From nobody Wed Oct 2 16:48:38 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E353B1200FF; Wed, 2 Oct 2019 16:48:20 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.201 X-Spam-Level: X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sxRmpZrhQpzw; Wed, 2 Oct 2019 16:48:18 -0700 (PDT) Received: from puck.nether.net (puck.nether.net [204.42.254.5]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A163A1200F4; Wed, 2 Oct 2019 16:48:18 -0700 (PDT) Received: from [IPv6:2603:3015:3606:cbe1:50d8:efdb:6bdd:85d9] (unknown [IPv6:2603:3015:3606:cbe1:50d8:efdb:6bdd:85d9]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by puck.nether.net (Postfix) with ESMTPSA id A43CF540160; Wed, 2 Oct 2019 19:48:16 -0400 (EDT) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) From: Jared Mauch In-Reply-To: Date: Wed, 2 Oct 2019 19:48:15 -0400 Cc: Jeff Haas , IDR , GROW WG , Warren Kumari , "sidrops@ietf.org" Content-Transfer-Encoding: quoted-printable Message-Id: References: <01c201d54d3c$74375ee0$5ca61ca0$@ndzh.com> <69F03192-CE2E-4126-910D-A7E3B3AA8848@puck.nether.net> To: Rob Foehl X-Mailer: Apple Mail (2.3445.104.11) Archived-At: Subject: Re: [Sidrops] [GROW] Deprecation of AS_SET and AS_CONFED_SET -- feedback requested X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Oct 2019 23:48:21 -0000 > On Oct 2, 2019, at 7:45 PM, Rob Foehl wrote: >=20 > On Thu, 26 Sep 2019, Jeffrey Haas wrote: >>> On Sep 26, 2019, at 6:43 PM, Warren Kumari = wrote: >>>=20 >>> This is nice, but what would make it more useful would be if it also >>> reported if there are *useful* AS_SETS / if the AS_SET means = anything. >>>=20 >>> For example, from Jared's email below: >>> AS path: 14061 3356 6762 23487 27738 27738 27738 27738 27738 27738 >>> {27738} -- the 27738 AS already shows up as a non-AS_SET in the = path. >>=20 >> This one is on the buggy end of things, but still reasonably valid. = It smells like something that passed through remove-private of some = flavor. >=20 > I'd wager this explains nearly all of the "set of one" instances seen = in the wild -- there are currently a half dozen or so with a set = containing a private AS at the end of the path. >=20 >> It'd be interesting to find out what code these folk are running. = Hopefully not one of my bugs. :-) >=20 > I've never had an interaction with AS_SET that could be described as = anything other than broken -- like, ever, from any vendor. I'd prefer = to see them disappear entirely, but if that doesn't happen, at least = having a "no-as-sets-under-any-circumstances" policy knob would be = helpful=E2=80=A6 I think back in the days when ANS was still a major player and if you = were routed depended upon did you follow the rules that Curtis required, = they were still valid. I think in most modern cases they=E2=80=99re = likely not intended or some weird hybrid AS_SET+CONFED setup, likely = with remove-private as Jeff speculates. I=E2=80=99ve not yet composed e-mail to the people originating these, = but it shouldn=E2=80=99t be hard to contact them. They may not know = about the issue. (Generally operators lack awareness of what they = route). - Jared= From nobody Thu Oct 3 01:36:42 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 35E58120108; Wed, 2 Oct 2019 16:45:20 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.898 X-Spam-Level: X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8TOtiUC0Jo5N; Wed, 2 Oct 2019 16:45:18 -0700 (PDT) Received: from jupiter.loonybin.net (jupiter.loonybin.net [IPv6:2001:470:1f07:3b6::f2]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 340C61200F4; Wed, 2 Oct 2019 16:45:18 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by jupiter.loonybin.net (Postfix) with ESMTP id 3D01CA280FE; Wed, 2 Oct 2019 19:45:16 -0400 (EDT) X-Virus-Scanned: amavisd-new at loonybin.net Received: from jupiter.loonybin.net ([127.0.0.1]) by localhost (jupiter.loonybin.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gNlGPSqY235u; Wed, 2 Oct 2019 19:45:15 -0400 (EDT) Received: from bugs.loonybin.net (unknown [IPv6:2001:470:e04e:7:ac2a:2317:7e03:435]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) by jupiter.loonybin.net (Postfix) with ESMTPSA id 7F301A280DA; Wed, 2 Oct 2019 19:45:15 -0400 (EDT) Date: Wed, 2 Oct 2019 19:45:15 -0400 (EDT) From: Rob Foehl To: Jeffrey Haas cc: Warren Kumari , IDR , GROW WG , "sidrops@ietf.org" In-Reply-To: Message-ID: References: <01c201d54d3c$74375ee0$5ca61ca0$@ndzh.com> <69F03192-CE2E-4126-910D-A7E3B3AA8848@puck.nether.net> MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset=US-ASCII Archived-At: X-Mailman-Approved-At: Thu, 03 Oct 2019 01:36:41 -0700 Subject: Re: [Sidrops] [GROW] Deprecation of AS_SET and AS_CONFED_SET -- feedback requested X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Oct 2019 23:45:20 -0000 On Thu, 26 Sep 2019, Jeffrey Haas wrote: >> On Sep 26, 2019, at 6:43 PM, Warren Kumari wrote: >> >> This is nice, but what would make it more useful would be if it also >> reported if there are *useful* AS_SETS / if the AS_SET means anything. >> >> For example, from Jared's email below: >> AS path: 14061 3356 6762 23487 27738 27738 27738 27738 27738 27738 >> {27738} -- the 27738 AS already shows up as a non-AS_SET in the path. > > This one is on the buggy end of things, but still reasonably valid. It smells like something that passed through remove-private of some flavor. I'd wager this explains nearly all of the "set of one" instances seen in the wild -- there are currently a half dozen or so with a set containing a private AS at the end of the path. > It'd be interesting to find out what code these folk are running. Hopefully not one of my bugs. :-) I've never had an interaction with AS_SET that could be described as anything other than broken -- like, ever, from any vendor. I'd prefer to see them disappear entirely, but if that doesn't happen, at least having a "no-as-sets-under-any-circumstances" policy knob would be helpful... -Rob From nobody Thu Oct 3 13:22:26 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 72C9A120289; Thu, 3 Oct 2019 13:22:11 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.901 X-Spam-Level: X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id unmtziv6qPRg; Thu, 3 Oct 2019 13:22:10 -0700 (PDT) Received: from slice.pfrc.org (slice.pfrc.org [67.207.130.108]) by ietfa.amsl.com (Postfix) with ESMTP id EC188120273; Thu, 3 Oct 2019 13:22:09 -0700 (PDT) Received: by slice.pfrc.org (Postfix, from userid 1001) id 68A551E2F7; Thu, 3 Oct 2019 16:25:15 -0400 (EDT) Date: Thu, 3 Oct 2019 16:25:15 -0400 From: Jeffrey Haas To: Rob Foehl Cc: IDR , GROW WG , Warren Kumari , "sidrops@ietf.org" Message-ID: <20191003202515.GE28365@pfrc.org> References: <01c201d54d3c$74375ee0$5ca61ca0$@ndzh.com> <69F03192-CE2E-4126-910D-A7E3B3AA8848@puck.nether.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) Archived-At: Subject: Re: [Sidrops] [GROW] Deprecation of AS_SET and AS_CONFED_SET -- feedback requested X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Oct 2019 20:22:12 -0000 On Wed, Oct 02, 2019 at 07:45:15PM -0400, Rob Foehl wrote: > >It'd be interesting to find out what code these folk are running. Hopefully not one of my bugs. :-) > > I've never had an interaction with AS_SET that could be described as > anything other than broken -- like, ever, from any vendor. I'd > prefer to see them disappear entirely, but if that doesn't happen, As Jared noted, this was more of a common thing back-in-the-day. For properly operating proxy aggregation, you'd generally hope that all contributing networks were properly behind the aggregating party. However, as the Internet has gotten more meshy, those topological considerations don't apply anywhere near as much. As this torches and pitch-forks campaign against as-set continues, operators will have to figure out whether they're really happy with the two impacts: - No proxy aggregation, ever? - Lie about the AS_PATH when you do it. Today you can at least infer that proxy aggregation is happening. The second point has entertaining impact vs. RPKI, so that's the likely forcing function. > at least having a "no-as-sets-under-any-circumstances" policy knob > would be helpful... It's a fine policy knob, and I'm more supportive of that in general. -- Jeff From nobody Thu Oct 3 15:13:26 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 919D312002F; Thu, 3 Oct 2019 15:13:11 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.501 X-Spam-Level: X-Spam-Status: No, score=-14.501 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=ly4bpJQh; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=zJ8gE2MA Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 08Jk5icTfp4T; Thu, 3 Oct 2019 15:13:09 -0700 (PDT) Received: from rcdn-iport-3.cisco.com (rcdn-iport-3.cisco.com [173.37.86.74]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BD7BB12001E; Thu, 3 Oct 2019 15:13:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2159; q=dns/txt; s=iport; t=1570140788; x=1571350388; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=DXWlIQ4RjeYpNbGoBzzlzd8IriFpfFEwtYThSAIofFM=; b=ly4bpJQhiI63dSsN8qHYJq3HG4aBTovDzmCVKVPhIlK/LGMfGVD86fHZ BMUo2w7Ff7Ko57urPVP1EFIVT56S/LxtDHQ41qKGEpMHghe+hCrBWWIi7 cNxeHtYGCwzYqUELj/6w+LxwlBmI2IqCAzjxMeZavDUXNW4FEBranzG0J Y=; IronPort-PHdr: =?us-ascii?q?9a23=3A7qnSRBPEI387jBTELdgl6mtXPHoupqn0MwgJ65?= =?us-ascii?q?Eul7NJdOG58o//OFDEuKQ/l0fHCIPc7f8My/HbtaztQyQh2d6AqzhDFf4ETB?= =?us-ascii?q?oZkYMTlg0kDtSCDBj5LPPrcz4SF8VZX1gj9Ha+YgBY?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0AeAAAmcZZd/5xdJa1mGQEBAQEBAQE?= =?us-ascii?q?BAQEBAQwBAQEBAQGBVgEBAQEBAQsBgUpQA21WIAQLKgqHXwOKRoJcl3iBQoE?= =?us-ascii?q?QA1QJAQEBDAEBGAsKAgEBhEACgkUjNwYOAgMJAQEEAQEBAgEFBG2FLQyFSwE?= =?us-ascii?q?BAQMBAQEQKAYBASwLAQQHBAIBCA4DBAEBAR4QJwsdCAIEAQ0FCBqDAYFqAw4?= =?us-ascii?q?PAQIMpAgCgTiIYYIngn0BAQWFChiCFwMGgTQBjA0YgUA/gRFGgkw+gQQBgVw?= =?us-ascii?q?BAYFJGoM9giaNNAOgBQqCI5UzmUAtjX6ZMQIEAgQFAg4BAQWBaCOBWHAVO4J?= =?us-ascii?q?sUBAUgU84gzuFFIU/dIEpjn8BgSIBAQ?= X-IronPort-AV: E=Sophos;i="5.67,253,1566864000"; d="scan'208";a="627929848" Received: from rcdn-core-5.cisco.com ([173.37.93.156]) by rcdn-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 03 Oct 2019 22:13:07 +0000 Received: from XCH-RCD-001.cisco.com (xch-rcd-001.cisco.com [173.37.102.11]) by rcdn-core-5.cisco.com (8.15.2/8.15.2) with ESMTPS id x93MD7uq001969 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 3 Oct 2019 22:13:07 GMT Received: from xhs-aln-002.cisco.com (173.37.135.119) by XCH-RCD-001.cisco.com (173.37.102.11) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 3 Oct 2019 17:13:06 -0500 Received: from xhs-aln-003.cisco.com (173.37.135.120) by xhs-aln-002.cisco.com (173.37.135.119) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 3 Oct 2019 17:13:06 -0500 Received: from NAM04-BN3-obe.outbound.protection.outlook.com (173.37.151.57) by xhs-aln-003.cisco.com (173.37.135.120) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Thu, 3 Oct 2019 17:13:06 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=VpHv17NErnYEVfGfyOUgNI1bivwPJO8ovqTj/gYegfWwxvLwXVYHRg8RPWgrYEpjXxW/onDw2s0S/vu9sAXRbrzPuZoDDp+yPdunLUSAiliIY3lPGy3kIOJAh913k3B3yeNw2mWPnJeJAt7Xl3CfBbw1iw8gCJgLj8LtXMTuLPgLq7LzwWP9cp161YKuFfMs0YsOHuV2y9xjddujTYXhnWDrEwb4MEBSmfbUbi/1vZNjwOLW4XjSQcCqcm/PhCUf8dP0QIrppjokcYMeKCuukkKHe3k3bZ2iPv9vjP1g7CB3Xaq5AoasVOf/i0ND4yeKuHdt2E3LagOFS2BVlLGX1Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=dBjkPzYZK9ov42xkddN1+x5/yk6YAPJFPJnGg0uqdkg=; b=Z9ObhYEavYRc+HDal3hdgjPqHIycLShswglaNJPfx9vIfV+42Fsa+f+ZnaXMvIG1UlhrfKYuxvrhalCAeYDfzmQsW6sSQ82fchlYbblXluPN1IFoa4q3QmCURxy0sFirxwMhqKaGGrjvzw4piKgTjcPlAJbK6gopvf+Q2qdwZmgepvOZAXnIBl7rtLY6YDAKDIYOSVDelUve6wBcT5gTJCDxhCMzC7YcBquk1bJTuokwsRZ3c8E2vM/Yb8W5vGeMGVphk60exLFqcd4boXWtWQEjUeJ2gM/wtGI0Rrx7qPBLHwZfYeWJZL9WplAkNEqA0OwefvxmATDKcOzePEjE2A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=dBjkPzYZK9ov42xkddN1+x5/yk6YAPJFPJnGg0uqdkg=; b=zJ8gE2MAf/hi4h7OJ+7+l22yrIdft0BJLftvuTuMOtyxddQwHv9ubm1+UxgCSPxEn3w1QykOWtkAEL4zqw28IjwAD8ippVDA6iQPHBYy0hAvCAD30DZvemyMZeyZeaLVfDYnEtw5I45ZAcxgjt+dNtUxzmgqwIYwExiH5hmE7Ys= Received: from BYAPR11MB3751.namprd11.prod.outlook.com (20.178.238.144) by BYAPR11MB2695.namprd11.prod.outlook.com (52.135.224.18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2305.20; Thu, 3 Oct 2019 22:13:05 +0000 Received: from BYAPR11MB3751.namprd11.prod.outlook.com ([fe80::25f5:edd3:912d:fd12]) by BYAPR11MB3751.namprd11.prod.outlook.com ([fe80::25f5:edd3:912d:fd12%3]) with mapi id 15.20.2305.023; Thu, 3 Oct 2019 22:13:05 +0000 From: "Jakob Heitz (jheitz)" To: Jeffrey Haas , Rob Foehl CC: IDR , GROW WG , Warren Kumari , "sidrops@ietf.org" Thread-Topic: [GROW] [Sidrops] Deprecation of AS_SET and AS_CONFED_SET -- feedback requested Thread-Index: AQHVeihOHxp7+6Kg+EWENmFroMOYpqdJd/MA Date: Thu, 3 Oct 2019 22:13:04 +0000 Message-ID: References: <01c201d54d3c$74375ee0$5ca61ca0$@ndzh.com> <69F03192-CE2E-4126-910D-A7E3B3AA8848@puck.nether.net> <20191003202515.GE28365@pfrc.org> In-Reply-To: <20191003202515.GE28365@pfrc.org> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=jheitz@cisco.com; x-originating-ip: [128.107.241.170] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: c84ea107-18aa-47fe-6f29-08d7484edd24 x-ms-traffictypediagnostic: BYAPR11MB2695: x-ms-exchange-purlcount: 1 x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-forefront-prvs: 01792087B6 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(366004)(39860400002)(346002)(396003)(136003)(376002)(13464003)(189003)(199004)(66556008)(64756008)(66946007)(66476007)(5660300002)(76116006)(8676002)(6116002)(3846002)(81156014)(55016002)(81166006)(33656002)(8936002)(86362001)(102836004)(66446008)(99286004)(6506007)(6306002)(53546011)(26005)(186003)(14454004)(9686003)(7696005)(76176011)(6246003)(4326008)(11346002)(446003)(66574012)(486006)(229853002)(2906002)(6436002)(66066001)(74316002)(52536014)(305945005)(54906003)(316002)(25786009)(110136005)(256004)(478600001)(966005)(71200400001)(71190400001)(476003)(7736002); DIR:OUT; SFP:1101; SCL:1; SRVR:BYAPR11MB2695; H:BYAPR11MB3751.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: OyJD0tj2KGVjrq0kB6BwXR3+16RtGPE0VVJZ/h/cioXBQHVrjTOVWoRqT3mCuH9pVFVPZ5RWMGL+RDjXz2wZF+TnUs/k1m1wPFxyvWPbizTvwGnwyjkEka33cCxKZFTplAiWBhq6yGC1wMwLOAhPpZcmWY8yIie68QOgGYcCeRdiOqX5om4U3PS7+A9tSAj86GbysACeiWImegda+oVKZ+49UtKY3tJY1NVY6E+KtCNcnwEkVPjaXCtESa3BOOatwfFyzBUy8vxJjnu6uXHfBbjF7e1HVoQ6YQYBkfPi07OeH/+XjxY3mczCV73qs6Nf8VPOJy3QNI/s69Akk4/zjpGBBrxD/WeZNMKviLU5k38Pbvaru5RiTRkecACNEjeXYDOGJtKekWSdozMzu9/p9bAiJ1s8ym/Hc5EppZmGqEy4iarc8NjlLAWSaZqp2LC/wa+BTEGoVIDPXSBIAi0L1g== x-ms-exchange-transport-forked: True Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-MS-Exchange-CrossTenant-Network-Message-Id: c84ea107-18aa-47fe-6f29-08d7484edd24 X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Oct 2019 22:13:04.9586 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: 5AbcOR9uic/EdZgEGP+0i62SE8ylxjv6tOs6TIqt5B4j3wSvFm59AjGLGej1IK7Y0QagSiYrhXt/mMZJAtdWfQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR11MB2695 X-OriginatorOrg: cisco.com X-Outbound-SMTP-Client: 173.37.102.11, xch-rcd-001.cisco.com X-Outbound-Node: rcdn-core-5.cisco.com Archived-At: Subject: Re: [Sidrops] [GROW] Deprecation of AS_SET and AS_CONFED_SET -- feedback requested X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Oct 2019 22:13:12 -0000 AS_SET can be used to reduce the AS-PATH length or to hide the actual path but still prevent as-path loops. AS_SET can be used to prevent distribution of a route to the ASNs in the se= t without overgrowing the as-path length. This makes the Pilosov-Kapela BGP hijack easier to do. I support deprecation, but realize that it will never be removed :( Regards, Jakob. -----Original Message----- From: GROW On Behalf Of Jeffrey Haas Sent: Thursday, October 3, 2019 1:25 PM To: Rob Foehl Cc: IDR ; GROW WG ; Warren Kumari ; sidrops@ietf.org Subject: Re: [GROW] [Sidrops] Deprecation of AS_SET and AS_CONFED_SET -- fe= edback requested On Wed, Oct 02, 2019 at 07:45:15PM -0400, Rob Foehl wrote: > >It'd be interesting to find out what code these folk are running. Hopefu= lly not one of my bugs. :-) >=20 > I've never had an interaction with AS_SET that could be described as > anything other than broken -- like, ever, from any vendor. I'd > prefer to see them disappear entirely, but if that doesn't happen, As Jared noted, this was more of a common thing back-in-the-day. For properly operating proxy aggregation, you'd generally hope that all contributing networks were properly behind the aggregating party. However, as the Internet has gotten more meshy, those topological considerations don't apply anywhere near as much. As this torches and pitch-forks campaign against as-set continues, operator= s will have to figure out whether they're really happy with the two impacts: - No proxy aggregation, ever? - Lie about the AS_PATH when you do it. Today you can at least infer that proxy aggregation is happening. The second point has entertaining impact vs. RPKI, so that's the likely forcing function. > at least having a "no-as-sets-under-any-circumstances" policy knob > would be helpful... It's a fine policy knob, and I'm more supportive of that in general. -- Jeff _______________________________________________ GROW mailing list GROW@ietf.org https://www.ietf.org/mailman/listinfo/grow From nobody Sun Oct 6 12:41:56 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0E382120824 for ; Sun, 6 Oct 2019 12:41:48 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.9 X-Spam-Level: X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pewJCyyclb8w for ; Sun, 6 Oct 2019 12:41:46 -0700 (PDT) Received: from ran.psg.com (ran.psg.com [IPv6:2001:418:8006::18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7894312080C for ; Sun, 6 Oct 2019 12:41:46 -0700 (PDT) Received: from localhost ([127.0.0.1] helo=ryuu.rg.net) by ran.psg.com with esmtp (Exim 4.90_1) (envelope-from ) id 1iHCPY-00035A-Jl for sidrops@ietf.org; Sun, 06 Oct 2019 19:41:44 +0000 Date: Sun, 06 Oct 2019 12:41:44 -0700 Message-ID: From: Randy Bush To: sidrops@ietf.org User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/26.2 Mule/6.0 (HANACHIRUSATO) MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") Content-Type: text/plain; charset=US-ASCII Archived-At: Subject: [Sidrops] draft-ymbk-sidrops-ov-egress-01 X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 06 Oct 2019 19:41:55 -0000 on 23 july, in message https://mailarchive.ietf.org/arch/msg/sidrops/xpQ7Zy9oSN26Z4b7RCOtJtyhbx0 we requested wg adoption of draft-ymbk-sidrops-ov-egress as far as i can see, the chairs never actually issued the formal adoption call, though there was much email in support. maybe the fault of my lack of mail archive and datatracker fu. but can we please adopt this puppy so we get get any constructive comment and moev the document along? thanks. randy From nobody Sun Oct 6 13:46:36 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 98E9A1200E5 for ; Sun, 6 Oct 2019 13:46:33 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.998 X-Spam-Level: X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VJ28Tn5PHP7r for ; Sun, 6 Oct 2019 13:46:31 -0700 (PDT) Received: from mail-oi1-x232.google.com (mail-oi1-x232.google.com [IPv6:2607:f8b0:4864:20::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0EDC51200CE for ; Sun, 6 Oct 2019 13:46:31 -0700 (PDT) Received: by mail-oi1-x232.google.com with SMTP id k9so9973326oib.7 for ; Sun, 06 Oct 2019 13:46:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=wM3qoT/MOy+BgwTX+qAj94UoToiuVql2Sa4eqiIi0qM=; b=ja7xhthMYJEyhxUT3VkR/CuKNiny0jUhBUfyRyMQydZJ3CWLhkTs9bFOEVkt1UVqAy 2BHGnHNzlpvcYN3fJzU8cQr4pqzT3GH0VcRnfTITtNvp3/Ivwmu091ulpp57ewt2AzKK oVpWPu+2OuW4060fHvInF0vwATLl+EEIyAWBsGhGa6LrMsEUFL3lCIAEfEHmFkSALNX3 rR6HZwt/DrE7TiNK+cUNFfxuWcVdvIPajk4YCkhfOU5gyhjzmX4qK6atYwVond/bk15h OAyFCA/4RtGj7alg+JlyekX6bJfxc9/dlNmLI+WxpLoVjrGu1JcoHqqF6PE3f4mS7NXV srUw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=wM3qoT/MOy+BgwTX+qAj94UoToiuVql2Sa4eqiIi0qM=; b=I7oveaH7GWYo4ExwM1WDVR5Zw1nrKr4h6AG3s31tSxtuVz4VqcknDnmdqgiCdtpmXa nS88hBjgwIBo5FKvvVPeuUer3bFQERnNCqiaaN3McMix/ap4oOSYMPa1anCxAFMMrNRH zTMt8fCjCb1/Qwik/GaV+dvYlX+0BjhRVk276Xq/cdfXNlAZ1T1ZfhMbidY/eKZYE0pK 4NtC49TrZLHQgPy724wPCkD2sL2NEjhI88+UWM4W26vADHoYF8C/2lrkImogZyS6J4JW xCToMfohASSK5oDVqghExqlS2foTodI8uD+N7pbYvKZwn0O7ASWkjfmsAwx4Tf+2iEAf nsTw== X-Gm-Message-State: APjAAAVsiZW9bOMcpAyl8irEW7I4zvNpkcOPG5PBtOdkGxJ35mg+kWuV tayIIv1VvqVxi6sjO56sBRNA4W+MHvYOWfz3zKgoC7UtXfE= X-Google-Smtp-Source: APXvYqynelZGL+p6msAhCETbbSAi2DwkRmChJztXuA2KrVRKfKxapTs/jExa7cbvSN/owZl40sNV9uZ6duf2ZRpz/gI= X-Received: by 2002:aca:b4d7:: with SMTP id d206mr16040201oif.139.1570394790258; Sun, 06 Oct 2019 13:46:30 -0700 (PDT) MIME-Version: 1.0 References: <1CF3E143-98E7-4B66-AEE5-02617A639BCC@nlnetlabs.nl> In-Reply-To: <1CF3E143-98E7-4B66-AEE5-02617A639BCC@nlnetlabs.nl> From: Alexander Azimov Date: Sun, 6 Oct 2019 23:46:19 +0300 Message-ID: To: Tim Bruijnzeels Cc: SIDR Operations WG Content-Type: multipart/alternative; boundary="000000000000a16cd2059444079b" Archived-At: Subject: Re: [Sidrops] Minor comments on draft-ietf-sidrops-aspa-profile-00 X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 06 Oct 2019 20:46:34 -0000 --000000000000a16cd2059444079b Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi Tim! Thank you for the detailed overview. Correct if I'm wrong, the mentioned problem with rsync can also affect ROAs, am I right? For ROA it is just less critical since prefixes with multiple originators are not the majority of the routing table. =D1=81=D1=80, 21 =D0=B0=D0=B2=D0=B3. 2019 =D0=B3. =D0=B2 12:11, Tim Bruijnz= eels : > Hi all, > > Triggered by an email exchange with Alexander, I figured I would send my > (minor) comments on the aspa profile to the list as well. > > =3D Multiple "providerASID" > > For ASPA verification it's important that routers get all "providerASIDs" > for a "customerASID". Since it's a single "customerASID" who signs the AS= PA > I think it would be best to allow all "providerASIDs" in a single object. > Like so: > > OLD: > ASProviderAttestation ::=3D SEQUENCE { > version [0] ASPAVersion DEFAULT v0, > AFI AddressFamilyIdentifier, > customerASID ASID, > providerASID ASID } > > NEW: > ASProviderAttestation ::=3D SEQUENCE { > version [0] ASPAVersion DEFAULT v0, > AFI AddressFamilyIdentifier, > customerASID ASID, > providerASID SEQUENCE (SIZE(1..MAX)) OFASID } > > > Of course it's possible to make separate ASPA objects for each > "providerASID", but I think it introduces avoidable risks with no clear > benefits. When managing separate objects signing CAs would need to make > sure that they publish changes as a set. If RPs use rsync as the fetch > protocol they may learn of some, but not all, objects if the repository i= s > being updated just as they are fetching. > > The use of RRDP can mitigate this issue, but having a single object in > this case is cheap and avoids some of the risks. An RP would always see t= he > full set (for the moment that it validates). > > > =3D Small EE certs > > The draft currently has: > > The autonomous system identifier delegation extension [RFC3779] is > present in the end-entity (EE) certificate (contained within the > ASPA), and the customer AS number in the ASPA is contained within > the set of AS numbers specified by the EE certificate's autonomous > system identifier delegation extension. > > I think it's better practice to require that: > > The autonomous system identifier delegation extension [RFC3779] MUS= T > be present in the end-entity (EE) certificate (contained within the > ASPA), and MUST contain a single AS number that matches the custome= r > AS number. The IP address delegation extensions MUST NOT be used. > > The reason for this is fate-sharing. If any of the other irrelevant > resources on the EE certificate would no longer be contained on the CA > certificate - e.g. because of a resource transfer - then the object as a > whole would become invalid. > > There is still discussion about transfers and the deployment of > 'reconsidered' validation rules. But.. I think that's best discussed > outside of this draft. Here it seems that the problems can simply be > avoided by having a single AS on the EE cert. > > > =3D Add file extension to section 6 (IANA considerations) > > In addition to the OIDs I believe a filename extension should be > registered. > > IANA is to add an item for the Signed TAL file extension to the "RPKI > Repository Name Scheme" created by [RFC6481] as follows: > > Extension | RPKI Object | References > -----------+------------------------------------------- > .asp | Trust Anchor Keys | [this document] > > (of course feel free to chose another extension - I think four characters= : > .aspa would also be fine) > > File extensions were introduced to help RPs in parsing - so they don't > have to do trial an error parsing of objects as all possible types. The > OIDs are not quite enough, because certificates and CRLs are not RPKI > signed objects. > > > Kind regards > > Tim > > > > _______________________________________________ > Sidrops mailing list > Sidrops@ietf.org > https://www.ietf.org/mailman/listinfo/sidrops > --=20 Best regards, Alexander Azimov --000000000000a16cd2059444079b Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi Tim!

