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=upuKFygiszv3BnoMeVTtkWszFBjeJdH+LW7W3UYDXp4=; b=V9q6Z1MHdg8/kTbjwNGm83zHd4djSEatpqh9BPhtp09zU4cellugb7paIBmw479ORZdkVnHKsyZytHev84R0EtG06BpleP21NA+nGFIa3ZLTFFzU5d+Unz6SAPp2ynqi6s7CHaaTcifXUyg9ucYur8K+F5PMAwmOTEBP6DwGi/s= Received: from BY2PR18MB0328.namprd18.prod.outlook.com (10.163.192.30) by BY2PR18MB0248.namprd18.prod.outlook.com (10.163.72.150) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.631.10; Tue, 3 Apr 2018 19:52:24 +0000 Received: from BY2PR18MB0328.namprd18.prod.outlook.com ([10.163.192.30]) by BY2PR18MB0328.namprd18.prod.outlook.com ([10.163.192.30]) with mapi id 15.20.0631.013; Tue, 3 Apr 2018 19:52:24 +0000 From: Keyur Patel To: "sidrops@ietf.org" Thread-Topic: SIDROPS IETF-101 meeting minutes Thread-Index: AQHTy4VJXRgBR6ou20WMYzpKVhNpow== Date: Tue, 3 Apr 2018 19:52:24 +0000 Message-ID: <756BF83A-17EC-4EAF-84E9-6EFD54D3A586@arrcus.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=keyur@arrcus.com; x-originating-ip: [75.8.210.205] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; BY2PR18MB0248; 7:gEDJhp4UE88Geh11ANoRftc1XOMrem+JK3r289HUlIfl/PrBAGdphnBigzTLxrCIXw4Dq94MF8kZaRy2zZpTli1UI6NtQQhZyrNQK7GxaTiLbONgMg3IKYAJVxOOvt3Kub0FAmMSsukzUmMsqoXXYsUKcoNdr/OGi3Dp5MmLr+8zqUIJkvv/mnKs2XYfh0Tdy5lgrFZIH7YzYGL5kyEyROZiAsAWy+G2eXlctChIppw6oG5Dit6SbDbUYCaynJON x-ms-exchange-antispam-srfa-diagnostics: SOS; x-ms-office365-filtering-correlation-id: d73a62d6-f1f2-42f5-18a8-08d5999c6be0 x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(7021125)(5600026)(4604075)(3008032)(4534165)(7022125)(4603075)(4627221)(201702281549075)(7048125)(7024125)(7027125)(7028125)(7023125)(2017052603328)(7153060)(7193020); SRVR:BY2PR18MB0248; x-ms-traffictypediagnostic: BY2PR18MB0248: x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(28532068793085)(158342451672863)(120809045254105)(21748063052155); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040522)(2401047)(8121501046)(5005006)(3231221)(944501327)(52105095)(3002001)(10201501046)(93006095)(93001095)(6041310)(2016111802025)(20161123562045)(20161123560045)(20161123564045)(20161123558120)(6043046)(6072148)(201708071742011); SRVR:BY2PR18MB0248; BCL:0; PCL:0; RULEID:; SRVR:BY2PR18MB0248; x-forefront-prvs: 0631F0BC3D x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(396003)(39380400002)(346002)(376002)(39830400003)(366004)(199004)(189003)(7736002)(6116002)(6506007)(476003)(2616005)(66066001)(106356001)(2501003)(83716003)(606006)(77096007)(25786009)(5890100001)(8936002)(99286004)(86362001)(2900100001)(81166006)(316002)(8676002)(478600001)(82746002)(81156014)(186003)(3846002)(1730700003)(3280700002)(36756003)(2351001)(105586002)(59450400001)(2906002)(6306002)(102836004)(54896002)(26005)(14454004)(5660300001)(6512007)(6436002)(33656002)(53936002)(5640700003)(6916009)(68736007)(97736004)(966005)(6486002)(3660700001)(236005)(486006); DIR:OUT; SFP:1101; SCL:1; SRVR:BY2PR18MB0248; H:BY2PR18MB0328.namprd18.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: arrcus.com does not designate permitted sender hosts) x-microsoft-antispam-message-info: cOjnzxgLwBVAX8Bfq+p5AidZc/xuDVC7JXklMbKTQ62k77Zetq7m2xPyqeawqUy+Kdc4bbyKK7VxZsvv7LbkAOkjbP1PXvb/i8nVfrF9NJwE+oAjUy58iLgn11NL6ejluQbFBWUnPspPmyNhUp493Mtr+Z9DnH0kH2E6JKF16CL6lrgst7pT/inT9zAwWNh5IqE+LeUgRsSq1Rz2VYwQg/5X7O0/nxAFsq1xDMTXuK3fwJt5MmTkxwLet9umgj3r2oc5n7CCGNvF0SIEjB3DEPJ/4+xx0Nz8P0L+cMfU3udwd8w5aJmXQcP7M4zTqwB9bklhVRGPeX6KEpiLA38J6LpEm9Aw1Mfw7mcKiRxI40tcgIdKFkUQj7KBEsI9GQ6tC7rQ5YGoOL8iR+xhMHuOLxWQaUel/5jBRSXlEgXMLGs= spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: multipart/alternative; boundary="_000_756BF83A17EC4EAF84E96EFD54D3A586arrcuscom_" MIME-Version: 1.0 X-OriginatorOrg: arrcus.com X-MS-Exchange-CrossTenant-Network-Message-Id: d73a62d6-f1f2-42f5-18a8-08d5999c6be0 X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Apr 2018 19:52:24.4558 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 697b3529-5c2b-40cf-a019-193eb78f6820 X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY2PR18MB0248 Archived-At: Subject: [Sidrops] SIDROPS IETF-101 meeting minutes X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Apr 2018 19:52:32 -0000 --_000_756BF83A17EC4EAF84E96EFD54D3A586arrcuscom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Rm9sa3MsDQoNCk1lZXRpbmcgbWludXRlcyBvZiBvdXIgU0lEUk9QUyBtZWV0aW5nIGF0IElFVEYt MTAxIGF0dGFjaGVkIChhbmQgcG9zdGVkKS4NCg0KVGhhbmsgeW91IEdlb2ZmIEh1c3RvbiBmb3Ig dGFraW5nIG5vdGVzLg0KDQpSZWdhcmRzLA0KS2V5dXINCg0KaHR0cHM6Ly9kYXRhdHJhY2tlci5p ZXRmLm9yZy9kb2MvbWludXRlcy0xMDEtc2lkcm9wcy8NCg0KDQpTdGF0dXM6IEFzIHBlciBkYXRh IHRyYWNrZXINCiAgTFRBIFVzZXMgY2FzZXMgaXMgcHJvYmFibHkgQ2hyaXMgTW9ycm93J3MgZmF1 bHQNCiAgUXVlc3Rpb24gb3ZlciB0cmVlLXZhbGlkYXRpb24gZHJhZnQgLSBDaGFpciB0byBmb2xs b3cgdXANCg0KDQoxKSBkcmFmdC1pZXRmLXNpZHJvcHMtcm91dGUtc2VydmVyLXJwa2ktbGlnaHQN Cg0KICAgSm9iIFNuaWpkZXJzOiBVbmF1dGhvcml6ZWQgQkdQIHByb3BhZ2F0aW9uIG9mIGEgbW9y ZSBzcGVjaWZpYyByb3V0ZSBvZiBhbiBleGNoYW5nZSB3b3VsZCBjYXNlIHNvbWUgcm91dGluZyBk YW1hZ2UsIGFuZCB0aGUgbWFya2luZyBvZiBpdCB3aXRob3V0IHJlY291cnNlIHRvIGEgUk9BIHdv dWxkIGJlIGEgcG9vciBtb3ZlIC0gdGhleSBzaG91bGQgYWx3YXlzIGJlIGVuY291cmFnZWQgdG8g ZHJvcCBpbnZhbGlkcy4NCiAgIFJlc3BvbnNlOiB1c2UgYSBzZXBhcmF0ZSBkcmFmdD8NCiAgIFJl c3BvbnNlOiBUaGUgYWltIGl0IHRvIGRvY3VtZW50IGEgc3RhbmRhcmQgYmVzdCBvcGVyYXRvciBw cmFjdGljZSBmb3IgZXhjaGFuZ2VzDQogICBKb2I6IHdoeSB1c2UgYW4gZXh0ZW5kZWQgY29tbXVu aXR5IHRvIHRhZyBhbm5vdW5jZW1lbnRzPyBXaHkgaXMgY3VycmVudCBwcmFjdGljZSBub3Qgc3Vm ZmljaWVudD8gV2h5IGRvIHlvdSBuZWVkIGFuIFJGQw0KICAgUmVzcG9uc2U6IFdlIHRoaW5rIGl0 IGlzIHdpZGVseSBhcHBsaWNhYmxlIGFuZCBtZXJpdHMgYW4gUkZDDQogICBBc2ltb3Y6IElmIHlv dSBhbHJlYWR5IGhhdmUgdHdvIG1ldGhvZHMgdGhhdCBhbHJlYWR5IGFjaGlldmUgSVggZmlsdGVy aW5nLCB3aHkgcHJvcG9zZSBhIHRoaXJkIG1ldGhvZD8NCiAgIFJlc3BvbnNlOiBSUEtJIGhhcyBh IG1vcmUgc29saWQgZm91bmRhdGlvbiBvdmVyIElSUiBmaWx0ZXJpbmcuDQogICBBc2ltb3Y6IERv IHlvdSBiZWxpZXZlIHRoYXQgeW91ciBjdXN0b21lcnMgd2lsbCB1c2UgQkdQIGNvbW11bml0aWVz IGZvciB0aGlzIHB1cnBvc2U/DQogICBSZXNwb25zZTogV2UgaGF2ZSBjdXN0b21lcnMgYWxyZWFk eSBkb2luZyB0aGlzIGFuZCB3YW50IHRvIHN0YW5kYXJkaXplIHRoaXMNCiAgIFJ1ZGlnZXIgVm9s azogRGlkIG5vdCBwcm9kdWNlIGEgZHJhZnQgb24gaG93IHRvIHVzZSB0aGUgZXhwYW5kZWQgY29k ZSBzcGFjZSB0byBkZXNjcmliZSBwb2xpY2llcyBhcyBsZWFkaW5nIHRvIGEgQkNQIG9uIGNvbW1v biB3YXlzIHRvIGRlc2NyaWJlIHJvdXRpbmcgaW50ZW50IC0gZmFyIGJldHRlciB0aGFuIHRoZSBv bGQgZXh0ZW5kZWQgY29tbXVuaXRpZXMuIFRoZSBvcGVuIGNvbW11bml0eSBhdHRyaWJ1dGUgZG9l cyBub3QgbmVlZCB0byBhd2FpdCB2ZW5kb3Igc3VwcG9ydCBmb3IgdGhpcy4gaS5lLiBhbnlvbmUg Y2FuIGdldCBhbiBBUyBjb2RlIHBvaW50IHRvIG1hcmsgdGhlaXIgY29tbXVuaXRpZXMuDQogICBS dWRpZ2VyOiBXaGljaCB0cnVzdCBhbmNob3JzIGFyZSB5b3UgdXNpbmcgdG8gZ2VuZXJhdGUgeW91 ciBjb21tdW5pdHktYmFzZWQgbWFya3M/DQogICBSZXNwb25zZTogV2UgbGVhdmUgdHJ1c3QgdG8g dGhlIGN1c3RvbWVycw0KICAgRG91ZyBNb250Z29tZXJ5OiBTY29wZSAtIGFsbCBvZiB0aGVzZSBk ZXNjcmlwdGlvbnMgb2YgYWN0aW9ucyBvZiBkcm9wcGluZyBhbmQgdGFnZ2luZyBhcmUgYWN0aW9u cyBhbHJlYWR5IGtub3cgLSB3aGF04oCZcyB0aGUgcHVycG9zZQ0KICAgUmVzcG9uc2U6IHN0YW5k YXJkaXplZCBtZWNoYW5pc21zDQoNCiAgQ2hhaXJzOiB0aGVyZSBpcyBhIGJ1bmNoIG9mIGZvbGxv dy11cCBjb252ZXJzYXRpb25zIGhlcmUsIGFsbCBvZiB3aGljaCBjb3VsZCBiZSBvbiB0aGUgbWFp bGluZyBsaXN0DQoNCjIpIE9yaWdpbiBWYWxpZGF0aW9uIFBvbGljeSBDb25zaWRlcmF0aW9ucyBm b3IgRHJvcHBpbmcgSW52YWxpZCBSb3V0ZXMNCiAgS2V5dXIgUGF0ZWw6IEFzIGFuIGltcGxlbWVu dGVyIHdvdWxkIHlvdSBldmVyIGdldCBhIHJlcXVlc3QgdG8gTk9UIGNvbnNpZGVyIHRoZSBEZWNp c2lvbiBQcm9jZXNzPyBNYXliZSB5b3Ugc2hvdWxkIHByb3ZpZGUgdGhhdCBmbGV4aWJpbGl0eSBp biB0aGUgZHJhZnQNCiAgS2V5dXIgUGF0ZWw6IEhvdyBtYW55IGxldmVscyBzaG91bGQgeW91IHJl Y3Vyc2UgdGhyb3VnaCB0byBmaW5kIHRoZSBjb3ZlcmluZyB2YWxpZCBhZ2dyZWdhdGU/DQogIFJl c3BvbnNlOiBObyBsaW1pdCBzcGVjaWZpZWQNCiAgV2FycmVuOiBXaGF0IGhhcHBlbnMgd2hlbiB0 aGUgY292ZXJpbmcgYWdncmVnYXRlIGZsYXBzPw0KICBKb2huIFNjdWRkZXI6IFF1ZXN0aW9uIG9u IG11bHRpLWhvbWluZyBleGFtcGxlIC0gdGhlIGdlbmVyaWMgb2JzZXJ2YXRpb24gaXMgdGhhdCB3 ZSBjYW4ndCBqdXN0IGVhc2lseSBkaXNtaXNzIHRoaXMgcHJvYmxlbQ0KICBKb2IgU25pamRlcnM6 IFRoZXJlIGlzIFpFUk8gZGVwbG95bWVudCBvZiBvcmlnaW4gdmFsaWRhdGlvbi4gVGhlIG9ic2Vy dmF0aW9uIGlzIHdoZXRoZXIgdGhlcmUgaXMgYW4gaW5jcmVtZW50YWwgcGF0aCB0b3dhcmRzIGRl cGxveW1lbnQgdGhhdCBkb2VzIG5vdCBjYXVzZSBzcHVyaW91cyBkcm9wcw0KICBSYW5keTogRG9u J3QgZG8gaXQgYXQgZXhjaGFuZ2UgcG9pbnRzDQogIFt0aW1lb3V0XQ0KICBDaGFpcnM6IHRha2Ug dGhpcyB0byB0aGUgbWFpbGluZyBsaXN0DQoNCjMpIGh0dHBzOi8vdG9vbHMuaWV0Zi5vcmcvaHRt bC9kcmFmdC1pZXRmLXNpZHJvcHMtc2lnbmVkLXRhbC0wMA0KICBSb2IgQXVzdGVpbjogdGhlIG1h aW4gcHVycG9zZSBzZWVtcyBvZiBiZSBmb3IgdW5wbGFubmVkIGtleSByb2xscyAtIHllcz8NCiAg Um9iIEF1c3RlaW46IHdoeSAyNCBob3Vycz8gV2hhdCBpcyB0aGUgcHJvYmxlbSBpbiBtYWtpbmcg aXQgbG9uZ2VyPw0KICBSb2IgQXVzdGFpbjogV2Ugc2hvdWxkIHRoaW5rIGFib3V0IHVucGxhbm5l ZCBrZXkgcm9sbHMNCiAgVGltOiBXZSBzaG91bGQgYmUgYXdhcmUgb2YgdGhlIGluY3JlbWVudGFs IGxvYWQgb24gUmVseWluZyBQYXJ0aWVzIGlmIHdlIG1ha2UgdGhpcyBwcm9jZXNzIG1vcmUgY29u dm9sdXRlZA0KDQo0KSBodHRwczovL3Rvb2xzLmlldGYub3JnL2h0bWwvZHJhZnQtdGJydWlqbnpl ZWxzLXNpZHJvcHMtaHR0cHMtdGFsLTAwDQogIHJlYWxseSByZWFsbHkgbWlub3IgY2hhbmdlIHRv IFJGQzc3MzANCiAgc2hpcCBpdA0KDQo1KSBSSVBFIE5DQyBSUEtJIFZhbGlkYXRvciAzIGFyY2hp dGVjdHVyZQ0KICBSb2IgQXVzdGVpbjogd2hlbiBpbXBsZW1lbnRpbmcgdGhlIGNsaWVudCBzaWRl IG9mIFJEUCBhbmQgdXNpbmcgUklQRSdzIGRhdGFiYXNlIG9uIHRoZSBzZXJ2ZXIgc2lkZSBJIG5v dGljZWQgZGlmZmVyZW50IGJlaGF2aW9yIC0gdGhlIGRpZmZlcmVuY2UgYmV0d2VlbiBmdWxsIGFu ZCBpbmNyZW1lbnRhbCB0cmFuc2ZlciAtIGRvIHlvdSBoYXZlIGltcGxlbWVudGF0aW9uIGV4cGVy aWVuY2U/DQogIFRpbTogbm90IHN1cmUgd2UgZW5jb3VudGVyZWQgdGhhdA0KICBUaW06IHN1cHBv cnQgb2YgdmFsaWRhdGlvbiByZWNvbnNpZGVyZWQ6IHdlIGhhZCBpdCBpbiBhbiBlYXJsaWVyIHZl cnNpb24gb2YgdGhlIGNvZGUuIFdlIGhhdmUgbm90IGRvbmUgaXQgaW4gdGhpcyBjb2RlIHlldC4g VGhlIG1vbWVudCB3ZSBwdWJsaXNoIGEgY2VydGlmaWNhdGUgd2l0aCBhIG5ldyBPSURzIGluIGl0 IHRoZW4gdGhpbmdzIHdpbGwgYnJlYWsuIFRoZSB0cmFuc2l0aW9uIGlzIHVuY2xlYXIgYW5kIHdl IGFyZSBub3QgY2xlYXIgaG93IHRvIGFwcHJvYWNoIHRoaXMuDQoNCjYpIGRyYWZ0LWlldGYtc2lk cm9wcy1ycC0wMA0KICBubyBxdWVzdGlvbnMNCg0KDQoNCg0KDQo= --_000_756BF83A17EC4EAF84E96EFD54D3A586arrcuscom_ Content-Type: text/html; charset="utf-8" Content-ID: <4CDAA79D551D1C4ABDFCB7215DB9B2DC@namprd18.prod.outlook.com> Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6bz0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6b2ZmaWNlIiB4 bWxuczp3PSJ1cm46c2NoZW1hcy1taWNyb3NvZnQtY29tOm9mZmljZTp3b3JkIiB4bWxuczptPSJo dHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL29mZmljZS8yMDA0LzEyL29tbWwiIHhtbG5zPSJo dHRwOi8vd3d3LnczLm9yZy9UUi9SRUMtaHRtbDQwIj4NCjxoZWFkPg0KPG1ldGEgaHR0cC1lcXVp dj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9dXRmLTgiPg0KPG1l dGEgbmFtZT0iVGl0bGUiIGNvbnRlbnQ9IiI+DQo8bWV0YSBuYW1lPSJLZXl3b3JkcyIgY29udGVu dD0iIj4NCjxtZXRhIG5hbWU9IkdlbmVyYXRvciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTUg KGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxlPjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8N CkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6IkNhbWJyaWEgTWF0aCI7DQoJcGFub3NlLTE6MiA0 IDUgMyA1IDQgNiAzIDIgNDt9DQpAZm9udC1mYWNlDQoJe2ZvbnQtZmFtaWx5OkNhbGlicmk7DQoJ cGFub3NlLTE6MiAxNSA1IDIgMiAyIDQgMyAyIDQ7fQ0KLyogU3R5bGUgRGVmaW5pdGlvbnMgKi8N CnAuTXNvTm9ybWFsLCBsaS5Nc29Ob3JtYWwsIGRpdi5Nc29Ob3JtYWwNCgl7bWFyZ2luOjBpbjsN CgltYXJnaW4tYm90dG9tOi4wMDAxcHQ7DQoJZm9udC1zaXplOjEyLjBwdDsNCglmb250LWZhbWls eTpDYWxpYnJpO30NCmE6bGluaywgc3Bhbi5Nc29IeXBlcmxpbmsNCgl7bXNvLXN0eWxlLXByaW9y aXR5Ojk5Ow0KCWNvbG9yOiMwNTYzQzE7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQph OnZpc2l0ZWQsIHNwYW4uTXNvSHlwZXJsaW5rRm9sbG93ZWQNCgl7bXNvLXN0eWxlLXByaW9yaXR5 Ojk5Ow0KCWNvbG9yOiM5NTRGNzI7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQpzcGFu LkVtYWlsU3R5bGUxNw0KCXttc28tc3R5bGUtdHlwZTpwZXJzb25hbC1jb21wb3NlOw0KCWZvbnQt ZmFtaWx5OkNhbGlicmk7DQoJY29sb3I6d2luZG93dGV4dDt9DQpzcGFuLm1zb0lucw0KCXttc28t c3R5bGUtdHlwZTpleHBvcnQtb25seTsNCgltc28tc3R5bGUtbmFtZToiIjsNCgl0ZXh0LWRlY29y YXRpb246dW5kZXJsaW5lOw0KCWNvbG9yOnRlYWw7fQ0KLk1zb0NocERlZmF1bHQNCgl7bXNvLXN0 eWxlLXR5cGU6ZXhwb3J0LW9ubHk7DQoJZm9udC1mYW1pbHk6Q2FsaWJyaTt9DQpAcGFnZSBXb3Jk U2VjdGlvbjENCgl7c2l6ZTo4LjVpbiAxMS4waW47DQoJbWFyZ2luOjEuMGluIDEuMGluIDEuMGlu IDEuMGluO30NCmRpdi5Xb3JkU2VjdGlvbjENCgl7cGFnZTpXb3JkU2VjdGlvbjE7fQ0KLS0+PC9z dHlsZT4NCjwvaGVhZD4NCjxib2R5IGJnY29sb3I9IndoaXRlIiBsYW5nPSJFTi1VUyIgbGluaz0i IzA1NjNDMSIgdmxpbms9IiM5NTRGNzIiPg0KPGRpdiBjbGFzcz0iV29yZFNlY3Rpb24xIj4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0Ij5Gb2xrcyw8 bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0i Zm9udC1zaXplOjExLjBwdCI+Jm5ic3A7PG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQiPk1lZXRpbmcgbWludXRl cyBvZiBvdXIgU0lEUk9QUyBtZWV0aW5nIGF0IElFVEYtMTAxIGF0dGFjaGVkIChhbmQgcG9zdGVk KS48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHls ZT0iZm9udC1zaXplOjExLjBwdCI+Jm5ic3A7PG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xh c3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQiPlRoYW5rIHlvdSBH ZW9mZiBIdXN0b24gZm9yIHRha2luZyBub3Rlcy48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdCI+Jm5ic3A7PG86 cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZv bnQtc2l6ZToxMS4wcHQiPlJlZ2FyZHMsPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQiPktleXVyPG86cD48L286 cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6 ZToxMS4wcHQiPiZuYnNwOzxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3Jt YWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0Ij48YSBocmVmPSJodHRwczovL2RhdGF0 cmFja2VyLmlldGYub3JnL2RvYy9taW51dGVzLTEwMS1zaWRyb3BzLyI+aHR0cHM6Ly9kYXRhdHJh Y2tlci5pZXRmLm9yZy9kb2MvbWludXRlcy0xMDEtc2lkcm9wcy88L2E+PG86cD48L286cD48L3Nw YW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4w cHQiPiZuYnNwOzxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxz cGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0Ij4mbmJzcDs8bzpwPjwvbzpwPjwvc3Bhbj48L3A+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdCI+U3Rh dHVzOiBBcyBwZXIgZGF0YSB0cmFja2VyPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQiPiZuYnNwOyZuYnNwO0xU QSBVc2VzIGNhc2VzIGlzIHByb2JhYmx5IENocmlzIE1vcnJvdydzIGZhdWx0PG86cD48L286cD48 L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTox MS4wcHQiPiZuYnNwOyZuYnNwO1F1ZXN0aW9uIG92ZXIgdHJlZS12YWxpZGF0aW9uIGRyYWZ0IC0g Q2hhaXIgdG8gZm9sbG93IHVwPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05v cm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQiPiZuYnNwOyZuYnNwOzxvOnA+PC9v OnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNp emU6MTEuMHB0Ij4mbmJzcDsmbmJzcDs8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0i TXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdCI+MSkgZHJhZnQtaWV0Zi1z aWRyb3BzLXJvdXRlLXNlcnZlci1ycGtpLWxpZ2h0PG86cD48L286cD48L3NwYW4+PC9wPg0KPHAg Y2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQiPiZuYnNwOzxv OnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJm b250LXNpemU6MTEuMHB0Ij4mbmJzcDsmbmJzcDsgSm9iIFNuaWpkZXJzOiBVbmF1dGhvcml6ZWQg QkdQIHByb3BhZ2F0aW9uIG9mIGEgbW9yZSBzcGVjaWZpYyByb3V0ZSBvZiBhbiBleGNoYW5nZSB3 b3VsZCBjYXNlIHNvbWUgcm91dGluZyBkYW1hZ2UsIGFuZCB0aGUgbWFya2luZyBvZiBpdCB3aXRo b3V0IHJlY291cnNlIHRvIGEgUk9BIHdvdWxkIGJlIGEgcG9vciBtb3ZlIC0gdGhleSBzaG91bGQg YWx3YXlzDQogYmUgZW5jb3VyYWdlZCB0byBkcm9wIGludmFsaWRzLjxvOnA+PC9vOnA+PC9zcGFu PjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0 Ij4mbmJzcDsmbmJzcDsgUmVzcG9uc2U6IHVzZSBhIHNlcGFyYXRlIGRyYWZ0PzxvOnA+PC9vOnA+ PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6 MTEuMHB0Ij4mbmJzcDsmbmJzcDsgUmVzcG9uc2U6IFRoZSBhaW0gaXQgdG8gZG9jdW1lbnQgYSBz dGFuZGFyZCBiZXN0IG9wZXJhdG9yIHByYWN0aWNlIGZvciBleGNoYW5nZXM8bzpwPjwvbzpwPjwv c3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEx LjBwdCI+Jm5ic3A7Jm5ic3A7IEpvYjogd2h5IHVzZSBhbiBleHRlbmRlZCBjb21tdW5pdHkgdG8g dGFnIGFubm91bmNlbWVudHM/IFdoeSBpcyBjdXJyZW50IHByYWN0aWNlIG5vdCBzdWZmaWNpZW50 PyBXaHkgZG8geW91IG5lZWQgYW4gUkZDPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQiPiZuYnNwOyZuYnNwOyBS ZXNwb25zZTogV2UgdGhpbmsgaXQgaXMgd2lkZWx5IGFwcGxpY2FibGUgYW5kIG1lcml0cyBhbiBS RkM8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHls ZT0iZm9udC1zaXplOjExLjBwdCI+Jm5ic3A7Jm5ic3A7IEFzaW1vdjogSWYgeW91IGFscmVhZHkg aGF2ZSB0d28gbWV0aG9kcyB0aGF0IGFscmVhZHkgYWNoaWV2ZSBJWCBmaWx0ZXJpbmcsIHdoeSBw cm9wb3NlIGEgdGhpcmQgbWV0aG9kPzxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0Ij4mbmJzcDsmbmJzcDsgUmVz cG9uc2U6IFJQS0kgaGFzIGEgbW9yZSBzb2xpZCBmb3VuZGF0aW9uIG92ZXIgSVJSIGZpbHRlcmlu Zy48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHls ZT0iZm9udC1zaXplOjExLjBwdCI+Jm5ic3A7Jm5ic3A7IEFzaW1vdjogRG8geW91IGJlbGlldmUg dGhhdCB5b3VyIGN1c3RvbWVycyB3aWxsIHVzZSBCR1AgY29tbXVuaXRpZXMgZm9yIHRoaXMgcHVy cG9zZT88bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBz dHlsZT0iZm9udC1zaXplOjExLjBwdCI+Jm5ic3A7Jm5ic3A7IFJlc3BvbnNlOiBXZSBoYXZlIGN1 c3RvbWVycyBhbHJlYWR5IGRvaW5nIHRoaXMgYW5kIHdhbnQgdG8gc3RhbmRhcmRpemUgdGhpczxv OnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJm b250LXNpemU6MTEuMHB0Ij4mbmJzcDsmbmJzcDsgUnVkaWdlciBWb2xrOiBEaWQgbm90IHByb2R1 Y2UgYSBkcmFmdCBvbiBob3cgdG8gdXNlIHRoZSBleHBhbmRlZCBjb2RlIHNwYWNlIHRvIGRlc2Ny aWJlIHBvbGljaWVzIGFzIGxlYWRpbmcgdG8gYSBCQ1Agb24gY29tbW9uIHdheXMgdG8gZGVzY3Jp YmUgcm91dGluZyBpbnRlbnQgLSBmYXIgYmV0dGVyIHRoYW4gdGhlIG9sZCBleHRlbmRlZCBjb21t dW5pdGllcy4NCiBUaGUgb3BlbiBjb21tdW5pdHkgYXR0cmlidXRlIGRvZXMgbm90IG5lZWQgdG8g YXdhaXQgdmVuZG9yIHN1cHBvcnQgZm9yIHRoaXMuIGkuZS4gYW55b25lIGNhbiBnZXQgYW4gQVMg Y29kZSBwb2ludCB0byBtYXJrIHRoZWlyIGNvbW11bml0aWVzLjxvOnA+PC9vOnA+PC9zcGFuPjwv cD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0Ij4m bmJzcDsmbmJzcDsgUnVkaWdlcjogV2hpY2ggdHJ1c3QgYW5jaG9ycyBhcmUgeW91IHVzaW5nIHRv IGdlbmVyYXRlIHlvdXIgY29tbXVuaXR5LWJhc2VkIG1hcmtzPzxvOnA+PC9vOnA+PC9zcGFuPjwv cD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0Ij4m bmJzcDsmbmJzcDsgUmVzcG9uc2U6IFdlIGxlYXZlIHRydXN0IHRvIHRoZSBjdXN0b21lcnM8bzpw PjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9u dC1zaXplOjExLjBwdCI+Jm5ic3A7Jm5ic3A7IERvdWcgTW9udGdvbWVyeTogU2NvcGUgLSBhbGwg b2YgdGhlc2UgZGVzY3JpcHRpb25zIG9mIGFjdGlvbnMgb2YgZHJvcHBpbmcgYW5kIHRhZ2dpbmcg YXJlIGFjdGlvbnMgYWxyZWFkeSBrbm93IC0gd2hhdOKAmXMgdGhlIHB1cnBvc2U8bzpwPjwvbzpw Pjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXpl OjExLjBwdCI+Jm5ic3A7Jm5ic3A7IFJlc3BvbnNlOiBzdGFuZGFyZGl6ZWQgbWVjaGFuaXNtczxv OnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJm b250LXNpemU6MTEuMHB0Ij4mbmJzcDsmbmJzcDsmbmJzcDs8bzpwPjwvbzpwPjwvc3Bhbj48L3A+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdCI+Jm5i c3A7Jm5ic3A7Q2hhaXJzOiB0aGVyZSBpcyBhIGJ1bmNoIG9mIGZvbGxvdy11cCBjb252ZXJzYXRp b25zIGhlcmUsIGFsbCBvZiB3aGljaCBjb3VsZCBiZSBvbiB0aGUgbWFpbGluZyBsaXN0PG86cD48 L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQt c2l6ZToxMS4wcHQiPiZuYnNwOyZuYnNwOzxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNz PSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0Ij4yKSBPcmlnaW4gVmFs aWRhdGlvbiBQb2xpY3kgQ29uc2lkZXJhdGlvbnMgZm9yIERyb3BwaW5nIEludmFsaWQgUm91dGVz PG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9 ImZvbnQtc2l6ZToxMS4wcHQiPiZuYnNwOyZuYnNwO0tleXVyIFBhdGVsOiBBcyBhbiBpbXBsZW1l bnRlciB3b3VsZCB5b3UgZXZlciBnZXQgYSByZXF1ZXN0IHRvIE5PVCBjb25zaWRlciB0aGUgRGVj aXNpb24gUHJvY2Vzcz8gTWF5YmUgeW91IHNob3VsZCBwcm92aWRlIHRoYXQgZmxleGliaWxpdHkg aW4gdGhlIGRyYWZ0PG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+ PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQiPiZuYnNwOyZuYnNwO0tleXVyIFBhdGVsOiBI b3cgbWFueSBsZXZlbHMgc2hvdWxkIHlvdSByZWN1cnNlIHRocm91Z2ggdG8gZmluZCB0aGUgY292 ZXJpbmcgdmFsaWQgYWdncmVnYXRlPzxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0Ij4mbmJzcDsmbmJzcDtSZXNw b25zZTogTm8gbGltaXQgc3BlY2lmaWVkPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQiPiZuYnNwOyZuYnNwO1dh cnJlbjogV2hhdCBoYXBwZW5zIHdoZW4gdGhlIGNvdmVyaW5nIGFnZ3JlZ2F0ZSBmbGFwcz88bzpw PjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9u dC1zaXplOjExLjBwdCI+Jm5ic3A7Jm5ic3A7Sm9obiBTY3VkZGVyOiBRdWVzdGlvbiBvbiBtdWx0 aS1ob21pbmcgZXhhbXBsZSAtIHRoZSBnZW5lcmljIG9ic2VydmF0aW9uIGlzIHRoYXQgd2UgY2Fu J3QganVzdCBlYXNpbHkgZGlzbWlzcyB0aGlzIHByb2JsZW08bzpwPjwvbzpwPjwvc3Bhbj48L3A+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdCI+Jm5i c3A7Jm5ic3A7Sm9iIFNuaWpkZXJzOiBUaGVyZSBpcyBaRVJPIGRlcGxveW1lbnQgb2Ygb3JpZ2lu IHZhbGlkYXRpb24uIFRoZSBvYnNlcnZhdGlvbiBpcyB3aGV0aGVyIHRoZXJlIGlzIGFuIGluY3Jl bWVudGFsIHBhdGggdG93YXJkcyBkZXBsb3ltZW50IHRoYXQgZG9lcyBub3QgY2F1c2Ugc3B1cmlv dXMgZHJvcHM8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3Bh biBzdHlsZT0iZm9udC1zaXplOjExLjBwdCI+Jm5ic3A7Jm5ic3A7UmFuZHk6IERvbid0IGRvIGl0 IGF0IGV4Y2hhbmdlIHBvaW50czxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29O b3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0Ij4mbmJzcDsmbmJzcDtbdGltZW91 dF08bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHls ZT0iZm9udC1zaXplOjExLjBwdCI+Jm5ic3A7Jm5ic3A7Q2hhaXJzOiB0YWtlIHRoaXMgdG8gdGhl IG1haWxpbmcgbGlzdDxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi PjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0Ij4mbmJzcDsmbmJzcDs8bzpwPjwvbzpwPjwv c3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEx LjBwdCI+MykmbmJzcDs8YSBocmVmPSJodHRwczovL3Rvb2xzLmlldGYub3JnL2h0bWwvZHJhZnQt aWV0Zi1zaWRyb3BzLXNpZ25lZC10YWwtMDAiPmh0dHBzOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9k cmFmdC1pZXRmLXNpZHJvcHMtc2lnbmVkLXRhbC0wMDwvYT48bzpwPjwvbzpwPjwvc3Bhbj48L3A+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdCI+Jm5i c3A7Jm5ic3A7Um9iIEF1c3RlaW46IHRoZSBtYWluIHB1cnBvc2Ugc2VlbXMgb2YgYmUgZm9yIHVu cGxhbm5lZCBrZXkgcm9sbHMgLSB5ZXM/PG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQiPiZuYnNwOyZuYnNwO1Jv YiBBdXN0ZWluOiB3aHkgMjQgaG91cnM/IFdoYXQgaXMgdGhlIHByb2JsZW0gaW4gbWFraW5nIGl0 IGxvbmdlcj88bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3Bh biBzdHlsZT0iZm9udC1zaXplOjExLjBwdCI+Jm5ic3A7Jm5ic3A7Um9iIEF1c3RhaW46IFdlIHNo b3VsZCB0aGluayBhYm91dCB1bnBsYW5uZWQga2V5IHJvbGxzPG86cD48L286cD48L3NwYW4+PC9w Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQiPiZu YnNwOyZuYnNwO1RpbTogV2Ugc2hvdWxkIGJlIGF3YXJlIG9mIHRoZSBpbmNyZW1lbnRhbCBsb2Fk IG9uIFJlbHlpbmcgUGFydGllcyBpZiB3ZSBtYWtlIHRoaXMgcHJvY2VzcyBtb3JlIGNvbnZvbHV0 ZWQ8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHls ZT0iZm9udC1zaXplOjExLjBwdCI+Jm5ic3A7Jm5ic3A7PG86cD48L286cD48L3NwYW4+PC9wPg0K PHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQiPjQpJm5i c3A7PGEgaHJlZj0iaHR0cHM6Ly90b29scy5pZXRmLm9yZy9odG1sL2RyYWZ0LXRicnVpam56ZWVs cy1zaWRyb3BzLWh0dHBzLXRhbC0wMCI+aHR0cHM6Ly90b29scy5pZXRmLm9yZy9odG1sL2RyYWZ0 LXRicnVpam56ZWVscy1zaWRyb3BzLWh0dHBzLXRhbC0wMDwvYT48bzpwPjwvbzpwPjwvc3Bhbj48 L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdCI+ Jm5ic3A7Jm5ic3A7cmVhbGx5IHJlYWxseSBtaW5vciBjaGFuZ2UgdG8gUkZDNzczMDxvOnA+PC9v OnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNp emU6MTEuMHB0Ij4mbmJzcDsmbmJzcDtzaGlwIGl0PG86cD48L286cD48L3NwYW4+PC9wPg0KPHAg Y2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQiPiZuYnNwOyZu YnNwOzxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0 eWxlPSJmb250LXNpemU6MTEuMHB0Ij41KSBSSVBFIE5DQyBSUEtJIFZhbGlkYXRvciAzIGFyY2hp dGVjdHVyZTxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFu IHN0eWxlPSJmb250LXNpemU6MTEuMHB0Ij4mbmJzcDsmbmJzcDtSb2IgQXVzdGVpbjogd2hlbiBp bXBsZW1lbnRpbmcgdGhlIGNsaWVudCBzaWRlIG9mIFJEUCBhbmQgdXNpbmcgUklQRSdzIGRhdGFi YXNlIG9uIHRoZSBzZXJ2ZXIgc2lkZSBJIG5vdGljZWQgZGlmZmVyZW50IGJlaGF2aW9yIC0gdGhl IGRpZmZlcmVuY2UgYmV0d2VlbiBmdWxsIGFuZCBpbmNyZW1lbnRhbCB0cmFuc2ZlciAtIGRvIHlv dSBoYXZlIGltcGxlbWVudGF0aW9uDQogZXhwZXJpZW5jZT88bzpwPjwvbzpwPjwvc3Bhbj48L3A+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdCI+Jm5i c3A7Jm5ic3A7VGltOiBub3Qgc3VyZSB3ZSBlbmNvdW50ZXJlZCB0aGF0PG86cD48L286cD48L3Nw YW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4w cHQiPiZuYnNwOyZuYnNwO1RpbTogc3VwcG9ydCBvZiB2YWxpZGF0aW9uIHJlY29uc2lkZXJlZDog d2UgaGFkIGl0IGluIGFuIGVhcmxpZXIgdmVyc2lvbiBvZiB0aGUgY29kZS4gV2UgaGF2ZSBub3Qg ZG9uZSBpdCBpbiB0aGlzIGNvZGUgeWV0LiBUaGUgbW9tZW50IHdlIHB1Ymxpc2ggYSBjZXJ0aWZp Y2F0ZSB3aXRoIGEgbmV3IE9JRHMgaW4gaXQgdGhlbiB0aGluZ3Mgd2lsbCBicmVhay4NCiBUaGUg dHJhbnNpdGlvbiBpcyB1bmNsZWFyIGFuZCB3ZSBhcmUgbm90IGNsZWFyIGhvdyB0byBhcHByb2Fj aCB0aGlzLjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFu IHN0eWxlPSJmb250LXNpemU6MTEuMHB0Ij4mbmJzcDsmbmJzcDs8bzpwPjwvbzpwPjwvc3Bhbj48 L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdCI+ NikgZHJhZnQtaWV0Zi1zaWRyb3BzLXJwLTAwJm5ic3A7Jm5ic3A7PG86cD48L286cD48L3NwYW4+ PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQi PiZuYnNwOyZuYnNwO25vIHF1ZXN0aW9uczxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNz PSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0Ij4mbmJzcDsmbmJzcDs8 bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0i Zm9udC1zaXplOjExLjBwdCI+Jm5ic3A7PG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQiPiZuYnNwOzxvOnA+PC9v OnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNp emU6MTEuMHB0Ij4mbmJzcDs8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9y bWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdCI+PG86cD4mbmJzcDs8L286cD48L3Nw YW4+PC9wPg0KPC9kaXY+DQo8L2JvZHk+DQo8L2h0bWw+DQo= --_000_756BF83A17EC4EAF84E96EFD54D3A586arrcuscom_-- From nobody Tue Apr 10 01:19:30 2018 Return-Path: X-Original-To: sidrops@ietf.org Delivered-To: sidrops@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id B663F126BF3; Tue, 10 Apr 2018 01:19:24 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: Cc: sidrops@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.77.1 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <152334836469.13552.6805519504749094719@ietfa.amsl.com> Date: Tue, 10 Apr 2018 01:19:24 -0700 Archived-At: Subject: [Sidrops] I-D Action: draft-ietf-sidrops-lta-use-cases-03.txt X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Apr 2018 08:19:25 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the SIDR Operations WG of the IETF. Title : Use Cases for Localized Versions of the RPKI Author : Randy Bush Filename : draft-ietf-sidrops-lta-use-cases-03.txt Pages : 5 Date : 2018-04-10 Abstract: There are a number of critical circumstances where a localized routing domain needs to augment or modify its view of the Global RPKI. This document attempts to outline a few of them. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-sidrops-lta-use-cases/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-sidrops-lta-use-cases-03 https://datatracker.ietf.org/doc/html/draft-ietf-sidrops-lta-use-cases-03 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-sidrops-lta-use-cases-03 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Tue Apr 10 08:16:40 2018 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D509A12D88F for ; Tue, 10 Apr 2018 08:16:38 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.699 X-Spam-Level: X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ClZo7YpDlsqD for ; Tue, 10 Apr 2018 08:16:37 -0700 (PDT) Received: from mail-vk0-x22e.google.com (mail-vk0-x22e.google.com [IPv6:2607:f8b0:400c:c05::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 451E112D95D for ; Tue, 10 Apr 2018 08:16:37 -0700 (PDT) Received: by mail-vk0-x22e.google.com with SMTP id z189so3216995vkd.1; Tue, 10 Apr 2018 08:16:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=PpSK/aqql2dsb9Mx1LUgt9bLVZKvlTHwQD9sqaWhu9U=; b=q2vhEltvTI2Ftjg9zPFR0WtxN/cTYw2jmPgHqgDO6xZqPvA2n3NJmoDwFJ0exkbWOm m4a1vu4qI4IqQlpo5EfTpc2EFRzB3aWcipeNl9y8gBvKU4/iBi+TTcNqqDdXVWpkxIls N4Tb/3N+ROiMlvOT+kB15MXSnWVpb0CGLk5QXkuir8Ro+SZIoNng+RbirITyO92sH/S/ qZRROdTwWUEHp461NTN+s4hMBIcSx9BQdbBujUTTXn8WIkPgn8Y/017pM/v1obWbfqKB hvjvv9EGR9LsfjGsqxOnpFgBIpZF1N/CkCmJa6haZDm1vF1zE5IifGIQYAhIKRC12DcN IgIQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=PpSK/aqql2dsb9Mx1LUgt9bLVZKvlTHwQD9sqaWhu9U=; b=V6Cf0jvar6cA7647FWfbmpVDn5F4tRsDH50FJD7wwCd/qvhpB3QwMh2m1hRlm+dllP doABnCQtUe58A9HX36A3IgN58bJoNahyLVQrWaVIXCop03VwSECPINVQrCQsHJxvYEjQ 0Gf5OjlAsQ/Zc+RpjpYaH4O2J/OBgsLH9n78brGjYQ00tiDbknHfgs1C+Jq4zq+LKSBb s/MVLyafPuVMNlakrejqtF1rmnZfTahbwlRXfgaaonS7te28VN/IzB+tpIUqwZWHimzw 1y8YUtLKinsDwNknAlHIRhOoVvQePjVoT9Gc7TgLVTJ8SaooNld1UnSYzVe7bwhrTERI ZXMQ== X-Gm-Message-State: ALQs6tA9bOc7YyqfOz1aH+sOm5O/AwvcgRtIpvqrKZfIa3mVjJoCXk9r /D4pBGl7O4ulhCvLWMXIKQEf0CG/prcOoW8IrGDO8jm4 X-Google-Smtp-Source: AIpwx48adwxWeXnjeZ9d5pHtYm6r54UMmsnMwpen7Kz1dljlPIrcPDZxg/+GN5L2F6m9JTnhTLUKQbjo4P3fP4OX0+s= X-Received: by 10.31.223.129 with SMTP id w123mr661761vkg.9.1523373395758; Tue, 10 Apr 2018 08:16:35 -0700 (PDT) MIME-Version: 1.0 Received: by 10.159.59.139 with HTTP; Tue, 10 Apr 2018 08:16:34 -0700 (PDT) From: Christopher Morrow Date: Tue, 10 Apr 2018 16:16:34 +0100 Message-ID: To: sidrops@ietf.org, sidr-ops-chairs@ietf.org Content-Type: multipart/alternative; boundary="94eb2c07dc901d5eca0569800234" Archived-At: Subject: [Sidrops] WGLC (ends Apr 24 2018) draft-ietf-sidrops-lta-use-cases X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Apr 2018 15:16:39 -0000 --94eb2c07dc901d5eca0569800234 Content-Type: text/plain; charset="UTF-8" Howdy gentle folks, We started (a long time ago, in a galaxy far far away) a WGLC for this document.. Then got distracted in re-naming the draft into SIDROPS namespace. Please take 2 weeks to think/read/comment on this draft, it hasn't changed since the last WGLC, save date refreshes :) here's the abstract: "There are a number of critical circumstances where a localized routing domain needs to augment or modify its view of the Global RPKI. This document attempts to outline a few of them." -chris co-chair --94eb2c07dc901d5eca0569800234 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Howdy gentle folks,
We started (a long time ago, in a = galaxy far far away) a WGLC for this document.. Then got distracted in re-n= aming the draft into SIDROPS namespace.

Please take 2 weeks t= o think/read/comment on this draft, it hasn't changed since the last WG= LC, save date refreshes :) here's the abstract:

=C2= =A0 "There are a number of critical circumstances where a localized
=C2=A0 =C2=A0routing domain needs to augment or modify its view of = the Global
=C2=A0 =C2=A0RPKI.=C2=A0 This document attempts to out= line a few of them."

-chris
co-chai= r
--94eb2c07dc901d5eca0569800234-- From nobody Tue Apr 10 08:17:21 2018 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E22A112D95E; Tue, 10 Apr 2018 08:17:18 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.999 X-Spam-Level: X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JZTp8wxvrPVc; Tue, 10 Apr 2018 08:17:17 -0700 (PDT) Received: from mail-ua0-x235.google.com (mail-ua0-x235.google.com [IPv6:2607:f8b0:400c:c08::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 212F612D95D; Tue, 10 Apr 2018 08:17:17 -0700 (PDT) Received: by mail-ua0-x235.google.com with SMTP id u4so7552753uaf.10; Tue, 10 Apr 2018 08:17:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=ObA4UGIisFENGVOGY0PScOv/Jd/cxzNM+NB/tKqwl8c=; b=ZtyPjssdJEqUH18gCeLoiT9DxBhCIex5FAH1h/+7/rBPkhKrU+ta7iHlD3xoIR8adZ POxMN9AYlLKivaIaNC5CSMvJrMIndrP5MCGxgtE8tkjirgVQ1Ng0cWqeX82XWcfYjlD2 1/DR0mAOilk5HJrcl7KY28U0sxr3QU0Tiu8yqSHCR5kmf1MLFwn60QH4fIOGGhbzqGQH uKpduVRSCoUaMl7TXqHh2EbzX6sbFRhAX6m5hftnyfzt0wsalwf/4V1L8r2oNglpm1Ng MxP8i8se+l+U1OLhT67m6VxO3Y6G/ydIiQz6mw5JX2X0SeF/9aec3N00Uena6VtfF13X sujg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=ObA4UGIisFENGVOGY0PScOv/Jd/cxzNM+NB/tKqwl8c=; b=hnleHos65eR2Hm2eNXF5CwZ2cOhWEOLtitjD1HeQnoNl86kyq4A3cTW71KiH3zVWbV DlXcn947bRTxp1oihCwA2TT4Cy6eRvQjADxJCbUHHcyQam8XJleKhwILG1E4NgYUVnB2 HtWLUz+bbaiWmMtcZl8j5OWLYRWn9VEsdpztq/nNlCUi9TpkE4BJxRfTVCmI7bVh29ez yNZGwW+q/9G69lyL81u7R6jCPjc67yECkdNGOxw69k8IfsyZ6mhpoDG5iGQQo4PFMlho wgKHmeoWUoN5ebnX4a5fSeYH3PZ8vQqLA0C/0xOQBh7u7Hifi4RvBXfQq7ZIMl6DOevN JjZQ== X-Gm-Message-State: ALQs6tBre8EB00A0aAyGDipJrNmifXUgx7Bb1qU1gOFouWYKIJKI3njY VEMywiGCvOj989j5cd+dGyFzK0fi7O5FNvKsudflhg== X-Google-Smtp-Source: AIpwx4/pvSa76VQ26GMxn1GUh3lUwbv+vxMi2gX2Tbr9qN6wIUlTDGbr0h7h8mD+BLvYt4ETyjMQham1c+IOwTuqKhw= X-Received: by 10.176.78.37 with SMTP id g37mr689734uah.122.1523373435852; Tue, 10 Apr 2018 08:17:15 -0700 (PDT) MIME-Version: 1.0 Received: by 10.159.59.139 with HTTP; Tue, 10 Apr 2018 08:17:14 -0700 (PDT) In-Reply-To: References: From: Christopher Morrow Date: Tue, 10 Apr 2018 16:17:14 +0100 Message-ID: To: sidrops@ietf.org, sidrops-chairs@ietf.org Content-Type: multipart/alternative; boundary="f403043c64b0811f2905698004ec" Archived-At: Subject: Re: [Sidrops] WGLC (ends Apr 24 2018) draft-ietf-sidrops-lta-use-cases X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Apr 2018 15:17:19 -0000 --f403043c64b0811f2905698004ec Content-Type: text/plain; charset="UTF-8" -broken-alias +proper sidrops-chairs alias. On Tue, Apr 10, 2018 at 4:16 PM, Christopher Morrow < christopher.morrow@gmail.com> wrote: > Howdy gentle folks, > We started (a long time ago, in a galaxy far far away) a WGLC for this > document.. Then got distracted in re-naming the draft into SIDROPS > namespace. > > Please take 2 weeks to think/read/comment on this draft, it hasn't changed > since the last WGLC, save date refreshes :) here's the abstract: > > "There are a number of critical circumstances where a localized > routing domain needs to augment or modify its view of the Global > RPKI. This document attempts to outline a few of them." > > -chris > co-chair > --f403043c64b0811f2905698004ec Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
-broken-alias
+proper sidrops-chairs alias.

On Tue, Apr 10, = 2018 at 4:16 PM, Christopher Morrow <christopher.morrow@gmail.c= om> wrote:
Howdy gentle folks,
We started (a long time ago, in a galaxy far far a= way) a WGLC for this document.. Then got distracted in re-naming the draft = into SIDROPS namespace.

Please take 2 weeks to think/read/com= ment on this draft, it hasn't changed since the last WGLC, save date re= freshes :) here's the abstract:

=C2=A0 "There ar= e a number of critical circumstances where a localized
=C2=A0 =C2= =A0routing domain needs to augment or modify its view of the Global
=C2=A0 =C2=A0RPKI.=C2=A0 This document attempts to outline a few of them= ."