Thank you for the detailed over= view.

Correct if I'm wrong, the mentioned problem with rsync can= also affect ROAs, am I right? For ROA it is just less critical since prefi= xes with multiple originators are not the majority of the routing table.

=D1=81=D1=80, 21 =D0=B0=D0=B2=D0=B3. 2019 =D0=B3. =D0=B2 12:11, Tim = Bruijnzeels <tim@nlnetlabs.nl>= ;:
Hi all,

Triggered by an email exchange with Alexander, I figured I would send my (m= inor) comments on the aspa profile to the list as well.

=3D Multiple "providerASID"

For ASPA verification it's important that routers get all "provide= rASIDs" for a "customerASID". Since it's a single "= customerASID" who signs the ASPA I think it would be best to allow all= "providerASIDs" in a single object. Like so:

OLD:
=C2=A0 =C2=A0 =C2=A0 =C2=A0ASProviderAttestation ::=3D SEQUENCE {
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0version [0] ASPAVersion DEFAULT v0= ,
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0AFI=C2=A0 AddressFamilyIdentifier,=
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0customerASID=C2=A0 ASID,
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0providerASID=C2=A0 ASID }

NEW:
=C2=A0 =C2=A0 =C2=A0 =C2=A0ASProviderAttestation ::=3D SEQUENCE {
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0version [0] ASPAVersion DEFAULT v0= ,
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0AFI=C2=A0 AddressFamilyIdentifier,=
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0customerASID=C2=A0 ASID,
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0providerASID=C2=A0 SEQUENCE (SIZE(= 1..MAX)) OFASID }


Of course it's possible to make separate ASPA objects for each "pr= oviderASID", but I think it introduces avoidable risks with no clear b= enefits. When managing separate objects signing CAs would need to make sure= that they publish changes as a set. If RPs use rsync as the fetch protocol= they may learn of some, but not all, objects if the repository is being up= dated just as they are fetching.

The use of RRDP can mitigate this issue, but having a single object in this= case is cheap and avoids some of the risks. An RP would always see the ful= l set (for the moment that it validates).


=3D Small EE certs

The draft currently has:

=C2=A0 =C2=A0 =C2=A0 The autonomous system identifier delegation extension = [RFC3779] is
=C2=A0 =C2=A0 =C2=A0 present in the end-entity (EE) certificate (contained = within the
=C2=A0 =C2=A0 =C2=A0 ASPA), and the customer AS number in the ASPA is conta= ined within
=C2=A0 =C2=A0 =C2=A0 the set of AS numbers specified by the EE certificate&= #39;s autonomous
=C2=A0 =C2=A0 =C2=A0 system identifier delegation extension.

I think it's better practice to require that:

=C2=A0 =C2=A0 =C2=A0 The autonomous system identifier delegation extension = [RFC3779] MUST
=C2=A0 =C2=A0 =C2=A0 be present in the end-entity (EE) certificate (contain= ed within the
=C2=A0 =C2=A0 =C2=A0 ASPA), and MUST contain a single AS number that matche= s the customer
=C2=A0 =C2=A0 =C2=A0 AS number. The IP address delegation extensions MUST N= OT be used.

The reason for this is fate-sharing. If any of the other irrelevant resourc= es on the EE certificate would no longer be contained on the CA certificate= - e.g. because of a resource transfer - then the object as a whole would b= ecome invalid.

There is still discussion about transfers and the deployment of 'recons= idered' validation rules. But.. I think that's best discussed outsi= de of this draft. Here it seems that the problems can simply be avoided by = having a single AS on the EE cert.


=3D Add file extension to section 6 (IANA considerations)

In addition to the OIDs I believe a filename extension should be registered= .

=C2=A0 =C2=A0IANA is to add an item for the Signed TAL file extension to th= e "RPKI
=C2=A0 =C2=A0Repository Name Scheme" created by [RFC6481] as follows:<= br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 Extension=C2=A0 |=C2=A0 =C2=A0RPKI Objec= t=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 | References
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 -----------+----------------------------= ---------------
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0.asp=C2=A0 =C2=A0 =C2=A0 |=C2=A0 = =C2=A0Trust Anchor Keys=C2=A0 =C2=A0 =C2=A0 =C2=A0 | [this document]

(of course feel free to chose another extension - I think four characters: = .aspa would also be fine)

File extensions were introduced to help RPs in parsing - so they don't = have to do trial an error parsing of objects as all possible types. The OID= s are not quite enough, because certificates and CRLs are not RPKI signed o= bjects.


Kind regards

Tim



_______________________________________________
Sidrops mailing list
Sidrops@ietf.org<= br> https://www.ietf.org/mailman/listinfo/sidrops


--
Best regards,
Alexander Azi= mov
--000000000000a16cd2059444079b-- From nobody Sun Oct 6 17:07:43 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E430F120129 for ; Sun, 6 Oct 2019 17:07:41 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.9 X-Spam-Level: X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rOQ7bwNpyCHP for ; Sun, 6 Oct 2019 17:07:40 -0700 (PDT) Received: from ran.psg.com (ran.psg.com [IPv6:2001:418:8006::18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A77D8120128 for ; Sun, 6 Oct 2019 17:07:40 -0700 (PDT) Received: from localhost ([127.0.0.1] helo=ryuu.rg.net) by ran.psg.com with esmtp (Exim 4.90_1) (envelope-from ) id 1iHGYr-0005hk-6f; Mon, 07 Oct 2019 00:07:37 +0000 Date: Sun, 06 Oct 2019 17:07:36 -0700 Message-ID: From: Randy Bush To: Alexander Azimov Cc: Tim Bruijnzeels , SIDR Operations WG In-Reply-To: References: <1CF3E143-98E7-4B66-AEE5-02617A639BCC@nlnetlabs.nl> User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/26.2 Mule/6.0 (HANACHIRUSATO) MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") Content-Type: text/plain; charset=US-ASCII Archived-At: Subject: Re: [Sidrops] Minor comments on draft-ietf-sidrops-aspa-profile-00 X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Oct 2019 00:07:42 -0000 i have not thought deeply abut this. but it seems to me that, as in ROAs, one enters into and leaves relationship with a provider. whacking a multi-AS ROA or a multi-provider ASPA record seems ill advised. for example, what if there is a delay between delete and recreate? keep things simple, please. randy From nobody Mon Oct 7 01:21:59 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3BAE5120142 for ; Mon, 7 Oct 2019 01:21:55 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.999 X-Spam-Level: X-Spam-Status: No, score=-6.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nlnetlabs.nl Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Aibgu33oNlem for ; Mon, 7 Oct 2019 01:21:53 -0700 (PDT) Received: from dicht.nlnetlabs.nl (dicht.nlnetlabs.nl [185.49.140.10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F2022120020 for ; Mon, 7 Oct 2019 01:21:52 -0700 (PDT) Received: from [IPv6:2001:981:4b52:1:ed6e:d9d7:284a:da35] (unknown [IPv6:2001:981:4b52:1:ed6e:d9d7:284a:da35]) by dicht.nlnetlabs.nl (Postfix) with ESMTPSA id 8CD681509C; Mon, 7 Oct 2019 10:21:50 +0200 (CEST) Authentication-Results: dicht.nlnetlabs.nl; dmarc=fail (p=none dis=none) header.from=nlnetlabs.nl Authentication-Results: dicht.nlnetlabs.nl; spf=fail smtp.mailfrom=tim@nlnetlabs.nl DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=nlnetlabs.nl; s=default; t=1570436510; bh=SxL+BMLuQbnFTV96wctR4SxUsuRwu64BpjRid7q4n/I=; h=Subject:From:In-Reply-To:Date:Cc:References:To; b=nxMapE05GUXu3Vo6/fFZ9IQhKqDv0FacjrjOuPoWK+xWUVwWYSOa/UPsrzKMlrXr/ vfHZGH21D6t0USrJj+T4K9Zq9AJJQAuf0F6KwB5MMKqRsVsDnHuMoThUOVjzPRaWq8 W9HqcxwXFNp+MTBd2JEAt6Vz+Zjf69XZ/UpVLNUw= Content-Type: multipart/alternative; boundary="Apple-Mail=_B8EC64F8-06F5-4E29-B0A3-98025C11DC3B" Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) From: Tim Bruijnzeels In-Reply-To: Date: Mon, 7 Oct 2019 10:21:50 +0200 Cc: Alexander Azimov , SIDR Operations WG Message-Id: <9579DFEC-6653-4CD2-A4DE-2DC5B7427782@nlnetlabs.nl> References: <1CF3E143-98E7-4B66-AEE5-02617A639BCC@nlnetlabs.nl> To: Randy Bush X-Mailer: Apple Mail (2.3445.104.11) Archived-At: Subject: Re: [Sidrops] Minor comments on draft-ietf-sidrops-aspa-profile-00 X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Oct 2019 08:21:55 -0000 --Apple-Mail=_B8EC64F8-06F5-4E29-B0A3-98025C11DC3B Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Hi Randy, Alexander (this should also answer your point), all > On 7 Oct 2019, at 02:07, Randy Bush wrote: >=20 > i have not thought deeply abut this. but it seems to me that, as in > ROAs, one enters into and leaves relationship with a provider. = whacking > a multi-AS ROA or a multi-provider ASPA record seems ill advised. for > example, what if there is a delay between delete and recreate? >=20 > keep things simple, please. I am all for keeping things simple, but we may have different ideas of = what is simple :) We can also do multiple ASPA files, but I don't think = that it's really much simpler and because there are more files involved = I think there are more chances of delays between publish, withdraw and = updates. Let me try to make the case once more for single objects with multiple = provider ASNs. TL;DR: I still think it's slightly better, but it's not a = showstopper to me. And contrary to ROAs there is no fate sharing issue = here. =3D Simplicity Looking at how I would implement this (hopefully in the near future!) I = would let users of the CA software configure which ASNs they want to = authorise as the next hop after their own ASN. Suppose that I can create = a single object with all these ASNs, I would publish this all in a = single signed object with a determinate name, e.g. based on the key = identifier of the CA certificate key, just like is commonly done for = CRLs and MFTs. Then, whenever there is an update, I would publish a new = object in place of the old. To me this is actually simpler than = maintaining multiple objects. It also ensures that there is no delay = between delete and recreate.=20 =3D Mismatches (race condition between RP and CA/publisher) In the remote, but possible, event that an RP which uses rsync gets the = updated ASPA file, but the old MFT - or vice versa, then the outcome is = dependent on local interpretation of section 6.6 of RFC6486 (Hash Values = Not Matching Manifests), but in most implementations that I know it = would lead to rejection of the ASPA object. Some implementations might = accept it and warn. But whatever the case, if a single object is used = this would mean that there is either a complete set of upstream ASNs, or = the set is empty - which would mean that all customer-provider checks = fall back to "unknown" = (https://tools.ietf.org/html/draft-ietf-sidrops-aspa-verification-01#secti= on-4 = ). Note that CAs using RRDP will publish the new MFT, CRL and ASPA object = as a single delta, and therefore RPs supporting RRDP would not be = affected by this issue. =3D Analogy to ROAs As for ROAs, I think the ship has sailed on the spec.=20 ROAs can have multiple prefixes, which are 'signed' (through the EE cert = etc etc), and a single ASN. There has been discussion in sidrops (and = sidr?) regarding not putting multiple prefixes on ROAs, as the spec = allows. The main reason being that the loss of any one resource in any = prefix would invalidate the ROA as a whole; all prefixes would be = 'fate-sharing'. So there was advice to only use a single prefix per ROA, = or well I suppose that more specific sub-prefixes are okay, e.g. if = there is a /20 on a ROA, then rather than having a global max length it = would be fine to have explicit more specific /24s there. However, I = don't think that this advice has been incorporated in a formal BCP. I = think that RFC7115, BCP-185, "Origin Validation Operation Based on the = Resource Public Key Infrastructure (RPKI)" predates this discussion. Since ASPA object have a single "customerASID" which has to appear on = the signing EE certificate, so for ASPA this fate sharing is not an = issue, as long as the issuing CA uses a small EE cert with just that = single ASN (as I suggested in my previous email). Tim >=20 > randy --Apple-Mail=_B8EC64F8-06F5-4E29-B0A3-98025C11DC3B Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii Hi = Randy, Alexander (this should also answer your point), all

On 7 Oct 2019, at 02:07, Randy Bush <randy@psg.com> = wrote:

i have not thought deeply abut this.  but it seems to me = that, as in
ROAs, one enters into and leaves relationship = with a provider.  whacking
a multi-AS ROA or a = multi-provider ASPA record seems ill advised.  for
example, what if there is a delay between delete and = recreate?

keep things simple, please.