-chris
co-chair

--f403043c64b0811f2905698004ec-- From nobody Tue Apr 10 08:39:21 2018 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E59E5126C25 for ; Tue, 10 Apr 2018 08:39:19 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.901 X-Spam-Level: X-Spam-Status: No, score=-6.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tIa9MzQfAMtk for ; Tue, 10 Apr 2018 08:39:18 -0700 (PDT) Received: from ran.psg.com (ran.psg.com [IPv6:2001:418:8006::18]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AD7A3126DED for ; Tue, 10 Apr 2018 08:39:18 -0700 (PDT) Received: from localhost ([127.0.0.1] helo=ryuu.rg.net) by ran.psg.com with esmtp (Exim 4.86_2) (envelope-from ) id 1f5vMb-0000c6-Kk; Tue, 10 Apr 2018 15:39:17 +0000 Date: Tue, 10 Apr 2018 08:39:17 -0700 Message-ID: From: Randy Bush To: Christopher Morrow Cc: sidrops@ietf.org In-Reply-To: References: User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/25.3 Mule/6.0 (HANACHIRUSATO) MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") Content-Type: text/plain; charset=US-ASCII Archived-At: Subject: Re: [Sidrops] WGLC (ends Apr 24 2018) draft-ietf-sidrops-lta-use-cases X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Apr 2018 15:39:20 -0000 i am not aware of any ipr From nobody Mon Apr 16 08:47:14 2018 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4081312E8AF for ; Mon, 16 Apr 2018 08:47:13 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.65 X-Spam-Level: X-Spam-Status: No, score=-1.65 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=no autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3v0aTrrm-mho for ; Mon, 16 Apr 2018 08:47:11 -0700 (PDT) Received: from mail-wr0-f179.google.com (mail-wr0-f179.google.com [209.85.128.179]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0857612E8A3 for ; Mon, 16 Apr 2018 08:47:10 -0700 (PDT) Received: by mail-wr0-f179.google.com with SMTP id w3so10764196wrg.2 for ; Mon, 16 Apr 2018 08:47:10 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:content-transfer-encoding :in-reply-to:user-agent; bh=eKAxxL0T4fRBP5sywJjZ+eE3+K7w3frzNIj5UyfksQw=; b=MbEVBEgKsAduKeFjfaqq6JVKI2NVs0rDx59agtlk047QQuK2YbqzksP4qqtghHfrlr r5HTYWo5v6WtpJjuef+m7Xkv9zebxkmXBr32AcnW9I1xLnPZzhMby3IIcDdgVhRdglWK TzrWecnQ1/2T0dWnhU3ImlKfctb+MqfikBgjdSO4nbb3+LvRetie3vxVFkwVDfNozFy5 oNzMy+/pvyDwX7gKnivtR9lHfpWjGPGk2SFdPQtSmmh0qX2BVPVSnh8DxOK2V4YvhM8d hCPfpKBunFX4h3po/yA8Skf8vmOyq3LWxZUGpsZBEmNew0FqW5NLlnEaed/vGpBoHVUS H4Mw== X-Gm-Message-State: ALQs6tAGmCaSw8pIDdbbxlLeWLkObdZr7gJlaiLx0QHPbNijPceg3G2H mvMZ40BrKHYMMuIkbTF0ndK5pGPkWt0= X-Google-Smtp-Source: AIpwx49lMW51YYGGrAvv+wYfwEE6Tq8MjXLCJW6B+JXLb1CzMvqZncguFXr9OXHtItXnn+p0hLTukg== X-Received: by 10.80.160.198 with SMTP id 64mr16825291edo.158.1523893629124; Mon, 16 Apr 2018 08:47:09 -0700 (PDT) Received: from vurt.meerval.net ([87.44.9.118]) by smtp.gmail.com with ESMTPSA id l1sm6978163edi.54.2018.04.16.08.47.07 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Mon, 16 Apr 2018 08:47:08 -0700 (PDT) Received: from localhost (vurt.meerval.net [local]) by vurt.meerval.net (OpenSMTPD) with ESMTPA id 563d7eb5; Mon, 16 Apr 2018 15:47:07 +0000 (UTC) Date: Mon, 16 Apr 2018 15:47:06 +0000 From: Job Snijders To: Christopher Morrow Cc: "Roque Gagliano (rogaglia)" , "sidrops@ietf.org" , "draft-yossigi-rpkimaxlen@ietf.org" , Ben Maddison Message-ID: <20180416154706.GN36148@vurt.meerval.net> References: <152027339832.14543.8814801305512518546.idtracker@ietfa.amsl.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: X-Clacks-Overhead: GNU Terry Pratchett User-Agent: Mutt/1.9.4 (2018-02-28) Archived-At: Subject: Re: [Sidrops] Fwd: New Version Notification for draft-yossigi-rpkimaxlen-02.txt X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Apr 2018 15:47:13 -0000 Dear SIDROPS chairs, Can you share with us the outcome of this adoption call? Kind regards, Job On Mon, Mar 05, 2018 at 05:09:16PM -0500, Christopher Morrow wrote: > ah sweet... can we end this adoption call: > 26 Mar 2018 > > thanks! > > On Mon, Mar 5, 2018 at 5:05 PM, Roque Gagliano (rogaglia) < > rogaglia@cisco.com> wrote: > > > Hi Job, > > > > I agree on adoption. > > > > Roque > > > > — > > Roque Gagliano > > > > Automation Software Architect EMEAR > > > > +41 76 449 8867 > > > > Join the NSO Digital Ecosystem: > > NSO on DevNet: www.cisco.com/go/nsodevnet > nsodevnet> > > NSO Developer Hub: www.cisco.com/go/nsohub > > > > > > > > On 05/03/18 19:15, "Sidrops on behalf of Job Snijders" < > > sidrops-bounces@ietf.org on behalf of job@ntt.net> wrote: > > > > Dear working group, > > > > This document has gone through a number of revisions outside the > > working group. > > > > As authors we think it may be time to consider a call for adoption and > > continue work on this document in context of the working group. > > > > Thoughts? > > > > Kind regards, > > > > Job > > > > > > ---------- Forwarded message ---------- > > From: > > Date: Mon, Mar 5, 2018 at 7:09 PM > > Subject: New Version Notification for draft-yossigi-rpkimaxlen-02.txt > > To: Job Snijders , Kotikalapudi Sriram > > , Ben Maddison , > > Yossi Gilad , Sharon Goldberg > > > > A new version of I-D, draft-yossigi-rpkimaxlen-02.txt > > has been successfully submitted by Job Snijders and posted to the > > IETF repository. > > > > Name: draft-yossigi-rpkimaxlen > > Revision: 02 > > Title: The Use of Maxlength in the RPKI > > Document date: 2018-03-05 > > Group: Individual Submission > > Pages: 10 > > URL: > > https://www.ietf.org/internet-drafts/draft-yossigi-rpkimaxlen-02.txt > > Status: https://datatracker.ietf.org/ > > doc/draft-yossigi-rpkimaxlen/ > > Htmlized: https://tools.ietf.org/html/ > > draft-yossigi-rpkimaxlen-02 > > Htmlized: > > https://datatracker.ietf.org/doc/html/draft-yossigi-rpkimaxlen-02 > > Diff: https://www.ietf.org/rfcdiff? > > url2=draft-yossigi-rpkimaxlen-02 > > > > Abstract: > > This document recommends that operators avoid using the maxLength > > attribute when issuing Route Origin Authorizations (ROAs) in the > > Resource Public Key Infrastructure (RPKI). These recommendations > > complement those in [RFC7115]. > > > > > > Please note that it may take a couple of minutes from the time of > > submission > > until the htmlized version and diff are available at tools.ietf.org. > > > > The IETF Secretariat > > > > _______________________________________________ > > Sidrops mailing list > > Sidrops@ietf.org > > https://www.ietf.org/mailman/listinfo/sidrops > > > > > > _______________________________________________ > > Sidrops mailing list > > Sidrops@ietf.org > > https://www.ietf.org/mailman/listinfo/sidrops > > From nobody Tue Apr 17 13:22:04 2018 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 141CB12DA09 for ; Tue, 17 Apr 2018 13:21:59 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.001 X-Spam-Level: X-Spam-Status: No, score=-0.001 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0WLHHH1WWrYK for ; Tue, 17 Apr 2018 13:21:56 -0700 (PDT) Received: from omr-a009e.mx.aol.com (omr-a009e.mx.aol.com [204.29.186.49]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2035D126D05 for ; Tue, 17 Apr 2018 13:21:56 -0700 (PDT) Received: from mtaout-aan01.mx.aol.com (mtaout-aan01.mx.aol.com [172.27.19.77]) by omr-a009e.mx.aol.com (Outbound Mail Relay) with ESMTP id 62BF538000BF for ; Tue, 17 Apr 2018 16:21:55 -0400 (EDT) Received: from Steves-MacBook-Pro.local (0x5374657665732d4d6163426f6f6b2d50726f2e6c6f63616c [65.220.43.194]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mtaout-aan01.mx.aol.com (MUA/Third Party Client Interface) with ESMTPSA id D02F43800008E for ; Tue, 17 Apr 2018 16:21:54 -0400 (EDT) To: sidrops@ietf.org From: Stephen Kent Message-ID: <09aae6ea-ef5d-b847-20af-1235ad6a2934@verizon.net> Date: Tue, 17 Apr 2018 16:21:52 -0400 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0) Gecko/20100101 Thunderbird/52.7.0 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="------------D2EDDB6945B376B7BB0F8D4A" Content-Language: en-US x-aol-global-disposition: G x-aol-sid: 3039ac1b134d5ad6576202f8 X-AOL-IP: 65.220.43.194 Archived-At: Subject: [Sidrops] comments on draft-ietf-sidrops-lta-use-cases-03.txt X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Apr 2018 20:22:01 -0000 This is a multi-part message in MIME format. --------------D2EDDB6945B376B7BB0F8D4A Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit This version of the document is exhibits improved wording, especially for the examples. Thanks Randy! I have some suggested edits to reduce the length of a few sentences, and provide more precise wording. There are critical uses of the RPKI where a local administrative and/ or routing domain, e.g. an end-user site, a particular ISP or content provider, an organization, a geo-political region, ... may wish to have a specialized view of the RPKI. *There are critical use cases of the RPKI where a specialized, local ** * *   view **of the RPKI may be required. Such views may be needed by a ** * *   local administrative and/ ****or routing domain, e.g. an end-user site, ** * *   a particular ISP or content ****provider, an organization, a geo-political ** * *   region, ...*    Someone convinces the RIR's local court to force the RIR to remove or modify some or all of Carol's certificates, ROAs, etc. or the resources they represent, and the operational community wants to retain the ability to route to Carol's network(s).There is need for some channel through which operators can exchange local trust, command, and data collections necessary to propagate patches local to all their RPKI views. *Someone convinces a court asserting jurisdiction over an RIR** ******to force the RIR to remove or modify some or all of** ******Carol's certificates, ROAs, etc. Such removal or modification may** * *   adversely affect the resources they represent. The operational community* *   wants to retain the ability to route to ****Carol's network(s).****There is a* *   need for operators to be able to manage local **RPKI views, and, in some * *cases, to exchange local view modifications, to facilitate* *continuity of routing in the face of the court-ordered changes.*    Bob has a multi-AS network under his administration and some of those ASs use private ([RFC1918]) or 'borrowed' address space which is not announced on the global Internet (not to condone borrowing), and he wishes to certify them for use in his internal routing. *Bob administers a multi-AS network. Some of those ****ASs use private ** * *   ([RFC1918]) or 'borrowed' address space **which is not ****announced on ** * *   the global Internet. (This document does not condone such "borrowing", ** * *   but it acknowledges that such behavior takes place.) Bob ****wishes to be ** * *   able to use the RPKI with these address spaces, in his internal routing.*    Alice is responsible for the trusted routing for a large organization, commercial or geo-political, in which management requests routing engineering to redirect their competitors' prefixes to socially acceptable data.Alice is responsible for making the CA hierarchy have validated certificates for those redirected resources as well as the rest of the Internet. *Alice is responsible for the trusted routing for a large** ******organization, commercial or geo-political area. Alice's management** ******requests routing engineering to redirect their competitors' prefixes** ******to "socially acceptable" data.****Alice is responsible for producing a* *   local RPKI view (encompassing ALL prefixes) that accommodates her ** * *   management's requests.*    In these examples, it is ultimately the ROAs, not the certificates, which one wants to modify or replace.But one probably can not simply create new ROAs as one does not have the private keys needed to sign them.Hence it is likely that one has to also do something about the [RFC6480] certificates. *In these examples, it is ultimately the affected ROAs, not the ** * *   certificates used to verify them, that one wants to modify or replace.** * *However,**one generally cannot ****simply create new ROAs that can be ** * *   validated using the EE certificates for the ROAs (because one does not* *   have access to the requisite private keys). ****Hence it is likely that ** * *   one has to do something ****about the [RFC6480] EE certificates used to ** * *   validate the targeted ROAs.*    The goal is to modify, create, and/or replace ROAs and GhostBuster Records which are needed to present the localized view of the RPKI data. *The goal is to modify, create, and/or replace ROAs and GhostBuster** ******Records that are needed to present the localized view of the RPKI** ****data.* **    One can not reissue down from the root trust anchor at the IANA or from the RIRs' certificates because one does not have the private keys required.So one has to create a new trust anchor which, for ease of use, will contain the new/modified certificates and ROAs as well as the unmodified remainder of the Global RPKI. *  One can not reissue signed objects under a root trust anchor at the ** * *   IANA or the RIRs', because one does not have the required private** ******keys.****So one has to create a new trust anchor which, for ****ease of use, ** * *   will encompass the new/modified certificates and ROAs, as** ****well as the unmodified remainder of the Global RPKI.* Only the first use case discussed a need for a local RPKI view to be propagated to other operators. So I'm not comfortable with the wording of the last two paragraphs of Section 5. Steve --------------D2EDDB6945B376B7BB0F8D4A Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: 8bit This version of the document is exhibits improved wording, especially for the examples.
Thanks Randy!

I have some suggested edits to reduce the length of a few sentences, and provide
more precise wording.

   There are critical uses of the RPKI where a local administrative and/
   or routing domain, e.g. an end-user site, a particular ISP or content
   provider, an organization, a geo-political region, ... may wish to
   have a specialized view of the RPKI.


   There are critical use cases of the RPKI where a specialized, local

   view of the RPKI may be required. Such views may be needed by a

   local administrative and/ or routing domain, e.g. an end-user site,

   a particular ISP or content provider, an organization, a geo-political

   region, ...



   Someone convinces the RIR's
   local court to force the RIR to remove or modify some or all of
   Carol's certificates, ROAs, etc. or the resources they represent, and
   the operational community wants to retain the ability to route to
   Carol's network(s).  There is need for some channel through which
   operators can exchange local trust, command, and data collections
   necessary to propagate patches local to all their RPKI views.


   Someone convinces a court asserting jurisdiction over an RIR
    to force the RIR to remove or modify some or all of
    Carol's certificates, ROAs, etc. Such removal or modification may

   adversely affect the resources they represent. The operational community

   wants to retain the ability to route to Carol's network(s).  There is a

   need for operators to be able to manage local RPKI views, and, in some

   cases, to exchange local view modifications, to facilitate

   continuity of routing in the face of the court-ordered changes.



   Bob has a multi-AS network under his administration and some of those
   ASs use private ([RFC1918]) or 'borrowed' address space which is not
   announced on the global Internet (not to condone borrowing), and he
   wishes to certify them for use in his internal routing.



   Bob administers a multi-AS network. Some of those ASs use private

   ([RFC1918]) or 'borrowed' address space which is not announced on

   the global Internet. (This document does not condone such "borrowing",

   but it acknowledges that such behavior takes place.) Bob wishes to be

   able to use the RPKI with these address spaces, in his internal routing.



   Alice is responsible for the trusted routing for a large
   organization, commercial or geo-political, in which management
   requests routing engineering to redirect their competitors' prefixes
   to socially acceptable data.  Alice is responsible for making the CA
   hierarchy have validated certificates for those redirected resources
   as well as the rest of the Internet.



   Alice is responsible for the trusted routing for a large
    organization, commercial or geo-political area. Alice's management
    requests routing engineering to redirect their competitors' prefixes
    to "socially acceptable" data.  Alice is responsible for producing a

   local RPKI view (encompassing ALL prefixes) that accommodates her

   management's requests.


   In these examples, it is ultimately the ROAs, not the certificates,
   which one wants to modify or replace.  But one probably can not
   simply create new ROAs as one does not have the private keys needed
   to sign them.  Hence it is likely that one has to also do something
   about the [RFC6480] certificates.



   In these examples, it is ultimately the affected ROAs, not the

   certificates used to verify them, that one wants to modify or replace. 

   However, one generally cannot simply create new ROAs that can be

   validated using the EE certificates for the ROAs (because one does not

   have access to the requisite private keys). Hence it is likely that

   one has to do something about the [RFC6480] EE certificates used to

   validate the targeted ROAs.



   The goal is to modify, create, and/or replace ROAs and GhostBuster
   Records which are needed to present the localized view of the RPKI
   data.


   The goal is to modify, create, and/or replace ROAs and GhostBuster
    Records that are needed to present the localized view of the RPKI
    data.


   One can not reissue down from the root trust anchor at the IANA or
   from the RIRs' certificates because one does not have the private
   keys required.  So one has to create a new trust anchor which, for
   ease of use, will contain the new/modified certificates and ROAs as
   well as the unmodified remainder of the Global RPKI.


   One can not reissue signed objects under a root trust anchor at the

   IANA or the RIRs', because one does not have the required private
    keys.  So one has to create a new trust anchor which, for ease of use,

   will encompass the new/modified certificates and ROAs, as
    well as the unmodified remainder of the Global RPKI.


Only the first use case discussed a need for a local RPKI view to be propagated

to other operators. So I'm not comfortable with the wording of the last two paragraphs of Section 5.