I am = all for keeping things simple, but we may have different ideas of what = is simple :) We can also do multiple ASPA files, but I don't think that = it's really much simpler and because there are more files involved I = think there are more chances of delays between publish, withdraw and = updates.

Let me try to make the case = once more for single objects with multiple provider ASNs. TL;DR: I still = think it's slightly better, but it's not a showstopper to me. And = contrary to ROAs there is no fate sharing issue here.


=3D = Simplicity

Looking at how I would = implement this (hopefully in the near future!) I would let users of the = CA software configure which ASNs they want to authorise as the next hop = after their own ASN. Suppose that I can create a single object with all = these ASNs, I would publish this all in a single signed object with a = determinate name, e.g. based on the key identifier of the CA certificate = key, just like is commonly done for CRLs and MFTs. Then, whenever there = is an update, I would publish a new object in place of the old. To me = this is actually simpler than maintaining multiple objects. It also = ensures that there is no delay between delete and = recreate. 

=3D Mismatches (race = condition between RP and CA/publisher)

In the remote, but possible, event that an RP = which uses rsync gets the updated ASPA file, but the old MFT - or vice = versa, then the outcome is dependent on local interpretation of section = 6.6 of RFC6486 (Hash Values Not Matching Manifests), but in most = implementations that I know it would lead to rejection of the ASPA = object. Some implementations might accept it and warn. But whatever the = case, if a single object is used this would mean that there is either a = complete set of upstream ASNs, or the set is empty - which would mean = that all customer-provider checks fall back to "unknown" (https://tools.ietf.org/html/draft-ietf-sidrops-aspa-verificatio= n-01#section-4).

Note that CAs = using RRDP will publish the new MFT, CRL and ASPA object as a single = delta, and therefore RPs supporting RRDP would not be affected by this = issue.

=3D Analogy to = ROAs

As for ROAs, I think the ship = has sailed on the spec. 

ROAs = can have multiple prefixes, which are 'signed' (through the EE cert etc = etc), and a single ASN. There has been discussion in sidrops (and sidr?) = regarding not putting multiple prefixes on ROAs, as the spec allows. The = main reason being that the loss of any one resource in any prefix would = invalidate the ROA as a whole; all prefixes would be 'fate-sharing'. So = there was advice to only use a single prefix per ROA, or well I suppose = that more specific sub-prefixes are okay, e.g. if there is a /20 on a = ROA, then rather than having a global max length it would be fine to = have explicit more specific /24s there. However, I don't think that this = advice has been incorporated in a formal BCP. I think that RFC7115, = BCP-185, "Origin Validation Operation Based on the Resource Public Key = Infrastructure (RPKI)" predates this discussion.

Since ASPA object have a single "customerASID" = which has to appear on the signing EE certificate, so for ASPA this fate = sharing is not an issue, as long as the issuing CA uses a small EE cert = with just that single ASN (as I suggested in my previous = email).