Steve




--------------D2EDDB6945B376B7BB0F8D4A-- From nobody Thu Apr 19 16:58:48 2018 Return-Path: X-Original-To: sidrops@ietf.org Delivered-To: sidrops@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id B8B6012E050; Thu, 19 Apr 2018 16:58:46 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: Cc: sidrops@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.78.0 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <152418232670.10833.10401289837189682488@ietfa.amsl.com> Date: Thu, 19 Apr 2018 16:58:46 -0700 Archived-At: Subject: [Sidrops] I-D Action: draft-ietf-sidrops-ov-clarify-01.txt X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Apr 2018 23:58:47 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the SIDR Operations WG of the IETF. Title : Origin Validation Clarifications Author : Randy Bush Filename : draft-ietf-sidrops-ov-clarify-01.txt Pages : 4 Date : 2018-04-19 Abstract: Deployment of RPKI-based BGP origin validation is hampered by, among other things, vendor mis-implementations in two critical areas, which routes are validated and whether policy is applied when not specified by configuration. This document is meant to clarify possible misunderstandings causing those mis-implementations. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-sidrops-ov-clarify/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-sidrops-ov-clarify-01 https://datatracker.ietf.org/doc/html/draft-ietf-sidrops-ov-clarify-01 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-sidrops-ov-clarify-01 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Wed Apr 25 10:14:47 2018 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6D69F128D2E for ; Wed, 25 Apr 2018 10:14:46 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.91 X-Spam-Level: X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=netorgft1331857.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aCyxkh825I7P for ; Wed, 25 Apr 2018 10:14:43 -0700 (PDT) Received: from NAM03-DM3-obe.outbound.protection.outlook.com (mail-dm3nam03on0046.outbound.protection.outlook.com [104.47.41.46]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 99A44129515 for ; Wed, 25 Apr 2018 10:14:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=NETORGFT1331857.onmicrosoft.com; s=selector1-arrcus-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=qL1iZ9Qt2iWvpiIqNUCR7a/k1qGHyCO4DxCpPzCXX7I=; b=doSR54ZqYzuIdt7b9pakN19MOCd8kmz4FP0fq5UTS0+cZYpr7MCeqqXD1PjY5HeU7XSNqLuB5+Rhn/ub2IDM8zhX5Zg8OFkwEpUnsRu4v+2OFmXlCFF7K+ChbiwYmHvDVbsuPGUvDBFXlxt82p/bZJ+uYCvqN8vg30DwVAf3hD0= Received: from BY2PR18MB0328.namprd18.prod.outlook.com (10.163.192.30) by BY2PR18MB0408.namprd18.prod.outlook.com (10.163.193.153) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.696.13; Wed, 25 Apr 2018 17:14:40 +0000 Received: from BY2PR18MB0328.namprd18.prod.outlook.com ([fe80::8d83:b7d0:f5ab:75f5]) by BY2PR18MB0328.namprd18.prod.outlook.com ([fe80::8d83:b7d0:f5ab:75f5%13]) with mapi id 15.20.0696.019; Wed, 25 Apr 2018 17:14:40 +0000 From: Keyur Patel To: "sidrops@ietf.org" Thread-Topic: Closed -- WGLC for draft-ietf-sidrops-ov-clarify-00 Thread-Index: AQHT3LjlFX226At/k0SXheKeqQJcsA== Date: Wed, 25 Apr 2018 17:14:40 +0000 Message-ID: <41B0A0C8-01CE-437C-A6AE-A8FC64023CAC@arrcus.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=keyur@arrcus.com; x-originating-ip: [216.1.225.186] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; BY2PR18MB0408; 7:oykJQZ5HkQT6Mf8jA3Ij3M7m0bR+KC2sF8bMuUm7Yq80TG5jFbMN7yeV/dKLNdhPUonjvK0EAugrhaxgn/eIh67lYk7nHtBDEzX5QoKNzRwHTj3mB6u0+9AIe5F/Qt/k3aBjYHlGF8c77or4BaC0gB9P9sTKUapUEc6dQ6C1makLJzzOrKO0U9CVa2iknd6PkvGpFvza3k7ssDQvpbjWu1cK6q8ng9gsUcNB3fvYhsf225H7M+WOaebfrd+Xi1J1 x-ms-exchange-antispam-srfa-diagnostics: SOS; x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(7021125)(5600026)(4534165)(7022125)(4603075)(4627221)(201702281549075)(7048125)(7024125)(7027125)(7028125)(7023125)(2017052603328)(7153060)(7193020); SRVR:BY2PR18MB0408; x-ms-traffictypediagnostic: BY2PR18MB0408: x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(28532068793085)(120809045254105)(100405760836317)(21748063052155); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040522)(2401047)(5005006)(8121501046)(10201501046)(3231232)(944501410)(52105095)(93006095)(93001095)(3002001)(6041310)(20161123558120)(2016111802025)(20161123560045)(20161123564045)(20161123562045)(6043046)(6072148)(201708071742011); SRVR:BY2PR18MB0408; BCL:0; PCL:0; RULEID:; SRVR:BY2PR18MB0408; x-forefront-prvs: 06530126A4 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(39380400002)(39830400003)(396003)(366004)(376002)(346002)(189003)(199004)(68736007)(5660300001)(2900100001)(9326002)(8936002)(478600001)(97736004)(2906002)(606006)(105586002)(2501003)(186003)(5250100002)(53936002)(81166006)(6306002)(102836004)(6436002)(8676002)(81156014)(66066001)(33656002)(1730700003)(5640700003)(966005)(316002)(59450400001)(6512007)(7736002)(106356001)(6916009)(2616005)(6486002)(476003)(99286004)(53546011)(3846002)(6116002)(54896002)(6506007)(14454004)(3660700001)(26005)(486006)(2351001)(25786009)(86362001)(36756003)(83716003)(3280700002)(82746002)(236005); DIR:OUT; SFP:1101; SCL:1; SRVR:BY2PR18MB0408; H:BY2PR18MB0328.namprd18.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: arrcus.com does not designate permitted sender hosts) x-microsoft-antispam-message-info: jxwkOMoWB66iitZ/oF0wCEThefikVpnhpozEdHzHdUDr8dXRPI09DvRTUiC9zawTWtW9PuaZl0vzPyqtYhZ1bHJ2kkKugakIZKVQ+LnhGy37ajurbx+sb4O1F5gzOjkJ82Y6g2WedQBgGO7JDVCeQbGMjp5fMHb4zS41gWeiaD4aPp3gQCEBCsSaqzOheVVw spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: multipart/alternative; boundary="_000_41B0A0C801CE437CA6AEA8FC64023CACarrcuscom_" MIME-Version: 1.0 X-MS-Office365-Filtering-Correlation-Id: 495cdb4a-ccfe-4d69-9f1a-08d5aad0081d X-OriginatorOrg: arrcus.com X-MS-Exchange-CrossTenant-Network-Message-Id: 495cdb4a-ccfe-4d69-9f1a-08d5aad0081d X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Apr 2018 17:14:40.7465 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 697b3529-5c2b-40cf-a019-193eb78f6820 X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY2PR18MB0408 Archived-At: Subject: [Sidrops] Closed -- WGLC for draft-ietf-sidrops-ov-clarify-00 X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Apr 2018 17:14:46 -0000 --_000_41B0A0C801CE437CA6AEA8FC64023CACarrcuscom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 SGkgRm9sa3MsDQoNClRoaXMgd29ya2luZyBncm91cCBsYXN0IGNhbGwgaXMgY2xvc2VkLiBXZSBo YXZlIGdvb2QgY29uc2Vuc3VzIHRoYXQgdGhlIGRyYWZ0IGlzIHJlYWR5IHRvIGFkdmFuY2UuIEFj Y29yZGluZ2x5IHdlIHdpbGwgcHJlcGFyZSBhIHJlcG9ydCBhbmQgZm9yd2FyZCBpdCB0byB0aGUg SUVTRy4NCg0KV2UgaGF2ZSBhbHNvIHJlY2VpdmVkIHNvbWUgY29tbWVudHMgYXMgcGFydCBvZiB0 aGUgbGFzdCBjYWxsIHJldmlldy4gUmFuZHksIHBsZWFzZSBwb3N0IGFuIHVwZGF0ZWQgZHJhZnQu DQoNClJlZ2FyZHMsDQpLZXl1cg0KRnJvbTogS2V5dXIgUGF0ZWwgPGtleXVyQGFycmN1cy5jb20+ DQpEYXRlOiBXZWRuZXNkYXksIEZlYnJ1YXJ5IDI4LCAyMDE4IGF0IDM6MDQgUE0NClRvOiAic2lk cm9wc0BpZXRmLm9yZyIgPHNpZHJvcHNAaWV0Zi5vcmc+DQpTdWJqZWN0OiBXR0xDIGZvciBkcmFm dC1pZXRmLXNpZHJvcHMtb3YtY2xhcmlmeS0wMA0KDQpIaSBGb2xrczoNCg0KQSB3b3JraW5nIGdy b3VwIGxhc3QgY2FsbCBoYXMgYmVlbiByZXF1ZXN0ZWQgZm9yIGRyYWZ0LWlldGYtc2lkcm9wcy1v di1jbGFyaWZ5LTAwLCDigJxPcmlnaW4gVmFsaWRhdGlvbiBDbGFyaWZpY2F0aW9uc+KAnS4gUGxl YXNlIHJlcGx5IHRvIHRoZSBsaXN0IHdpdGggeW91ciBjb21tZW50cy4gVGhlIFdHTEMgd2lsbCBl bmQgb24gTWFyY2ggMTUsIDIwMTguDQoNClRoZSBkcmFmdCBjYW4gYmUgZm91bmQgYXQ6IGh0dHBz Oi8vZGF0YXRyYWNrZXIuaWV0Zi5vcmcvZG9jL2RyYWZ0LWlldGYtc2lkcm9wcy1vdi1jbGFyaWZ5 Ly4NCg0KUmFuZHkgYXMgYW4gYXV0aG9yIG9mIHRoaXMgZG9jdW1lbnQgaXQgd291bGQgYmUgZ3Jl YXQgaWYgeW91IGNhbiBwbGVhc2UgY29uZmlybSB0aGF0IGFueSByZWxldmFudCBJUFIgaGFzIGJl ZW4gZGlzY2xvc2VkLg0KDQpSZWdhcmRzLA0KS2V5dXINCg== --_000_41B0A0C801CE437CA6AEA8FC64023CACarrcuscom_ Content-Type: text/html; charset="utf-8" Content-ID: <7D0A50B2D4409C45A3F3A01624512C8E@namprd18.prod.outlook.com> Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6bz0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6b2ZmaWNlIiB4 bWxuczp3PSJ1cm46c2NoZW1hcy1taWNyb3NvZnQtY29tOm9mZmljZTp3b3JkIiB4bWxuczptPSJo dHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL29mZmljZS8yMDA0LzEyL29tbWwiIHhtbG5zPSJo dHRwOi8vd3d3LnczLm9yZy9UUi9SRUMtaHRtbDQwIj4NCjxoZWFkPg0KPG1ldGEgaHR0cC1lcXVp dj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9dXRmLTgiPg0KPG1l dGEgbmFtZT0iR2VuZXJhdG9yIiBjb250ZW50PSJNaWNyb3NvZnQgV29yZCAxNSAoZmlsdGVyZWQg bWVkaXVtKSI+DQo8c3R5bGU+PCEtLQ0KLyogRm9udCBEZWZpbml0aW9ucyAqLw0KQGZvbnQtZmFj ZQ0KCXtmb250LWZhbWlseTpDb3VyaWVyOw0KCXBhbm9zZS0xOjAgMCAwIDAgMCAwIDAgMCAwIDA7 fQ0KQGZvbnQtZmFjZQ0KCXtmb250LWZhbWlseToiQ2FtYnJpYSBNYXRoIjsNCglwYW5vc2UtMToy IDQgNSAzIDUgNCA2IDMgMiA0O30NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6Q2FsaWJyaTsN CglwYW5vc2UtMToyIDE1IDUgMiAyIDIgNCAzIDIgNDt9DQovKiBTdHlsZSBEZWZpbml0aW9ucyAq Lw0KcC5Nc29Ob3JtYWwsIGxpLk1zb05vcm1hbCwgZGl2Lk1zb05vcm1hbA0KCXttYXJnaW46MGlu Ow0KCW1hcmdpbi1ib3R0b206LjAwMDFwdDsNCglmb250LXNpemU6MTIuMHB0Ow0KCWZvbnQtZmFt aWx5OiJDYWxpYnJpIixzYW5zLXNlcmlmO30NCmE6bGluaywgc3Bhbi5Nc29IeXBlcmxpbmsNCgl7 bXNvLXN0eWxlLXByaW9yaXR5Ojk5Ow0KCWNvbG9yOiMwNTYzQzE7DQoJdGV4dC1kZWNvcmF0aW9u OnVuZGVybGluZTt9DQphOnZpc2l0ZWQsIHNwYW4uTXNvSHlwZXJsaW5rRm9sbG93ZWQNCgl7bXNv LXN0eWxlLXByaW9yaXR5Ojk5Ow0KCWNvbG9yOiM5NTRGNzI7DQoJdGV4dC1kZWNvcmF0aW9uOnVu ZGVybGluZTt9DQpwcmUNCgl7bXNvLXN0eWxlLXByaW9yaXR5Ojk5Ow0KCW1zby1zdHlsZS1saW5r OiJIVE1MIFByZWZvcm1hdHRlZCBDaGFyIjsNCgltYXJnaW46MGluOw0KCW1hcmdpbi1ib3R0b206 LjAwMDFwdDsNCglmb250LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OkNvdXJpZXI7fQ0KcC5t c29ub3JtYWwwLCBsaS5tc29ub3JtYWwwLCBkaXYubXNvbm9ybWFsMA0KCXttc28tc3R5bGUtbmFt ZTptc29ub3JtYWw7DQoJbXNvLW1hcmdpbi10b3AtYWx0OmF1dG87DQoJbWFyZ2luLXJpZ2h0OjBp bjsNCgltc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0bzsNCgltYXJnaW4tbGVmdDowaW47DQoJZm9u dC1zaXplOjExLjBwdDsNCglmb250LWZhbWlseToiQ2FsaWJyaSIsc2Fucy1zZXJpZjt9DQpzcGFu LkhUTUxQcmVmb3JtYXR0ZWRDaGFyDQoJe21zby1zdHlsZS1uYW1lOiJIVE1MIFByZWZvcm1hdHRl ZCBDaGFyIjsNCgltc28tc3R5bGUtcHJpb3JpdHk6OTk7DQoJbXNvLXN0eWxlLWxpbms6IkhUTUwg UHJlZm9ybWF0dGVkIjsNCglmb250LWZhbWlseTpDb3VyaWVyO30NCnNwYW4uRW1haWxTdHlsZTIw DQoJe21zby1zdHlsZS10eXBlOnBlcnNvbmFsOw0KCWZvbnQtZmFtaWx5OiJDYWxpYnJpIixzYW5z LXNlcmlmOw0KCWNvbG9yOndpbmRvd3RleHQ7fQ0Kc3Bhbi5FbWFpbFN0eWxlMjENCgl7bXNvLXN0 eWxlLXR5cGU6cGVyc29uYWwtcmVwbHk7DQoJZm9udC1mYW1pbHk6IkNhbGlicmkiLHNhbnMtc2Vy aWY7DQoJY29sb3I6d2luZG93dGV4dDt9DQouTXNvQ2hwRGVmYXVsdA0KCXttc28tc3R5bGUtdHlw ZTpleHBvcnQtb25seTsNCglmb250LXNpemU6MTAuMHB0O30NCkBwYWdlIFdvcmRTZWN0aW9uMQ0K CXtzaXplOjguNWluIDExLjBpbjsNCgltYXJnaW46MS4waW4gMS4waW4gMS4waW4gMS4waW47fQ0K ZGl2LldvcmRTZWN0aW9uMQ0KCXtwYWdlOldvcmRTZWN0aW9uMTt9DQotLT48L3N0eWxlPg0KPC9o ZWFkPg0KPGJvZHkgbGFuZz0iRU4tVVMiIGxpbms9IiMwNTYzQzEiIHZsaW5rPSIjOTU0RjcyIj4N CjxkaXYgY2xhc3M9IldvcmRTZWN0aW9uMSI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBz dHlsZT0iZm9udC1zaXplOjExLjBwdCI+SGkgRm9sa3MsPG86cD48L286cD48L3NwYW4+PC9wPg0K PHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQiPjxvOnA+ Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxl PSJmb250LXNpemU6MTEuMHB0Ij5UaGlzIHdvcmtpbmcgZ3JvdXAgbGFzdCBjYWxsIGlzIGNsb3Nl ZC4gV2UgaGF2ZSBnb29kIGNvbnNlbnN1cyB0aGF0IHRoZSBkcmFmdCBpcyByZWFkeSB0byBhZHZh bmNlLiBBY2NvcmRpbmdseSB3ZSB3aWxsIHByZXBhcmUgYSByZXBvcnQgYW5kIGZvcndhcmQgaXQg dG8gdGhlIElFU0cuPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+ PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwv cD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0Ij5X ZSBoYXZlIGFsc28gcmVjZWl2ZWQgc29tZSBjb21tZW50cyBhcyBwYXJ0IG9mIHRoZSBsYXN0IGNh bGwgcmV2aWV3LiBSYW5keSwgcGxlYXNlIHBvc3QgYW4gdXBkYXRlZCBkcmFmdC48bzpwPjwvbzpw Pjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXpl OjExLjBwdCI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1h bCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQiPlJlZ2FyZHMsPG86cD48L286cD48L3Nw YW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4w cHQiPktleXVyPG86cD48L286cD48L3NwYW4+PC9wPg0KPGRpdiBzdHlsZT0iYm9yZGVyOm5vbmU7 Ym9yZGVyLXRvcDpzb2xpZCAjQjVDNERGIDEuMHB0O3BhZGRpbmc6My4wcHQgMGluIDBpbiAwaW4i Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PGI+PHNwYW4gc3R5bGU9ImNvbG9yOmJsYWNrIj5Gcm9t OiA8L3NwYW4+PC9iPjxzcGFuIHN0eWxlPSJjb2xvcjpibGFjayI+S2V5dXIgUGF0ZWwgJmx0O2tl eXVyQGFycmN1cy5jb20mZ3Q7PGJyPg0KPGI+RGF0ZTogPC9iPldlZG5lc2RheSwgRmVicnVhcnkg MjgsIDIwMTggYXQgMzowNCBQTTxicj4NCjxiPlRvOiA8L2I+JnF1b3Q7c2lkcm9wc0BpZXRmLm9y ZyZxdW90OyAmbHQ7c2lkcm9wc0BpZXRmLm9yZyZndDs8YnI+DQo8Yj5TdWJqZWN0OiA8L2I+V0dM QyBmb3IgZHJhZnQtaWV0Zi1zaWRyb3BzLW92LWNsYXJpZnktMDA8bzpwPjwvbzpwPjwvc3Bhbj48 L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9u dC1zaXplOjExLjBwdCI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIj48YSBuYW1lPSJfTWFpbE9yaWdpbmFsQm9keSI+PHNwYW4gc3R5bGU9 ImZvbnQtc2l6ZToxMS4wcHQiPkhpIEZvbGtzOjwvc3Bhbj48bzpwPjwvbzpwPjwvYT48L3A+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0ibXNvLWJvb2ttYXJrOl9NYWlsT3JpZ2lu YWxCb2R5Ij48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdCI+Jm5ic3A7PC9zcGFuPjxvOnA+ PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJtc28t Ym9va21hcms6X01haWxPcmlnaW5hbEJvZHkiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0 Ij5BIHdvcmtpbmcgZ3JvdXAgbGFzdCBjYWxsIGhhcyBiZWVuIHJlcXVlc3RlZCBmb3IgZHJhZnQt aWV0Zi1zaWRyb3BzLW92LWNsYXJpZnktMDAsIOKAnE9yaWdpbiBWYWxpZGF0aW9uIENsYXJpZmlj YXRpb25z4oCdLiBQbGVhc2UgcmVwbHkgdG8gdGhlIGxpc3Qgd2l0aCB5b3VyIGNvbW1lbnRzLg0K IFRoZSBXR0xDIHdpbGwgZW5kIG9uIE1hcmNoIDE1LCAyMDE4Ljwvc3Bhbj48bzpwPjwvbzpwPjwv c3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0ibXNvLWJvb2ttYXJr Ol9NYWlsT3JpZ2luYWxCb2R5Ij48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdCI+Jm5ic3A7 PC9zcGFuPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFu IHN0eWxlPSJtc28tYm9va21hcms6X01haWxPcmlnaW5hbEJvZHkiPjxzcGFuIHN0eWxlPSJmb250 LXNpemU6MTEuMHB0Ij5UaGUgZHJhZnQgY2FuIGJlIGZvdW5kIGF0Og0KPC9zcGFuPjwvc3Bhbj48 YSBocmVmPSJodHRwczovL2RhdGF0cmFja2VyLmlldGYub3JnL2RvYy9kcmFmdC1pZXRmLXNpZHJv cHMtb3YtY2xhcmlmeS8iPjxzcGFuIHN0eWxlPSJtc28tYm9va21hcms6X01haWxPcmlnaW5hbEJv ZHkiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0Ij5odHRwczovL2RhdGF0cmFja2VyLmll dGYub3JnL2RvYy9kcmFmdC1pZXRmLXNpZHJvcHMtb3YtY2xhcmlmeS88L3NwYW4+PC9zcGFuPjxz cGFuIHN0eWxlPSJtc28tYm9va21hcms6X01haWxPcmlnaW5hbEJvZHkiPjwvc3Bhbj48L2E+PHNw YW4gc3R5bGU9Im1zby1ib29rbWFyazpfTWFpbE9yaWdpbmFsQm9keSI+PHNwYW4gc3R5bGU9ImZv bnQtc2l6ZToxMS4wcHQiPi48L3NwYW4+PG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9Im1zby1ib29rbWFyazpfTWFpbE9yaWdpbmFsQm9keSI+ PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQiPiZuYnNwOzwvc3Bhbj48bzpwPjwvbzpwPjwv c3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0ibXNvLWJvb2ttYXJr Ol9NYWlsT3JpZ2luYWxCb2R5Ij48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdCI+UmFuZHkg YXMgYW4gYXV0aG9yIG9mIHRoaXMgZG9jdW1lbnQgaXQgd291bGQgYmUgZ3JlYXQgaWYgeW91IGNh biBwbGVhc2UgY29uZmlybSB0aGF0IGFueSByZWxldmFudCBJUFIgaGFzIGJlZW4gZGlzY2xvc2Vk Ljwvc3Bhbj48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3Bh biBzdHlsZT0ibXNvLWJvb2ttYXJrOl9NYWlsT3JpZ2luYWxCb2R5Ij48c3BhbiBzdHlsZT0iZm9u dC1zaXplOjExLjBwdCI+Jm5ic3A7PC9zcGFuPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNs YXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJtc28tYm9va21hcms6X01haWxPcmlnaW5hbEJv ZHkiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0Ij5SZWdhcmRzLDwvc3Bhbj48bzpwPjwv bzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0ibXNvLWJv b2ttYXJrOl9NYWlsT3JpZ2luYWxCb2R5Ij48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdCI+ S2V5dXI8L3NwYW4+PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8L2JvZHk+DQo8L2h0 bWw+DQo= --_000_41B0A0C801CE437CA6AEA8FC64023CACarrcuscom_-- From nobody Wed Apr 25 10:30:55 2018 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3F7BB1200C5; Wed, 25 Apr 2018 10:30:54 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7KjCjZQU2cF4; Wed, 25 Apr 2018 10:30:51 -0700 (PDT) Received: from mail-ua0-x22f.google.com (mail-ua0-x22f.google.com [IPv6:2607:f8b0:400c:c08::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CBA8A129515; Wed, 25 Apr 2018 10:30:45 -0700 (PDT) Received: by mail-ua0-x22f.google.com with SMTP id t4so15415799ual.1; Wed, 25 Apr 2018 10:30:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=nVWo23ZEEraePt2k6sqxjU8TyYKWlaSI/+MjZFOmdXU=; b=bwqY+BWyUKDM2Y6UyLPbuKEJUyI+ZXWPnEfcwpRUIOB+A9GfbEZJjCbblcPnSJXHxA du1HVKTLCWahvz/YY4nf5uFHPgVa8giLLcn7BV1YYElE55/VauUIqmb97dFYWOldIbBD XjNKkOv6RgGXrsyBLxnojaTRJldlzzLZ4oPYP+gtycTTL/8cYOHvR92W2PmeRfqr0tkO omDkr20Dpo0t6ppcLv7flq3DpM+K1WPacKemCC54cFpZeQoiZFwHh3GtogaABQQ99iwi GxbPaH/75PHNN0VfC1gaOMg4SVt3QYkLcYaIV2ybFFfEmMlsMmmYEXEgsscRLFiTXSt1 tXvQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=nVWo23ZEEraePt2k6sqxjU8TyYKWlaSI/+MjZFOmdXU=; b=DdSDWt8FE/cTFRhCYDwG1TNTqTpJ+90yYJO1bQ1C3xXBK3N4uASxTrcvW49s3SSvtZ aVRbhQ+Aszln/KNKcTJHUA6WEjWpGD73tDw0cI6AwEu6s5jcyUtdrOQmMbtY9TlFLllJ pMj24J9MxUu5BH9didiIxxiTyNaHnPUfRFOB75HJV051a4GHVCj4XX+Yz4WfA87TibN6 