Tim












randy

= --Apple-Mail=_B8EC64F8-06F5-4E29-B0A3-98025C11DC3B-- From nobody Mon Oct 7 04:56:53 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 06911120099 for ; Mon, 7 Oct 2019 04:56:52 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.648 X-Spam-Level: X-Spam-Status: No, score=-1.648 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.25, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=no autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JYeBn7OrveNF for ; Mon, 7 Oct 2019 04:56:51 -0700 (PDT) Received: from hrabosky.cbbtier3.att.net (braeburn.org [12.0.1.25]) by ietfa.amsl.com (Postfix) with ESMTP id E1713120052 for ; Mon, 7 Oct 2019 04:56:50 -0700 (PDT) Received: from oz.mt.att.com (zoe.cbbtier3.att.net [12.0.1.45]) by hrabosky.cbbtier3.att.net (Postfix) with ESMTP id 764A52F061 for ; Mon, 7 Oct 2019 11:56:50 +0000 (UTC) Received: by oz.mt.att.com (Postfix, from userid 1000) id 69C0FA408D0; Mon, 7 Oct 2019 07:56:50 -0400 (EDT) X-Mailer: emacs 24.3.1 (via feedmail 11-beta-1 I); VM 8.2.0b under 24.3.1 (x86_64-pc-linux-gnu) Message-ID: <23963.10240.12287.137386@oz.mt.att.com> Date: Mon, 7 Oct 2019 07:56:48 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit From: Jay Borkenhagen To: SIDR Operations WG In-Reply-To: <9579DFEC-6653-4CD2-A4DE-2DC5B7427782@nlnetlabs.nl> References: <1CF3E143-98E7-4B66-AEE5-02617A639BCC@nlnetlabs.nl> <9579DFEC-6653-4CD2-A4DE-2DC5B7427782@nlnetlabs.nl> Reply-To: Jay Borkenhagen X-GPG-Fingerprint: DDDB 542E D988 94D0 82D3 D198 7DED 6648 2308 D3C0 Archived-At: Subject: Re: [Sidrops] Minor comments on draft-ietf-sidrops-aspa-profile-00 X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Oct 2019 11:56:52 -0000 I would like to re-emphasize one point Tim made (without diminishing his others): Tim Bruijnzeels writes: > But whatever the case, if a single object is used this would mean > that there is either a complete set of upstream ASNs, or the set is > empty - which would mean that all customer-provider checks fall back > to "unknown" It's critical that users of ASPA data operate using a complete set of an ASN's authorized upstream ASNs. The simplest way to communicate such a verifiably-complete set is to use a single object. Thanks! Jay B. From nobody Mon Oct 7 05:32:00 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5CCD81200B1 for ; Mon, 7 Oct 2019 05:31:59 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.301 X-Spam-Level: X-Spam-Status: No, score=-2.301 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8OGkihHYGKU1 for ; Mon, 7 Oct 2019 05:31:57 -0700 (PDT) Received: from mail.netability.ie (mail.netability.ie [IPv6:2a03:8900:0:100::5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 67E6E120099 for ; Mon, 7 Oct 2019 05:31:57 -0700 (PDT) X-Envelope-To: sidrops@ietf.org Received: from crumpet.foobar.org (089-101-070074.ntlworld.ie [89.101.70.74] (may be forged)) (authenticated bits=0) by mail.netability.ie (8.15.2/8.15.2) with ESMTPSA id x97CVqHA084851 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 7 Oct 2019 13:31:53 +0100 (IST) (envelope-from nick@foobar.org) X-Authentication-Warning: cheesecake.ibn.ie: Host 089-101-070074.ntlworld.ie [89.101.70.74] (may be forged) claimed to be crumpet.foobar.org To: Jay Borkenhagen Cc: SIDR Operations WG References: <1CF3E143-98E7-4B66-AEE5-02617A639BCC@nlnetlabs.nl> <9579DFEC-6653-4CD2-A4DE-2DC5B7427782@nlnetlabs.nl> <23963.10240.12287.137386@oz.mt.att.com> From: Nick Hilliard Message-ID: <29669e33-2ae9-1aab-0cf2-63e9d0f3857e@foobar.org> Date: Mon, 7 Oct 2019 13:31:51 +0100 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:52.0) Gecko/20100101 PostboxApp/7.0.5.2 MIME-Version: 1.0 In-Reply-To: <23963.10240.12287.137386@oz.mt.att.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Archived-At: Subject: Re: [Sidrops] Minor comments on draft-ietf-sidrops-aspa-profile-00 X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Oct 2019 12:31:59 -0000 Jay Borkenhagen wrote on 07/10/2019 12:56: > It's critical that users of ASPA data operate using a complete set of > an ASN's authorized upstream ASNs. The simplest way to communicate > such a verifiably-complete set is to use a single object. bits of me agree with this, but other bits not. It's shifting the problem from an RPKI database synchronisation problem to a human-oriented data synchronisation problem. Both are hideously difficult problems to solve, but the one which involves human input is almost certainly less reliable. Nick From nobody Mon Oct 7 15:28:13 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 02BFF120111 for ; Mon, 7 Oct 2019 15:28:12 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.501 X-Spam-Level: X-Spam-Status: No, score=-14.501 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=gN4Uidh8; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=DqQaamQC Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qmxTLY-b8_z0 for ; Mon, 7 Oct 2019 15:28:09 -0700 (PDT) Received: from alln-iport-4.cisco.com (alln-iport-4.cisco.com [173.37.142.91]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8B4C71200A4 for ; Mon, 7 Oct 2019 15:28:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1500; q=dns/txt; s=iport; t=1570487289; x=1571696889; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=3T5S5t2h/9eD7VTfLj5c9EHhCUCtDOLqNaHYs51pI4E=; b=gN4Uidh87Vqfqk0BBMlf7GPjy+lPl9DKcJ/kWYTRbZXmR/0prDj9tfyp crZqQzArjVGNuSIeidBGrJAAckYvFnogwXWYG1oci6XW7KODiRoUcOPld XU2v0Rlfi0QaNX7t8EcBbwSIPpC5mLbyixBYoQZbF0Xu25TUPLdUyE0lM c=; IronPort-PHdr: =?us-ascii?q?9a23=3ABwBtzh9hmXHf1v9uRHGN82YQeigqvan1NQcJ65?= =?us-ascii?q?0hzqhDabmn44+/bR7E/fs4iljPUM2b8P9Ch+fM+4HYEW0bqdfk0jgZdYBUER?= =?us-ascii?q?oMiMEYhQslVcyFBEznPtbhbjcxG4JJU1o2t3w=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0ApAAAUu5td/5ldJa1mGgEBAQEBAgE?= =?us-ascii?q?BAQEMAgEBAQGBVgIBAQEBCwGBSlADbVYgBAsqh2oDikqCXJd8glIDVAkBAQE?= =?us-ascii?q?MAQEYCwoCAQGDe0UCglwjNwYOAgMJAQEEAQEBAgEFBG2FLQyFSwEBAQQBARA?= =?us-ascii?q?oBgEBLAsBCwQCAQgRBAEBHxAnCx0IAgQBDQUIGoMBgWoDHQECDKN7AoE4iGG?= =?us-ascii?q?CJ4J9AQEFhQgYghcDBoE0AYwNGIFAP4ERRoJMPoJhAQGBY4M9ggQirUAKgiK?= =?us-ascii?q?VM5k/jiyZMgIEAgQFAg4BAQWBaCNEgRRwFTuCbFAQFIFPg3OFFIU/dIEpkEM?= =?us-ascii?q?BAQ?= X-IronPort-AV: E=Sophos;i="5.67,269,1566864000"; d="scan'208";a="339707290" Received: from rcdn-core-2.cisco.com ([173.37.93.153]) by alln-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 07 Oct 2019 22:28:08 +0000 Received: from XCH-RCD-007.cisco.com (xch-rcd-007.cisco.com [173.37.102.17]) by rcdn-core-2.cisco.com (8.15.2/8.15.2) with ESMTPS id x97MS8Yk021226 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 7 Oct 2019 22:28:08 GMT Received: from xhs-rtp-001.cisco.com (64.101.210.228) by XCH-RCD-007.cisco.com (173.37.102.17) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 7 Oct 2019 17:27:31 -0500 Received: from xhs-rcd-002.cisco.com (173.37.227.247) by xhs-rtp-001.cisco.com (64.101.210.228) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 7 Oct 2019 18:27:30 -0400 Received: from NAM04-BN3-obe.outbound.protection.outlook.com (72.163.14.9) by xhs-rcd-002.cisco.com (173.37.227.247) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Mon, 7 Oct 2019 17:27:30 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=EWTPtXfRaL+04kokA/wPGU/mapBsGTSLQ/0Vk8gWMl6922ghYC4jP0LCi/9KDm/tj02eVHw9zf5URz5CC2Pky5+0+rpo38yXz+/gO5trGNs4AAxDb81n+NO1c677d9Zy3uam+35X08pC6+zQFYhdH1z00025bBXBXjzPkcnG8TZAGCn6OtB2TAiOT7KlQeo4IxkYglTggdnRim4b+TY4AdRvmNDAy5AgF9lxGkqZnxYrmjMylbqd6a80C40XK74jX/12rjnje+pqFHdm75rYqpDGAGwaoa8OqU1Y47wWP9kWwzfGlnDOvV5SXmFAiEC+r8BKmcm5aTjhmKCfN4bbuQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Y/SDZXOnbw6hA8BWBZvOmZ3BHKAVuzmfFVh3+ruikWI=; b=J2bAOVA0r2pVlTEtGDYur8uSvJnzE1ZlaOgBdA9c/Pj+iWr6AwrmeCNvvw47lqWU83WaJDCNQIFxCQYBvdOvUrptsH18hX9pW5NZJ/H4ZAr09kiE2h0Q+nwdrl82fVzsQB1EnhY9wDKoLaQ4MZBqIpLV8b/gF899YGb1VFmM04TwDVNzD9ag4BCG8X/qh97dWOhBMDUApcGyKwFjMWhTT0flH/9IXhSmTYm2dAEt4O53rYT9ijH9OcTxf2KyevhJ2VHgXWtFeLPRPl/b+xZOyoEFCDKyU8kCko8lxGJEBO4wqNxNDBl4G19lW/oVDcqA2O7K36Lalg1FUvMY3JIzuQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Y/SDZXOnbw6hA8BWBZvOmZ3BHKAVuzmfFVh3+ruikWI=; b=DqQaamQCdxUTMnyYfDqof+NSEJueieKhORCb/4Ui2LYb52HJbVsszufWRthDvLijWqvlClTe9+yZZEw6FFmvNuRGGqk96AaW7fnUqwpX9q8oKwX3Ab/UCp6/UwqIZ0dElWHDgPtWjteeJPiB2nIfXbhVzayJ++Ss1WpHZZSlh/o= Received: from BYAPR11MB3751.namprd11.prod.outlook.com (20.178.238.144) by BYAPR11MB3253.namprd11.prod.outlook.com (20.177.184.146) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2327.24; Mon, 7 Oct 2019 22:27:29 +0000 Received: from BYAPR11MB3751.namprd11.prod.outlook.com ([fe80::25f5:edd3:912d:fd12]) by BYAPR11MB3751.namprd11.prod.outlook.com ([fe80::25f5:edd3:912d:fd12%3]) with mapi id 15.20.2327.026; Mon, 7 Oct 2019 22:27:29 +0000 From: "Jakob Heitz (jheitz)" To: Nick Hilliard , Jay Borkenhagen CC: SIDR Operations WG Thread-Topic: [Sidrops] Minor comments on draft-ietf-sidrops-aspa-profile-00 Thread-Index: AQHVWAB1SjQJpUEXD0ai6mvWNAHq36dOXjSAgAA4PQCAAIoWAIAAPBAAgAAJy4CAAKS80A== Date: Mon, 7 Oct 2019 22:27:29 +0000 Message-ID: References: <1CF3E143-98E7-4B66-AEE5-02617A639BCC@nlnetlabs.nl> <9579DFEC-6653-4CD2-A4DE-2DC5B7427782@nlnetlabs.nl> <23963.10240.12287.137386@oz.mt.att.com> <29669e33-2ae9-1aab-0cf2-63e9d0f3857e@foobar.org> In-Reply-To: <29669e33-2ae9-1aab-0cf2-63e9d0f3857e@foobar.org> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=jheitz@cisco.com; x-originating-ip: [2001:420:30d:1254:68ee:ac2e:9d42:aa6f] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 50736512-1615-4efa-5152-08d74b7589e4 x-ms-traffictypediagnostic: BYAPR11MB3253: x-ms-exchange-purlcount: 1 x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:5516; x-forefront-prvs: 01834E39B7 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(136003)(39860400002)(376002)(366004)(346002)(396003)(13464003)(199004)(189003)(8936002)(33656002)(7696005)(76176011)(53546011)(6506007)(8676002)(186003)(6116002)(486006)(6436002)(229853002)(316002)(2906002)(86362001)(55016002)(6246003)(256004)(6306002)(4326008)(71200400001)(71190400001)(25786009)(14444005)(81156014)(81166006)(52536014)(478600001)(64756008)(46003)(305945005)(11346002)(9686003)(76116006)(476003)(7736002)(66476007)(66556008)(66446008)(110136005)(966005)(99286004)(14454004)(102836004)(66946007)(5660300002)(74316002)(446003); DIR:OUT; SFP:1101; SCL:1; SRVR:BYAPR11MB3253; H:BYAPR11MB3751.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: 4UyWlqHyNTIF7QJhZJ8Dp1umE5HeL7oGjqqYelKnYnIX8nsIZ7G6XNS6lqE0MPAf78D5cW3H98aiRPspd8JMW4Usog5QTglwL/RIOXhutuBevJqHIYh0AeIXvoKyjkNzVqoWJdPOWOuAXj7M/RqYhPv3sBodfhbzkV25k7kF4u6veSfu8cscH6zQN0nzHRY5BmouBCLzw9InUtDX/0pa+TFM24wWx4FL22DUkEDkyt8e5mEFaW85pfpt/D5imMxMy9kZ/bZdTQEWDben0xasAuayx/8vJwgXRgq8I14kKO4gPHnn0aTiU1c7QY/qDSGqZaj97zOsMkM6zd1frgJpRRPrfkMlbnTn3Ip+oifaIz0gUM+fI1ZGKsKeYtdrz1HL0vG9i78LC7863AFKrWMtzJqq8u353TGSDrV6RvRXfDDXc/yvKLL59YCjcA0fnWnJ34nWBuOh9+unmY7yNr/esQ== x-ms-exchange-transport-forked: True Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-MS-Exchange-CrossTenant-Network-Message-Id: 50736512-1615-4efa-5152-08d74b7589e4 X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Oct 2019 22:27:29.1203 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: 3OocCVEtP1C0ZlmptG+YCONuyhD9es76hMiy3/MQ30J5IkmeiDwY20zy21vpW8zyioJ2d1cSoxV3+LLn1qIajA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR11MB3253 X-OriginatorOrg: cisco.com X-Outbound-SMTP-Client: 173.37.102.17, xch-rcd-007.cisco.com X-Outbound-Node: rcdn-core-2.cisco.com Archived-At: Subject: Re: [Sidrops] Minor comments on draft-ietf-sidrops-aspa-profile-00 X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Oct 2019 22:28:12 -0000 If the customer-provider objects are individual, then a relying party may have a partial list of providers for one customer. If all the providers for one customer are in a single object, then, upon a change, the RP can have either the old object or the new object, but never a partial view. A partial view, IMO is worse that having the old view a little longer than possible. A partial view can cause some AS-paths to be considered invalid when they are not. Regards, Jakob. -----Original Message----- From: Sidrops On Behalf Of Nick Hilliard Sent: Monday, October 7, 2019 5:32 AM To: Jay Borkenhagen Cc: SIDR Operations WG Subject: Re: [Sidrops] Minor comments on draft-ietf-sidrops-aspa-profile-00 Jay Borkenhagen wrote on 07/10/2019 12:56: > It's critical that users of ASPA data operate using a complete set of > an ASN's authorized upstream ASNs. The simplest way to communicate > such a verifiably-complete set is to use a single object. bits of me agree with this, but other bits not. It's shifting the=20 problem from an RPKI database synchronisation problem to a=20 human-oriented data synchronisation problem. Both are hideously=20 difficult problems to solve, but the one which involves human input is=20 almost certainly less reliable. Nick _______________________________________________ Sidrops mailing list Sidrops@ietf.org https://www.ietf.org/mailman/listinfo/sidrops From nobody Mon Oct 7 22:21:18 2019 Return-Path: X-Original-To: sidrops@ietf.org Delivered-To: sidrops@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 37DC612006B; Mon, 7 Oct 2019 22:21:11 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: Cc: sidrops@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.104.0 Auto-Submitted: auto-generated Precedence: bulk Reply-To: sidrops@ietf.org Message-ID: <157051207115.4790.15261740636947995536@ietfa.amsl.com> Date: Mon, 07 Oct 2019 22:21:11 -0700 Archived-At: Subject: [Sidrops] I-D Action: draft-ietf-sidrops-rp-06.txt X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Oct 2019 05:21:11 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the SIDR Operations WG of the IETF. Title : Requirements for Resource Public Key Infrastructure (RPKI) Relying Parties Authors : Di Ma Stephen Kent Filename : draft-ietf-sidrops-rp-06.txt Pages : 12 Date : 2019-10-07 Abstract: This document provides a single reference point for requirements for Relying Party (RP) software for use in the Resource Public Key Infrastructure (RPKI) in the context of securing Internet routing. It cites requirements that appear in several RPKI RFCs, making it easier for implementers to become aware of these requirements that are segmented with orthogonal functionalities. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-sidrops-rp/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-sidrops-rp-06 https://datatracker.ietf.org/doc/html/draft-ietf-sidrops-rp-06 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-sidrops-rp-06 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Mon Oct 7 23:49:48 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D31F412000F for ; Mon, 7 Oct 2019 23:49:46 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.999 X-Spam-Level: X-Spam-Status: No, score=-6.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nlnetlabs.nl Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EYweKl6oa3No for ; Mon, 7 Oct 2019 23:49:44 -0700 (PDT) Received: from dicht.nlnetlabs.nl (dicht.nlnetlabs.nl [IPv6:2a04:b900::1:0:0:10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A91BD1200B5 for ; Mon, 7 Oct 2019 23:49:44 -0700 (PDT) Received: from [172.20.10.4] (unknown [109.37.141.233]) by dicht.nlnetlabs.nl (Postfix) with ESMTPSA id 80F951708F; Tue, 8 Oct 2019 08:49:39 +0200 (CEST) Authentication-Results: dicht.nlnetlabs.nl; dmarc=fail (p=none dis=none) header.from=nlnetlabs.nl Authentication-Results: dicht.nlnetlabs.nl; spf=fail smtp.mailfrom=tim@nlnetlabs.nl DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=nlnetlabs.nl; s=default; t=1570517380; bh=dkJ7EY4Ounq3Kk22780snGSgyEyEYzpXdEllVTf1qPs=; h=Subject:From:In-Reply-To:Date:Cc:References:To; b=vlMwu7MCNuGyPDjqvs8oyBlqHnjSSiAHy67R758e2HjZdTDec7GutsccxcsB/Tb26 x5jgLokQnh/WMDONwi7kFjfyA9HsDzmBnmjpGLZx3r1fAZ/p4wGugG5ZKCfdZjSjTx E53Tsu5zQPGuADqLKpnnJnQnsr/s27clpfyfVUSE= Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) From: Tim Bruijnzeels In-Reply-To: Date: Tue, 8 Oct 2019 08:49:15 +0200 Cc: Nick Hilliard , Jay Borkenhagen , SIDR Operations WG Content-Transfer-Encoding: quoted-printable Message-Id: <39E6D50C-7112-4C0B-90BF-99C91665C193@nlnetlabs.nl> References: <1CF3E143-98E7-4B66-AEE5-02617A639BCC@nlnetlabs.nl> <9579DFEC-6653-4CD2-A4DE-2DC5B7427782@nlnetlabs.nl> <23963.10240.12287.137386@oz.mt.att.com> <29669e33-2ae9-1aab-0cf2-63e9d0f3857e@foobar.org> To: "Jakob Heitz (jheitz)" X-Mailer: Apple Mail (2.3445.104.11) Archived-At: Subject: Re: [Sidrops] Minor comments on draft-ietf-sidrops-aspa-profile-00 X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Oct 2019 06:49:47 -0000 Hi, So, to re-iterate: I don't think the problem of getting only a sub-set = of ASPA objects is very likely to occur, especially when using RRDP. = With RRDP there are deltas that provide transactionality in publication, = which at least allows operators to publish multiple objects as a single = delta. But, of course, their CA software has to support this idea, = rather than publish objects (+mft + crl) one by one. However, having the option of multiple provider ASNs in a single object = allows for a publication strategy (using a fixed named object) that = avoids the issue altogether, as a bonus I find it a bit easier to manage = for my particular implementation, and it saves a bit of space (CMS = wrapping, EE cert 2048 with bit key). And on the other hand, I don't = think that having: providerASID SEQUENCE (SIZE(1..MAX)) OF ASID=20 Instead of: providerASID ASID adds much in terms of complexity, and I do not see any other clear = drawbacks (e.g. fate sharing). If multiple provider ASNs are allowed I would go on to RECOMMEND that a = single object is used, but in principle implementations can still have = multiple ASPA objects, each with a SEQUENCE OF 1 ASID. I expect that RPs = will validate ASPA objects and build up a list of 'Validated Customer = Provider Relations', and that this list/deltas - excluding duplicates - = is communicated to routers in a new version of the RPKI-RTR protocol. = So, it should not matter if the relations were found on 1 or more = objects. In ROAs we can only have one ASN, so multiple are needed in case a = prefix is multi-homed. Although, in retro-spect multiple ASNs could have = been a nice idea here too, but I don't think the problem is anywhere = near big enough to warrant a re-design of the ROA spec. Tim > On 8 Oct 2019, at 00:27, Jakob Heitz (jheitz) = wrote: >=20 > If the customer-provider objects are individual, then a relying party > may have a partial list of providers for one customer. >=20 > If all the providers for one customer are in a single object, > then, upon a change, the RP can have either the old object > or the new object, but never a partial view. >=20 > A partial view, IMO is worse that having the old view a little longer > than possible. A partial view can cause some AS-paths to be considered > invalid when they are not. >=20 > Regards, > Jakob. >=20 > -----Original Message----- > From: Sidrops On Behalf Of Nick Hilliard > Sent: Monday, October 7, 2019 5:32 AM > To: Jay Borkenhagen > Cc: SIDR Operations WG > Subject: Re: [Sidrops] Minor comments on = draft-ietf-sidrops-aspa-profile-00 >=20 > Jay Borkenhagen wrote on 07/10/2019 12:56: >> It's critical that users of ASPA data operate using a complete set of >> an ASN's authorized upstream ASNs. The simplest way to communicate >> such a verifiably-complete set is to use a single object. >=20 > bits of me agree with this, but other bits not. It's shifting the=20 > problem from an RPKI database synchronisation problem to a=20 > human-oriented data synchronisation problem. Both are hideously=20 > difficult problems to solve, but the one which involves human input is=20= > almost certainly less reliable. >=20 > Nick >=20 > _______________________________________________ > Sidrops mailing list > Sidrops@ietf.org > https://www.ietf.org/mailman/listinfo/sidrops >=20 > _______________________________________________ > Sidrops mailing list > Sidrops@ietf.org > https://www.ietf.org/mailman/listinfo/sidrops From nobody Wed Oct 9 09:28:16 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2BB16120879 for ; Wed, 9 Oct 2019 09:28:12 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.9 X-Spam-Level: X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6lqpFx4hb2rK for ; Wed, 9 Oct 2019 09:28:11 -0700 (PDT) Received: from ran.psg.com (ran.psg.com [IPv6:2001:418:8006::18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6E350120894 for ; Wed, 9 Oct 2019 09:28:11 -0700 (PDT) Received: from localhost ([127.0.0.1] helo=ryuu.rg.net) by ran.psg.com with esmtp (Exim 4.90_1) (envelope-from ) id 1iIEom-0004Ef-ON; Wed, 09 Oct 2019 16:28:04 +0000 Date: Wed, 09 Oct 2019 09:28:03 -0700 Message-ID: From: Randy Bush To: "Borchert, Oliver (Fed)" Cc: "Jakob Heitz (jheitz)" , "Montgomery, Douglas (Fed)" , Keyur Patel , "sidrops@ietf.org" , "Borchert, Oliver (Fed)" In-Reply-To: References: <0BBFA8C1-A13D-4CC9-A72D-ABAE797F2E4F@arrcus.com> <875A2007-9546-4CE3-AD32-15D4E7F7C29E@nist.gov> User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/26.2 Mule/6.0 (HANACHIRUSATO) MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") Content-Type: text/plain; charset=US-ASCII Archived-At: Subject: Re: [Sidrops] WG Adoption call for draft-borchert-sidrops-bgpsec-validation-signaling-01 (9/16-9/30) X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Oct 2019 16:28:15 -0000 oliver, if you can subsume ov-egress and the ix draft from de-cix, go for it. randy From nobody Wed Oct 9 09:33:49 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6AAD0120170; Wed, 9 Oct 2019 09:33:48 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=netorgft1331857.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lfbQq1rP0Iez; Wed, 9 Oct 2019 09:33:46 -0700 (PDT) Received: from NAM03-DM3-obe.outbound.protection.outlook.com (mail-eopbgr800074.outbound.protection.outlook.com [40.107.80.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7EBA3120145; Wed, 9 Oct 2019 09:33:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Cyg49VVLH27tO+qlhakgO+O+tmbbf8BEAowscLx4/0hZ1fc6s52mtOQWEtiN4YT4/1Nxx8w+NgSG1auEbuk1r68wtRSRfZLCN6Bp+p9L7M/K8p4S33gSksuzz+WHhJwlqm49+XKi0BIyjCV0FqVG8Ksd7pMil3bMVZ6R+V4isce0vbvn5P9f9QiA08yP8fHVTFrnTf1dA2C/OsTWZ4KsRjFhNUL0PJqn7RRkWpTiDBCQEPw6ttIIR875PwbmZ+7zaGfw1e050hErdD7e5AiSjF9qwCldhGBv6fScm6lWeFaVSC49BAlai5hVX1pQb2YbzwE5XU3Byp/gKoEdCrX5sw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=7LlmowG4nmG6Zn0gjwwoHIuMM5qbVFbRucus4PasWjY=; b=HhXUGAPDrNMIucRocWWhYQkK+hpW8ZOlKXV9g+IXbU0hd2WPmxyqZj73UlQ+JNV2zDBSye5hUJOmmNWyIDAh1Dhi5yBf0A73ijRecDjH4mGX31FdyBlp1Mhfmi+8u4XisUvZZ3Zu5IcS87tmla5/AHpK8hlntX0doUrBhWRI93Ni3zyG1FKnkXKVfLZm4x3ZN92tQMMa4lXiDy4cP4payVJBmpkbYAm7TyTmtAsrK2pKLztfFPCgEqrk8a/t6RZHQKvp0wZhyA/kV7WEv7i5zvMMkhFrlii2iTYpAFZ3+gEAS90DggiBWBMeH4YofejGU0O2Sao3nHTeF2LOLe0TsQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arrcus.com; dmarc=pass action=none header.from=arrcus.com; dkim=pass header.d=arrcus.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=NETORGFT1331857.onmicrosoft.com; s=selector2-NETORGFT1331857-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=7LlmowG4nmG6Zn0gjwwoHIuMM5qbVFbRucus4PasWjY=; b=iHkRG04/xHsjjZDFu0k3PKgJgz8PwmH+40KITbb8dQtRNEnz5wYwMwzQSVYm7rrPvnGFdluVZxOk6E9ur+b8n3Vyb6uKqEM+msRn7/ixCRKBZBw7Gk8b8W4M6WcxrXSJSttJmSbKski6omhfy+aK0XzVDJmQBSKjs2w+zr5TGlE= Received: from BYAPR18MB2856.namprd18.prod.outlook.com (20.179.59.30) by BYAPR18MB2757.namprd18.prod.outlook.com (20.179.56.223) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2347.16; Wed, 9 Oct 2019 16:33:44 +0000 Received: from BYAPR18MB2856.namprd18.prod.outlook.com ([fe80::6182:28f2:3566:d173]) by BYAPR18MB2856.namprd18.prod.outlook.com ([fe80::6182:28f2:3566:d173%3]) with mapi id 15.20.2347.016; Wed, 9 Oct 2019 16:33:44 +0000 From: Keyur Patel To: sidrops-chairs , "sidrops@ietf.org" Thread-Topic: Closed -- WG Adoption call for draft-borchert-sidrops-bgpsec-validation-signaling-01 (9/16-9/30) Thread-Index: AQHVfr9RhKv4S+tjhkek24yljC2g8A== Date: Wed, 9 Oct 2019 16:33:44 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=keyur@arrcus.com; x-originating-ip: [70.234.233.187] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 24eb4ce6-39f7-475e-cfbd-08d74cd67394 x-ms-traffictypediagnostic: BYAPR18MB2757: x-ms-exchange-purlcount: 1 x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:6108; x-forefront-prvs: 018577E36E x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(39830400003)(346002)(136003)(376002)(396003)(366004)(189003)(199004)(2501003)(71200400001)(71190400001)(76116006)(66066001)(966005)(66476007)(66556008)(64756008)(66446008)(508600001)(36756003)(54896002)(6306002)(6512007)(33656002)(450100002)(86362001)(486006)(2906002)(6486002)(236005)(2616005)(476003)(66946007)(6436002)(6116002)(3846002)(316002)(186003)(256004)(25786009)(7736002)(26005)(14454004)(81156014)(99286004)(4744005)(6506007)(110136005)(53546011)(5660300002)(8676002)(8936002)(606006)(102836004)(81166006); DIR:OUT; SFP:1101; SCL:1; SRVR:BYAPR18MB2757; H:BYAPR18MB2856.namprd18.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: arrcus.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: DqgytmZVQovpPjuYNksne1ZBjtQCJNXTdktwEk+/JvOfFrpu+jOJquEvX4MXQ4s6zoO0iL29GMSvmpTcmcbriIULOcrpZByb28AEOkYCZIMhtsODV8K458JbcVHWsXxL5YLLR/TiwriLnq1ZbUf0mNPERiHQcbWsl2zqAqYoI/h4XVczO8/7u54P6ztwsLuhTsAWn+UO7eRzHaIue5wMisgJTd5Fi+flasL0DIiLW7ov+WD8Yb+ktjaMdmcW1PHoFHy/TQmbgLZgUCQrBrfqGjobUR2WYn7CGSCNRQhLXMefUqMa6C6kvYCRHt1B8OSKAfJ5Lq7acY+Mgnn6VQXulDowO3hycpGYLYAtyej723YbZSWeEanZPJ/rQv5IGH+WWirY+Bls8/hHW70tMKoww0ljLztwbAZOgRBCtqwJTPAfxga4+VezabOiNWfWl/n6 x-ms-exchange-transport-forked: True Content-Type: multipart/alternative; boundary="_000_CA9F4B26EA2843708B7C9DA4FD2475BAarrcuscom_" MIME-Version: 1.0 X-OriginatorOrg: arrcus.com X-MS-Exchange-CrossTenant-Network-Message-Id: 24eb4ce6-39f7-475e-cfbd-08d74cd67394 X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Oct 2019 16:33:44.0879 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 697b3529-5c2b-40cf-a019-193eb78f6820 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: UTk0EVV+HK/ee2nhtXyGQacqd8MvFCgJH1RusP69H8i8rAluJW0Qd6veU5cfD04xyD3a6IHeHS0emooUP6FkWw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR18MB2757 Archived-At: Subject: [Sidrops] Closed -- WG Adoption call for draft-borchert-sidrops-bgpsec-validation-signaling-01 (9/16-9/30) X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Oct 2019 16:33:48 -0000 --_000_CA9F4B26EA2843708B7C9DA4FD2475BAarrcuscom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 VGhlIFdHIGhhcyByZWFjaGVkIGNvbnNlbnN1cyAod2VhaykgdG8gYWRvcHRpb24gb2YgIGRyYWZ0 LWJvcmNoZXJ0LXNpZHJvcHMtYmdwc2VjLXZhbGlkYXRpb24tc2lnbmFsaW5nLTAxLnR4dCAgZHJh ZnQuIFRoZSBhdXRob3JzIGFyZSByZXF1ZXN0ZWQgdG8gc3VibWl0IHRoZSAtMDAgd2cgZHJhZnQu DQoNClJlZ2FyZHMsDQpDaHJpcyAmIEtleXVyDQoNCkZyb206IEtleXVyIFBhdGVsIDxrZXl1ckBh cnJjdXMuY29tPg0KRGF0ZTogTW9uZGF5LCBTZXB0ZW1iZXIgMTYsIDIwMTkgYXQgMTI6MDUgUE0N ClRvOiBLZXl1ciBQYXRlbCA8a2V5dXJAYXJyY3VzLmNvbT4NClN1YmplY3Q6IFdHIEFkb3B0aW9u IGNhbGwgZm9yIGRyYWZ0LWJvcmNoZXJ0LXNpZHJvcHMtYmdwc2VjLXZhbGlkYXRpb24tc2lnbmFs aW5nLTAxICg5LzE2LTkvMzApDQoNCg0KSGkgRm9sa3MsDQoNCg0KVGhlIGF1dGhvcnMgaGF2ZSBy ZXF1ZXN0ZWQgU0lEUk9QUyB3b3JraW5nIGdyb3VwIGFkb3B0aW9uIGNhbGwgb2Yg4oCcQkdQc2Vj IFZhbGlkYXRpb24gU3RhdGUgU2lnbmFsaW5n4oCdLCAgaHR0cHM6Ly90b29scy5pZXRmLm9yZy9o dG1sL2RyYWZ0LWJvcmNoZXJ0LXNpZHJvcHMtYmdwc2VjLXZhbGlkYXRpb24tc2lnbmFsaW5nLTAx Lg0KDQoNCg0KUGxlYXNlIHNlbmQgeW91ciBjb21tZW50cyB0byB0aGUgbGlzdC4gVGhpcyBhZG9w dGlvbiBjYWxsIHdpbGwgY29uY2x1ZGUgb24gU2VwIDMwIDIwMTkuDQoNCg0KDQpSZWdhcmRzLA0K DQpDaHJpcyAmIEtleXVyDQoNCg== --_000_CA9F4B26EA2843708B7C9DA4FD2475BAarrcuscom_ Content-Type: text/html; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6bz0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6b2ZmaWNlIiB4 bWxuczp3PSJ1cm46c2NoZW1hcy1taWNyb3NvZnQtY29tOm9mZmljZTp3b3JkIiB4bWxuczptPSJo dHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL29mZmljZS8yMDA0LzEyL29tbWwiIHhtbG5zPSJo dHRwOi8vd3d3LnczLm9yZy9UUi9SRUMtaHRtbDQwIj4NCjxoZWFkPg0KPG1ldGEgaHR0cC1lcXVp dj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9dXRmLTgiPg0KPG1l dGEgbmFtZT0iR2VuZXJhdG9yIiBjb250ZW50PSJNaWNyb3NvZnQgV29yZCAxNSAoZmlsdGVyZWQg bWVkaXVtKSI+DQo8c3R5bGU+PCEtLQ0KLyogRm9udCBEZWZpbml0aW9ucyAqLw0KQGZvbnQtZmFj ZQ0KCXtmb250LWZhbWlseToiQ2FtYnJpYSBNYXRoIjsNCglwYW5vc2UtMToyIDQgNSAzIDUgNCA2 IDMgMiA0O30NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6Q2FsaWJyaTsNCglwYW5vc2UtMToy IDE1IDUgMiAyIDIgNCAzIDIgNDt9DQovKiBTdHlsZSBEZWZpbml0aW9ucyAqLw0KcC5Nc29Ob3Jt YWwsIGxpLk1zb05vcm1hbCwgZGl2Lk1zb05vcm1hbA0KCXttYXJnaW46MGluOw0KCW1hcmdpbi1i b3R0b206LjAwMDFwdDsNCglmb250LXNpemU6MTIuMHB0Ow0KCWZvbnQtZmFtaWx5OiJDYWxpYnJp IixzYW5zLXNlcmlmO30NCmE6bGluaywgc3Bhbi5Nc29IeXBlcmxpbmsNCgl7bXNvLXN0eWxlLXBy aW9yaXR5Ojk5Ow0KCWNvbG9yOiMwNTYzQzE7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9 DQphOnZpc2l0ZWQsIHNwYW4uTXNvSHlwZXJsaW5rRm9sbG93ZWQNCgl7bXNvLXN0eWxlLXByaW9y aXR5Ojk5Ow0KCWNvbG9yOiM5NTRGNzI7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQpw cmUNCgl7bXNvLXN0eWxlLXByaW9yaXR5Ojk5Ow0KCW1zby1zdHlsZS1saW5rOiJIVE1MIFByZWZv cm1hdHRlZCBDaGFyIjsNCgltYXJnaW46MGluOw0KCW1hcmdpbi1ib3R0b206LjAwMDFwdDsNCglm b250LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OiJDb3VyaWVyIE5ldyI7fQ0KcC5tc29ub3Jt YWwwLCBsaS5tc29ub3JtYWwwLCBkaXYubXNvbm9ybWFsMA0KCXttc28tc3R5bGUtbmFtZTptc29u b3JtYWw7DQoJbXNvLW1hcmdpbi10b3AtYWx0OmF1dG87DQoJbWFyZ2luLXJpZ2h0OjBpbjsNCglt c28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0bzsNCgltYXJnaW4tbGVmdDowaW47DQoJZm9udC1zaXpl OjExLjBwdDsNCglmb250LWZhbWlseToiQ2FsaWJyaSIsc2Fucy1zZXJpZjt9DQpzcGFuLkhUTUxQ cmVmb3JtYXR0ZWRDaGFyDQoJe21zby1zdHlsZS1uYW1lOiJIVE1MIFByZWZvcm1hdHRlZCBDaGFy IjsNCgltc28tc3R5bGUtcHJpb3JpdHk6OTk7DQoJbXNvLXN0eWxlLWxpbms6IkhUTUwgUHJlZm9y bWF0dGVkIjsNCglmb250LWZhbWlseToiQ291cmllciBOZXciO30NCnNwYW4uRW1haWxTdHlsZTIw DQoJe21zby1zdHlsZS10eXBlOnBlcnNvbmFsOw0KCWZvbnQtZmFtaWx5OiJDYWxpYnJpIixzYW5z LXNlcmlmOw0KCWNvbG9yOndpbmRvd3RleHQ7fQ0Kc3Bhbi5hcHBsZS1jb252ZXJ0ZWQtc3BhY2UN Cgl7bXNvLXN0eWxlLW5hbWU6YXBwbGUtY29udmVydGVkLXNwYWNlO30NCnNwYW4uRW1haWxTdHls ZTIyDQoJe21zby1zdHlsZS10eXBlOnBlcnNvbmFsLXJlcGx5Ow0KCWZvbnQtZmFtaWx5OiJDYWxp YnJpIixzYW5zLXNlcmlmOw0KCWNvbG9yOndpbmRvd3RleHQ7fQ0KLk1zb0NocERlZmF1bHQNCgl7 bXNvLXN0eWxlLXR5cGU6ZXhwb3J0LW9ubHk7DQoJZm9udC1zaXplOjEwLjBwdDt9DQpAcGFnZSBX b3JkU2VjdGlvbjENCgl7c2l6ZTo4LjVpbiAxMS4waW47DQoJbWFyZ2luOjEuMGluIDEuMGluIDEu MGluIDEuMGluO30NCmRpdi5Xb3JkU2VjdGlvbjENCgl7cGFnZTpXb3JkU2VjdGlvbjE7fQ0KLS0+ PC9zdHlsZT4NCjwvaGVhZD4NCjxib2R5IGxhbmc9IkVOLVVTIiBsaW5rPSIjMDU2M0MxIiB2bGlu az0iIzk1NEY3MiI+DQo8ZGl2IGNsYXNzPSJXb3JkU2VjdGlvbjEiPg0KPHAgY2xhc3M9Ik1zb05v cm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQiPlRoZSBXRyBoYXMgcmVhY2hlZCBj b25zZW5zdXMgKHdlYWspIHRvIGFkb3B0aW9uIG9mICZuYnNwO2RyYWZ0LWJvcmNoZXJ0LXNpZHJv cHMtYmdwc2VjLXZhbGlkYXRpb24tc2lnbmFsaW5nLTAxLnR4dCAmbmJzcDtkcmFmdC4gVGhlIGF1 dGhvcnMgYXJlIHJlcXVlc3RlZCB0byBzdWJtaXQgdGhlIC0wMCB3ZyBkcmFmdC48bzpwPjwvbzpw Pjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXpl OjExLjBwdCI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1h bCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQiPlJlZ2FyZHMsPG86cD48L286cD48L3Nw YW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4w cHQiPkNocmlzICZhbXA7IEtleXVyPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1z b05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQiPjxvOnA+Jm5ic3A7PC9vOnA+ PC9zcGFuPjwvcD4NCjxkaXYgc3R5bGU9ImJvcmRlcjpub25lO2JvcmRlci10b3A6c29saWQgI0I1 QzRERiAxLjBwdDtwYWRkaW5nOjMuMHB0IDBpbiAwaW4gMGluIj4NCjxwIGNsYXNzPSJNc29Ob3Jt YWwiPjxiPjxzcGFuIHN0eWxlPSJjb2xvcjpibGFjayI+RnJvbTogPC9zcGFuPjwvYj48c3BhbiBz dHlsZT0iY29sb3I6YmxhY2siPktleXVyIFBhdGVsICZsdDtrZXl1ckBhcnJjdXMuY29tJmd0Ozxi cj4NCjxiPkRhdGU6IDwvYj5Nb25kYXksIFNlcHRlbWJlciAxNiwgMjAxOSBhdCAxMjowNSBQTTxi cj4NCjxiPlRvOiA8L2I+S2V5dXIgUGF0ZWwgJmx0O2tleXVyQGFycmN1cy5jb20mZ3Q7PGJyPg0K PGI+U3ViamVjdDogPC9iPldHIEFkb3B0aW9uIGNhbGwgZm9yIGRyYWZ0LWJvcmNoZXJ0LXNpZHJv cHMtYmdwc2VjLXZhbGlkYXRpb24tc2lnbmFsaW5nLTAxICg5LzE2LTkvMzApPG86cD48L286cD48 L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5 bGU9ImZvbnQtc2l6ZToxMS4wcHQiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2 Pg0KPHByZT48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtD YWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6IzIxMjUyOSI+SGkgRm9sa3MsPC9zcGFuPjxv OnA+PC9vOnA+PC9wcmU+DQo8cHJlPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQt ZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjojMjEyNTI5Ij4mbmJz cDs8L3NwYW4+PG86cD48L286cD48L3ByZT4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0 eWxlPSJmb250LXNpemU6MTEuMHB0O2NvbG9yOiMyMTI1MjkiPlRoZSBhdXRob3JzIGhhdmUgcmVx dWVzdGVkIFNJRFJPUFMgd29ya2luZyBncm91cCBhZG9wdGlvbiBjYWxsIG9mIOKAnDwvc3Bhbj48 c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtjb2xvcjpibGFjayI+QkdQc2VjIFZhbGlkYXRp b24gU3RhdGUgU2lnbmFsaW5n4oCdLA0KPHNwYW4gY2xhc3M9ImFwcGxlLWNvbnZlcnRlZC1zcGFj ZSI+Jm5ic3A7PC9zcGFuPjwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdCI+PGEg aHJlZj0iaHR0cHM6Ly90b29scy5pZXRmLm9yZy9odG1sL2RyYWZ0LWJvcmNoZXJ0LXNpZHJvcHMt Ymdwc2VjLXZhbGlkYXRpb24tc2lnbmFsaW5nLTAxIiB0aXRsZT0iaHR0cHM6Ly90b29scy5pZXRm Lm9yZy9odG1sL2RyYWZ0LWJvcmNoZXJ0LXNpZHJvcHMtYmdwc2VjLXZhbGlkYXRpb24tc2lnbmFs aW5nLTAxIj5odHRwczovL3Rvb2xzLmlldGYub3JnL2h0bWwvZHJhZnQtYm9yY2hlcnQtc2lkcm9w cy1iZ3BzZWMtdmFsaWRhdGlvbi1zaWduYWxpbmctMDE8L2E+Ljwvc3Bhbj48bzpwPjwvbzpwPjwv cD4NCjxwcmU+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7 Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmO2NvbG9yOiMyMTI1MjkiPiZuYnNwOzwvc3Bhbj48bzpw PjwvbzpwPjwvcHJlPg0KPHByZT48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZh bWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6IzIxMjUyOSI+UGxlYXNl IHNlbmQgeW91ciBjb21tZW50cyB0byB0aGUgbGlzdC4gVGhpcyBhZG9wdGlvbiBjYWxsIHdpbGwg Y29uY2x1ZGUgb24gU2VwIDMwIDIwMTkuPC9zcGFuPjxvOnA+PC9vOnA+PC9wcmU+DQo8cHJlPjxz cGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVv dDssc2Fucy1zZXJpZjtjb2xvcjojMjEyNTI5Ij4mbmJzcDs8L3NwYW4+PG86cD48L286cD48L3By ZT4NCjxwcmU+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7 Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmO2NvbG9yOiMyMTI1MjkiPlJlZ2FyZHMsPC9zcGFuPjxv OnA+PC9vOnA+PC9wcmU+DQo8cHJlPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQt ZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjojMjEyNTI5Ij5DaHJp cyAmYW1wOyBLZXl1cjwvc3Bhbj48bzpwPjwvbzpwPjwvcHJlPg0KPHAgY2xhc3M9Ik1zb05vcm1h bCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQiPiZuYnNwOzwvc3Bhbj48bzpwPjwvbzpw PjwvcD4NCjwvZGl2Pg0KPC9ib2R5Pg0KPC9odG1sPg0K --_000_CA9F4B26EA2843708B7C9DA4FD2475BAarrcuscom_-- From nobody Wed Oct 9 09:48:12 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C56B31208CD for ; Wed, 9 Oct 2019 09:48:04 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.2 X-Spam-Level: X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Eycm5No9TMiB for ; Wed, 9 Oct 2019 09:48:04 -0700 (PDT) Received: from mail.netability.ie (mail.netability.ie [IPv6:2a03:8900:0:100::5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AA24F1208D3 for ; Wed, 9 Oct 2019 09:48:03 -0700 (PDT) X-Envelope-To: sidrops@ietf.org Received: from crumpet.foobar.org (089-101-070074.ntlworld.ie [89.101.70.74] (may be forged)) (authenticated bits=0) by mail.netability.ie (8.15.2/8.15.2) with ESMTPSA id x99GlxHa071939 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 9 Oct 2019 17:47:59 +0100 (IST) (envelope-from nick@foobar.org) X-Authentication-Warning: cheesecake.ibn.ie: Host 089-101-070074.ntlworld.ie [89.101.70.74] (may be forged) claimed to be crumpet.foobar.org To: Randy Bush Cc: "Borchert, Oliver (Fed)" , "sidrops@ietf.org" References: <0BBFA8C1-A13D-4CC9-A72D-ABAE797F2E4F@arrcus.com> <875A2007-9546-4CE3-AD32-15D4E7F7C29E@nist.gov> From: Nick Hilliard Message-ID: Date: Wed, 9 Oct 2019 17:47:57 +0100 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:52.0) Gecko/20100101 PostboxApp/7.0.5.2 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Archived-At: Subject: Re: [Sidrops] WG Adoption call for draft-borchert-sidrops-bgpsec-validation-signaling-01 (9/16-9/30) X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Oct 2019 16:48:09 -0000 Randy Bush wrote on 09/10/2019 17:28: > if you can subsume ov-egress and the ix draft from de-cix, go for it. please don't. draft-ymbk-sidrops-ov-egress is a good idea and although small in scope, is important enough to stand on its own. It is also unrelated in intent to either draft-borchert or validating-bgp-speaker. draft-borchert is a poor idea because pushing the idea of a signaling translation layer at the expense of proper RPKI is a poor idea. But at least the damage is constrained to the single administrative domain of an ibgp mesh. draft-ietf-sidrops-validating-bgp-speaker is a bad idea for a number of reasons documented on this WG, but mostly because it can cause invalids to be propagated to third parties at the cost of squishing valids or unknowns. This is actively harmful. Nick From nobody Wed Oct 9 09:53:43 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BC4531208B8 for ; Wed, 9 Oct 2019 09:53:42 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZqnrVn1D5Lgy for ; Wed, 9 Oct 2019 09:53:42 -0700 (PDT) Received: from mail.rg.net (mail.rg.net [198.180.150.2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1B3C51208B7 for ; Wed, 9 Oct 2019 09:53:42 -0700 (PDT) Received: from 162-195-241-81.lightspeed.sntcca.sbcglobal.net ([162.195.241.81] helo=[192.168.0.18]) by mail.rg.net with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1iIFDW-0004UP-Na; Wed, 09 Oct 2019 16:53:39 +0000 From: "Randy Bush" To: "Nick Hilliard" Cc: "Borchert, Oliver" , sidrops@ietf.org Date: Wed, 09 Oct 2019 09:53:36 -0700 X-Mailer: MailMate (1.13r5655) Message-ID: <0C2E429A-633E-42E6-9E7E-AB04AF3E6279@psg.com> In-Reply-To: References: <0BBFA8C1-A13D-4CC9-A72D-ABAE797F2E4F@arrcus.com> <875A2007-9546-4CE3-AD32-15D4E7F7C29E@nist.gov> MIME-Version: 1.0 Content-Type: text/plain Archived-At: Subject: Re: [Sidrops] WG Adoption call for draft-borchert-sidrops-bgpsec-validation-signaling-01 (9/16-9/30) X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Oct 2019 16:53:43 -0000 >> if you can subsume ov-egress and the ix draft from de-cix, go for it. > please don't. thanks, nick. my bad. i meant ov-signal randy From nobody Thu Oct 10 11:48:53 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 76E64120130; Thu, 10 Oct 2019 11:48:51 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nist.gov Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ys-9SMi_BTcZ; Thu, 10 Oct 2019 11:48:48 -0700 (PDT) Received: from GCC02-BL0-obe.outbound.protection.outlook.com (mail-bl0gcc02on2072f.outbound.protection.outlook.com [IPv6:2a01:111:f400:7d05::72f]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EC6B1120089; Thu, 10 Oct 2019 11:48:47 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=IkuCUxT6i70USzVcTi2MquzhGkX3iS5YcuL5W5C11aSHFdMxPYHWs4olIz1oW4l9fMNGQNypszyV89Sg91srglLPqFuyIyXgHpgGNEL7fWVeqgDh22fYQb8QCprMLpcZmN9VIBGlRLvU44+91Nbt5RFeCmiJh+qCS9PqU5Xion/JLBXFPfQygWw8aDW7NeG6n69Nc7LGtmvFH4+AM9lPZ3Ol/vzFvVRT/XkC8SJxi4A8kMmH2B7kX6IpBM2FBPkCxZqLH1WGULFQFXO8p0cKHIV2ZkG37IM60QO4nOduIMR+bOqr9sZE18LX3bcZqknsGLUFwAyjm6tyCg6mryCQHA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=RHiVWDUViyIhX/CnDOT3n27CzFXfpecmGc5mI7AJJRM=; b=GtDIq0O+h1jFN4vE4NALo5QMMdHzPgA11C2+G110JUSSR/WRNgoTI7YNBxdNaiTwIqkloaAtd2V3fsHSI5SB16wFA9b5SG0OisqIXectEV2LHqOB6CkOtYeH/j22wIhMRghw04C2cjzxZhMaUK09BydZ5nf0PnAHiPDggM3GeEgJO6KDGsoiBhZVV39Xvp3mOJRi4D/Szw9IyGDql3voBE+aZAv9R8P9yobfLQq7b+VgTN09ciwdimcBPHJkI7GspHbgIYjuOfx0O0uqIEPvsQDSAXiRUeYd1Ph/5umQKaAkglsBZ2JgQLvDUuovA0k36RSvq0HMH2iM/Pn1emeOtQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nist.gov; dmarc=pass action=none header.from=nist.gov; dkim=pass header.d=nist.gov; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nist.gov; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=RHiVWDUViyIhX/CnDOT3n27CzFXfpecmGc5mI7AJJRM=; b=VQgfwd75Y3bohd8I7oY3emRPnCZGAqN3LnKbiGnKhKQVefZ5+debJr6tUCSs2w8Y7ENEq43I7tJcAJ+MP06VzyeQP2BbvemJa0LWg1uRpinEs6E37fYJhpkkTUL5vAy5swiW0n/gluxfSa77c2tRdxrETSsdqIqyqQqEBck0P1Q= Received: from DM6PR09MB3019.namprd09.prod.outlook.com (20.178.2.203) by DM6PR09MB3228.namprd09.prod.outlook.com (20.178.3.140) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2347.19; Thu, 10 Oct 2019 18:48:46 +0000 Received: from DM6PR09MB3019.namprd09.prod.outlook.com ([fe80::b8f5:93ea:31b3:94bb]) by DM6PR09MB3019.namprd09.prod.outlook.com ([fe80::b8f5:93ea:31b3:94bb%5]) with mapi id 15.20.2347.016; Thu, 10 Oct 2019 18:48:46 +0000 From: "Borchert, Oliver (Fed)" To: Keyur Patel , sidrops-chairs , "sidrops@ietf.org" CC: "Borchert, Oliver (Fed)" Thread-Topic: [Sidrops] Closed -- WG Adoption call for draft-borchert-sidrops-bgpsec-validation-signaling-01 (9/16-9/30) Thread-Index: AQHVf5tY+QCEEhvxrku/p+D75wgbOw== Date: Thu, 10 Oct 2019 18:48:45 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/10.1c.0.190812 authentication-results: spf=none (sender IP is ) smtp.mailfrom=oliver.borchert@nist.gov; x-originating-ip: [2610:20:6005:218::4c] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 430b20ef-6cbe-41ca-64e8-08d74db27b18 x-ms-office365-filtering-ht: Tenant x-ms-traffictypediagnostic: DM6PR09MB3228:|DM6PR09MB3228: x-ms-exchange-purlcount: 2 x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:6430; x-forefront-prvs: 018632C080 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(396003)(136003)(346002)(39860400002)(366004)(376002)(199004)(189003)(46003)(99286004)(186003)(6486002)(107886003)(236005)(966005)(76116006)(33656002)(2616005)(486006)(476003)(6436002)(58126008)(110136005)(14454004)(66946007)(91956017)(64756008)(66446008)(66556008)(478600001)(6512007)(6506007)(53546011)(25786009)(66476007)(316002)(6306002)(54896002)(102836004)(36756003)(606006)(8676002)(2501003)(6116002)(790700001)(2906002)(71190400001)(256004)(7736002)(86362001)(8936002)(6246003)(81156014)(81166006)(229853002)(5660300002)(4326008)(71200400001); DIR:OUT; SFP:1102; SCL:1; SRVR:DM6PR09MB3228; H:DM6PR09MB3019.namprd09.