5Ktw2OBQCVQ6sVpXhBX1YHxrI3lBqOuyabU5pDhnOLe0CyeQMEm7LIcntFhcZPvgu/r5 BhBsCdDn5a+Qhn4/8XoGxuMKe13zcYhcVkswUorRoBwyMPOq1Za7oGhvRkUXgZT0bzbj PA5g== X-Gm-Message-State: ALQs6tDEW0dw/IdGVdib+iwKLhvymNJpbKVd6EfsmcKZ/Ner1xuxcD4S tilSMUDTQOEgRtkzI7a4/EEZ8aT4Y7Xd0HgmrTM= X-Google-Smtp-Source: AIpwx4+6yANeE83cIp/glCU/OM8b3QvR/Cm5SE4TT8RVQwgjfuL20PTs1cP0ZJWDZPgBfCEoBAsrB/i62MeupL0FSzY= X-Received: by 10.159.58.75 with SMTP id r11mr22398425uag.138.1524677444781; Wed, 25 Apr 2018 10:30:44 -0700 (PDT) MIME-Version: 1.0 References: <152027339832.14543.8814801305512518546.idtracker@ietfa.amsl.com> <20180416154706.GN36148@vurt.meerval.net> In-Reply-To: <20180416154706.GN36148@vurt.meerval.net> From: Christopher Morrow Date: Wed, 25 Apr 2018 17:30:34 +0000 Message-ID: To: Job Snijders Cc: Roque Gagliano , sidrops@ietf.org, draft-yossigi-rpkimaxlen@ietf.org, Ben Maddison Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Archived-At: Subject: Re: [Sidrops] Fwd: New Version Notification for draft-yossigi-rpkimaxlen-02.txt X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Apr 2018 17:30:54 -0000 On Mon, Apr 16, 2018 at 11:47 AM Job Snijders wrote: > Dear SIDROPS chairs, > Can you share with us the outcome of this adoption call? Sure! I think there's at least 5 people interested in moving this document forward, let's get a version re-named properly and submitted into the repository? thanks! (for the reminder and the document) -chris co-chair-1 of 2 > Kind regards, > Job > On Mon, Mar 05, 2018 at 05:09:16PM -0500, Christopher Morrow wrote: > > ah sweet... can we end this adoption call: > > 26 Mar 2018 > > > > thanks! > > > > On Mon, Mar 5, 2018 at 5:05 PM, Roque Gagliano (rogaglia) < > > rogaglia@cisco.com> wrote: > > > > > Hi Job, > > > > > > I agree on adoption. > > > > > > Roque > > > > > > =E2=80=94 > > > Roque Gagliano > > > > > > Automation Software Architect EMEAR > > > > > > +41 76 449 8867 > > > > > > Join the NSO Digital Ecosystem: > > > NSO on DevNet: www.cisco.com/go/nsodevnet > > nsodevnet> > > > NSO Developer Hub: www.cisco.com/go/nsohub < http://www.cisco.com/go/nsohub > > > > > > > > > > > > > =EF=BB=BFOn 05/03/18 19:15, "Sidrops on behalf of Job Snijders" < > > > sidrops-bounces@ietf.org on behalf of job@ntt.net> wrote: > > > > > > Dear working group, > > > > > > This document has gone through a number of revisions outside the > > > working group. > > > > > > As authors we think it may be time to consider a call for adoption and > > > continue work on this document in context of the working group. > > > > > > Thoughts? > > > > > > Kind regards, > > > > > > Job > > > > > > > > > ---------- Forwarded message ---------- > > > From: > > > Date: Mon, Mar 5, 2018 at 7:09 PM > > > Subject: New Version Notification for draft-yossigi-rpkimaxlen-02.txt > > > To: Job Snijders , Kotikalapudi Sriram > > > , Ben Maddison < benm@workonline.co.za>, > > > Yossi Gilad , Sharon Goldberg > > > > > > A new version of I-D, draft-yossigi-rpkimaxlen-02.txt > > > has been successfully submitted by Job Snijders and posted to the > > > IETF repository. > > > > > > Name: draft-yossigi-rpkimaxlen > > > Revision: 02 > > > Title: The Use of Maxlength in the RPKI > > > Document date: 2018-03-05 > > > Group: Individual Submission > > > Pages: 10 > > > URL: > > > https://www.ietf.org/internet-drafts/draft-yossigi-rpkimaxlen-02.txt > > > Status: https://datatracker.ietf.org/ > > > doc/draft-yossigi-rpkimaxlen/ > > > Htmlized: https://tools.ietf.org/html/ > > > draft-yossigi-rpkimaxlen-02 > > > Htmlized: > > > https://datatracker.ietf.org/doc/html/draft-yossigi-rpkimaxlen-02 > > > Diff: https://www.ietf.org/rfcdiff? > > > url2=3Ddraft-yossigi-rpkimaxlen-02 > > > > > > Abstract: > > > This document recommends that operators avoid using the maxLength > > > attribute when issuing Route Origin Authorizations (ROAs) in the > > > Resource Public Key Infrastructure (RPKI). These recommendations > > > complement those in [RFC7115]. > > > > > > > > > Please note that it may take a couple of minutes from the time of > > > submission > > > until the htmlized version and diff are available at tools.ietf.org. > > > > > > The IETF Secretariat > > > > > > _______________________________________________ > > > Sidrops mailing list > > > Sidrops@ietf.org > > > https://www.ietf.org/mailman/listinfo/sidrops > > > > > > > > > _______________________________________________ > > > Sidrops mailing list > > > Sidrops@ietf.org > > > https://www.ietf.org/mailman/listinfo/sidrops > > > From nobody Wed Apr 25 15:00:08 2018 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0229112D7F7 for ; Wed, 25 Apr 2018 15:00:07 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.901 X-Spam-Level: X-Spam-Status: No, score=-6.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nCbej2we0ers for ; Wed, 25 Apr 2018 15:00:05 -0700 (PDT) Received: from ran.psg.com (ran.psg.com [IPv6:2001:418:8006::18]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7159C12D7E4 for ; Wed, 25 Apr 2018 15:00:05 -0700 (PDT) Received: from localhost ([127.0.0.1] helo=ryuu.rg.net) by ran.psg.com with esmtp (Exim 4.86_2) (envelope-from ) id 1fBSSJ-0001Ux-Hj; Wed, 25 Apr 2018 22:00:03 +0000 Date: Wed, 25 Apr 2018 15:00:03 -0700 Message-ID: From: Randy Bush To: Keyur Patel Cc: "sidrops@ietf.org" In-Reply-To: <41B0A0C8-01CE-437C-A6AE-A8FC64023CAC@arrcus.com> References: <41B0A0C8-01CE-437C-A6AE-A8FC64023CAC@arrcus.com> User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/25.3 Mule/6.0 (HANACHIRUSATO) MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") Content-Type: text/plain; charset=US-ASCII Archived-At: Subject: Re: [Sidrops] Closed -- WGLC for draft-ietf-sidrops-ov-clarify-00 X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Apr 2018 22:00:07 -0000 > We have also received some comments as part of the last call > review. Randy, please post an updated draft. i believe that the -01 in the repo already addressed the comments randy From nobody Thu Apr 26 07:44:43 2018 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0069012DA19; Thu, 26 Apr 2018 07:44:42 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.51 X-Spam-Level: X-Spam-Status: No, score=-14.51 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CX-miBlFxJoS; Thu, 26 Apr 2018 07:44:39 -0700 (PDT) Received: from alln-iport-4.cisco.com (alln-iport-4.cisco.com [173.37.142.91]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4D15D12DA15; Thu, 26 Apr 2018 07:44:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=3770; q=dns/txt; s=iport; t=1524753879; x=1525963479; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=SR7CwxSIRmVWudPySPsepzZBJ9aThgTsENmdoPGVodU=; b=TBHQXoC9/5idkTcPc5WIAPzswt4SPr9Ijmln/LzH1tDgd1Cy8xzVIOMs wyYTtQiKeJ17vNDBnM4/DizQ1Q4XBD/wZIosF+15mm7i8cF7+SiB2uJq0 2sSBt7MBIbhkfLpnCWPD7q//4iUi5fllgplfx9oYstk6e123d1cwYStTY E=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0C7AgD35OFa/51dJa1bGQEBAQEBAQE?= =?us-ascii?q?BAQEBAQcBAQEBAYNDYXoog2uUeYFTIYEPkxMUgWQLGAuEA0YCGoIpITUXAQI?= =?us-ascii?q?BAQEBAQECbBwMhSIBAQEBAgEBARsGEToJAgULAgEIEQMBAgECAiYCAgIlCxU?= =?us-ascii?q?ICAIEDgWFBwgPp2+CHIhFgkWBCYcIgVQ/gQ8jDIJcgxEBAQIBARaBDoM4MII?= =?us-ascii?q?kAocSH4Rci3wIAoVhiGWBNTyDJIdAiT2GVwIREwGBJAEdATaBUnAVGiEqAYI?= =?us-ascii?q?YCYIXF4hZhT5vAZErAQE?= X-IronPort-AV: E=Sophos;i="5.49,330,1520899200"; d="scan'208";a="105431455" Received: from rcdn-core-6.cisco.com ([173.37.93.157]) by alln-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 26 Apr 2018 14:44:38 +0000 Received: from XCH-ALN-012.cisco.com (xch-aln-012.cisco.com [173.36.7.22]) by rcdn-core-6.cisco.com (8.14.5/8.14.5) with ESMTP id w3QEicQk030099 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 26 Apr 2018 14:44:38 GMT Received: from xch-aln-014.cisco.com (173.36.7.24) by XCH-ALN-012.cisco.com (173.36.7.22) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Thu, 26 Apr 2018 09:44:37 -0500 Received: from xch-aln-014.cisco.com ([173.36.7.24]) by XCH-ALN-014.cisco.com ([173.36.7.24]) with mapi id 15.00.1320.000; Thu, 26 Apr 2018 09:44:37 -0500 From: "Jakob Heitz (jheitz)" To: Job Snijders CC: "sidrops@ietf.org" , "draft-yossigi-rpkimaxlen@ietf.org" , Ben Maddison Thread-Topic: [Sidrops] Fwd: New Version Notification for draft-yossigi-rpkimaxlen-02.txt Thread-Index: AQHTtK3pLlXpl/gxGEiOfL1fbT5AiKQTxKaA Date: Thu, 26 Apr 2018 14:44:37 +0000 Message-ID: <26AE9229-169A-4349-9DE2-1614DEED0269@cisco.com> References: <152027339832.14543.8814801305512518546.idtracker@ietfa.amsl.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted Content-Type: text/plain; charset="utf-8" Content-ID: <14AEB8AA2BD65647AAFEFBFB0F0501B6@emea.cisco.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 Archived-At: Subject: Re: [Sidrops] Fwd: New Version Notification for draft-yossigi-rpkimaxlen-02.txt X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Apr 2018 14:44:42 -0000 VGhpcyBpcyBnb2luZyB0byBtYWtlIHRoZSBST0EgdGFibGUgYXMgbGFyZ2UgYXMgdGhlIEJHUCB0 YWJsZS4gVGhlIFJPQSB0YWJsZSBtdXN0IGJlIHN0b3JlZCBpbiByb3V0ZXJzLCBzb21lIG9mIHdo aWNoIGFyZSBhbHJlYWR5IG1lbW9yeSBjaGFsbGVuZ2VkLg0KSW5zdGVhZCBvZiByZW1vdmluZyBt YXhsZW4gZnJvbSBSUEtJLCB3b3VsZG7igJl0IGl0IGJlIGJldHRlciB0byBhZGQgYSBtYXhsZW4g dG8gQkdQPw0KVGhlbiB3ZSBjb3VsZCByZWR1Y2UgdGhlIHNpemUgb2YgdGhlIEJHUCB0YWJsZSBp bnN0ZWFkIG9mIGdyb3dpbmcgdGhlIFJPQSB0YWJsZS4NCg0KSSBzYWlkIHRoaXMgeWVhcnMgYWdv LCBidXQgSeKAmWxsIHNheSBpdCBhZ2Fpbi4NCklmIHlvdSBvd24gYSBwcmVmaXggbWF0Y2hlZCBi eSBhIFJPQSwgdGhlbiB5b3UgTVVTVCBhbm5vdW5jZSBpdCBpbiBCR1AuDQpJZiB5b3Ugb3duIGEg cHJlZml4IHRoYXQgeW91IGRvbuKAmXQgd2FudCB0byBhbm5vdW5jZSBpbiBCR1AsIHRoZW4geW91 IFNIT1VMRCBpc3N1ZSBhIFJPQSB0aGF0IGFzc29jaWF0ZXMgdGhhdCBwcmVmaXggd2l0aCBBUzAu IFRoZW4gbm9ib2R5IGNhbiBhbm5vdW5jZSBpdC4NCg0KVGhhbmtzLA0KSmFrb2IuDQoNCg0KPiBP biBNYXIgNSwgMjAxOCwgYXQgMTA6MTUgQU0sIEpvYiBTbmlqZGVycyA8am9iQG50dC5uZXQ+IHdy b3RlOg0KPiANCj4gRGVhciB3b3JraW5nIGdyb3VwLA0KPiANCj4gVGhpcyBkb2N1bWVudCBoYXMg Z29uZSB0aHJvdWdoIGEgbnVtYmVyIG9mIHJldmlzaW9ucyBvdXRzaWRlIHRoZSB3b3JraW5nIGdy b3VwLg0KPiANCj4gQXMgYXV0aG9ycyB3ZSB0aGluayBpdCBtYXkgYmUgdGltZSB0byBjb25zaWRl ciBhIGNhbGwgZm9yIGFkb3B0aW9uIGFuZA0KPiBjb250aW51ZSB3b3JrIG9uIHRoaXMgZG9jdW1l bnQgaW4gY29udGV4dCBvZiB0aGUgd29ya2luZyBncm91cC4NCj4gDQo+IFRob3VnaHRzPw0KPiAN Cj4gS2luZCByZWdhcmRzLA0KPiANCj4gSm9iDQo+IA0KPiANCj4gLS0tLS0tLS0tLSBGb3J3YXJk ZWQgbWVzc2FnZSAtLS0tLS0tLS0tDQo+IEZyb206ICA8aW50ZXJuZXQtZHJhZnRzQGlldGYub3Jn Pg0KPiBEYXRlOiBNb24sIE1hciA1LCAyMDE4IGF0IDc6MDkgUE0NCj4gU3ViamVjdDogTmV3IFZl cnNpb24gTm90aWZpY2F0aW9uIGZvciBkcmFmdC15b3NzaWdpLXJwa2ltYXhsZW4tMDIudHh0DQo+ IFRvOiBKb2IgU25pamRlcnMgPGpvYkBudHQubmV0PiwgS290aWthbGFwdWRpIFNyaXJhbQ0KPiA8 a290aWthbGFwdWRpLnNyaXJhbUBuaXN0Lmdvdj4sIEJlbiBNYWRkaXNvbiA8YmVubUB3b3Jrb25s aW5lLmNvLnphPiwNCj4gWW9zc2kgR2lsYWQgPHlvc3NpZ2lAYnUuZWR1PiwgU2hhcm9uIEdvbGRi ZXJnIDxnb2xkYmVAY3MuYnUuZWR1Pg0KPiANCj4gQSBuZXcgdmVyc2lvbiBvZiBJLUQsIGRyYWZ0 LXlvc3NpZ2ktcnBraW1heGxlbi0wMi50eHQNCj4gaGFzIGJlZW4gc3VjY2Vzc2Z1bGx5IHN1Ym1p dHRlZCBieSBKb2IgU25pamRlcnMgYW5kIHBvc3RlZCB0byB0aGUNCj4gSUVURiByZXBvc2l0b3J5 Lg0KPiANCj4gTmFtZTogICAgICAgICAgIGRyYWZ0LXlvc3NpZ2ktcnBraW1heGxlbg0KPiBSZXZp c2lvbjogICAgICAgMDINCj4gVGl0bGU6ICAgICAgICAgIFRoZSBVc2Ugb2YgTWF4bGVuZ3RoIGlu IHRoZSBSUEtJDQo+IERvY3VtZW50IGRhdGU6ICAyMDE4LTAzLTA1DQo+IEdyb3VwOiAgICAgICAg ICBJbmRpdmlkdWFsIFN1Ym1pc3Npb24NCj4gUGFnZXM6ICAgICAgICAgIDEwDQo+IFVSTDoNCj4g aHR0cHM6Ly93d3cuaWV0Zi5vcmcvaW50ZXJuZXQtZHJhZnRzL2RyYWZ0LXlvc3NpZ2ktcnBraW1h eGxlbi0wMi50eHQNCj4gU3RhdHVzOiAgICAgICAgIGh0dHBzOi8vZGF0YXRyYWNrZXIuaWV0Zi5v cmcvZG9jL2RyYWZ0LXlvc3NpZ2ktcnBraW1heGxlbi8NCj4gSHRtbGl6ZWQ6ICAgICAgIGh0dHBz Oi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9kcmFmdC15b3NzaWdpLXJwa2ltYXhsZW4tMDINCj4gSHRt bGl6ZWQ6DQo+IGh0dHBzOi8vZGF0YXRyYWNrZXIuaWV0Zi5vcmcvZG9jL2h0bWwvZHJhZnQteW9z c2lnaS1ycGtpbWF4bGVuLTAyDQo+IERpZmY6ICAgICAgICAgICBodHRwczovL3d3dy5pZXRmLm9y Zy9yZmNkaWZmP3VybDI9ZHJhZnQteW9zc2lnaS1ycGtpbWF4bGVuLTAyDQo+IA0KPiBBYnN0cmFj dDoNCj4gICBUaGlzIGRvY3VtZW50IHJlY29tbWVuZHMgdGhhdCBvcGVyYXRvcnMgYXZvaWQgdXNp bmcgdGhlIG1heExlbmd0aA0KPiAgIGF0dHJpYnV0ZSB3aGVuIGlzc3VpbmcgUm91dGUgT3JpZ2lu IEF1dGhvcml6YXRpb25zIChST0FzKSBpbiB0aGUNCj4gICBSZXNvdXJjZSBQdWJsaWMgS2V5IElu ZnJhc3RydWN0dXJlIChSUEtJKS4gIFRoZXNlIHJlY29tbWVuZGF0aW9ucw0KPiAgIGNvbXBsZW1l bnQgdGhvc2UgaW4gW1JGQzcxMTVdLg0KPiANCj4gDQo+IFBsZWFzZSBub3RlIHRoYXQgaXQgbWF5 IHRha2UgYSBjb3VwbGUgb2YgbWludXRlcyBmcm9tIHRoZSB0aW1lIG9mIHN1Ym1pc3Npb24NCj4g dW50aWwgdGhlIGh0bWxpemVkIHZlcnNpb24gYW5kIGRpZmYgYXJlIGF2YWlsYWJsZSBhdCB0b29s cy5pZXRmLm9yZy4NCj4gDQo+IFRoZSBJRVRGIFNlY3JldGFyaWF0DQo+IA0KPiBfX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXw0KPiBTaWRyb3BzIG1haWxpbmcg bGlzdA0KPiBTaWRyb3BzQGlldGYub3JnDQo+IGh0dHBzOi8vd3d3LmlldGYub3JnL21haWxtYW4v bGlzdGluZm8vc2lkcm9wcw0K From nobody Thu Apr 26 10:32:33 2018 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 98BB612778E for ; Thu, 26 Apr 2018 10:32:31 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.901 X-Spam-Level: X-Spam-Status: No, score=-6.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aTL-s_vRmnzw for ; Thu, 26 Apr 2018 10:32:30 -0700 (PDT) Received: from ran.psg.com (ran.psg.com [IPv6:2001:418:8006::18]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 42824124205 for ; Thu, 26 Apr 2018 10:32:30 -0700 (PDT) Received: from localhost ([127.0.0.1] helo=ryuu.rg.net) by ran.psg.com with esmtp (Exim 4.86_2) (envelope-from ) id 1fBkku-0001Vq-9A; Thu, 26 Apr 2018 17:32:28 +0000 Date: Thu, 26 Apr 2018 10:32:27 -0700 Message-ID: From: Randy Bush To: Jakob Heitz Cc: SIDR Operations WG In-Reply-To: <26AE9229-169A-4349-9DE2-1614DEED0269@cisco.com> References: <152027339832.14543.8814801305512518546.idtracker@ietfa.amsl.com> <26AE9229-169A-4349-9DE2-1614DEED0269@cisco.com> User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/25.3 Mule/6.0 (HANACHIRUSATO) MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") Content-Type: text/plain; charset=ISO-8859-7 Content-Transfer-Encoding: quoted-printable Archived-At: Subject: Re: [Sidrops] Fwd: New Version Notification for draft-yossigi-rpkimaxlen-02.txt X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Apr 2018 17:32:31 -0000 > If you own a prefix matched by a ROA, then you MUST announce it in > BGP. why? > If you own a prefix that you don=A2t want to announce in BGP, then you > SHOULD issue a ROA that associates that prefix with AS0. Then nobody > can announce it. except that is not true. as0 is not trump; there can be other better matching (or not) roas. randy From nobody Thu Apr 26 10:34:01 2018 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A4AF412783A for ; Thu, 26 Apr 2018 10:34:00 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.6 X-Spam-Level: X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e9J5Jpf_RcQA for ; Thu, 26 Apr 2018 10:33:59 -0700 (PDT) Received: from mail3.mlpsca01.us.to.gin.ntt.net (mail3.mlpsca01.us.to.gin.ntt.net [IPv6:2001:418:3ff:3::22]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 33135124205 for ; Thu, 26 Apr 2018 10:33:59 -0700 (PDT) Received: by mail3.mlpsca01.us.to.gin.ntt.net with esmtpsa (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.90_1) (envelope-from ) id 1fBkmM-000CRF-NP (job@us.ntt.net) for sidrops@ietf.org; Thu, 26 Apr 2018 17:33:58 +0000 Received: by mail-oi0-f43.google.com with SMTP id e80-v6so17429908oig.11 for ; Thu, 26 Apr 2018 10:33:58 -0700 (PDT) X-Gm-Message-State: ALQs6tBvLbrMHfcZ2A3+Ns4xgdrGIFVFJxbFdbuXw2hxBblf+S6xwi1c wdNUEg1Y+wEMVr0jne5ia7hoB4Ypj3bkeGC1XL+Epw== X-Google-Smtp-Source: AIpwx4/gK59LH30xVoDovwOzDSVntaob+wY79EaFodBAPX+i8cZyLzervnDQ4H5uWiaWCOG70btez0R1Uf2Aj7Rrfk8= X-Received: by 2002:aca:51ce:: with SMTP id f197-v6mr22010255oib.32.1524764037932; Thu, 26 Apr 2018 10:33:57 -0700 (PDT) MIME-Version: 1.0 References: <152027339832.14543.8814801305512518546.idtracker@ietfa.amsl.com> <26AE9229-169A-4349-9DE2-1614DEED0269@cisco.com> In-Reply-To: <26AE9229-169A-4349-9DE2-1614DEED0269@cisco.com> From: Job Snijders Date: Thu, 26 Apr 2018 17:33:47 +0000 X-Gmail-Original-Message-ID: Message-ID: To: "Jakob Heitz (jheitz)" Cc: Ben Maddison , "draft-yossigi-rpkimaxlen@ietf.org" , "sidrops@ietf.org" Content-Type: multipart/alternative; boundary="000000000000d900e4056ac3ca83" Archived-At: Subject: Re: [Sidrops] Fwd: New Version Notification for draft-yossigi-rpkimaxlen-02.txt X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Apr 2018 17:34:00 -0000 --000000000000d900e4056ac3ca83 Content-Type: text/plain; charset="UTF-8" On Thu, Apr 26, 2018 at 02:44:37PM +0000, Jakob Heitz (jheitz) wrote: > This is going to make the ROA table as large as the BGP table. What is the problem? Job --000000000000d900e4056ac3ca83 Content-Type: text/html; charset="UTF-8"
On Thu, Apr 26, 2018 at 02:44:37PM +0000, Jakob Heitz (jheitz) wrote:
> This is going to make the ROA table as large as the BGP table.