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: /RnpAOtaqHzZojRRoDMhjwxjmsvjhpmxqugESfCmz8v7PTwvbqsAbHFYs1HSDQoyZOdSxO70CDhXhYgWLKGXiugkJtPhp55PLdHDISqM+tykbTQnS0oB+c/+b7d3Y01TCMyLyJW3Fr4P7hzU69BdvfWiF1VEGFCxvlQnayT7DndJWF3YEHRZs1sg/oZUVCLce6qTkm0dhsEdnGr45gweHwj2S4dKITEOB/HdkGVUk67DyvECGaEaJI8PZujcRVij++rHo2QcZg8/kbop0RV+QSs4isuUTmf98LOhxceBZY17+q03E6Z981SOHMno7yEl6TBu9T/EAXl9UwDxp+gTAuN8TBAmnUtPaYf4Qgz8XQHvIMxijnc4UC7KmWRmdIrg0WWRbl/tWF4y3zFm91JZrCH09EMWIu8S00cPNCMGRaw+l61cPzwhVv6b1CeR2JfH1/5SmQ4h8jVacC/A+2C74Q== Content-Type: multipart/alternative; boundary="_000_F077BAD431EC4295B7CB41616BB0603Anistgov_" MIME-Version: 1.0 X-OriginatorOrg: nist.gov X-MS-Exchange-CrossTenant-Network-Message-Id: 430b20ef-6cbe-41ca-64e8-08d74db27b18 X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Oct 2019 18:48:45.9489 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: OqP8bZrP5pTir0fPx0MECiLrke5ZPJTfDSZXtHaKGN7DnWPlb1T4QlkQNOh/gm7t1Gjd5IUQZjBiaUZA4klozA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR09MB3228 Archived-At: Subject: Re: [Sidrops] Closed -- WG Adoption call for draft-borchert-sidrops-bgpsec-validation-signaling-01 (9/16-9/30) X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Oct 2019 18:48:52 -0000 --_000_F077BAD431EC4295B7CB41616BB0603Anistgov_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 S2V5dXIsDQpJIHVwbG9hZGVkIHRoZSAtMDAgd2cgZHJhZnQgYW5kIHN0YXJ0IHdvcmtpbmcgb24g aW50ZWdyYXRpbmcgdGhlIHBvaW50cyBkaXNjdXNzZWQgZHVyaW5nIHRoZSBhZG9wdGlvbiBjYWxs LiBPbmNlIGRvbmUgSSB3aWxsIGJyaW5nIGl0IHRvIHRoZSBsaXN0LA0KaHR0cHM6Ly9kYXRhdHJh Y2tlci5pZXRmLm9yZy9kb2MvZHJhZnQtc2lkcm9wcy1iZ3BzZWMtdmFsaWRhdGlvbi1zaWduYWxp bmcvDQoNCk9saXZlcg0KDQpGcm9tOiBTaWRyb3BzIDxzaWRyb3BzLWJvdW5jZXNAaWV0Zi5vcmc+ IG9uIGJlaGFsZiBvZiBLZXl1ciBQYXRlbCA8a2V5dXJAYXJyY3VzLmNvbT4NCkRhdGU6IFdlZG5l c2RheSwgT2N0b2JlciA5LCAyMDE5IGF0IDEyOjM0IFBNDQpUbzogc2lkcm9wcy1jaGFpcnMgPHNp ZHJvcHMtY2hhaXJzQGlldGYub3JnPiwgInNpZHJvcHNAaWV0Zi5vcmciIDxzaWRyb3BzQGlldGYu b3JnPg0KU3ViamVjdDogW1NpZHJvcHNdIENsb3NlZCAtLSBXRyBBZG9wdGlvbiBjYWxsIGZvciBk cmFmdC1ib3JjaGVydC1zaWRyb3BzLWJncHNlYy12YWxpZGF0aW9uLXNpZ25hbGluZy0wMSAoOS8x Ni05LzMwKQ0KDQpUaGUgV0cgaGFzIHJlYWNoZWQgY29uc2Vuc3VzICh3ZWFrKSB0byBhZG9wdGlv biBvZiAgZHJhZnQtYm9yY2hlcnQtc2lkcm9wcy1iZ3BzZWMtdmFsaWRhdGlvbi1zaWduYWxpbmct MDEudHh0ICBkcmFmdC4gVGhlIGF1dGhvcnMgYXJlIHJlcXVlc3RlZCB0byBzdWJtaXQgdGhlIC0w MCB3ZyBkcmFmdC4NCg0KUmVnYXJkcywNCkNocmlzICYgS2V5dXINCg0KRnJvbTogS2V5dXIgUGF0 ZWwgPGtleXVyQGFycmN1cy5jb20+DQpEYXRlOiBNb25kYXksIFNlcHRlbWJlciAxNiwgMjAxOSBh dCAxMjowNSBQTQ0KVG86IEtleXVyIFBhdGVsIDxrZXl1ckBhcnJjdXMuY29tPg0KU3ViamVjdDog V0cgQWRvcHRpb24gY2FsbCBmb3IgZHJhZnQtYm9yY2hlcnQtc2lkcm9wcy1iZ3BzZWMtdmFsaWRh dGlvbi1zaWduYWxpbmctMDEgKDkvMTYtOS8zMCkNCg0KDQpIaSBGb2xrcywNCg0KDQpUaGUgYXV0 aG9ycyBoYXZlIHJlcXVlc3RlZCBTSURST1BTIHdvcmtpbmcgZ3JvdXAgYWRvcHRpb24gY2FsbCBv ZiDigJxCR1BzZWMgVmFsaWRhdGlvbiBTdGF0ZSBTaWduYWxpbmfigJ0sICBodHRwczovL3Rvb2xz LmlldGYub3JnL2h0bWwvZHJhZnQtYm9yY2hlcnQtc2lkcm9wcy1iZ3BzZWMtdmFsaWRhdGlvbi1z aWduYWxpbmctMDE8aHR0cHM6Ly9nY2MwMS5zYWZlbGlua3MucHJvdGVjdGlvbi5vdXRsb29rLmNv bS8/dXJsPWh0dHBzJTNBJTJGJTJGdG9vbHMuaWV0Zi5vcmclMkZodG1sJTJGZHJhZnQtYm9yY2hl cnQtc2lkcm9wcy1iZ3BzZWMtdmFsaWRhdGlvbi1zaWduYWxpbmctMDEmZGF0YT0wMiU3QzAxJTdD b2xpdmVyLmJvcmNoZXJ0JTQwbmlzdC5nb3YlN0M2NjE5NmNlYjMzZjA0MWQ4MGY2ODA4ZDc0Y2Q2 N2NiNyU3QzJhYjVkODJmZDhmYTQ3OTdhOTNlMDU0NjU1YzYxZGVjJTdDMSU3QzElN0M2MzcwNjIz NTY0MDg3MTk4NTUmc2RhdGE9aGNMZyUyRlllTFF6WXRrMGh4UFJBNTVYZkhVanYzUmVyWXQ0d1Br OFA4TzdNJTNEJnJlc2VydmVkPTA+Lg0KDQoNCg0KUGxlYXNlIHNlbmQgeW91ciBjb21tZW50cyB0 byB0aGUgbGlzdC4gVGhpcyBhZG9wdGlvbiBjYWxsIHdpbGwgY29uY2x1ZGUgb24gU2VwIDMwIDIw MTkuDQoNCg0KDQpSZWdhcmRzLA0KDQpDaHJpcyAmIEtleXVyDQoNCg== --_000_F077BAD431EC4295B7CB41616BB0603Anistgov_ Content-Type: text/html; charset="utf-8" Content-ID: <6445CCEAACBC004787DB471A5DDE898D@namprd09.prod.outlook.com> Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTUgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxl PjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6 IkNhbWJyaWEgTWF0aCI7DQoJcGFub3NlLTE6MiA0IDUgMyA1IDQgNiAzIDIgNDt9DQpAZm9udC1m YWNlDQoJe2ZvbnQtZmFtaWx5OkNhbGlicmk7DQoJcGFub3NlLTE6MiAxNSA1IDIgMiAyIDQgMyAy IDQ7fQ0KLyogU3R5bGUgRGVmaW5pdGlvbnMgKi8NCnAuTXNvTm9ybWFsLCBsaS5Nc29Ob3JtYWws IGRpdi5Nc29Ob3JtYWwNCgl7bWFyZ2luOjBpbjsNCgltYXJnaW4tYm90dG9tOi4wMDAxcHQ7DQoJ Zm9udC1zaXplOjEyLjBwdDsNCglmb250LWZhbWlseToiQ2FsaWJyaSIsc2Fucy1zZXJpZjt9DQph OmxpbmssIHNwYW4uTXNvSHlwZXJsaW5rDQoJe21zby1zdHlsZS1wcmlvcml0eTo5OTsNCgljb2xv cjojMDU2M0MxOw0KCXRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7fQ0KYTp2aXNpdGVkLCBzcGFu Lk1zb0h5cGVybGlua0ZvbGxvd2VkDQoJe21zby1zdHlsZS1wcmlvcml0eTo5OTsNCgljb2xvcjoj OTU0RjcyOw0KCXRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7fQ0KcHJlDQoJe21zby1zdHlsZS1w cmlvcml0eTo5OTsNCgltc28tc3R5bGUtbGluazoiSFRNTCBQcmVmb3JtYXR0ZWQgQ2hhciI7DQoJ bWFyZ2luOjBpbjsNCgltYXJnaW4tYm90dG9tOi4wMDAxcHQ7DQoJZm9udC1zaXplOjEwLjBwdDsN Cglmb250LWZhbWlseToiQ291cmllciBOZXciO30NCnAubXNvbm9ybWFsMCwgbGkubXNvbm9ybWFs MCwgZGl2Lm1zb25vcm1hbDANCgl7bXNvLXN0eWxlLW5hbWU6bXNvbm9ybWFsOw0KCW1zby1tYXJn aW4tdG9wLWFsdDphdXRvOw0KCW1hcmdpbi1yaWdodDowaW47DQoJbXNvLW1hcmdpbi1ib3R0b20t YWx0OmF1dG87DQoJbWFyZ2luLWxlZnQ6MGluOw0KCWZvbnQtc2l6ZToxMS4wcHQ7DQoJZm9udC1m YW1pbHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7fQ0Kc3Bhbi5IVE1MUHJlZm9ybWF0dGVkQ2hhcg0K CXttc28tc3R5bGUtbmFtZToiSFRNTCBQcmVmb3JtYXR0ZWQgQ2hhciI7DQoJbXNvLXN0eWxlLXBy aW9yaXR5Ojk5Ow0KCW1zby1zdHlsZS1saW5rOiJIVE1MIFByZWZvcm1hdHRlZCI7DQoJZm9udC1m YW1pbHk6IkNvdXJpZXIgTmV3Ijt9DQpzcGFuLkVtYWlsU3R5bGUyMA0KCXttc28tc3R5bGUtdHlw ZTpwZXJzb25hbDsNCglmb250LWZhbWlseToiQ2FsaWJyaSIsc2Fucy1zZXJpZjsNCgljb2xvcjp3 aW5kb3d0ZXh0O30NCnNwYW4uYXBwbGUtY29udmVydGVkLXNwYWNlDQoJe21zby1zdHlsZS1uYW1l OmFwcGxlLWNvbnZlcnRlZC1zcGFjZTt9DQpzcGFuLkVtYWlsU3R5bGUyMg0KCXttc28tc3R5bGUt dHlwZTpwZXJzb25hbDsNCglmb250LWZhbWlseToiQ2FsaWJyaSIsc2Fucy1zZXJpZjsNCgljb2xv cjp3aW5kb3d0ZXh0O30NCnNwYW4uRW1haWxTdHlsZTIzDQoJe21zby1zdHlsZS10eXBlOnBlcnNv bmFsLXJlcGx5Ow0KCWZvbnQtZmFtaWx5OiJDYWxpYnJpIixzYW5zLXNlcmlmOw0KCWNvbG9yOndp bmRvd3RleHQ7fQ0KLk1zb0NocERlZmF1bHQNCgl7bXNvLXN0eWxlLXR5cGU6ZXhwb3J0LW9ubHk7 DQoJZm9udC1zaXplOjEwLjBwdDt9DQpAcGFnZSBXb3JkU2VjdGlvbjENCgl7c2l6ZTo4LjVpbiAx MS4waW47DQoJbWFyZ2luOjEuMGluIDEuMGluIDEuMGluIDEuMGluO30NCmRpdi5Xb3JkU2VjdGlv bjENCgl7cGFnZTpXb3JkU2VjdGlvbjE7fQ0KLS0+PC9zdHlsZT48IS0tW2lmIGd0ZSBtc28gOV0+ PHhtbD4NCjxvOnNoYXBlZGVmYXVsdHMgdjpleHQ9ImVkaXQiIHNwaWRtYXg9IjEwMjYiIC8+DQo8 L3htbD48IVtlbmRpZl0tLT48IS0tW2lmIGd0ZSBtc28gOV0+PHhtbD4NCjxvOnNoYXBlbGF5b3V0 IHY6ZXh0PSJlZGl0Ij4NCjxvOmlkbWFwIHY6ZXh0PSJlZGl0IiBkYXRhPSIxIiAvPg0KPC9vOnNo YXBlbGF5b3V0PjwveG1sPjwhW2VuZGlmXS0tPg0KPC9oZWFkPg0KPGJvZHkgbGFuZz0iRU4tVVMi IGxpbms9IiMwNTYzQzEiIHZsaW5rPSIjOTU0RjcyIj4NCjxkaXYgY2xhc3M9IldvcmRTZWN0aW9u MSI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdCI+ S2V5dXIsPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4g c3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQiPkkgdXBsb2FkZWQgdGhlIC0wMCB3ZyBkcmFmdCBhbmQg c3RhcnQgd29ya2luZyBvbiBpbnRlZ3JhdGluZyB0aGUgcG9pbnRzIGRpc2N1c3NlZCBkdXJpbmcg dGhlIGFkb3B0aW9uIGNhbGwuIE9uY2UgZG9uZSBJIHdpbGwgYnJpbmcgaXQgdG8gdGhlIGxpc3Qs PG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PGEgaHJlZj0iaHR0 cHM6Ly9kYXRhdHJhY2tlci5pZXRmLm9yZy9kb2MvZHJhZnQtc2lkcm9wcy1iZ3BzZWMtdmFsaWRh dGlvbi1zaWduYWxpbmcvIj5odHRwczovL2RhdGF0cmFja2VyLmlldGYub3JnL2RvYy9kcmFmdC1z aWRyb3BzLWJncHNlYy12YWxpZGF0aW9uLXNpZ25hbGluZy88L2E+PHNwYW4gc3R5bGU9ImZvbnQt c2l6ZToxMS4wcHQiPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi PjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0Ij48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48 L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdCI+ T2xpdmVyPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4g c3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxk aXYgc3R5bGU9ImJvcmRlcjpub25lO2JvcmRlci10b3A6c29saWQgI0I1QzRERiAxLjBwdDtwYWRk aW5nOjMuMHB0IDBpbiAwaW4gMGluIj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxiPjxzcGFuIHN0 eWxlPSJjb2xvcjpibGFjayI+RnJvbTogPC9zcGFuPjwvYj48c3BhbiBzdHlsZT0iY29sb3I6Ymxh Y2siPlNpZHJvcHMgJmx0O3NpZHJvcHMtYm91bmNlc0BpZXRmLm9yZyZndDsgb24gYmVoYWxmIG9m IEtleXVyIFBhdGVsICZsdDtrZXl1ckBhcnJjdXMuY29tJmd0Ozxicj4NCjxiPkRhdGU6IDwvYj5X ZWRuZXNkYXksIE9jdG9iZXIgOSwgMjAxOSBhdCAxMjozNCBQTTxicj4NCjxiPlRvOiA8L2I+c2lk cm9wcy1jaGFpcnMgJmx0O3NpZHJvcHMtY2hhaXJzQGlldGYub3JnJmd0OywgJnF1b3Q7c2lkcm9w c0BpZXRmLm9yZyZxdW90OyAmbHQ7c2lkcm9wc0BpZXRmLm9yZyZndDs8YnI+DQo8Yj5TdWJqZWN0 OiA8L2I+W1NpZHJvcHNdIENsb3NlZCAtLSBXRyBBZG9wdGlvbiBjYWxsIGZvciBkcmFmdC1ib3Jj aGVydC1zaWRyb3BzLWJncHNlYy12YWxpZGF0aW9uLXNpZ25hbGluZy0wMSAoOS8xNi05LzMwKTxv OnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi PjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0Ij48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48 L3A+DQo8L2Rpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6 MTEuMHB0Ij5UaGUgV0cgaGFzIHJlYWNoZWQgY29uc2Vuc3VzICh3ZWFrKSB0byBhZG9wdGlvbiBv ZiAmbmJzcDtkcmFmdC1ib3JjaGVydC1zaWRyb3BzLWJncHNlYy12YWxpZGF0aW9uLXNpZ25hbGlu Zy0wMS50eHQgJm5ic3A7ZHJhZnQuIFRoZSBhdXRob3JzIGFyZSByZXF1ZXN0ZWQgdG8gc3VibWl0 IHRoZSAtMDAgd2cgZHJhZnQuPC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05v cm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQiPiZuYnNwOzwvc3Bhbj48bzpwPjwv bzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEu MHB0Ij5SZWdhcmRzLDwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi PjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0Ij5DaHJpcyAmYW1wOyBLZXl1cjwvc3Bhbj48 bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNp emU6MTEuMHB0Ij4mbmJzcDs8L3NwYW4+PG86cD48L286cD48L3A+DQo8ZGl2IHN0eWxlPSJib3Jk ZXI6bm9uZTtib3JkZXItdG9wOnNvbGlkICNCNUM0REYgMS4wcHQ7cGFkZGluZzozLjBwdCAwaW4g MGluIDBpbiI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48Yj48c3BhbiBzdHlsZT0iY29sb3I6Ymxh Y2siPkZyb206IDwvc3Bhbj48L2I+PHNwYW4gc3R5bGU9ImNvbG9yOmJsYWNrIj5LZXl1ciBQYXRl bCAmbHQ7a2V5dXJAYXJyY3VzLmNvbSZndDs8YnI+DQo8Yj5EYXRlOiA8L2I+TW9uZGF5LCBTZXB0 ZW1iZXIgMTYsIDIwMTkgYXQgMTI6MDUgUE08YnI+DQo8Yj5UbzogPC9iPktleXVyIFBhdGVsICZs dDtrZXl1ckBhcnJjdXMuY29tJmd0Ozxicj4NCjxiPlN1YmplY3Q6IDwvYj5XRyBBZG9wdGlvbiBj YWxsIGZvciBkcmFmdC1ib3JjaGVydC1zaWRyb3BzLWJncHNlYy12YWxpZGF0aW9uLXNpZ25hbGlu Zy0wMSAoOS8xNi05LzMwKTwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0Ij4mbmJzcDs8 L3NwYW4+PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxwcmU+PHNwYW4gc3R5bGU9ImZvbnQtc2l6 ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmO2NvbG9y OiMyMTI1MjkiPkhpIEZvbGtzLDwvc3Bhbj48bzpwPjwvbzpwPjwvcHJlPg0KPHByZT48c3BhbiBz dHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNh bnMtc2VyaWY7Y29sb3I6IzIxMjUyOSI+Jm5ic3A7PC9zcGFuPjxvOnA+PC9vOnA+PC9wcmU+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtjb2xvcjoj MjEyNTI5Ij5UaGUgYXV0aG9ycyBoYXZlIHJlcXVlc3RlZCBTSURST1BTIHdvcmtpbmcgZ3JvdXAg YWRvcHRpb24gY2FsbCBvZiDigJw8L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7 Y29sb3I6YmxhY2siPkJHUHNlYyBWYWxpZGF0aW9uIFN0YXRlIFNpZ25hbGluZ+KAnSwNCjxzcGFu IGNsYXNzPSJhcHBsZS1jb252ZXJ0ZWQtc3BhY2UiPiZuYnNwOzwvc3Bhbj48L3NwYW4+PHNwYW4g c3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQiPjxhIGhyZWY9Imh0dHBzOi8vZ2NjMDEuc2FmZWxpbmtz LnByb3RlY3Rpb24ub3V0bG9vay5jb20vP3VybD1odHRwcyUzQSUyRiUyRnRvb2xzLmlldGYub3Jn JTJGaHRtbCUyRmRyYWZ0LWJvcmNoZXJ0LXNpZHJvcHMtYmdwc2VjLXZhbGlkYXRpb24tc2lnbmFs aW5nLTAxJmFtcDtkYXRhPTAyJTdDMDElN0NvbGl2ZXIuYm9yY2hlcnQlNDBuaXN0LmdvdiU3QzY2 MTk2Y2ViMzNmMDQxZDgwZjY4MDhkNzRjZDY3Y2I3JTdDMmFiNWQ4MmZkOGZhNDc5N2E5M2UwNTQ2 NTVjNjFkZWMlN0MxJTdDMSU3QzYzNzA2MjM1NjQwODcxOTg1NSZhbXA7c2RhdGE9aGNMZyUyRlll TFF6WXRrMGh4UFJBNTVYZkhVanYzUmVyWXQ0d1BrOFA4TzdNJTNEJmFtcDtyZXNlcnZlZD0wIiB0 aXRsZT0iaHR0cHM6Ly90b29scy5pZXRmLm9yZy9odG1sL2RyYWZ0LWJvcmNoZXJ0LXNpZHJvcHMt Ymdwc2VjLXZhbGlkYXRpb24tc2lnbmFsaW5nLTAxIj5odHRwczovL3Rvb2xzLmlldGYub3JnL2h0 bWwvZHJhZnQtYm9yY2hlcnQtc2lkcm9wcy1iZ3BzZWMtdmFsaWRhdGlvbi1zaWduYWxpbmctMDE8 L2E+Ljwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjxwcmU+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTox MS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmO2NvbG9yOiMy MTI1MjkiPiZuYnNwOzwvc3Bhbj48bzpwPjwvbzpwPjwvcHJlPg0KPHByZT48c3BhbiBzdHlsZT0i Zm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2Vy aWY7Y29sb3I6IzIxMjUyOSI+UGxlYXNlIHNlbmQgeW91ciBjb21tZW50cyB0byB0aGUgbGlzdC4g VGhpcyBhZG9wdGlvbiBjYWxsIHdpbGwgY29uY2x1ZGUgb24gU2VwIDMwIDIwMTkuPC9zcGFuPjxv OnA+PC9vOnA+PC9wcmU+DQo8cHJlPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQt ZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjojMjEyNTI5Ij4mbmJz cDs8L3NwYW4+PG86cD48L286cD48L3ByZT4NCjxwcmU+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTox MS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmO2NvbG9yOiMy MTI1MjkiPlJlZ2FyZHMsPC9zcGFuPjxvOnA+PC9vOnA+PC9wcmU+DQo8cHJlPjxzcGFuIHN0eWxl PSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1z ZXJpZjtjb2xvcjojMjEyNTI5Ij5DaHJpcyAmYW1wOyBLZXl1cjwvc3Bhbj48bzpwPjwvbzpwPjwv cHJlPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQi PiZuYnNwOzwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPC9ib2R5Pg0KPC9odG1sPg0K --_000_F077BAD431EC4295B7CB41616BB0603Anistgov_-- From nobody Mon Oct 14 13:59:37 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0EC1C120045 for ; Mon, 14 Oct 2019 13:59:36 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.997 X-Spam-Level: X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W39g57iGw_v2 for ; Mon, 14 Oct 2019 13:59:33 -0700 (PDT) Received: from mail-oi1-x22e.google.com (mail-oi1-x22e.google.com [IPv6:2607:f8b0:4864:20::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EE0D312003E for ; Mon, 14 Oct 2019 13:59:32 -0700 (PDT) Received: by mail-oi1-x22e.google.com with SMTP id i16so14937168oie.4 for ; Mon, 14 Oct 2019 13:59:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=K5+VvszGJcDbIu2yWDYEqnl+PiEit4UKeclVNReNhq4=; b=Fqcv8aGxQpTGjAbU2lT22JJtZfiQOVicJhRPmUmjlLiBEtEo8PrdaBJEjg7773JFkp GWfZ/Qh0hiVpu2ic02KKlhFYSXhHLJHYlPWREFQZCOruX3zG3oQSERhA50O/NOUMwPAG wODVYQwtT0hlC7P/oziZDuDr1x/1L90Xebkg9aiDX6wBMD22ZHLjUgjxeBxIilDjFDDN DRZVvsjq10+7IXFUukcfLZH+4aZI+D5EyjPiR1njsijz9+ign9Zow54w/oZwa4+lATY3 8VfUM2bZLLxPVprIOh+hD3UQipZ98RPzcHjzpzYrGOWEJMo3RWeyKABS+SjJM5zBWp+H 5yIw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=K5+VvszGJcDbIu2yWDYEqnl+PiEit4UKeclVNReNhq4=; b=NarDVEdUKBgKyg09gf9Ah6oHGXwqWD4520ATRbZVpj8mMUQ+uqRZyAaepPFzX8eq0R 5tSQWGvNvxSRi/hRQRAmnU7ILIsIicRSF+wrh2AJcgWwp8DMoB40MD7Nymnf0TtGRrHj CglSHaHZHozyrtStIKrf0hG9thwwleVdtNyxlI7h/reX35scE0wkDJ7DVZ20+AT2foCR X3TyLnazGC0ApfnjdKGcXsuXI2rJUIA1EbuKxNyABn9oQFo1yb5w5UV5TT2oONRrdz8l Pt9FoJhRW59u6+Dx7JEdiZ0IIv9wSEJmOsEOKeCQj/RPHE1IRFJ247JAVD/oORDig1i8 zLcg== X-Gm-Message-State: APjAAAXB4tcEWW1ovIwdCsxKowhADWu1Qzo3EwupQl92ww2/bN3XBY9R OVNog6/eJKCIaweK9IaHtXVJUF6rNDq8glL8QiE= X-Google-Smtp-Source: APXvYqzYYEd1e0bAt2V/mBlmm1Zkr7bzb8I8ktXjrWhAvSSE5fK4lUkpa0wfE/FlYTv8ZoVt6v8o10M2T9WosDw43/Y= X-Received: by 2002:aca:3a55:: with SMTP id h82mr26454784oia.128.1571086771902; Mon, 14 Oct 2019 13:59:31 -0700 (PDT) MIME-Version: 1.0 References: <1CF3E143-98E7-4B66-AEE5-02617A639BCC@nlnetlabs.nl> <9579DFEC-6653-4CD2-A4DE-2DC5B7427782@nlnetlabs.nl> <23963.10240.12287.137386@oz.mt.att.com> <29669e33-2ae9-1aab-0cf2-63e9d0f3857e@foobar.org> <39E6D50C-7112-4C0B-90BF-99C91665C193@nlnetlabs.nl> In-Reply-To: <39E6D50C-7112-4C0B-90BF-99C91665C193@nlnetlabs.nl> From: Alexander Azimov Date: Mon, 14 Oct 2019 23:59:18 +0300 Message-ID: To: Tim Bruijnzeels Cc: "Jakob Heitz (jheitz)" , Jay Borkenhagen , SIDR Operations WG , Nick Hilliard Content-Type: multipart/alternative; boundary="000000000000f35e9a0594e5243b" Archived-At: Subject: Re: [Sidrops] Minor comments on draft-ietf-sidrops-aspa-profile-00 X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Oct 2019 20:59:36 -0000 --000000000000f35e9a0594e5243b Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi all, I would try to summarize the points that were presented in this thread. The question is whether we should define ASPA like it was done for ROAs or should we do it in a slightly different and slightly more reliable manner. The data structure that we need at the router to verify ASPATH is a simple {customer: set of providers}. And to have a reflection of such tuple it in one RPKI object seems to be native (+ all points that were listed above). If we unbound ASPA object structure from ROA-like structure we may also get rid of ASPA0 - empty set is a simple form to signal that ASN does not have any transit providers. So, the spec should say: providerASID SEQUENCE (SIZE(0..MAX)) OF ASID In this case, to signal that prefix should not be seen in the BGP default-free zone ROA0 should be issued; to signal that ASN is provider-free ASPA-EMPTY (instead of ASPA0) should be issued. If we believe that this will not add ambiguity for the users I'm ok to change it. =D0=B2=D1=82, 8 =D0=BE=D0=BA=D1=82. 2019 =D0=B3. =D0=B2 09:49, Tim Bruijnze= els : > Hi, > > So, to re-iterate: I don't think the problem of getting only a sub-set of > ASPA objects is very likely to occur, especially when using RRDP. With RR= DP > there are deltas that provide transactionality in publication, which at > least allows operators to publish multiple objects as a single delta. But= , > of course, their CA software has to support this idea, rather than publis= h > objects (+mft + crl) one by one. > > However, having the option of multiple provider ASNs in a single object > allows for a publication strategy (using a fixed named object) that avoid= s > the issue altogether, as a bonus I find it a bit easier to manage for my > particular implementation, and it saves a bit of space (CMS wrapping, EE > cert 2048 with bit key). And on the other hand, I don't think that having= : > > providerASID SEQUENCE (SIZE(1..MAX)) OF ASID > > Instead of: > > providerASID ASID > > adds much in terms of complexity, and I do not see any other clear > drawbacks (e.g. fate sharing). > > > If multiple provider ASNs are allowed I would go on to RECOMMEND that a > single object is used, but in principle implementations can still have > multiple ASPA objects, each with a SEQUENCE OF 1 ASID. I expect that RPs > will validate ASPA objects and build up a list of 'Validated Customer > Provider Relations', and that this list/deltas - excluding duplicates - i= s > communicated to routers in a new version of the RPKI-RTR protocol. So, it > should not matter if the relations were found on 1 or more objects. > > In ROAs we can only have one ASN, so multiple are needed in case a prefix > is multi-homed. Although, in retro-spect multiple ASNs could have been a > nice idea here too, but I don't think the problem is anywhere near big > enough to warrant a re-design of the ROA spec. > > Tim > > > > > On 8 Oct 2019, at 00:27, Jakob Heitz (jheitz) wrote: > > > > If the customer-provider objects are individual, then a relying party > > may have a partial list of providers for one customer. > > > > If all the providers for one customer are in a single object, > > then, upon a change, the RP can have either the old object > > or the new object, but never a partial view. > > > > A partial view, IMO is worse that having the old view a little longer > > than possible. A partial view can cause some AS-paths to be considered > > invalid when they are not. > > > > Regards, > > Jakob. > > > > -----Original Message----- > > From: Sidrops On Behalf Of Nick Hilliard > > Sent: Monday, October 7, 2019 5:32 AM > > To: Jay Borkenhagen > > Cc: SIDR Operations WG > > Subject: Re: [Sidrops] Minor comments on > draft-ietf-sidrops-aspa-profile-00 > > > > Jay Borkenhagen wrote on 07/10/2019 12:56: > >> It's critical that users of ASPA data operate using a complete set of > >> an ASN's authorized upstream ASNs. The simplest way to communicate > >> such a verifiably-complete set is to use a single object. > > > > bits of me agree with this, but other bits not. It's shifting the > > problem from an RPKI database synchronisation problem to a > > human-oriented data synchronisation problem. Both are hideously > > difficult problems to solve, but the one which involves human input is > > almost certainly less reliable. > > > > Nick > > > > _______________________________________________ > > Sidrops mailing list > > Sidrops@ietf.org > > https://www.ietf.org/mailman/listinfo/sidrops > > > > _______________________________________________ > > Sidrops mailing list > > Sidrops@ietf.org > > https://www.ietf.org/mailman/listinfo/sidrops > > _______________________________________________ > Sidrops mailing list > Sidrops@ietf.org > https://www.ietf.org/mailman/listinfo/sidrops > --=20 Best regards, Alexander Azimov --000000000000f35e9a0594e5243b Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi all,

I would try to= summarize the points that were presented in this thread.

The questi= on is whether we should define ASPA like it was done for ROAs or should we = do it in a slightly different and slightly more reliable manner.
The da= ta structure that we need at the router to verify ASPATH is a simple {custo= mer: set of providers}. And to have a reflection of such tuple it in one RP= KI object seems to be native (+ all points that were listed above). If we u= nbound ASPA object structure from ROA-like structure we may also get rid of= ASPA0 - empty set is a simple form to signal that ASN does not have any tr= ansit providers. So, the spec should say:

providerASID =C2=A0SEQUENCE (SIZE(0..MAX)) OF ASID

In this case, to signal that prefix shoul= d not be seen in the BGP default-free zone ROA0 should be issued; to signal= that ASN is=C2=A0provider-free ASPA-EMPTY (instead of ASPA0) should be iss= ued. If we believe that this will not add ambiguity for the users I'm o= k to change it.

=D0=B2=D1=82, 8 =D0=BE=D0=BA=D1=82. 2019 =D0=B3. =D0= =B2 09:49, Tim Bruijnzeels <tim@nlnetlabs.nl>:
Hi,

So, to re-iterate: I don't think the problem of getting only a sub-set = of ASPA objects is very likely to occur, especially when using RRDP. With R= RDP there are deltas that provide transactionality in publication, which at= least allows operators to publish multiple objects as a single delta. But,= of course, their CA software has to support this idea, rather than publish= objects (+mft + crl) one by one.

However, having the option of multiple provider ASNs in a single object all= ows for a publication strategy (using a fixed named object) that avoids the= issue altogether, as a bonus I find it a bit easier to manage for my parti= cular implementation, and it saves a bit of space (CMS wrapping, EE cert 20= 48 with bit key). And on the other hand, I don't think that having:

=C2=A0 =C2=A0 =C2=A0 =C2=A0 providerASID=C2=A0 SEQUENCE (SIZE(1..MAX)) OF A= SID

Instead of:

=C2=A0 =C2=A0 =C2=A0 =C2=A0 providerASID=C2=A0 ASID

adds much in terms of complexity, and I do not see any other clear drawback= s (e.g. fate sharing).


If multiple provider ASNs are allowed I would go on to RECOMMEND that a sin= gle object is used, but in principle implementations can still have multipl= e ASPA objects, each with a SEQUENCE OF 1 ASID. I expect that RPs will vali= date ASPA objects and build up a list of 'Validated Customer Provider R= elations', and that this list/deltas - excluding duplicates - is commun= icated to routers in a new version of the RPKI-RTR protocol. So, it should = not matter if the relations were found on 1 or more objects.

In ROAs we can only have one ASN, so multiple are needed in case a prefix i= s multi-homed. Although, in retro-spect multiple ASNs could have been a nic= e idea here too, but I don't think the problem is anywhere near big eno= ugh to warrant a re-design of the ROA spec.

Tim



> On 8 Oct 2019, at 00:27, Jakob Heitz (jheitz) <jheitz@cisco.com> wrote:
>
> If the customer-provider objects are individual, then a relying party<= br> > may have a partial list of providers for one customer.
>
> If all the providers for one customer are in a single object,
> then, upon a change, the RP can have either the old object
> or the new object, but never a partial view.
>
> A partial view, IMO is worse that having the old view a little longer<= br> > than possible. A partial view can cause some AS-paths to be considered=
> invalid when they are not.
>
> Regards,
> Jakob.
>
> -----Original Message-----
> From: Sidrops <sidrops-bounces@ietf.org> On Behalf Of Nick Hilliard
> Sent: Monday, October 7, 2019 5:32 AM
> To: Jay Borkenhagen <jayb@braeburn.org>
> Cc: SIDR Operations WG <sidrops@ietf.org>
> Subject: Re: [Sidrops] Minor comments on draft-ietf-sidrops-aspa-profi= le-00
>
> Jay Borkenhagen wrote on 07/10/2019 12:56:
>> It's critical that users of ASPA data operate using a complete= set of
>> an ASN's authorized upstream ASNs.=C2=A0 The simplest way to c= ommunicate
>> such a verifiably-complete set is to use a single object.
>
> bits of me agree with this, but other bits not.=C2=A0 It's shiftin= g the
> problem from an RPKI database synchronisation problem to a
> human-oriented data synchronisation problem.=C2=A0 Both are hideously =
> difficult problems to solve, but the one which involves human input is=
> almost certainly less reliable.
>
> Nick
>
> _______________________________________________
> Sidrops mailing list
> Sidrops@ietf.org=
> https://www.ietf.org/mailman/listinfo/sidrops<= br> >
> _______________________________________________
> Sidrops mailing list
> Sidrops@ietf.org=
> https://www.ietf.org/mailman/listinfo/sidrops<= br>
_______________________________________________
Sidrops mailing list
Sidrops@ietf.org<= br> https://www.ietf.org/mailman/listinfo/sidrops