What is the problem?

Job
--000000000000d900e4056ac3ca83-- From nobody Thu Apr 26 10:35:29 2018 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 23ABA12778E; Thu, 26 Apr 2018 10:35:27 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.509 X-Spam-Level: X-Spam-Status: No, score=-14.509 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id m0Os1H20kvWK; Thu, 26 Apr 2018 10:35:25 -0700 (PDT) Received: from rcdn-iport-3.cisco.com (rcdn-iport-3.cisco.com [173.37.86.74]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5BDB6124205; Thu, 26 Apr 2018 10:35:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=7014; q=dns/txt; s=iport; t=1524764125; x=1525973725; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=c86aEDNG41W5j7sG+C+gpcjnacQpHMFmhSR6wNjLElg=; b=iI6ooHEE1tbxBGzgJQnUpYWe1VTFadaa52FDlrW9t94xYGzx40FjU01b J5DI7FwWyPp2KLz0ZpRMRWdwS/z4z1XBvfTLFS2aGqX1kv33uMIIp1qrK eAOnRMxsKaW4MzJxIqFPaYit7083NvjqrvZNJkZ6Kf3X9ZvLySfrlnlYf E=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0BUAQDDDOJa/4ENJK1bGQEBAQEBAQE?= =?us-ascii?q?BAQEBAQcBAQEBAYJNdmEXYygKg2GIAox4gXSBD44jhHCBeAuEbAIagi4hNBg?= =?us-ascii?q?BAgEBAQEBAQJsKIUiAQEBAQMjCkoCEAIBCBEEAQEBKgICAjAdCAIEDgUIhCN?= =?us-ascii?q?kqDaCHIhGgkWIEYFUP4QahQqCaYJUApgJCAKOPoxdkBQCERMBgSQBHDiBUnA?= =?us-ascii?q?Vgn6QTm+QHIEYAQE?= X-IronPort-AV: E=Sophos;i="5.49,331,1520899200"; d="scan'208,217";a="376622543" Received: from alln-core-9.cisco.com ([173.36.13.129]) by rcdn-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 26 Apr 2018 17:35:24 +0000 Received: from xch-rcd-011.cisco.com (xch-rcd-011.cisco.com [173.37.102.21]) by alln-core-9.cisco.com (8.14.5/8.14.5) with ESMTP id w3QHZOBU012723 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 26 Apr 2018 17:35:24 GMT Received: from xch-aln-014.cisco.com (173.36.7.24) by XCH-RCD-011.cisco.com (173.37.102.21) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Thu, 26 Apr 2018 12:35:23 -0500 Received: from xch-aln-014.cisco.com ([173.36.7.24]) by XCH-ALN-014.cisco.com ([173.36.7.24]) with mapi id 15.00.1320.000; Thu, 26 Apr 2018 12:35:23 -0500 From: "Jakob Heitz (jheitz)" To: Job Snijders CC: Ben Maddison , "draft-yossigi-rpkimaxlen@ietf.org" , "sidrops@ietf.org" Thread-Topic: [Sidrops] Fwd: New Version Notification for draft-yossigi-rpkimaxlen-02.txt Thread-Index: AQHTtK3pLlXpl/gxGEiOfL1fbT5AiKQTxKaAgAAvRoD//6x3oA== Date: Thu, 26 Apr 2018 17:35:23 +0000 Message-ID: References: <152027339832.14543.8814801305512518546.idtracker@ietfa.amsl.com> <26AE9229-169A-4349-9DE2-1614DEED0269@cisco.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.24.46.115] Content-Type: multipart/alternative; boundary="_000_c59579b4549d490882424c1212071f7eXCHALN014ciscocom_" MIME-Version: 1.0 Archived-At: Subject: Re: [Sidrops] Fwd: New Version Notification for draft-yossigi-rpkimaxlen-02.txt X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Apr 2018 17:35:27 -0000 --_000_c59579b4549d490882424c1212071f7eXCHALN014ciscocom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 VGhlIHBhcnQgdGhhdCB5b3Ugc25pcHBlZDoNCg0KVGhlIFJPQSB0YWJsZSBtdXN0IGJlIHN0b3Jl ZCBpbiByb3V0ZXJzLCBzb21lIG9mIHdoaWNoIGFyZSBhbHJlYWR5IG1lbW9yeSBjaGFsbGVuZ2Vk Lg0KDQpUaGFua3MsDQpKYWtvYg0KDQpGcm9tOiBKb2IgU25pamRlcnMgPGpvYkBudHQubmV0Pg0K U2VudDogVGh1cnNkYXksIEFwcmlsIDI2LCAyMDE4IDEwOjM0IEFNDQpUbzogSmFrb2IgSGVpdHog KGpoZWl0eikgPGpoZWl0ekBjaXNjby5jb20+DQpDYzogQmVuIE1hZGRpc29uIDxiZW5tQHdvcmtv bmxpbmUuY28uemE+OyBkcmFmdC15b3NzaWdpLXJwa2ltYXhsZW5AaWV0Zi5vcmc7IHNpZHJvcHNA aWV0Zi5vcmcNClN1YmplY3Q6IFJlOiBbU2lkcm9wc10gRndkOiBOZXcgVmVyc2lvbiBOb3RpZmlj YXRpb24gZm9yIGRyYWZ0LXlvc3NpZ2ktcnBraW1heGxlbi0wMi50eHQNCg0KT24gVGh1LCBBcHIg MjYsIDIwMTggYXQgMDI6NDQ6MzdQTSArMDAwMCwgSmFrb2IgSGVpdHogKGpoZWl0eikgd3JvdGU6 DQo+IFRoaXMgaXMgZ29pbmcgdG8gbWFrZSB0aGUgUk9BIHRhYmxlIGFzIGxhcmdlIGFzIHRoZSBC R1AgdGFibGUuDQpXaGF0IGlzIHRoZSBwcm9ibGVtPw0KDQpKb2INCg== --_000_c59579b4549d490882424c1212071f7eXCHALN014ciscocom_ Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTUgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxl PjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6 IkNhbWJyaWEgTWF0aCI7DQoJcGFub3NlLTE6MiA0IDUgMyA1IDQgNiAzIDIgNDt9DQpAZm9udC1m YWNlDQoJe2ZvbnQtZmFtaWx5OkRlbmdYaWFuOw0KCXBhbm9zZS0xOjIgMSA2IDAgMyAxIDEgMSAx IDE7fQ0KQGZvbnQtZmFjZQ0KCXtmb250LWZhbWlseTpDYWxpYnJpOw0KCXBhbm9zZS0xOjIgMTUg NSAyIDIgMiA0IDMgMiA0O30NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6Ikx1Y2lkYSBDb25z b2xlIjsNCglwYW5vc2UtMToyIDExIDYgOSA0IDUgNCAyIDIgNDt9DQpAZm9udC1mYWNlDQoJe2Zv bnQtZmFtaWx5OiJcQERlbmdYaWFuIjsNCglwYW5vc2UtMToyIDEgNiAwIDMgMSAxIDEgMSAxO30N Ci8qIFN0eWxlIERlZmluaXRpb25zICovDQpwLk1zb05vcm1hbCwgbGkuTXNvTm9ybWFsLCBkaXYu TXNvTm9ybWFsDQoJe21hcmdpbjowaW47DQoJbWFyZ2luLWJvdHRvbTouMDAwMXB0Ow0KCWZvbnQt c2l6ZToxMi4wcHQ7DQoJZm9udC1mYW1pbHk6IlRpbWVzIE5ldyBSb21hbiIsc2VyaWY7fQ0KYTps aW5rLCBzcGFuLk1zb0h5cGVybGluaw0KCXttc28tc3R5bGUtcHJpb3JpdHk6OTk7DQoJY29sb3I6 IzA1NjNDMTsNCgl0ZXh0LWRlY29yYXRpb246dW5kZXJsaW5lO30NCmE6dmlzaXRlZCwgc3Bhbi5N c29IeXBlcmxpbmtGb2xsb3dlZA0KCXttc28tc3R5bGUtcHJpb3JpdHk6OTk7DQoJY29sb3I6Izk1 NEY3MjsNCgl0ZXh0LWRlY29yYXRpb246dW5kZXJsaW5lO30NCnAuTXNvUGxhaW5UZXh0LCBsaS5N c29QbGFpblRleHQsIGRpdi5Nc29QbGFpblRleHQNCgl7bXNvLXN0eWxlLXByaW9yaXR5Ojk5Ow0K CW1zby1zdHlsZS1saW5rOiJQbGFpbiBUZXh0IENoYXIiOw0KCW1hcmdpbjowaW47DQoJbWFyZ2lu LWJvdHRvbTouMDAwMXB0Ow0KCWZvbnQtc2l6ZTo5LjBwdDsNCglmb250LWZhbWlseToiTHVjaWRh IENvbnNvbGUiO30NCnAubXNvbm9ybWFsMCwgbGkubXNvbm9ybWFsMCwgZGl2Lm1zb25vcm1hbDAN Cgl7bXNvLXN0eWxlLW5hbWU6bXNvbm9ybWFsOw0KCW1zby1tYXJnaW4tdG9wLWFsdDphdXRvOw0K CW1hcmdpbi1yaWdodDowaW47DQoJbXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG87DQoJbWFyZ2lu LWxlZnQ6MGluOw0KCWZvbnQtc2l6ZToxMi4wcHQ7DQoJZm9udC1mYW1pbHk6IlRpbWVzIE5ldyBS b21hbiIsc2VyaWY7fQ0Kc3Bhbi5FbWFpbFN0eWxlMTgNCgl7bXNvLXN0eWxlLXR5cGU6cGVyc29u YWwtcmVwbHk7DQoJZm9udC1mYW1pbHk6IkNvdXJpZXIgTmV3IjsNCgljb2xvcjojNzAzMEEwO30N CnNwYW4uUGxhaW5UZXh0Q2hhcg0KCXttc28tc3R5bGUtbmFtZToiUGxhaW4gVGV4dCBDaGFyIjsN Cgltc28tc3R5bGUtcHJpb3JpdHk6OTk7DQoJbXNvLXN0eWxlLWxpbms6IlBsYWluIFRleHQiOw0K CWZvbnQtZmFtaWx5OiJMdWNpZGEgQ29uc29sZSI7fQ0KLk1zb0NocERlZmF1bHQNCgl7bXNvLXN0 eWxlLXR5cGU6ZXhwb3J0LW9ubHk7DQoJZm9udC1mYW1pbHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7 fQ0KQHBhZ2UgV29yZFNlY3Rpb24xDQoJe3NpemU6OC41aW4gMTEuMGluOw0KCW1hcmdpbjoxLjBp biAxLjBpbiAxLjBpbiAxLjBpbjt9DQpkaXYuV29yZFNlY3Rpb24xDQoJe3BhZ2U6V29yZFNlY3Rp b24xO30NCi0tPjwvc3R5bGU+PCEtLVtpZiBndGUgbXNvIDldPjx4bWw+DQo8bzpzaGFwZWRlZmF1 bHRzIHY6ZXh0PSJlZGl0IiBzcGlkbWF4PSIxMDI2IiAvPg0KPC94bWw+PCFbZW5kaWZdLS0+PCEt LVtpZiBndGUgbXNvIDldPjx4bWw+DQo8bzpzaGFwZWxheW91dCB2OmV4dD0iZWRpdCI+DQo8bzpp ZG1hcCB2OmV4dD0iZWRpdCIgZGF0YT0iMSIgLz4NCjwvbzpzaGFwZWxheW91dD48L3htbD48IVtl bmRpZl0tLT4NCjwvaGVhZD4NCjxib2R5IGxhbmc9IkVOLVVTIiBsaW5rPSIjMDU2M0MxIiB2bGlu az0iIzk1NEY3MiI+DQo8ZGl2IGNsYXNzPSJXb3JkU2VjdGlvbjEiPg0KPHAgY2xhc3M9Ik1zb05v cm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q291 cmllciBOZXcmcXVvdDs7Y29sb3I6IzcwMzBBMCI+VGhlIHBhcnQgdGhhdCB5b3Ugc25pcHBlZDo8 bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij5UaGUgUk9BIHRh YmxlIG11c3QgYmUgc3RvcmVkIGluIHJvdXRlcnMsIHNvbWUgb2Ygd2hpY2ggYXJlIGFscmVhZHkg bWVtb3J5IGNoYWxsZW5nZWQuPG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48 c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjBwdDtmb250LWZhbWlseTomcXVvdDtDb3VyaWVyIE5l dyZxdW90Oztjb2xvcjojNzAzMEEwIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjBwdDtmb250LWZhbWls eTomcXVvdDtDb3VyaWVyIE5ldyZxdW90Oztjb2xvcjojNzAzMEEwIj5UaGFua3MsPG86cD48L286 cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6 ZToxMC4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q291cmllciBOZXcmcXVvdDs7Y29sb3I6IzcwMzBB MCI+SmFrb2I8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3Bh biBzdHlsZT0iZm9udC1zaXplOjEwLjBwdDtmb250LWZhbWlseTomcXVvdDtDb3VyaWVyIE5ldyZx dW90Oztjb2xvcjojNzAzMEEwIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIj48Yj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWls eTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWYiPkZyb206PC9zcGFuPjwvYj48c3BhbiBz dHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNh bnMtc2VyaWYiPiBKb2IgU25pamRlcnMgJmx0O2pvYkBudHQubmV0Jmd0Ow0KPGJyPg0KPGI+U2Vu dDo8L2I+IFRodXJzZGF5LCBBcHJpbCAyNiwgMjAxOCAxMDozNCBBTTxicj4NCjxiPlRvOjwvYj4g SmFrb2IgSGVpdHogKGpoZWl0eikgJmx0O2poZWl0ekBjaXNjby5jb20mZ3Q7PGJyPg0KPGI+Q2M6 PC9iPiBCZW4gTWFkZGlzb24gJmx0O2Jlbm1Ad29ya29ubGluZS5jby56YSZndDs7IGRyYWZ0LXlv c3NpZ2ktcnBraW1heGxlbkBpZXRmLm9yZzsgc2lkcm9wc0BpZXRmLm9yZzxicj4NCjxiPlN1Ympl Y3Q6PC9iPiBSZTogW1NpZHJvcHNdIEZ3ZDogTmV3IFZlcnNpb24gTm90aWZpY2F0aW9uIGZvciBk cmFmdC15b3NzaWdpLXJwa2ltYXhsZW4tMDIudHh0PG86cD48L286cD48L3NwYW4+PC9wPg0KPHAg Y2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8ZGl2Pg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbi1ib3R0b206MTIuMHB0Ij5PbiBUaHUsIEFwciAyNiwg MjAxOCBhdCAwMjo0NDozN1BNICYjNDM7MDAwMCwgSmFrb2IgSGVpdHogKGpoZWl0eikgd3JvdGU6 PGJyPg0KJmd0OyBUaGlzIGlzIGdvaW5nIHRvIG1ha2UgdGhlIFJPQSB0YWJsZSBhcyBsYXJnZSBh cyB0aGUgQkdQIHRhYmxlLiA8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxkaXY+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIj5XaGF0IGlzIHRoZSBwcm9ibGVtPzxvOnA+PC9vOnA+PC9wPg0K PC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+ DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5Kb2I8bzpwPjwvbzpwPjwvcD4N CjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjwvYm9keT4NCjwvaHRtbD4NCg== --_000_c59579b4549d490882424c1212071f7eXCHALN014ciscocom_-- From nobody Thu Apr 26 10:43:24 2018 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7F353127871 for ; Thu, 26 Apr 2018 10:43:23 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UynhCwKBjbAh for ; Thu, 26 Apr 2018 10:43:22 -0700 (PDT) Received: from mail3.dllstx09.us.to.gin.ntt.net (mail3.dllstx09.us.to.gin.ntt.net [IPv6:2001:418:3ff:5::26]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2B2B812783A for ; Thu, 26 Apr 2018 10:43:21 -0700 (PDT) Received: by mail3.dllstx09.us.to.gin.ntt.net with esmtpsa (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.90_1) (envelope-from ) id 1fBkvR-0005hf-Io (job@us.ntt.net) for sidrops@ietf.org; Thu, 26 Apr 2018 17:43:21 +0000 Received: by mail-oi0-f51.google.com with SMTP id v2-v6so11131098oif.3 for ; Thu, 26 Apr 2018 10:43:21 -0700 (PDT) X-Gm-Message-State: ALQs6tBVuUHVPoQNwZco+VcL13fyPaEcWnuxQeMrF7TmUmkxhICmbIVm fTXrT9Fjp21TE/OjPOtqt38PJzoxcjgcNPsrsXh6Qw== X-Google-Smtp-Source: AIpwx49+S3XovFGzFalR5dYAc1GOv1ahxJ2IvBpkekL0WOLE35y0jPszKsSssMzlWjkqyjs7WRASAiTyC3IYQ8QSPcQ= X-Received: by 2002:aca:51ce:: with SMTP id f197-v6mr22029754oib.32.1524764601427; Thu, 26 Apr 2018 10:43:21 -0700 (PDT) MIME-Version: 1.0 References: <152027339832.14543.8814801305512518546.idtracker@ietfa.amsl.com> <26AE9229-169A-4349-9DE2-1614DEED0269@cisco.com> In-Reply-To: From: Job Snijders Date: Thu, 26 Apr 2018 17:43:11 +0000 X-Gmail-Original-Message-ID: Message-ID: To: "Jakob Heitz (jheitz)" Cc: Ben Maddison , Job Snijders , "draft-yossigi-rpkimaxlen@ietf.org" , "sidrops@ietf.org" Content-Type: multipart/alternative; boundary="0000000000006f3d4f056ac3ec66" Archived-At: Subject: Re: [Sidrops] Fwd: New Version Notification for draft-yossigi-rpkimaxlen-02.txt X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Apr 2018 17:43:23 -0000 --0000000000006f3d4f056ac3ec66 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Thu, 26 Apr 2018 at 19:35, Jakob Heitz (jheitz) wrote= : > The part that you snipped: > > The ROA table must be stored in routers, some of which are already memory > challenged. > If you can=E2=80=99t store 100 megabyte - what are you doing with a full ta= ble? I find it hard to consider this a serious argument in favor of Maxlength. Kind regards, Job --0000000000006f3d4f056ac3ec66 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Thu, 26 Apr 2018 at 19:35, Jakob Heitz (jheitz) <jheitz@cisco.com> wrote:

The part that you snipped:

<= div class=3D"m_5871283622722669401WordSection1">

The ROA table must be stored= in routers, some of which are already memory challenged.


If you can=E2=80= =99t store 100 megabyte - what are you doing with a full table? I find it h= ard to consider this a serious argument in favor of Maxlength.=C2=A0
<= div dir=3D"auto">
Kind regards,

Job
--0000000000006f3d4f056ac3ec66-- From nobody Thu Apr 26 13:05:30 2018 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9AF62128954; Thu, 26 Apr 2018 13:05:28 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.509 X-Spam-Level: X-Spam-Status: No, score=-14.509 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xYsnXtO7br3N; Thu, 26 Apr 2018 13:05:27 -0700 (PDT) Received: from alln-iport-3.cisco.com (alln-iport-3.cisco.com [173.37.142.90]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BEED6126C26; Thu, 26 Apr 2018 13:05:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=9052; q=dns/txt; s=iport; t=1524773126; x=1525982726; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=LO8ezPAAXT7G7fU/0ylwGErtVBXcmmyCWr6bsmw8Ufs=; b=FqJMWeeyz3SAxdqvhr3fIqxPxuPx4DLR1TJyjjMqT5DvpnEn69SUrJeq 8FUIgVJYZ8UnryYiHrh6ZHP4oxWJIu0TshxQqPITPWqbR4EKaz6kr2I03 9lr2Y/yyqFFYr2qxpY90mETGircRxUCi42AYL40zeznB+04MuO5tSlItN 0=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0BwAwDUL+Ja/4kNJK1bGQEBAQEBAQE?= =?us-ascii?q?BAQEBAQcBAQEBAYJNdmEXYygKg2GUe4F0gQ+OI4RwgXgLhGwCGoIuITYWAQI?= =?us-ascii?q?BAQEBAQECbCiFIgEBAQEDIwpKAhACAQgRBAEBKAMCAgIwFAkIAgQOBQiEI2S?= =?us-ascii?q?oSoIciEeCRYgRgVQ/hBqFCh+CSoJUApBxhxgIAo4+jF2QFAIREwGBJAEjCCm?= =?us-ascii?q?BUnAVgn6QTm+QHIEYAQE?= X-IronPort-AV: E=Sophos;i="5.49,332,1520899200"; d="scan'208,217";a="105918327" Received: from alln-core-4.cisco.com ([173.36.13.137]) by alln-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 26 Apr 2018 20:05:26 +0000 Received: from XCH-ALN-012.cisco.com (xch-aln-012.cisco.com [173.36.7.22]) by alln-core-4.cisco.com (8.14.5/8.14.5) with ESMTP id w3QK5Pup019791 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 26 Apr 2018 20:05:26 GMT Received: from xch-aln-014.cisco.com (173.36.7.24) by XCH-ALN-012.cisco.com (173.36.7.22) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Thu, 26 Apr 2018 15:05:25 -0500 Received: from xch-aln-014.cisco.com ([173.36.7.24]) by XCH-ALN-014.cisco.com ([173.36.7.24]) with mapi id 15.00.1320.000; Thu, 26 Apr 2018 15:05:25 -0500 From: "Jakob Heitz (jheitz)" To: Job Snijders CC: "draft-yossigi-rpkimaxlen@ietf.org" , Ben Maddison , "sidrops@ietf.org" Thread-Topic: [Sidrops] Fwd: New Version Notification for draft-yossigi-rpkimaxlen-02.txt Thread-Index: AQHTtK3pLlXpl/gxGEiOfL1fbT5AiKQTxKaAgAAvRoD//6x3oIAAVimA//+wwOA= Date: Thu, 26 Apr 2018 20:05:25 +0000 Message-ID: References: <152027339832.14543.8814801305512518546.idtracker@ietfa.amsl.com> <26AE9229-169A-4349-9DE2-1614DEED0269@cisco.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.24.46.115] Content-Type: multipart/alternative; boundary="_000_bd4d839c041045d39721ff39ff640c7cXCHALN014ciscocom_" MIME-Version: 1.0 Archived-At: Subject: Re: [Sidrops] Fwd: New Version Notification for draft-yossigi-rpkimaxlen-02.txt X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Apr 2018 20:05:28 -0000 --_000_bd4d839c041045d39721ff39ff640c7cXCHALN014ciscocom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 SSdkIHJhdGhlciBhZGQgYSBtYXhMZW5ndGggdG8gQkdQIHJvdXRlcyBhbmQgdXNlIHRoZSAxMDAg bWVnYWJ5dGVzIGZvciBzb21ldGhpbmcgZWxzZS4NCg0KSWYgeW91IGFkZGVkIGEgbWF4TGVuZ3Ro IHBhdGgtYXR0cmlidXRlIHRvIEJHUCByb3V0ZXMsIHlvdSBjb3VsZCBzb2x2ZSBhbGwgdGhlIHN1 YnByZWZpeA0KaGlqYWNrcyBpbiB0aGUgZHJhZnQuDQoNClRoYW5rcywNCkpha29iDQoNCkZyb206 IFNpZHJvcHMgPHNpZHJvcHMtYm91bmNlc0BpZXRmLm9yZz4gT24gQmVoYWxmIE9mIEpvYiBTbmlq ZGVycw0KU2VudDogVGh1cnNkYXksIEFwcmlsIDI2LCAyMDE4IDEwOjQzIEFNDQpUbzogSmFrb2Ig SGVpdHogKGpoZWl0eikgPGpoZWl0ekBjaXNjby5jb20+DQpDYzogZHJhZnQteW9zc2lnaS1ycGtp bWF4bGVuQGlldGYub3JnOyBCZW4gTWFkZGlzb24gPGJlbm1Ad29ya29ubGluZS5jby56YT47IHNp ZHJvcHNAaWV0Zi5vcmc7IEpvYiBTbmlqZGVycyA8am9iQG50dC5uZXQ+DQpTdWJqZWN0OiBSZTog W1NpZHJvcHNdIEZ3ZDogTmV3IFZlcnNpb24gTm90aWZpY2F0aW9uIGZvciBkcmFmdC15b3NzaWdp LXJwa2ltYXhsZW4tMDIudHh0DQoNCk9uIFRodSwgMjYgQXByIDIwMTggYXQgMTk6MzUsIEpha29i IEhlaXR6IChqaGVpdHopIDxqaGVpdHpAY2lzY28uY29tPG1haWx0bzpqaGVpdHpAY2lzY28uY29t Pj4gd3JvdGU6DQpUaGUgcGFydCB0aGF0IHlvdSBzbmlwcGVkOg0KDQpUaGUgUk9BIHRhYmxlIG11 c3QgYmUgc3RvcmVkIGluIHJvdXRlcnMsIHNvbWUgb2Ygd2hpY2ggYXJlIGFscmVhZHkgbWVtb3J5 IGNoYWxsZW5nZWQuDQoNCklmIHlvdSBjYW7igJl0IHN0b3JlIDEwMCBtZWdhYnl0ZSAtIHdoYXQg YXJlIHlvdSBkb2luZyB3aXRoIGEgZnVsbCB0YWJsZT8gSSBmaW5kIGl0IGhhcmQgdG8gY29uc2lk ZXIgdGhpcyBhIHNlcmlvdXMgYXJndW1lbnQgaW4gZmF2b3Igb2YgTWF4bGVuZ3RoLg0KDQpLaW5k IHJlZ2FyZHMsDQoNCkpvYg0K --_000_bd4d839c041045d39721ff39ff640c7cXCHALN014ciscocom_ Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTUgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxl PjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6 RGVuZ1hpYW47DQoJcGFub3NlLTE6MiAxIDYgMCAzIDEgMSAxIDEgMTt9DQpAZm9udC1mYWNlDQoJ e2ZvbnQtZmFtaWx5OkNhbGlicmk7DQoJcGFub3NlLTE6MiAxNSA1IDIgMiAyIDQgMyAyIDQ7fQ0K QGZvbnQtZmFjZQ0KCXtmb250LWZhbWlseToiXEBEZW5nWGlhbiI7DQoJcGFub3NlLTE6MiAxIDYg MCAzIDEgMSAxIDEgMTt9DQovKiBTdHlsZSBEZWZpbml0aW9ucyAqLw0KcC5Nc29Ob3JtYWwsIGxp Lk1zb05vcm1hbCwgZGl2Lk1zb05vcm1hbA0KCXttYXJnaW46MGluOw0KCW1hcmdpbi1ib3R0b206 LjAwMDFwdDsNCglmb250LXNpemU6MTIuMHB0Ow0KCWZvbnQtZmFtaWx5OiJUaW1lcyBOZXcgUm9t YW4iLHNlcmlmO30NCmE6bGluaywgc3Bhbi5Nc29IeXBlcmxpbmsNCgl7bXNvLXN0eWxlLXByaW9y aXR5Ojk5Ow0KCWNvbG9yOmJsdWU7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQphOnZp c2l0ZWQsIHNwYW4uTXNvSHlwZXJsaW5rRm9sbG93ZWQNCgl7bXNvLXN0eWxlLXByaW9yaXR5Ojk5 Ow0KCWNvbG9yOnB1cnBsZTsNCgl0ZXh0LWRlY29yYXRpb246dW5kZXJsaW5lO30NCnAubXNvbm9y bWFsMCwgbGkubXNvbm9ybWFsMCwgZGl2Lm1zb25vcm1hbDANCgl7bXNvLXN0eWxlLW5hbWU6bXNv bm9ybWFsOw0KCW1zby1tYXJnaW4tdG9wLWFsdDphdXRvOw0KCW1hcmdpbi1yaWdodDowaW47DQoJ bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG87DQoJbWFyZ2luLWxlZnQ6MGluOw0KCWZvbnQtc2l6 ZToxMi4wcHQ7DQoJZm9udC1mYW1pbHk6IlRpbWVzIE5ldyBSb21hbiIsc2VyaWY7fQ0KcC5tNTg3 MTI4MzYyMjcyMjY2OTQwMW1zb3BsYWludGV4dCwgbGkubTU4NzEyODM2MjI3MjI2Njk0MDFtc29w bGFpbnRleHQsIGRpdi5tNTg3MTI4MzYyMjcyMjY2OTQwMW1zb3BsYWludGV4dA0KCXttc28tc3R5 bGUtbmFtZTptXzU4NzEyODM2MjI3MjI2Njk0MDFtc29wbGFpbnRleHQ7DQoJbXNvLW1hcmdpbi10 b3AtYWx0OmF1dG87DQoJbWFyZ2luLXJpZ2h0OjBpbjsNCgltc28tbWFyZ2luLWJvdHRvbS1hbHQ6 YXV0bzsNCgltYXJnaW4tbGVmdDowaW47DQoJZm9udC1zaXplOjEyLjBwdDsNCglmb250LWZhbWls eToiVGltZXMgTmV3IFJvbWFuIixzZXJpZjt9DQpzcGFuLkVtYWlsU3R5bGUxOQ0KCXttc28tc3R5 bGUtdHlwZTpwZXJzb25hbC1yZXBseTsNCglmb250LWZhbWlseToiQ291cmllciBOZXciOw0KCWNv bG9yOiM3MDMwQTA7fQ0KLk1zb0NocERlZmF1bHQNCgl7bXNvLXN0eWxlLXR5cGU6ZXhwb3J0LW9u bHk7DQoJZm9udC1mYW1pbHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7fQ0KQHBhZ2UgV29yZFNlY3Rp b24xDQoJe3NpemU6OC41aW4gMTEuMGluOw0KCW1hcmdpbjoxLjBpbiAxLjBpbiAxLjBpbiAxLjBp bjt9DQpkaXYuV29yZFNlY3Rpb24xDQoJe3BhZ2U6V29yZFNlY3Rpb24xO30NCi0tPjwvc3R5bGU+ PCEtLVtpZiBndGUgbXNvIDldPjx4bWw+DQo8bzpzaGFwZWRlZmF1bHRzIHY6ZXh0PSJlZGl0IiBz cGlkbWF4PSIxMDI2IiAvPg0KPC94bWw+PCFbZW5kaWZdLS0+PCEtLVtpZiBndGUgbXNvIDldPjx4 bWw+DQo8bzpzaGFwZWxheW91dCB2OmV4dD0iZWRpdCI+DQo8bzppZG1hcCB2OmV4dD0iZWRpdCIg ZGF0YT0iMSIgLz4NCjwvbzpzaGFwZWxheW91dD48L3htbD48IVtlbmRpZl0tLT4NCjwvaGVhZD4N Cjxib2R5IGxhbmc9IkVOLVVTIiBsaW5rPSJibHVlIiB2bGluaz0icHVycGxlIj4NCjxkaXYgY2xh c3M9IldvcmRTZWN0aW9uMSI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9u dC1zaXplOjEwLjBwdDtmb250LWZhbWlseTomcXVvdDtDb3VyaWVyIE5ldyZxdW90Oztjb2xvcjoj NzAzMEEwIj5JJ2QgcmF0aGVyIGFkZCBhIG1heExlbmd0aCB0byBCR1Agcm91dGVzIGFuZCB1c2Ug dGhlIDEwMCBtZWdhYnl0ZXMgZm9yIHNvbWV0aGluZyBlbHNlLjxvOnA+PC9vOnA+PC9zcGFuPjwv cD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuMHB0O2Zv bnQtZmFtaWx5OiZxdW90O0NvdXJpZXIgTmV3JnF1b3Q7O2NvbG9yOiM3MDMwQTAiPjxvOnA+Jm5i c3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJm b250LXNpemU6MTAuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NvdXJpZXIgTmV3JnF1b3Q7O2NvbG9y OiM3MDMwQTAiPklmIHlvdSBhZGRlZCBhIG1heExlbmd0aCBwYXRoLWF0dHJpYnV0ZSB0byBCR1Ag cm91dGVzLCB5b3UgY291bGQgc29sdmUgYWxsIHRoZSBzdWJwcmVmaXg8bzpwPjwvbzpwPjwvc3Bh bj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjBw dDtmb250LWZhbWlseTomcXVvdDtDb3VyaWVyIE5ldyZxdW90Oztjb2xvcjojNzAzMEEwIj5oaWph Y2tzIGluIHRoZSBkcmFmdC48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9y bWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjBwdDtmb250LWZhbWlseTomcXVvdDtDb3Vy aWVyIE5ldyZxdW90Oztjb2xvcjojNzAzMEEwIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjBwdDtmb250 LWZhbWlseTomcXVvdDtDb3VyaWVyIE5ldyZxdW90Oztjb2xvcjojNzAzMEEwIj5UaGFua3MsPG86 cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZv bnQtc2l6ZToxMC4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q291cmllciBOZXcmcXVvdDs7Y29sb3I6 IzcwMzBBMCI+SmFrb2I8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFs Ij48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjBwdDtmb250LWZhbWlseTomcXVvdDtDb3VyaWVy IE5ldyZxdW90Oztjb2xvcjojNzAzMEEwIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIj48Yj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250 LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWYiPkZyb206PC9zcGFuPjwvYj48 c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1 b3Q7LHNhbnMtc2VyaWYiPiBTaWRyb3BzICZsdDtzaWRyb3BzLWJvdW5jZXNAaWV0Zi5vcmcmZ3Q7 DQo8Yj5PbiBCZWhhbGYgT2YgPC9iPkpvYiBTbmlqZGVyczxicj4NCjxiPlNlbnQ6PC9iPiBUaHVy c2RheSwgQXByaWwgMjYsIDIwMTggMTA6NDMgQU08YnI+DQo8Yj5Ubzo8L2I+IEpha29iIEhlaXR6 IChqaGVpdHopICZsdDtqaGVpdHpAY2lzY28uY29tJmd0Ozxicj4NCjxiPkNjOjwvYj4gZHJhZnQt eW9zc2lnaS1ycGtpbWF4bGVuQGlldGYub3JnOyBCZW4gTWFkZGlzb24gJmx0O2Jlbm1Ad29ya29u bGluZS5jby56YSZndDs7IHNpZHJvcHNAaWV0Zi5vcmc7IEpvYiBTbmlqZGVycyAmbHQ7am9iQG50 dC5uZXQmZ3Q7PGJyPg0KPGI+U3ViamVjdDo8L2I+IFJlOiBbU2lkcm9wc10gRndkOiBOZXcgVmVy c2lvbiBOb3RpZmljYXRpb24gZm9yIGRyYWZ0LXlvc3NpZ2ktcnBraW1heGxlbi0wMi50eHQ8bzpw PjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpw PjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPk9uIFRodSwgMjYgQXByIDIwMTggYXQgMTk6MzUs IEpha29iIEhlaXR6IChqaGVpdHopICZsdDs8YSBocmVmPSJtYWlsdG86amhlaXR6QGNpc2NvLmNv bSI+amhlaXR6QGNpc2NvLmNvbTwvYT4mZ3Q7IHdyb3RlOjxvOnA+PC9vOnA+PC9wPg0KPGRpdj4N CjxibG9ja3F1b3RlIHN0eWxlPSJib3JkZXI6bm9uZTtib3JkZXItbGVmdDpzb2xpZCAjQ0NDQ0ND IDEuMHB0O3BhZGRpbmc6MGluIDBpbiAwaW4gNi4wcHQ7bWFyZ2luLWxlZnQ6NC44cHQ7bWFyZ2lu LXJpZ2h0OjBpbiI+DQo8ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJt c28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4g c3R5bGU9ImZvbnQtc2l6ZToxMC4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q291cmllciBOZXcmcXVv dDs7Y29sb3I6IzcwMzBBMCI+VGhlIHBhcnQgdGhhdCB5b3Ugc25pcHBlZDo8L3NwYW4+PG86cD48 L286cD48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFzcz0ibTU4NzEy ODM2MjI3MjI2Njk0MDFtc29wbGFpbnRleHQiPlRoZSBST0EgdGFibGUgbXVzdCBiZSBzdG9yZWQg aW4gcm91dGVycywgc29tZSBvZiB3aGljaCBhcmUgYWxyZWFkeSBtZW1vcnkgY2hhbGxlbmdlZC48 bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Jsb2NrcXVvdGU+DQo8ZGl2Pg0KPHAg Y2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIj5JZiB5b3UgY2Fu4oCZdCBzdG9yZSAxMDAgbWVnYWJ5dGUgLSB3 aGF0IGFyZSB5b3UgZG9pbmcgd2l0aCBhIGZ1bGwgdGFibGU/IEkgZmluZCBpdCBoYXJkIHRvIGNv bnNpZGVyIHRoaXMgYSBzZXJpb3VzIGFyZ3VtZW50IGluIGZhdm9yIG9mIE1heGxlbmd0aC4mbmJz cDs8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxv OnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+ S2luZCByZWdhcmRzLDxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1z b05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0i TXNvTm9ybWFsIj5Kb2I8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjwv Ym9keT4NCjwvaHRtbD4NCg== --_000_bd4d839c041045d39721ff39ff640c7cXCHALN014ciscocom_-- From nobody Thu Apr 26 13:05:35 2018 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 47816129515 for ; Thu, 26 Apr 2018 13:05:30 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.51 X-Spam-Level: X-Spam-Status: No, score=-14.51 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xwSkg2y63nPj for ; Thu, 26 Apr 2018 13:05:29 -0700 (PDT) Received: from alln-iport-2.cisco.com (alln-iport-2.cisco.com [173.37.142.89]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 11A95128954 for ; Thu, 26 Apr 2018 13:05:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=803; q=dns/txt; s=iport; t=1524773128; x=1525982728; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=uO0osvE3ixAE//QVDL8Cdy+P1ZD7ae+HUkLt8bjrX88=; b=fAIQbsfcf1MjeRAQCDS8Fo5JVd/tC51oXIfSKXIRCo5RMuAj7ygnPXQH R/lfvXD5mW4fB7fhNZtOgOsyHaRG+FcKlzaUP/2vyMzSM/J3HXbXKaLiC 9yNmKZecyAEdR+ko0Sqp8TG16tg7fX/bbEP2b90ZBm80E3zsTCEAmZo4o c=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0C4AgCiMOJa/4gNJK1bGQEBAQEBAQE?= =?us-ascii?q?BAQEBAQcBAQEBAYNDgVsoCphcgXSBD5ULC4RsAoJIITcVAQIBAQEBAQECbCi?= =?us-ascii?q?FIgEBAQECAXcCBQcEAgEIFQIvMh0IAgQOBQiEfwiqZohHgkWFaYIogVQ/gQ+?= =?us-ascii?q?DC4pHAokhh1CHGAgCjj6MXZAUAhETAYEkATIigVJwFYJ+kE5vkByBGAEB?= X-IronPort-AV: E=Sophos;i="5.49,332,1520899200"; d="scan'208";a="105563304" Received: from alln-core-3.cisco.com ([173.36.13.136]) by alln-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 26 Apr 2018 20:05:27 +0000 Received: from XCH-RCD-015.cisco.com (xch-rcd-015.cisco.com [173.37.102.25]) by alln-core-3.cisco.com (8.14.5/8.14.5) with ESMTP id w3QK5SFX015126 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 26 Apr 2018 20:05:28 GMT Received: from xch-aln-014.cisco.com (173.36.7.24) by XCH-RCD-015.cisco.com (173.37.102.25) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Thu, 26 Apr 2018 15:05:28 -0500 Received: from xch-aln-014.cisco.com ([173.36.7.24]) by XCH-ALN-014.cisco.com ([173.36.7.24]) with mapi id 15.00.1320.000; Thu, 26 Apr 2018 15:05:27 -0500 From: "Jakob Heitz (jheitz)" To: Randy Bush CC: SIDR Operations WG Thread-Topic: [Sidrops] Fwd: New Version Notification for draft-yossigi-rpkimaxlen-02.txt Thread-Index: AQHTtK3pLlXpl/gxGEiOfL1fbT5AiKQTxKaAgAAu5oD//6ykcA== Date: Thu, 26 Apr 2018 20:05:27 +0000 Message-ID: References: <152027339832.14543.8814801305512518546.idtracker@ietfa.amsl.com> <26AE9229-169A-4349-9DE2-1614DEED0269@cisco.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.24.46.115] Content-Type: text/plain; charset="iso-8859-7" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Archived-At: Subject: Re: [Sidrops] Fwd: New Version Notification for draft-yossigi-rpkimaxlen-02.txt X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Apr 2018 20:05:32 -0000 -----Original Message----- From: Randy Bush =20 Subject: Re: [Sidrops] Fwd: New Version Notification for draft-yossigi-rpki= maxlen-02.txt > If you own a prefix matched by a ROA, then you MUST announce it in > BGP. why? [[jheitz]] To prevent the subprefix attack described in the draft > If you own a prefix that you don=A2t want to announce in BGP, then you > SHOULD issue a ROA that associates that prefix with AS0. Then nobody > can announce it. except that is not true. as0 is not trump; there can be other better matching (or not) roas. [[jheitz]] How is it not true? If there is only a ROA matching AS0 for a prefix, then any BGP announcement of that prefix will be invalid. There cannot be other ROAs unless the=20 prefix owner issues them. Jakob. From nobody Thu Apr 26 14:21:32 2018 Return-Path: X-Original-To: sidrops@ietf.org Delivered-To: sidrops@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 41E03120727; Thu, 26 Apr 2018 14:21:31 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: Cc: sidrops@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.79.0 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <152477769122.23043.16652153011111375781@ietfa.amsl.com> Date: Thu, 26 Apr 2018 14:21:31 -0700 Archived-At: Subject: [Sidrops] I-D Action: draft-ietf-sidrops-ov-clarify-02.txt X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Apr 2018 21:21:31 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the SIDR Operations WG of the IETF. Title : Origin Validation Clarifications Author : Randy Bush Filename : draft-ietf-sidrops-ov-clarify-02.txt Pages : 4 Date : 2018-04-26 Abstract: Deployment of RPKI-based BGP origin validation is hampered by, among other things, vendor mis-implementations in two critical areas, which routes are validated and whether policy is applied when not specified by configuration. This document is meant to clarify possible misunderstandings causing those mis-implementations. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-sidrops-ov-clarify/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-sidrops-ov-clarify-02 https://datatracker.ietf.org/doc/html/draft-ietf-sidrops-ov-clarify-02 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-sidrops-ov-clarify-02 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Thu Apr 26 17:24:02 2018 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 98A2012D872; Thu, 26 Apr 2018 17:15:40 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.89 X-Spam-Level: X-Spam-Status: No, score=-1.89 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, T_FILL_THIS_FORM_SHORT=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C-ErqtUs6uEs; Thu, 26 Apr 2018 17:15:37 -0700 (PDT) Received: from ex1.workonline.co.za (ex1.workonline.co.za [197.157.92.102]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DD5BA129C5D; Thu, 26 Apr 2018 17:15:35 -0700 (PDT) Received: from EX2.workonline.co.za ([fe80::8572:d946:2c81:17bb]) by ex1.workonline.co.za ([fe80::f84f:93b7:a923:f286%14]) with mapi id 14.02.0387.000; Fri, 27 Apr 2018 02:15:31 +0200 From: Ben Maddison To: "Jakob Heitz (jheitz)" , Job Snijders CC: "draft-yossigi-rpkimaxlen@ietf.org" , "sidrops@ietf.org" Thread-Topic: [Sidrops] Fwd: New Version Notification for draft-yossigi-rpkimaxlen-02.txt Thread-Index: AQHTtK02qx+mVdBLQUGdgC36vyGQPKPB0OIAgFF+b4CAAC9DgIAAAHOAgAACLoCAACe9gIAAXXX2 Date: Fri, 27 Apr 2018 00:15:30 +0000 Message-ID: <874E439F335FD742B8D1565730E537E001E03045F4@ex2.workonline.co.za> References: <152027339832.14543.8814801305512518546.idtracker@ietfa.amsl.com> <26AE9229-169A-4349-9DE2-1614DEED0269@cisco.com> , In-Reply-To: Accept-Language: en-ZA, en-US Content-Language: en-ZA X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [192.168.5.111] Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Archived-At: X-Mailman-Approved-At: Thu, 26 Apr 2018 17:24:01 -0700 Subject: Re: [Sidrops] Fwd: New Version Notification for draft-yossigi-rpkimaxlen-02.txt X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Apr 2018 00:15:40 -0000 Hi Jakob, Surely then an attacker just adds a correspondingly higher value to the max= Length path-attribute to the sub-prefix hijack announcement, and you're bac= k to where we started: working out which to trust? Or am I missing something obvious? Not to mention of course - rfc4271#section-9.1: The function that calculates the degree of preference for a given route SHALL NOT use any of the following as its inputs: the existence of other routes, the non-existence of other routes, or the path attributes of other routes. Cheers, Ben Maddison Director Workonline Communications (Pty) Ltd Office: 021 200 9000 Fax: 086 614 2342 Cell: +27 (0) 82 415 5545 Email: benm@workonline.co.za SIP: benm@workonline.co.za ________________________________________ From: Jakob Heitz (jheitz) [jheitz@cisco.com] Sent: 26 April 2018 10:05 PM To: Job Snijders Cc: draft-yossigi-rpkimaxlen@ietf.org; Ben Maddison; sidrops@ietf.org Subject: RE: [Sidrops] Fwd: New Version Notification for draft-yossigi-rpki= maxlen-02.txt I'd rather add a maxLength to BGP routes and use the 100 megabytes for some= thing else. If you added a maxLength path-attribute to BGP routes, you could solve all = the subprefix hijacks in the draft. Thanks, Jakob From: Sidrops On Behalf Of Job Snijders Sent: Thursday, April 26, 2018 10:43 AM To: Jakob Heitz (jheitz) Cc: draft-yossigi-rpkimaxlen@ietf.org; Ben Maddison = ; sidrops@ietf.org; Job Snijders Subject: Re: [Sidrops] Fwd: New Version Notification for draft-yossigi-rpki= maxlen-02.txt On Thu, 26 Apr 2018 at 19:35, Jakob Heitz (jheitz) > wrote: The part that you snipped: The ROA table must be stored in routers, some of which are already memory c= hallenged. If you can=92t store 100 megabyte - what are you doing with a full table? I= find it hard to consider this a serious argument in favor of Maxlength. Kind regards, Job From nobody Thu Apr 26 17:47:01 2018 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2EAE012D77E; Thu, 26 Apr 2018 17:46:59 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.5 X-Spam-Level: X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, T_FILL_THIS_FORM_SHORT=0.01, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 77ZvPOdx5B2A; Thu, 26 Apr 2018 17:46:57 -0700 (PDT) Received: from alln-iport-3.cisco.com (alln-iport-3.cisco.com [173.37.142.90]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2AB35124BE8; Thu, 26 Apr 2018 17:46:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=3465; q=dns/txt; s=iport; t=1524790017; x=1525999617; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=75St39mPTAdK11Cnakq/gEwlzSzZDfhCBrqoX5op1vQ=; b=Cwb1UjuRZ+HtK+xj7hTEd9n5/Ky423Xp50UA5LyT4A4t8lKGeiwuHojd Z68VSHkBQII1iE84dfIWw3rtu5drgbZ571jcHsgufKeYKIY9ulK44uNT6 2QunVAWVw5xtjmJLgNNNLxBrEXiZKJk54mTax92XgcIZyzwVxLCvpy2xe o=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0AMAQC1cuJa/5RdJa1YAxkBAQEBAQE?= =?us-ascii?q?BAQEBAQEHAQEBAQGDQ4FbKAqLY4x6gXSBD5MTFIFkC4RsAoJIITQYAQIBAQE?= =?us-ascii?q?BAQECbCiFIgEBAQEDOj0CDAICAgEIEQQBAR8JBxYcFAkIAgQBDQUIFoRxqwy?= =?us-ascii?q?IRYJFBYgMgVQ/gQ+DC4RAARIBQCaFDQKYCQgCjj6MXZAUAhETAYEkARw4YXF?= =?us-ascii?q?wFYJ+giAXjhdvjn2BH4EYAQE?= X-IronPort-AV: E=Sophos;i="5.49,333,1520899200"; d="scan'208";a="106026902" Received: from rcdn-core-12.cisco.com ([173.37.93.148]) by alln-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 27 Apr 2018 00:46:56 +0000 Received: from XCH-RCD-015.cisco.com (xch-rcd-015.cisco.com [173.37.102.25]) by rcdn-core-12.cisco.com (8.14.5/8.14.5) with ESMTP id w3R0kuDV029391 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Fri, 27 Apr 2018 00:46:56 GMT Received: from xch-aln-014.cisco.com (173.36.7.24) by XCH-RCD-015.cisco.com (173.37.102.25) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Thu, 26 Apr 2018 19:46:55 -0500 Received: from xch-aln-014.cisco.com ([173.36.7.24]) by XCH-ALN-014.cisco.com ([173.36.7.24]) with mapi id 15.00.1320.000; Thu, 26 Apr 2018 19:46:55 -0500 From: "Jakob Heitz (jheitz)" To: Ben Maddison , Job Snijders CC: "draft-yossigi-rpkimaxlen@ietf.org" , "sidrops@ietf.org" Thread-Topic: [Sidrops] Fwd: New Version Notification for draft-yossigi-rpkimaxlen-02.txt Thread-Index: AQHTtK3pLlXpl/gxGEiOfL1fbT5AiKQTxKaAgAAvRoD//6x3oIAAVimA//+wwOCAALzdAP//rRDw Date: Fri, 27 Apr 2018 00:46:55 +0000 Message-ID: <816cad08d38e44b4b23862c289ecbfd3@XCH-ALN-014.cisco.com> References: <152027339832.14543.8814801305512518546.idtracker@ietfa.amsl.com> <26AE9229-169A-4349-9DE2-1614DEED0269@cisco.com> , <874E439F335FD742B8D1565730E537E001E03045F4@ex2.workonline.co.za> In-Reply-To: <874E439F335FD742B8D1565730E537E001E03045F4@ex2.workonline.co.za> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.24.46.115] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Archived-At: Subject: Re: [Sidrops] Fwd: New Version Notification for draft-yossigi-rpkimaxlen-02.txt X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Apr 2018 00:46:59 -0000 The prefix owner will issue the ROA ROA:(168.122.0.0/16-20, AS:64496) and a BGP announcement BGP:(168.122.0.0/16-20, AS:64496) Same maxlen in both the ROA and the BGP. Routes that an attacker could send: BGP:(168.122.0.0/21, AS:64511) - invalid (covered) BGP:(168.122.0.0/20, AS:64511 64496) - valid, longer AS-PATH BGP:(168.122.0.0/16-21, AS:64511 64496)=20 - the routes with netmask 16 to 20 are valid, longer AS-PATH - the routes with netmask 21 are invalid (covered) What you're missing is my description of what maxLength would mean in a BGP= route. BGP would create all the routes within the cone described down to the maxLength. It would not physically create them, but store enough informatio= n so that it can act as if it did. It would run bestpath as if all those routes actually existed. Then longest netmask would not win anymore. It's like advertising all the routes in the cone with the same attributes, but in a single NLRI. Thanks, Jakob -----Original Message----- From: Ben Maddison =20 Sent: Thursday, April 26, 2018 5:16 PM To: Jakob Heitz (jheitz) ; Job Snijders Cc: draft-yossigi-rpkimaxlen@ietf.org; sidrops@ietf.org Subject: RE: [Sidrops] Fwd: New Version Notification for draft-yossigi-rpki= maxlen-02.txt Hi Jakob, Surely then an attacker just adds a correspondingly higher value to the max= Length path-attribute to the sub-prefix hijack announcement, and you're bac= k to where we started: working out which to trust? Or am I missing something obvious? Not to mention of course - rfc4271#section-9.1: The function that calculates the degree of preference for a given route SHALL NOT use any of the following as its inputs: the existence of other routes, the non-existence of other routes, or the path attributes of other routes. Cheers, Ben Maddison Director Workonline Communications (Pty) Ltd Office: 021 200 9000 Fax: 086 614 2342 Cell: +27 (0) 82 415 5545 Email: benm@workonline.co.za SIP: benm@workonline.co.za ________________________________________ From: Jakob Heitz (jheitz) [jheitz@cisco.com] Sent: 26 April 2018 10:05 PM To: Job Snijders Cc: draft-yossigi-rpkimaxlen@ietf.org; Ben Maddison; sidrops@ietf.org Subject: RE: [Sidrops] Fwd: New Version Notification for draft-yossigi-rpki= maxlen-02.txt I'd rather add a maxLength to BGP routes and use the 100 megabytes for some= thing else. If you added a maxLength path-attribute to BGP routes, you could solve all = the subprefix hijacks in the draft. Thanks, Jakob From: Sidrops On Behalf Of Job Snijders Sent: Thursday, April 26, 2018 10:43 AM To: Jakob Heitz (jheitz) Cc: draft-yossigi-rpkimaxlen@ietf.org; Ben Maddison = ; sidrops@ietf.org; Job Snijders Subject: Re: [Sidrops] Fwd: New Version Notification for draft-yossigi-rpki= maxlen-02.txt On Thu, 26 Apr 2018 at 19:35, Jakob Heitz (jheitz) > wrote: The part that you snipped: The ROA table must be stored in routers, some of which are already memory c= hallenged. If you can't store 100 megabyte - what are you doing with a full table? I f= ind it hard to consider this a serious argument in favor of Maxlength. Kind regards, Job From nobody Fri Apr 27 07:23:24 2018 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D48C212422F; Fri, 27 Apr 2018 07:23:16 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.911 X-Spam-Level: X-Spam-Status: No, score=-1.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nistgov.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ng2tzeMudSmv; Fri, 27 Apr 2018 07:23:14 -0700 (PDT) Received: from GCC01-DM2-obe.outbound.protection.outlook.com (mail-dm2gcc01on0136.outbound.protection.outlook.com [23.103.201.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E99D41201F2; Fri, 27 Apr 2018 07:23:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nistgov.onmicrosoft.com; s=selector1-nist-gov; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=XOquVHHbKnDlL27jcSzXbqgfB1RmfrKJDrqXSO3kqZ8=; b=s4Qc0IIhkzDioBiqjQd4OLwsrhg3L9AKmv0WiJAL+naAzkFCExER9J+s/PDxTRP+x3omD+rHzzrY0/eE0rFIWMYLLvQ0gWS1BB81MInX8jgKfr+Lei6qzogx/+z2JAvaOMrVXeSjBLgQmkY7cck8iyLbndpKBiRo8+nD7OQPKDI= Received: from BYAPR09MB2773.namprd09.prod.outlook.com (52.135.224.26) by BYAPR09MB2776.namprd09.prod.outlook.com (52.135.224.29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.696.13; Fri, 27 Apr 2018 14:23:11 +0000 Received: from BYAPR09MB2773.namprd09.prod.outlook.com ([fe80::4cf3:af64:d3c9:6d33]) by BYAPR09MB2773.namprd09.prod.outlook.com ([fe80::4cf3:af64:d3c9:6d33%13]) with mapi id 15.20.0696.019; Fri, 27 Apr 2018 14:23:11 +0000 From: "Sriram, Kotikalapudi (Fed)" To: "sidr wg list (sidr@ietf.org)" , "sidrops@ietf.org" , "idr@ietf.org" CC: "n.brownlee@auckland.ac.nz" , Adrian Farrel , Wes George , "Jeffrey Haas" , Alvaro Retana Thread-Topic: RFC 8374: BGPsec design discussions document published as an Independent Submissions RFC Thread-Index: AdPeL83SZQab8vSyQAmNTppwti1hRg== Date: Fri, 27 Apr 2018 14:23:11 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=kotikalapudi.sriram@nist.gov; x-originating-ip: [129.6.140.122] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; BYAPR09MB2776; 7:PYpRBDtv3WajU/nd2sav30CzuVqNV9JVZWjmMS+ug7nsylXXb8EZdmBbBjRJhYJEdxOw+MZu+De7X6VlZBqpMGukTX+7mnvA6COZvmfi/kQeIp5u3LxuSUItUU8P+OHBgITrT8f7SZrlnNg4RQq7FnvLUKHARlQUXviRSyZVQClh2dUw7ks+LUMc+IpTtzS12KbzOwSaYVL0kQzI56CilNktKKyiUIfXGVdHit+YtD5oDTh0N6bCKeunY+LwITX1 x-ms-exchange-antispam-srfa-diagnostics: SOS; x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(5600026)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020); SRVR:BYAPR09MB2776; x-ms-traffictypediagnostic: BYAPR09MB2776: x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:; x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040522)(2401047)(8121501046)(5005006)(93006095)(93001095)(3002001)(3231232)(944501410)(52105095)(10201501046)(6055026)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(20161123560045)(20161123558120)(20161123562045)(6072148)(201708071742011); SRVR:BYAPR09MB2776; BCL:0; PCL:0; RULEID:; SRVR:BYAPR09MB2776; x-forefront-prvs: 0655F9F006 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(376002)(366004)(39860400002)(396003)(346002)(39380400002)(199004)(189003)(2906002)(2900100001)(3280700002)(2501003)(14454004)(81166006)(5250100002)(74316002)(186003)(4326008)(486006)(25786009)(105586002)(476003)(305945005)(6116002)(33656002)(53936002)(3846002)(97736004)(99286004)(8676002)(68736007)(106356001)(966005)(8936002)(26005)(81156014)(6436002)(478600001)(6506007)(66066001)(316002)(3660700001)(39060400002)(5660300001)(55016002)(54906003)(86362001)(7696005)(102836004)(110136005)(2201001)(9686003)(6306002)(7736002); DIR:OUT; SFP:1102; SCL:1; SRVR:BYAPR09MB2776; H:BYAPR09MB2773.namprd09.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts) x-microsoft-antispam-message-info: 7kEnZwySSNXx+B0OJs6FCa3WeYO5TJRrgQZKfVw3klOw1r+wFeMEjzvmlMJHBAZgV3cu42490ehJ7C8tyJlQX1M4N3IMjp5ba/EV5qlJI7KGvtOtEpVZfOWvklM58T/hvLbaPkdUXIKUGz4Q7jYOj970T4TX61zn8mXf9WSTsfc9ZOku8AaoP/5mFnEUloQs spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-MS-Office365-Filtering-Correlation-Id: d07bac4e-cb80-4072-dc0f-08d5ac4a67e3 X-OriginatorOrg: nist.gov X-MS-Exchange-CrossTenant-Network-Message-Id: d07bac4e-cb80-4072-dc0f-08d5ac4a67e3 X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Apr 2018 14:23:11.2399 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR09MB2776 Archived-At: Subject: [Sidrops] RFC 8374: BGPsec design discussions document published as an Independent Submissions RFC X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Apr 2018 14:23:17 -0000 In its draft form, the BGPsec design discussions document was=20 found useful and cited many times during sidr/sidrops/idr discussions on BG= Psec.=20 It is now published as an Independent Submissions RFC:=20 https://tools.ietf.org/html/rfc8374=20 The authors/designers/advocates team wishes to thank=20 the ISEs (Nevil Brownlee - previous and Adrian Farrel - current), Alvaro (r= outing AD), the document reviewers Wes George and Jeff Haas, and many other WG members for their support, reviews, and comments over the course of the work/public= ation process. =20 =20 Sriram From nobody Fri Apr 27 12:16:11 2018 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E3D5412778D; Fri, 27 Apr 2018 12:16:08 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.901 X-Spam-Level: X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01, T_FILL_THIS_FORM_SHORT=0.01] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nistgov.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mByvFBLmVvnB; Fri, 27 Apr 2018 12:16:05 -0700 (PDT) Received: from GCC01-CY1-obe.outbound.protection.outlook.com (mail-cy1gcc01on071c.outbound.protection.outlook.com [IPv6:2a01:111:f400:fd00::71c]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B84B91200C5; Fri, 27 Apr 2018 12:16:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nistgov.onmicrosoft.com; s=selector1-nist-gov; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=dQaaDAEOYRIXuUsAy6dkJTWq+guMjbaSLMl84g86+xA=; b=nqA7zmd+3c3KNA6PER0DN35HErS4tjuKhWdZQmK6weAxjTOGUVYu/kghwZ7mS78G6foQML0OmmCQM2CVQlmcgo1maotq6ZZrsvBzS0aXIXQwHR19twmw0nrb4Opak+7ltH6AYC27K5eCGyY8fduw354h8nDz6y7UVFm8E4sC8QE= Received: from BYAPR09MB2773.namprd09.prod.outlook.com (52.135.224.26) by BYAPR09MB2773.namprd09.prod.outlook.com (52.135.224.26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.696.13; Fri, 27 Apr 2018 19:16:03 +0000 Received: from BYAPR09MB2773.namprd09.prod.outlook.com ([fe80::4cf3:af64:d3c9:6d33]) by BYAPR09MB2773.namprd09.prod.outlook.com ([fe80::4cf3:af64:d3c9:6d33%13]) with mapi id 15.20.0696.019; Fri, 27 Apr 2018 19:16:03 +0000 From: "Sriram, Kotikalapudi (Fed)" To: "Jakob Heitz (jheitz)" , Ben Maddison , Job Snijders CC: "draft-yossigi-rpkimaxlen@ietf.org" , "sidrops@ietf.org" Thread-Topic: [Sidrops] Fwd: New Version Notification for draft-yossigi-rpkimaxlen-02.txt Thread-Index: AQHTtK0z0uIspwfEXUa6bwQKbAfH7aPB8mkAgFF+b4CAAC9EgIAAAHKAgAACLoCAACe9gIAAReAAgAAIx4CAAS6aoA== Date: Fri, 27 Apr 2018 19:16:03 +0000 Message-ID: References: <152027339832.14543.8814801305512518546.idtracker@ietfa.amsl.com> <26AE9229-169A-4349-9DE2-1614DEED0269@cisco.com> , <874E439F335FD742B8D1565730E537E001E03045F4@ex2.workonline.co.za> <816cad08d38e44b4b23862c289ecbfd3@XCH-ALN-014.cisco.com> In-Reply-To: <816cad08d38e44b4b23862c289ecbfd3@XCH-ALN-014.cisco.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=kotikalapudi.sriram@nist.gov; x-originating-ip: [129.6.140.122] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; BYAPR09MB2773; 7:Dyqny0yvp4+Ow9PoRdi4+82SLmirH623EHX21Jb0dUhbhpDtHxa+fttsQXtt3lCr/hZIO+6DSVGRCMHpcc+ydJoDmm45qMxnEm5vj8xpr3gtY0RWfsZLARzfSUBHNs4dB1fFn4uYCSXp/a/G0xTZfdJmqyNVJdpt0jKmMRk5z44RwhlVUh8u0ZsVGmIqY1Rhh0lD7btWHrOaHn0gSQ3NzURwgNMimpQEt9qn8X2V4pwHmzC/4odVMIoffirP/twC x-ms-exchange-antispam-srfa-diagnostics: SOS; x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(5600026)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020); SRVR:BYAPR09MB2773; x-ms-traffictypediagnostic: BYAPR09MB2773: x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(95692535739014); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040522)(2401047)(5005006)(8121501046)(3231232)(944501410)(52105095)(10201501046)(3002001)(93006095)(93001095)(6055026)(6041310)(20161123558120)(20161123562045)(20161123560045)(20161123564045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(6072148)(201708071742011); SRVR:BYAPR09MB2773; BCL:0; PCL:0; RULEID:; SRVR:BYAPR09MB2773; x-forefront-prvs: 0655F9F006 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39380400002)(396003)(346002)(39860400002)(366004)(376002)(252514010)(189003)(199004)(13464003)(486006)(11346002)(14454004)(5250100002)(66066001)(305945005)(446003)(7696005)(6246003)(561944003)(102836004)(53936002)(7736002)(3280700002)(6506007)(33656002)(74316002)(2906002)(6436002)(3660700001)(59450400001)(476003)(97736004)(25786009)(76176011)(55016002)(478600001)(229853002)(53546011)(110136005)(5660300001)(2900100001)(15650500001)(86362001)(9686003)(316002)(3846002)(106356001)(68736007)(105586002)(4326008)(54906003)(6116002)(99286004)(8676002)(8936002)(93886005)(186003)(81156014)(81166006)(26005); DIR:OUT; SFP:1102; SCL:1; SRVR:BYAPR09MB2773; H:BYAPR09MB2773.namprd09.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts) x-microsoft-antispam-message-info: eoRwzml4y5c1GrQY60lV8Z+LpRXq85JKdBgeaXJ7j/n5ZVeisPlDYGUWo+++H81ReyfeD6ztEpWOt62K0l0+Pe+bdubK0bpxJjDPkfmM2iD5RDJCyNCVdF9Q/6WzPFJhW0+UzeH9FMIee1vOYwFN6odz9A60MAkuq/iHepcHNzl3QLyBP9OKp+HftnjUJkEw spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-MS-Office365-Filtering-Correlation-Id: fa7194d0-f7e7-4c10-849c-08d5ac7351d6 X-OriginatorOrg: nist.gov X-MS-Exchange-CrossTenant-Network-Message-Id: fa7194d0-f7e7-4c10-849c-08d5ac7351d6 X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Apr 2018 19:16:03.5460 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR09MB2773 Archived-At: Subject: Re: [Sidrops] Fwd: New Version Notification for draft-yossigi-rpkimaxlen-02.txt X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Apr 2018 19:16:09 -0000 Jakob: How does your scheme work if own 168.122.0.0/16 and want to announce=20 only 168.122.0.0/16 and 168.122.0.0/24 from AS 64496, and want to prevent all hijacks / forged-origin hijacks of anything else in my address space? With the proposal in the draft (i.e., avoid using maxlength), I would still be vulnerable to forged-origin hijack of 168.122.0.0/16 and 168.122.0.0/24, but I am assured that=20 I am totally protected from hijacks / forged-origin hijacks=20 of all my subprefixes (within 168.122.0.0/16) except 168.122.0.0/24 which is vulnerable only to forged-origin hijack. IOW, the attack surface is significantly reduced. Sriram =20 -----Original Message----- From: Jakob Heitz (jheitz) [mailto:jheitz@cisco.com]=20 Sent: Thursday, April 26, 2018 8:47 PM To: Ben Maddison ; Job Snijders Cc: draft-yossigi-rpkimaxlen@ietf.org; sidrops@ietf.org Subject: RE: [Sidrops] Fwd: New Version Notification for draft-yossigi-rpki= maxlen-02.txt The prefix owner will issue the ROA ROA:(168.122.0.0/16-20, AS:64496) and a BGP announcement BGP:(168.122.0.0/16-20, AS:64496) Same maxlen in both the ROA and the BGP. Routes that an attacker could send: BGP:(168.122.0.0/21, AS:64511) - invalid (covered) BGP:(168.122.0.0/20, AS:64511 64496) - valid, longer AS-PATH BGP:(168.122.0.0/16-21, AS:64511 64496) - the routes with netmask 16 to 20 are valid, longer AS-PATH - the routes with netmask 21 are invalid (covered) What you're missing is my description of what maxLength would mean in a BGP= route. BGP would create all the routes within the cone described down to the maxLe= ngth. It would not physically create them, but store enough information so = that it can act as if it did. It would run bestpath as if all those routes = actually existed. Then longest netmask would not win anymore. It's like advertising all the routes in the cone with the same attributes, = but in a single NLRI. Thanks, Jakob -----Original Message----- From: Ben Maddison Sent: Thursday, April 26, 2018 5:16 PM To: Jakob Heitz (jheitz) ; Job Snijders Cc: draft-yossigi-rpkimaxlen@ietf.org; sidrops@ietf.org Subject: RE: [Sidrops] Fwd: New Version Notification for draft-yossigi-rpki= maxlen-02.txt Hi Jakob, Surely then an attacker just adds a correspondingly higher value to the max= Length path-attribute to the sub-prefix hijack announcement, and you're bac= k to where we started: working out which to trust? Or am I missing something obvious? Not to mention of course - rfc4271#section-9.1: The function that calculates the degree of preference for a given route SHALL NOT use any of the following as its inputs: the existence of other routes, the non-existence of other routes, or the path attributes of other routes. Cheers, Ben Maddison Director Workonline Communications (Pty) Ltd Office: 021 200 9000 Fax: 086 614 2342 Cell: +27 (0) 82 415 5545 Email: benm@workonline.co.za SIP: benm@workonline.co.za ________________________________________ From: Jakob Heitz (jheitz) [jheitz@cisco.com] Sent: 26 April 2018 10:05 PM To: Job Snijders Cc: draft-yossigi-rpkimaxlen@ietf.org; Ben Maddison; sidrops@ietf.org Subject: RE: [Sidrops] Fwd: New Version Notification for draft-yossigi-rpki= maxlen-02.txt I'd rather add a maxLength to BGP routes and use the 100 megabytes for some= thing else. If you added a maxLength path-attribute to BGP routes, you could solve all = the subprefix hijacks in the draft. Thanks, Jakob From: Sidrops On Behalf Of Job Snijders Sent: Thursday, April 26, 2018 10:43 AM To: Jakob Heitz (jheitz) Cc: draft-yossigi-rpkimaxlen@ietf.org; Ben Maddison = ; sidrops@ietf.org; Job Snijders Subject: Re: [Sidrops] Fwd: New Version Notification for draft-yossigi-rpki= maxlen-02.txt On Thu, 26 Apr 2018 at 19:35, Jakob Heitz (jheitz) > wrote: The part that you snipped: The ROA table must be stored in routers, some of which are already memory c= hallenged. If you can't store 100 megabyte - what are you doing with a full table? I f= ind it hard to consider this a serious argument in favor of Maxlength. Kind regards, Job From nobody Fri Apr 27 13:19:24 2018 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D6671127869 for ; Fri, 27 Apr 2018 13:19:21 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lsPa0pskhUgo for ; Fri, 27 Apr 2018 13:19:18 -0700 (PDT) Received: from mail-vk0-x233.google.com (mail-vk0-x233.google.com [IPv6:2607:f8b0:400c:c05::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A212F127873 for ; Fri, 27 Apr 2018 13:19:18 -0700 (PDT) Received: by mail-vk0-x233.google.com with SMTP id q189-v6so1842591vkb.0 for ; Fri, 27 Apr 2018 13:19:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=QETk7wsajEskJ3zOglfDj1cUCZObfS2BkvqylkcHdYo=; b=JoM9+Yj2JWXS5pW769gxyov6zEvQBRpnwHOvtTuSMJnyW0bD6ZK88RYJQiJgsZjEkm liojw3kcxtHb1hWnbGemorM/YIhVjYSKLB2Yr9taY0cix66FWBUiyOhhfp7+cwXpRFTp GoJvIdTFhAB5HefxPRPNgC1uwlIGGF3ufDFLizpcxUKGBK/Q33KzptF/LlahSR9W/XQd cSjict+d3/5ALyrisNG5+0vCy9k5MOOrG4NNxPXqfwMeVgpHhHM237ncNKvJp2NBAtvX TCTEfT4kZ1mw+ieeFlOUrgVyRqAvGhSk/bbFK8X4caH9qUZ0Hu1WkVaifJ09vyJ6yUEf Mjow== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=QETk7wsajEskJ3zOglfDj1cUCZObfS2BkvqylkcHdYo=; b=BUlqTB5Oj5o2u4zsgrlfVQCI3nlDFEM5wYwP42BdKeNF9jl4IOhvbexVsiZC3Y/Al3 H5XRzksfa8N7Z/aMtXKHEiOMFT8ozw/I9vpMjGpwr1dCSBvQP3qU//kWQubVyihnIKYE UaW3rJ4yYq51VEuv84o2LmkNGeXHSbV5AWbKC9jstOTc5Nj6NVlAjY6UgDZzdgWmB64P AITMwDaANw82IRavluL+CHISflWPcBRHTgGqqHgn6aEp86S6ouA7NG8/EjLGT/rpdKv2 wfUPQLgZL0zFFeinmPCvbFYNSXmsNACIy2kRX0oTQ5F8CaXuT3Q4aJPVfmBH2w6WF+wz NqAQ== X-Gm-Message-State: ALQs6tBy6XgiBd3gBxJdwIRiYGt+2X8lOAGecxty2KUEyO0W3vhYcsaa Jcie9KEvrbjVHfucBJgPD/JdZm9Q9dEsu5MxoJ0= X-Google-Smtp-Source: AB8JxZqnZV4fj2HT/8D57QSBOL1JIYT0wXPhrMWJSINJypBwvNdHFUPStt5zIXidbjHokP3OdxE1OupzbYPqS2viep4= X-Received: by 2002:a1f:a991:: with SMTP id s139-v6mr2588775vke.54.1524860357424; Fri, 27 Apr 2018 13:19:17 -0700 (PDT) MIME-Version: 1.0 References: <09aae6ea-ef5d-b847-20af-1235ad6a2934@verizon.net> In-Reply-To: <09aae6ea-ef5d-b847-20af-1235ad6a2934@verizon.net> From: Christopher Morrow Date: Fri, 27 Apr 2018 20:19:05 +0000 Message-ID: To: stkent@verizon.net Cc: sidrops@ietf.org Content-Type: text/plain; charset="UTF-8" Archived-At: Subject: Re: [Sidrops] comments on draft-ietf-sidrops-lta-use-cases-03.txt X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Apr 2018 20:19:22 -0000 poke list in case this didn't make it through the first time. On Tue, Apr 17, 2018 at 4:22 PM Stephen Kent wrote: > This version of the document is exhibits improved wording, especially for the examples. > Thanks Randy! > I have some suggested edits to reduce the length of a few sentences, and provide > more precise wording. > There are critical uses of the RPKI where a local administrative and/ > or routing domain, e.g. an end-user site, a particular ISP or content > provider, an organization, a geo-political region, ... may wish to > have a specialized view of the RPKI. > There are critical use cases of the RPKI where a specialized, local > view of the RPKI may be required. Such views may be needed by a > local administrative and/ or routing domain, e.g. an end-user site, > a particular ISP or content provider, an organization, a geo-political > region, ... > Someone convinces the RIR's > local court to force the RIR to remove or modify some or all of > Carol's certificates, ROAs, etc. or the resources they represent, and > the operational community wants to retain the ability to route to > Carol's network(s). There is need for some channel through which > operators can exchange local trust, command, and data collections > necessary to propagate patches local to all their RPKI views. > Someone convinces a court asserting jurisdiction over an RIR > to force the RIR to remove or modify some or all of > Carol's certificates, ROAs, etc. Such removal or modification may > adversely affect the resources they represent. The operational community > wants to retain the ability to route to Carol's network(s). There is a > need for operators to be able to manage local RPKI views, and, in some > cases, to exchange local view modifications, to facilitate > continuity of routing in the face of the court-ordered changes. > Bob has a multi-AS network under his administration and some of those > ASs use private ([RFC1918]) or 'borrowed' address space which is not > announced on the global Internet (not to condone borrowing), and he > wishes to certify them for use in his internal routing. > Bob administers a multi-AS network. Some of those ASs use private > ([RFC1918]) or 'borrowed' address space which is not announced on > the global Internet. (This document does not condone such "borrowing", > but it acknowledges that such behavior takes place.) Bob wishes to be > able to use the RPKI with these address spaces, in his internal routing. > Alice is responsible for the trusted routing for a large > organization, commercial or geo-political, in which management > requests routing engineering to redirect their competitors' prefixes > to socially acceptable data. Alice is responsible for making the CA > hierarchy have validated certificates for those redirected resources > as well as the rest of the Internet. > Alice is responsible for the trusted routing for a large > organization, commercial or geo-political area. Alice's management > requests routing engineering to redirect their competitors' prefixes > to "socially acceptable" data. Alice is responsible for producing a > local RPKI view (encompassing ALL prefixes) that accommodates her > management's requests. > In these examples, it is ultimately the ROAs, not the certificates, > which one wants to modify or replace. But one probably can not > simply create new ROAs as one does not have the private keys needed > to sign them. Hence it is likely that one has to also do something > about the [RFC6480] certificates. > In these examples, it is ultimately the affected ROAs, not the > certificates used to verify them, that one wants to modify or replace. > However, one generally cannot simply create new ROAs that can be > validated using the EE certificates for the ROAs (because one does not > have access to the requisite private keys). Hence it is likely that > one has to do something about the [RFC6480] EE certificates used to > validate the targeted ROAs. > The goal is to modify, create, and/or replace ROAs and GhostBuster > Records which are needed to present the localized view of the RPKI > data. > The goal is to modify, create, and/or replace ROAs and GhostBuster > Records that are needed to present the localized view of the RPKI > data. > One can not reissue down from the root trust anchor at the IANA or > from the RIRs' certificates because one does not have the private > keys required. So one has to create a new trust anchor which, for > ease of use, will contain the new/modified certificates and ROAs as > well as the unmodified remainder of the Global RPKI. > One can not reissue signed objects under a root trust anchor at the > IANA or the RIRs', because one does not have the required private > keys. So one has to create a new trust anchor which, for ease of use, > will encompass the new/modified certificates and ROAs, as > well as the unmodified remainder of the Global RPKI. > Only the first use case discussed a need for a local RPKI view to be propagated > to other operators. So I'm not comfortable with the wording of the last two paragraphs of Section 5. > Steve > _______________________________________________ > Sidrops mailing list > Sidrops@ietf.org > https://www.ietf.org/mailman/listinfo/sidrops From nobody Fri Apr 27 15:03:29 2018 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 42CF912702E; Fri, 27 Apr 2018 15:03:27 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.501 X-Spam-Level: X-Spam-Status: No, score=-14.501 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, T_FILL_THIS_FORM_SHORT=0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jTlOxphWKhnU; Fri, 27 Apr 2018 15:03:24 -0700 (PDT) Received: from rcdn-iport-9.cisco.com (rcdn-iport-9.cisco.com [173.37.86.80]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8177D126DCA; Fri, 27 Apr 2018 15:03:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=5555; q=dns/txt; s=iport; t=1524866604; x=1526076204; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=J6wK7xYt6GZPFkG6vQyGV6x4SOAEux7abe8/h0AxyNk=; b=k0jJzITIxFR+iEPy9emok2ZxDO9Yk6rq24yUNN6rHt1C7QfyoInC1vNJ hmPCPmJt268PGHIzqDzTQT0AG65g6fmhVnkNmf6743efTTAitAG+mA3Mc w3KCds7NAzvjck/a1pFHj08Eh40Yj8LQeQ8BHzMrSlfbooIouGikyCywj c=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0DtAADwnONa/5xdJa1ZAxkBAQEBAQE?= =?us-ascii?q?BAQEBAQEHAQEBAQGDGCuBWygKi2OMeoF0gQ+TFBSBZAuEbAKCTiE0GAECAQE?= =?us-ascii?q?BAQEBAmwohSgBAQEBAzo9AgwCAgIBCBEEAQEfCQcWHBQJCAIEAQ0FCBaDGoF?= =?us-ascii?q?Xqm2IRYI3BYVngiiBVD+BD4MLhEABEgFAJoUNAocSkHsIAo5AjF2QEwIREwG?= =?us-ascii?q?BJAEcOGFxcBWCfoIgF3oBC40Rb48EgR+BGAEB?= X-IronPort-AV: E=Sophos;i="5.49,336,1520899200"; d="scan'208";a="380073580" Received: from rcdn-core-5.cisco.com ([173.37.93.156]) by rcdn-iport-9.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 27 Apr 2018 22:02:06 +0000 Received: from XCH-RCD-014.cisco.com (xch-rcd-014.cisco.com [173.37.102.24]) by rcdn-core-5.cisco.com (8.14.5/8.14.5) with ESMTP id w3RM26bE005654 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Fri, 27 Apr 2018 22:02:06 GMT Received: from xch-aln-014.cisco.com (173.36.7.24) by XCH-RCD-014.cisco.com (173.37.102.24) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Fri, 27 Apr 2018 17:02:05 -0500 Received: from xch-aln-014.cisco.com ([173.36.7.24]) by XCH-ALN-014.cisco.com ([173.36.7.24]) with mapi id 15.00.1320.000; Fri, 27 Apr 2018 17:02:05 -0500 From: "Jakob Heitz (jheitz)" To: "Sriram, Kotikalapudi (Fed)" , Ben Maddison , Job Snijders CC: "draft-yossigi-rpkimaxlen@ietf.org" , "sidrops@ietf.org" Thread-Topic: [Sidrops] Fwd: New Version Notification for draft-yossigi-rpkimaxlen-02.txt Thread-Index: AQHTtK3pLlXpl/gxGEiOfL1fbT5AiKQTxKaAgAAvRoD//6x3oIAAVimA//+wwOCAALzdAP//rRDwADIzWIAACQaOEA== Date: Fri, 27 Apr 2018 22:02:05 +0000 Message-ID: <8d2b56efefeb442f8a8ee59f769d696c@XCH-ALN-014.cisco.com> References: <152027339832.14543.8814801305512518546.idtracker@ietfa.amsl.com> <26AE9229-169A-4349-9DE2-1614DEED0269@cisco.com> , <874E439F335FD742B8D1565730E537E001E03045F4@ex2.workonline.co.za> <816cad08d38e44b4b23862c289ecbfd3@XCH-ALN-014.cisco.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.24.46.115] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Archived-At: Subject: Re: [Sidrops] Fwd: New Version Notification for draft-yossigi-rpkimaxlen-02.txt X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Apr 2018 22:03:28 -0000 My scheme simplifies your advertisements if you want to advertise a lot of your sub-prefixes. It allows you to advertise them all in one shot. And protect them all in one shot. You only want to announce two prefixes, that's your choice. As for the attack surface from the forged-origin hijack, it's the same. Attacking a single /16 is the same as attacking all the sub-prefixes under it. It is the same address space. I do agree with the aim of the draft: do not issue a ROA for a prefix you don't announce in BGP. The trouble is that if you have an urgent need to advertise a sub-prefix, then it would take a day to get the ROA out. Thanks, Jakob -----Original Message----- From: Sriram, Kotikalapudi (Fed) =20 Sent: Friday, April 27, 2018 12:16 PM To: Jakob Heitz (jheitz) ; Ben Maddison ; Job Snijders Cc: draft-yossigi-rpkimaxlen@ietf.org; sidrops@ietf.org Subject: RE: [Sidrops] Fwd: New Version Notification for draft-yossigi-rpki= maxlen-02.txt Jakob: How does your scheme work if own 168.122.0.0/16 and want to announce=20 only 168.122.0.0/16 and 168.122.0.0/24 from AS 64496, and want to prevent all hijacks / forged-origin hijacks of anything else in my address space? With the proposal in the draft (i.e., avoid using maxlength), I would still be vulnerable to forged-origin hijack of 168.122.0.0/16 and 168.122.0.0/24, but I am assured that=20 I am totally protected from hijacks / forged-origin hijacks=20 of all my subprefixes (within 168.122.0.0/16) except 168.122.0.0/24 which is vulnerable only to forged-origin hijack. IOW, the attack surface is significantly reduced. Sriram =20 -----Original Message----- From: Jakob Heitz (jheitz) [mailto:jheitz@cisco.com]=20 Sent: Thursday, April 26, 2018 8:47 PM To: Ben Maddison ; Job Snijders Cc: draft-yossigi-rpkimaxlen@ietf.org; sidrops@ietf.org Subject: RE: [Sidrops] Fwd: New Version Notification for draft-yossigi-rpki= maxlen-02.txt The prefix owner will issue the ROA ROA:(168.122.0.0/16-20, AS:64496) and a BGP announcement BGP:(168.122.0.0/16-20, AS:64496) Same maxlen in both the ROA and the BGP. Routes that an attacker could send: BGP:(168.122.0.0/21, AS:64511) - invalid (covered) BGP:(168.122.0.0/20, AS:64511 64496) - valid, longer AS-PATH BGP:(168.122.0.0/16-21, AS:64511 64496) - the routes with netmask 16 to 20 are valid, longer AS-PATH - the routes with netmask 21 are invalid (covered) What you're missing is my description of what maxLength would mean in a BGP= route. BGP would create all the routes within the cone described down to the maxLe= ngth. It would not physically create them, but store enough information so = that it can act as if it did. It would run bestpath as if all those routes = actually existed. Then longest netmask would not win anymore. It's like advertising all the routes in the cone with the same attributes, = but in a single NLRI. Thanks, Jakob -----Original Message----- From: Ben Maddison Sent: Thursday, April 26, 2018 5:16 PM To: Jakob Heitz (jheitz) ; Job Snijders Cc: draft-yossigi-rpkimaxlen@ietf.org; sidrops@ietf.org Subject: RE: [Sidrops] Fwd: New Version Notification for draft-yossigi-rpki= maxlen-02.txt Hi Jakob, Surely then an attacker just adds a correspondingly higher value to the max= Length path-attribute to the sub-prefix hijack announcement, and you're bac= k to where we started: working out which to trust? Or am I missing something obvious? Not to mention of course - rfc4271#section-9.1: The function that calculates the degree of preference for a given route SHALL NOT use any of the following as its inputs: the existence of other routes, the non-existence of other routes, or the path attributes of other routes. Cheers, Ben Maddison Director Workonline Communications (Pty) Ltd Office: 021 200 9000 Fax: 086 614 2342 Cell: +27 (0) 82 415 5545 Email: benm@workonline.co.za SIP: benm@workonline.co.za ________________________________________ From: Jakob Heitz (jheitz) [jheitz@cisco.com] Sent: 26 April 2018 10:05 PM To: Job Snijders Cc: draft-yossigi-rpkimaxlen@ietf.org; Ben Maddison; sidrops@ietf.org Subject: RE: [Sidrops] Fwd: New Version Notification for draft-yossigi-rpki= maxlen-02.txt I'd rather add a maxLength to BGP routes and use the 100 megabytes for some= thing else. If you added a maxLength path-attribute to BGP routes, you could solve all = the subprefix hijacks in the draft. Thanks, Jakob From: Sidrops On Behalf Of Job Snijders Sent: Thursday, April 26, 2018 10:43 AM To: Jakob Heitz (jheitz) Cc: draft-yossigi-rpkimaxlen@ietf.org; Ben Maddison = ; sidrops@ietf.org; Job Snijders Subject: Re: [Sidrops] Fwd: New Version Notification for draft-yossigi-rpki= maxlen-02.txt On Thu, 26 Apr 2018 at 19:35, Jakob Heitz (jheitz) > wrote: The part that you snipped: The ROA table must be stored in routers, some of which are already memory c= hallenged. If you can't store 100 megabyte - what are you doing with a full table? I f= ind it hard to consider this a serious argument in favor of Maxlength. Kind regards, Job From nobody Mon Apr 30 02:59:11 2018 Return-Path: X-Original-To: sidrops@ietf.org Delivered-To: sidrops@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id D9C2C124205; Mon, 30 Apr 2018 02:59:05 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: Cc: sidrops@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.79.0 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <152508234582.11690.1299380238225361673@ietfa.amsl.com> Date: Mon, 30 Apr 2018 02:59:05 -0700 Archived-At: Subject: [Sidrops] I-D Action: draft-ietf-sidrops-https-tal-02.txt X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Apr 2018 09:59:06 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the SIDR Operations WG of the IETF. Title : Resource Public Key Infrastructure (RPKI) Trust Anchor Locator Authors : Geoff Huston Samuel Weiler George Michaelson Stephen Kent Tim Bruijnzeels Filename : draft-ietf-sidrops-https-tal-02.txt Pages : 10 Date : 2018-04-30 Abstract: This document defines a Trust Anchor Locator (TAL) for the Resource Public Key Infrastructure (RPKI). This document obsoletes RFC 7730 by adding support for HTTPS URIs in a TAL. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-sidrops-https-tal/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-sidrops-https-tal-02 https://datatracker.ietf.org/doc/html/draft-ietf-sidrops-https-tal-02 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-sidrops-https-tal-02 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Mon Apr 30 03:02:40 2018 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DDE47127136; Mon, 30 Apr 2018 03:02:38 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.901 X-Spam-Level: X-Spam-Status: No, score=-6.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SFJ0VfS675qr; Mon, 30 Apr 2018 03:02:37 -0700 (PDT) Received: from molamola.ripe.net (molamola.ripe.net [IPv6:2001:67c:2e8:11::c100:1371]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B982812426E; Mon, 30 Apr 2018 03:02:37 -0700 (PDT) Received: from nene.ripe.net ([193.0.23.10]) by molamola.ripe.net with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1fD5dk-0005eD-Dq; Mon, 30 Apr 2018 12:02:36 +0200 Received: from sslvpn.ripe.net ([193.0.20.230] helo=vpn-198.ripe.net) by nene.ripe.net with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.89) (envelope-from ) id 1fD5dk-0008Vz-9y; Mon, 30 Apr 2018 12:02:36 +0200 From: Tim Bruijnzeels Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Mac OS X Mail 11.3 \(3445.6.18\)) Date: Mon, 30 Apr 2018 12:02:25 +0200 Message-Id: <0C14C641-7676-4AD8-A9E5-667ECDC41549@ripe.net> To: sidrops-chairs@ietf.org, SIDR Operations WG X-Mailer: Apple Mail (2.3445.6.18) X-ACL-Warn: Delaying message X-RIPE-Signature: 784d7acfe6559f2a0b602ec6519a07191b338f60b4a00c3107900449f35ccc4e Archived-At: Subject: [Sidrops] Last call for HTTPS in TALs? X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Apr 2018 10:02:39 -0000 Dear co-chairs and working group, I just uploaded version -02 for draft-ietf-sidrops-https-tal. This = version updates author email addresses and affiliations, but has no = other changes compared to -01. Chairs, could you please start the last call process for this document? Thank you, Tim Bruijnzeels= From nobody Mon Apr 30 10:26:24 2018 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A36BC1201F8; Mon, 30 Apr 2018 10:26:22 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.101 X-Spam-Level: X-Spam-Status: No, score=-1.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_ADSP_ALL=0.8, SPF_PASS=-0.001] autolearn=no autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id byf1023hIm3o; Mon, 30 Apr 2018 10:26:21 -0700 (PDT) Received: from relay.kvm02.ops-netman.net (relay.kvm02.ops-netman.net [IPv6:2606:700:e:550:5c82:28ff:fe25:4960]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 338951201F2; Mon, 30 Apr 2018 10:26:21 -0700 (PDT) Received: from mail.ops-netman.net (mailserver.ops-netman.net [199.168.90.119]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by relay.kvm02.ops-netman.net (Postfix) with ESMTPS id ABCB23FD6F; Mon, 30 Apr 2018 17:26:19 +0000 (UTC) Received: from donkey.res.corp.google.com.ops-netman.net (unknown [IPv6:2620:15c:3:10:b357:3fbd:a51c:e796]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.ops-netman.net (Postfix) with ESMTPSA id 9B85E8515047; Mon, 30 Apr 2018 17:26:18 +0000 (UTC) Date: Mon, 30 Apr 2018 13:26:13 -0400 Message-ID: From: Chris Morrow To: Tim Bruijnzeels Cc: sidrops-chairs@ietf.org, SIDR Operations WG In-Reply-To: <0C14C641-7676-4AD8-A9E5-667ECDC41549@ripe.net> References: <0C14C641-7676-4AD8-A9E5-667ECDC41549@ripe.net> User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/24.5 Mule/6.0 (HANACHIRUSATO) Organization: Operations Network Management, Ltd. MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") Content-Type: text/plain; charset=US-ASCII Archived-At: Subject: Re: [Sidrops] Last call for HTTPS in TALs? X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Apr 2018 17:26:23 -0000 On Mon, 30 Apr 2018 06:02:25 -0400, Tim Bruijnzeels wrote: > > Dear co-chairs and working group, > > I just uploaded version -02 for draft-ietf-sidrops-https-tal. This > version updates author email addresses and affiliations, but has no > other changes compared to -01. > > Chairs, could you please start the last call process for this > document? sounds ok to me! From nobody Mon Apr 30 11:08:51 2018 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 17E101201F2 for ; Mon, 30 Apr 2018 11:08:50 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.901 X-Spam-Level: X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r0-2-wX3a8wC for ; Mon, 30 Apr 2018 11:08:48 -0700 (PDT) Received: from omr-m011e.mx.aol.com (omr-m011e.mx.aol.com [204.29.186.11]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5DE8A124239 for ; Mon, 30 Apr 2018 11:08:48 -0700 (PDT) Received: from mtaout-mbe02.mx.aol.com (mtaout-mbe02.mx.aol.com [172.26.254.174]) by omr-m011e.mx.aol.com (Outbound Mail Relay) with ESMTP id 6906E380006A for ; Mon, 30 Apr 2018 14:08:47 -0400 (EDT) Received: from Steves-MacBook-Pro.local (0x5374657665732d4d6163426f6f6b2d50726f2e6c6f63616c [63.148.212.170]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mtaout-mbe02.mx.aol.com (MUA/Third Party Client Interface) with ESMTPSA id 2780D3800008E for ; Mon, 30 Apr 2018 14:08:47 -0400 (EDT) To: sidrops@ietf.org From: Stephen Kent Message-ID: <429deb62-468f-452f-166e-3de9b51f6dc6@verizon.net> Date: Mon, 30 Apr 2018 14:08:46 -0400 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0) Gecko/20100101 Thunderbird/52.7.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-US x-aol-global-disposition: G x-aol-sid: 3039ac1afeae5ae75baf31d8 X-AOL-IP: 63.148.212.170 Archived-At: Subject: [Sidrops] one more comment on draft-ietf-sidrops-lta-use-cases-03 X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Apr 2018 18:08:50 -0000 I thought about that latter The abstract for this I-D says that it is attempting to outline use cases that motivate the need to create a local view of the RPKI. However, Section 5 (Some Approaches) goes beyond the scope of the abstract, suggesting solution approaches. I am concerned that several aspects of the analysis provided are not quite right. For example, the analysis begins by stating that, " ... ultimately the ROAs, not the certificates, which one wants to modify or replace." One can argue that it is the content of the ROAs, not the ROAs per se, that need to be modified or replaced. If one adopts that approach, then there is no need to create new certs to issue new ROAs, etc., as suggested in this section. If one creates and distributes revised ROA data, this can address the requirements discussed in section 4, and the additional needs suggested in places in parts of Section 5 (e.g., minimal modifications, archiving, reproduction, merging of different "recipes"). I suggest that either this section be amended to discuss this other strategy, or streamlined to avoid discussing solution approaches. Steve