--
Best regards,
Alexander Azimov
--000000000000f35e9a0594e5243b-- From nobody Mon Oct 14 14:49:20 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CC24512003F for ; Mon, 14 Oct 2019 14:49:18 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.499 X-Spam-Level: X-Spam-Status: No, score=-14.499 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=NzQi3m+A; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=zc+diKMH Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QxNBfTmm0TUL for ; Mon, 14 Oct 2019 14:49:15 -0700 (PDT) Received: from alln-iport-6.cisco.com (alln-iport-6.cisco.com [173.37.142.93]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 17C5A12003E for ; Mon, 14 Oct 2019 14:49:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=24784; q=dns/txt; s=iport; t=1571089755; x=1572299355; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=9zbZjF/MkpeYhmdnFHEkteKToKGNINWjheV2WR/UapQ=; b=NzQi3m+AA29qSjUrnbK3gdeE14lGQgWtZ4hwx8pBkz4czyPcbTbn2kmc KhbsXtqLD2qyz8Nfxap9yXv6rBkSL3+vZUkm+R79vRIPlGl4sE1p4DNuJ UnG+achnASfWRV2w4oSmvOnXHgZITZm8EybaH4RM1rNa6gDqk+5AaePyz 0=; IronPort-PHdr: =?us-ascii?q?9a23=3AbRhVzB8ASJCEx/9uRHGN82YQeigqvan1NQcJ65?= =?us-ascii?q?0hzqhDabmn44+/bR7E/fs4iljPUM2b8P9Ch+fM+4HYEW0bqdfk0jgZdYBUER?= =?us-ascii?q?oMiMEYhQslVcyFBEznPtbhbjcxG4JJU1o2t3w=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0AUAAAc7KRd/5xdJa1mGgEBAQEBAQE?= =?us-ascii?q?BAQMBAQEBEQEBAQICAQEBAYFpAwEBAQELAYEbLyQsBWxXIAQLKgqEGoNHA4p?= =?us-ascii?q?KglyTHYRhgS6BJANUCQEBAQwBARgBCgoCAQGBTIIvRQIXgkckNgcOAgMJAQE?= =?us-ascii?q?EAQEBAgEFBG2FLQyFSwEBAQECAQEBEBEKEwEBLAQHAQQHBAIBBgIOAwQBAQE?= =?us-ascii?q?nAwICAiULFAkIAgQBDQUIGoMBgXlNAw4gAQIMlDKQYgKBOIhhdYEygn0BAQW?= =?us-ascii?q?FChiCFwMGgTQBjA0YgUA/gRFGgkw+gmEBAYEtNhUWCYJYMoIKIo9vhTeJLo5?= =?us-ascii?q?zCoIilTSZQI4tmTcCBAIEBQIOAQEFgVgBMioagRRwFTuCbFAQFIFPDBeDUIU?= =?us-ascii?q?UhT90gSmNUyuBBAGBIgEB?= X-IronPort-AV: E=Sophos;i="5.67,296,1566864000"; d="scan'208,217";a="356866354" Received: from rcdn-core-5.cisco.com ([173.37.93.156]) by alln-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 14 Oct 2019 21:49:14 +0000 Received: from XCH-RCD-013.cisco.com (xch-rcd-013.cisco.com [173.37.102.23]) by rcdn-core-5.cisco.com (8.15.2/8.15.2) with ESMTPS id x9ELnDoa006907 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 14 Oct 2019 21:49:13 GMT Received: from xhs-rtp-001.cisco.com (64.101.210.228) by XCH-RCD-013.cisco.com (173.37.102.23) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 14 Oct 2019 16:49:13 -0500 Received: from xhs-rcd-001.cisco.com (173.37.227.246) by xhs-rtp-001.cisco.com (64.101.210.228) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 14 Oct 2019 17:49:11 -0400 Received: from NAM04-CO1-obe.outbound.protection.outlook.com (72.163.14.9) by xhs-rcd-001.cisco.com (173.37.227.246) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Mon, 14 Oct 2019 16:49:10 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=SoBItDCB6Aua4/z+KoMgX5BkZc2vzljKv2Baz9QQcAEILRE4FFiPWTDTkFCGAhJKmp4B/Qb18Vt7NPr4ONbUcvp8kJ6qSNIknqawnbEfdCfIdYgk+BwrMH7tyd+FkePBKAsvJx0TWtdgHEWicSSh/inTiLwUgn2BV81QKXAel51X44VYRPMvEJDTYH/jddIsh4J5Ewi+uxWjOBUeQ+/7fAYWurCSm7xnsuJKvW4xMWhJMNJwTq1oG9uuXpf0lmnPpyVaUXP1YeFIquG2RGaGlU/a9UssScm11ZD6KNuYEtXk1pNLY/r/O10g52Oq/a0b3QgyQNZI9xFRVMuN5nMLdg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9zbZjF/MkpeYhmdnFHEkteKToKGNINWjheV2WR/UapQ=; b=UL807FdXKyHLHqvygIn75UgyBDB5yABeCLJCSRZjB89P414xVmXF0sQzndGJNQrjOyIdzbLCxUDC3i/tXFRogKevyQGAlJbtZtqED2bEhI8I17c9Ku4XJ5hvbrkQdm9LKpvIeozcDbPtNgTlI+qQSLTpuBvkgSQLutoKQi5WmUcQ3UdGh/CfEwtPDe1SbGFxdHQyaoGJX2KQ5dnSmY9Kj1igTFgUX4NSznzftaghgGxh1JvzYg7b9w5x29/+HT7mF6k4DpGsDtC8J30fK+TVdPmYBiNfztD1B9K41iiUaTM/KAqGGU2RNo3Z0c6UmiTyKyrVfl90Z7VzarwfKu/+iA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9zbZjF/MkpeYhmdnFHEkteKToKGNINWjheV2WR/UapQ=; b=zc+diKMHJKYLPrZhMc68+oXOuf52j+4y7jw7SUnt+3NdaHHVNy8eQX72oIO2oPsXCFN3yCe594+WrtIedNVksik6EW4Q9ps9QONVHQ60vkCEPcocpzo92PPSXgSBYEM/QN8y/cpRrArORVFA/u8RdWSdkx2YpUAvWcP5Dn/SIxs= Received: from BN8PR11MB3746.namprd11.prod.outlook.com (20.178.221.23) by BN8PR11MB3540.namprd11.prod.outlook.com (20.178.218.78) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2347.19; Mon, 14 Oct 2019 21:49:09 +0000 Received: from BN8PR11MB3746.namprd11.prod.outlook.com ([fe80::c1ad:20a:be24:fe90]) by BN8PR11MB3746.namprd11.prod.outlook.com ([fe80::c1ad:20a:be24:fe90%5]) with mapi id 15.20.2347.023; Mon, 14 Oct 2019 21:49:09 +0000 From: "Jakob Heitz (jheitz)" To: Alexander Azimov , Tim Bruijnzeels CC: SIDR Operations WG , Jay Borkenhagen , Nick Hilliard Thread-Topic: [Sidrops] Minor comments on draft-ietf-sidrops-aspa-profile-00 Thread-Index: AQHVWAB1SjQJpUEXD0ai6mvWNAHq36dOXjSAgAA4PQCAAIoWAIAAPBAAgAAJy4CAAKS80IAAjeCAgApbfgCAAAZhAA== Date: Mon, 14 Oct 2019 21:49:09 +0000 Message-ID: References: <1CF3E143-98E7-4B66-AEE5-02617A639BCC@nlnetlabs.nl> <9579DFEC-6653-4CD2-A4DE-2DC5B7427782@nlnetlabs.nl> <23963.10240.12287.137386@oz.mt.att.com> <29669e33-2ae9-1aab-0cf2-63e9d0f3857e@foobar.org> <39E6D50C-7112-4C0B-90BF-99C91665C193@nlnetlabs.nl> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=jheitz@cisco.com; x-originating-ip: [128.107.241.180] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 087171b3-334e-42bf-f451-08d750f057e3 x-ms-traffictypediagnostic: BN8PR11MB3540: x-ms-exchange-purlcount: 1 x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:8882; x-forefront-prvs: 01901B3451 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(39860400002)(396003)(136003)(346002)(366004)(376002)(199004)(189003)(13464003)(53754006)(74316002)(55016002)(14454004)(66574012)(446003)(11346002)(66066001)(486006)(99286004)(6246003)(4326008)(5660300002)(476003)(71200400001)(76116006)(14444005)(86362001)(33656002)(256004)(66476007)(66556008)(64756008)(66446008)(71190400001)(66946007)(6306002)(478600001)(6436002)(54896002)(236005)(9686003)(966005)(316002)(52536014)(76176011)(25786009)(54906003)(7736002)(110136005)(2906002)(606006)(229853002)(6506007)(53546011)(102836004)(7696005)(26005)(186003)(3846002)(6116002)(790700001)(8676002)(81166006)(81156014)(8936002); DIR:OUT; SFP:1101; SCL:1; SRVR:BN8PR11MB3540; H:BN8PR11MB3746.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: G7X1LYtW6yS/WmZhrVdSGBhdfqPxU9PBxh4Mchqshc2VNbpENJLk6p7wKOQrEHIorDLlwpvFFY7dKb9clC1+7Id/w6G3ASMpt7yWAkDuspktDLfXlm4K9313FXEkZO+6geSmZOtPRgjHitl3k3FpXItL17zwWtdxkHe/fvyEWtb22xcOM8q7msVNBddCRYRARp46Z8ImhRR916sGgEUuXgLh4RoI7KftAngKkxVgp5bdjkd6ymLKG96NR0OlvNvd+NR84EH8HKj16kXAUEnkCwv+XPch8l6YdsS9ZE84HPWMsT+pQCvjxMDqxlPH3A3i6QqqdBRER6SNBh0jcsPZad0fJ+b9/ddTz7cr7nxkgrf6SMqi3ZNdf5DiNUks1l9ye17GNfdkuRpGtqsOqWG6P6dUJHeFp9TQrxPb1QVM5L9cxjDszBy/8P87GMMnuQzFAym1kfhkiT0hOO+PPov8yw== x-ms-exchange-transport-forked: True Content-Type: multipart/alternative; boundary="_000_BN8PR11MB3746BB52BF5F0E4779C5F73FC0900BN8PR11MB3746namp_" MIME-Version: 1.0 X-MS-Exchange-CrossTenant-Network-Message-Id: 087171b3-334e-42bf-f451-08d750f057e3 X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Oct 2019 21:49:09.2055 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: khDGcJLVxgfoXWhGSHQaF/VgLhBHaRkyqOPp2m52cCg2nglO7Nj4ojJViGM4oHoGXengvrIOdVzyeEuO0oT6mA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN8PR11MB3540 X-OriginatorOrg: cisco.com X-Outbound-SMTP-Client: 173.37.102.23, xch-rcd-013.cisco.com X-Outbound-Node: rcdn-core-5.cisco.com Archived-At: Subject: Re: [Sidrops] Minor comments on draft-ietf-sidrops-aspa-profile-00 X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Oct 2019 21:49:19 -0000 --_000_BN8PR11MB3746BB52BF5F0E4779C5F73FC0900BN8PR11MB3746namp_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 SSB0aGluayB0aGUgdWx0aW1hdGUgdGVzdCBvZiB3aGV0aGVyIGFuIEFTLXBhdGggY29uZm9ybXMg dG8gcG9saWN5IGlzIHRoYXQgdGhlIGFzLXBhdGggY29udGFpbnMgb25seSBBU05zIHRoYXQgYXJl IGF1dGhvcml6ZWQgYnkgdGhlIGVuZHBvaW50cyB0byBjYXJyeSB0cmFmZmljIGJldHdlZW4gdGhl IGVuZHBvaW50cy4gQVNQQSBpcyBhIGJsdW50IGhhbW1lciB0byBhY2hpZXZlIHRoaXMuIFRvIGJl IHN1cmUsIEkgdGhpbmsgaXQgaGl0cyBtb3N0IG9mIHRoZSBuYWlscyBhbmQgZm9yIHRoZSBuYWls cyBpdCBtaXNzZXMsIGl0IGhhcyBzaWJsaW5ncy4gSSB3YW50IHRvIGxlYXZlIHRoZSBkb29yIG9w ZW4gdG8gaW1wcm92ZSBpdCBzbyBpdCBjYW4gaGl0IG1vcmUgbmFpbHMuDQoNCk9uZSBpbXByb3Zl bWVudCB3b3VsZCBiZSB0byBhZGQgYSBwcmVmaXgtc2V0IHRvIGEgcHJvdmlkZXI6IFRoZSBzdGF0 ZWQgcHJvdmlkZXIgaXMgcHJvdmlkZXIgZm9yIHRoZSBzdGF0ZWQgcHJlZml4ZXMuIEFub3RoZXIg d291bGQgYmUgdG8gZ2l2ZSBhbiBBUyB0aGUgYWJpbGl0eSB0byBleGNsdWRlIGFueSBBU05zIGZy b20gYW55d2hlcmUgaW4gdGhlIEFTLXBhdGggdGhhdCBpdCBpcyBhbiBlbmRwb2ludCBvZiwgZXZl biBpZiBpdHMgdXBzdHJlYW1zIGFsbG93IGl0LiBUaGlzIHdvdWxkIGhhdmUgdG8gYmUgY29uZGl0 aW9uYWwgb24gYSBwcmVmaXgtc2V0IGF0IGxlYXN0Lg0KDQpUaGUgdGltZSBmb3Igc3VjaCBlbmhh bmNlbWVudHMgaXMgbm90IG5vdyBhbmQgbWF5IG5ldmVyIGhhcHBlbiwgYnV0IHdlIHNob3VsZCB0 aGluayBhYm91dCBpdCB3aGVuIGNob29zaW5nIHRoZSBmb3JtYXQgZm9yIHRoZSBvYmplY3QuDQoN ClJlZ2FyZHMsDQpKYWtvYi4NCg0KRnJvbTogU2lkcm9wcyA8c2lkcm9wcy1ib3VuY2VzQGlldGYu b3JnPiBPbiBCZWhhbGYgT2YgQWxleGFuZGVyIEF6aW1vdg0KU2VudDogTW9uZGF5LCBPY3RvYmVy IDE0LCAyMDE5IDE6NTkgUE0NClRvOiBUaW0gQnJ1aWpuemVlbHMgPHRpbUBubG5ldGxhYnMubmw+ DQpDYzogU0lEUiBPcGVyYXRpb25zIFdHIDxzaWRyb3BzQGlldGYub3JnPjsgSmFrb2IgSGVpdHog KGpoZWl0eikgPGpoZWl0ekBjaXNjby5jb20+OyBKYXkgQm9ya2VuaGFnZW4gPGpheWJAYnJhZWJ1 cm4ub3JnPjsgTmljayBIaWxsaWFyZCA8bmlja0Bmb29iYXIub3JnPg0KU3ViamVjdDogUmU6IFtT aWRyb3BzXSBNaW5vciBjb21tZW50cyBvbiBkcmFmdC1pZXRmLXNpZHJvcHMtYXNwYS1wcm9maWxl LTAwDQoNCkhpIGFsbCwNCg0KSSB3b3VsZCB0cnkgdG8gc3VtbWFyaXplIHRoZSBwb2ludHMgdGhh dCB3ZXJlIHByZXNlbnRlZCBpbiB0aGlzIHRocmVhZC4NCg0KVGhlIHF1ZXN0aW9uIGlzIHdoZXRo ZXIgd2Ugc2hvdWxkIGRlZmluZSBBU1BBIGxpa2UgaXQgd2FzIGRvbmUgZm9yIFJPQXMgb3Igc2hv dWxkIHdlIGRvIGl0IGluIGEgc2xpZ2h0bHkgZGlmZmVyZW50IGFuZCBzbGlnaHRseSBtb3JlIHJl bGlhYmxlIG1hbm5lci4NClRoZSBkYXRhIHN0cnVjdHVyZSB0aGF0IHdlIG5lZWQgYXQgdGhlIHJv dXRlciB0byB2ZXJpZnkgQVNQQVRIIGlzIGEgc2ltcGxlIHtjdXN0b21lcjogc2V0IG9mIHByb3Zp ZGVyc30uIEFuZCB0byBoYXZlIGEgcmVmbGVjdGlvbiBvZiBzdWNoIHR1cGxlIGl0IGluIG9uZSBS UEtJIG9iamVjdCBzZWVtcyB0byBiZSBuYXRpdmUgKCsgYWxsIHBvaW50cyB0aGF0IHdlcmUgbGlz dGVkIGFib3ZlKS4gSWYgd2UgdW5ib3VuZCBBU1BBIG9iamVjdCBzdHJ1Y3R1cmUgZnJvbSBST0Et bGlrZSBzdHJ1Y3R1cmUgd2UgbWF5IGFsc28gZ2V0IHJpZCBvZiBBU1BBMCAtIGVtcHR5IHNldCBp cyBhIHNpbXBsZSBmb3JtIHRvIHNpZ25hbCB0aGF0IEFTTiBkb2VzIG5vdCBoYXZlIGFueSB0cmFu c2l0IHByb3ZpZGVycy4gU28sIHRoZSBzcGVjIHNob3VsZCBzYXk6DQoNCnByb3ZpZGVyQVNJRCAg U0VRVUVOQ0UgKFNJWkUoMC4uTUFYKSkgT0YgQVNJRA0KDQpJbiB0aGlzIGNhc2UsIHRvIHNpZ25h bCB0aGF0IHByZWZpeCBzaG91bGQgbm90IGJlIHNlZW4gaW4gdGhlIEJHUCBkZWZhdWx0LWZyZWUg em9uZSBST0EwIHNob3VsZCBiZSBpc3N1ZWQ7IHRvIHNpZ25hbCB0aGF0IEFTTiBpcyBwcm92aWRl ci1mcmVlIEFTUEEtRU1QVFkgKGluc3RlYWQgb2YgQVNQQTApIHNob3VsZCBiZSBpc3N1ZWQuIElm IHdlIGJlbGlldmUgdGhhdCB0aGlzIHdpbGwgbm90IGFkZCBhbWJpZ3VpdHkgZm9yIHRoZSB1c2Vy cyBJJ20gb2sgdG8gY2hhbmdlIGl0Lg0KDQrQstGCLCA4INC+0LrRgi4gMjAxOSDQsy4g0LIgMDk6 NDksIFRpbSBCcnVpam56ZWVscyA8dGltQG5sbmV0bGFicy5ubDxtYWlsdG86dGltQG5sbmV0bGFi cy5ubD4+Og0KSGksDQoNClNvLCB0byByZS1pdGVyYXRlOiBJIGRvbid0IHRoaW5rIHRoZSBwcm9i bGVtIG9mIGdldHRpbmcgb25seSBhIHN1Yi1zZXQgb2YgQVNQQSBvYmplY3RzIGlzIHZlcnkgbGlr ZWx5IHRvIG9jY3VyLCBlc3BlY2lhbGx5IHdoZW4gdXNpbmcgUlJEUC4gV2l0aCBSUkRQIHRoZXJl IGFyZSBkZWx0YXMgdGhhdCBwcm92aWRlIHRyYW5zYWN0aW9uYWxpdHkgaW4gcHVibGljYXRpb24s IHdoaWNoIGF0IGxlYXN0IGFsbG93cyBvcGVyYXRvcnMgdG8gcHVibGlzaCBtdWx0aXBsZSBvYmpl Y3RzIGFzIGEgc2luZ2xlIGRlbHRhLiBCdXQsIG9mIGNvdXJzZSwgdGhlaXIgQ0Egc29mdHdhcmUg aGFzIHRvIHN1cHBvcnQgdGhpcyBpZGVhLCByYXRoZXIgdGhhbiBwdWJsaXNoIG9iamVjdHMgKCtt ZnQgKyBjcmwpIG9uZSBieSBvbmUuDQoNCkhvd2V2ZXIsIGhhdmluZyB0aGUgb3B0aW9uIG9mIG11 bHRpcGxlIHByb3ZpZGVyIEFTTnMgaW4gYSBzaW5nbGUgb2JqZWN0IGFsbG93cyBmb3IgYSBwdWJs aWNhdGlvbiBzdHJhdGVneSAodXNpbmcgYSBmaXhlZCBuYW1lZCBvYmplY3QpIHRoYXQgYXZvaWRz IHRoZSBpc3N1ZSBhbHRvZ2V0aGVyLCBhcyBhIGJvbnVzIEkgZmluZCBpdCBhIGJpdCBlYXNpZXIg dG8gbWFuYWdlIGZvciBteSBwYXJ0aWN1bGFyIGltcGxlbWVudGF0aW9uLCBhbmQgaXQgc2F2ZXMg YSBiaXQgb2Ygc3BhY2UgKENNUyB3cmFwcGluZywgRUUgY2VydCAyMDQ4IHdpdGggYml0IGtleSku IEFuZCBvbiB0aGUgb3RoZXIgaGFuZCwgSSBkb24ndCB0aGluayB0aGF0IGhhdmluZzoNCg0KICAg ICAgICBwcm92aWRlckFTSUQgIFNFUVVFTkNFIChTSVpFKDEuLk1BWCkpIE9GIEFTSUQNCg0KSW5z dGVhZCBvZjoNCg0KICAgICAgICBwcm92aWRlckFTSUQgIEFTSUQNCg0KYWRkcyBtdWNoIGluIHRl cm1zIG9mIGNvbXBsZXhpdHksIGFuZCBJIGRvIG5vdCBzZWUgYW55IG90aGVyIGNsZWFyIGRyYXdi YWNrcyAoZS5nLiBmYXRlIHNoYXJpbmcpLg0KDQoNCklmIG11bHRpcGxlIHByb3ZpZGVyIEFTTnMg YXJlIGFsbG93ZWQgSSB3b3VsZCBnbyBvbiB0byBSRUNPTU1FTkQgdGhhdCBhIHNpbmdsZSBvYmpl Y3QgaXMgdXNlZCwgYnV0IGluIHByaW5jaXBsZSBpbXBsZW1lbnRhdGlvbnMgY2FuIHN0aWxsIGhh dmUgbXVsdGlwbGUgQVNQQSBvYmplY3RzLCBlYWNoIHdpdGggYSBTRVFVRU5DRSBPRiAxIEFTSUQu IEkgZXhwZWN0IHRoYXQgUlBzIHdpbGwgdmFsaWRhdGUgQVNQQSBvYmplY3RzIGFuZCBidWlsZCB1 cCBhIGxpc3Qgb2YgJ1ZhbGlkYXRlZCBDdXN0b21lciBQcm92aWRlciBSZWxhdGlvbnMnLCBhbmQg dGhhdCB0aGlzIGxpc3QvZGVsdGFzIC0gZXhjbHVkaW5nIGR1cGxpY2F0ZXMgLSBpcyBjb21tdW5p Y2F0ZWQgdG8gcm91dGVycyBpbiBhIG5ldyB2ZXJzaW9uIG9mIHRoZSBSUEtJLVJUUiBwcm90b2Nv bC4gU28sIGl0IHNob3VsZCBub3QgbWF0dGVyIGlmIHRoZSByZWxhdGlvbnMgd2VyZSBmb3VuZCBv biAxIG9yIG1vcmUgb2JqZWN0cy4NCg0KSW4gUk9BcyB3ZSBjYW4gb25seSBoYXZlIG9uZSBBU04s IHNvIG11bHRpcGxlIGFyZSBuZWVkZWQgaW4gY2FzZSBhIHByZWZpeCBpcyBtdWx0aS1ob21lZC4g QWx0aG91Z2gsIGluIHJldHJvLXNwZWN0IG11bHRpcGxlIEFTTnMgY291bGQgaGF2ZSBiZWVuIGEg bmljZSBpZGVhIGhlcmUgdG9vLCBidXQgSSBkb24ndCB0aGluayB0aGUgcHJvYmxlbSBpcyBhbnl3 aGVyZSBuZWFyIGJpZyBlbm91Z2ggdG8gd2FycmFudCBhIHJlLWRlc2lnbiBvZiB0aGUgUk9BIHNw ZWMuDQoNClRpbQ0KDQoNCg0KPiBPbiA4IE9jdCAyMDE5LCBhdCAwMDoyNywgSmFrb2IgSGVpdHog KGpoZWl0eikgPGpoZWl0ekBjaXNjby5jb208bWFpbHRvOmpoZWl0ekBjaXNjby5jb20+PiB3cm90 ZToNCj4NCj4gSWYgdGhlIGN1c3RvbWVyLXByb3ZpZGVyIG9iamVjdHMgYXJlIGluZGl2aWR1YWws IHRoZW4gYSByZWx5aW5nIHBhcnR5DQo+IG1heSBoYXZlIGEgcGFydGlhbCBsaXN0IG9mIHByb3Zp ZGVycyBmb3Igb25lIGN1c3RvbWVyLg0KPg0KPiBJZiBhbGwgdGhlIHByb3ZpZGVycyBmb3Igb25l IGN1c3RvbWVyIGFyZSBpbiBhIHNpbmdsZSBvYmplY3QsDQo+IHRoZW4sIHVwb24gYSBjaGFuZ2Us IHRoZSBSUCBjYW4gaGF2ZSBlaXRoZXIgdGhlIG9sZCBvYmplY3QNCj4gb3IgdGhlIG5ldyBvYmpl Y3QsIGJ1dCBuZXZlciBhIHBhcnRpYWwgdmlldy4NCj4NCj4gQSBwYXJ0aWFsIHZpZXcsIElNTyBp cyB3b3JzZSB0aGF0IGhhdmluZyB0aGUgb2xkIHZpZXcgYSBsaXR0bGUgbG9uZ2VyDQo+IHRoYW4g cG9zc2libGUuIEEgcGFydGlhbCB2aWV3IGNhbiBjYXVzZSBzb21lIEFTLXBhdGhzIHRvIGJlIGNv bnNpZGVyZWQNCj4gaW52YWxpZCB3aGVuIHRoZXkgYXJlIG5vdC4NCj4NCj4gUmVnYXJkcywNCj4g SmFrb2IuDQo+DQo+IC0tLS0tT3JpZ2luYWwgTWVzc2FnZS0tLS0tDQo+IEZyb206IFNpZHJvcHMg PHNpZHJvcHMtYm91bmNlc0BpZXRmLm9yZzxtYWlsdG86c2lkcm9wcy1ib3VuY2VzQGlldGYub3Jn Pj4gT24gQmVoYWxmIE9mIE5pY2sgSGlsbGlhcmQNCj4gU2VudDogTW9uZGF5LCBPY3RvYmVyIDcs IDIwMTkgNTozMiBBTQ0KPiBUbzogSmF5IEJvcmtlbmhhZ2VuIDxqYXliQGJyYWVidXJuLm9yZzxt YWlsdG86amF5YkBicmFlYnVybi5vcmc+Pg0KPiBDYzogU0lEUiBPcGVyYXRpb25zIFdHIDxzaWRy b3BzQGlldGYub3JnPG1haWx0bzpzaWRyb3BzQGlldGYub3JnPj4NCj4gU3ViamVjdDogUmU6IFtT aWRyb3BzXSBNaW5vciBjb21tZW50cyBvbiBkcmFmdC1pZXRmLXNpZHJvcHMtYXNwYS1wcm9maWxl LTAwDQo+DQo+IEpheSBCb3JrZW5oYWdlbiB3cm90ZSBvbiAwNy8xMC8yMDE5IDEyOjU2Og0KPj4g SXQncyBjcml0aWNhbCB0aGF0IHVzZXJzIG9mIEFTUEEgZGF0YSBvcGVyYXRlIHVzaW5nIGEgY29t cGxldGUgc2V0IG9mDQo+PiBhbiBBU04ncyBhdXRob3JpemVkIHVwc3RyZWFtIEFTTnMuICBUaGUg c2ltcGxlc3Qgd2F5IHRvIGNvbW11bmljYXRlDQo+PiBzdWNoIGEgdmVyaWZpYWJseS1jb21wbGV0 ZSBzZXQgaXMgdG8gdXNlIGEgc2luZ2xlIG9iamVjdC4NCj4NCj4gYml0cyBvZiBtZSBhZ3JlZSB3 aXRoIHRoaXMsIGJ1dCBvdGhlciBiaXRzIG5vdC4gIEl0J3Mgc2hpZnRpbmcgdGhlDQo+IHByb2Js ZW0gZnJvbSBhbiBSUEtJIGRhdGFiYXNlIHN5bmNocm9uaXNhdGlvbiBwcm9ibGVtIHRvIGENCj4g aHVtYW4tb3JpZW50ZWQgZGF0YSBzeW5jaHJvbmlzYXRpb24gcHJvYmxlbS4gIEJvdGggYXJlIGhp ZGVvdXNseQ0KPiBkaWZmaWN1bHQgcHJvYmxlbXMgdG8gc29sdmUsIGJ1dCB0aGUgb25lIHdoaWNo IGludm9sdmVzIGh1bWFuIGlucHV0IGlzDQo+IGFsbW9zdCBjZXJ0YWlubHkgbGVzcyByZWxpYWJs ZS4NCj4NCj4gTmljaw0KPg0KPiBfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fXw0KPiBTaWRyb3BzIG1haWxpbmcgbGlzdA0KPiBTaWRyb3BzQGlldGYub3JnPG1h aWx0bzpTaWRyb3BzQGlldGYub3JnPg0KPiBodHRwczovL3d3dy5pZXRmLm9yZy9tYWlsbWFuL2xp c3RpbmZvL3NpZHJvcHMNCj4NCj4gX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX18NCj4gU2lkcm9wcyBtYWlsaW5nIGxpc3QNCj4gU2lkcm9wc0BpZXRmLm9yZzxt YWlsdG86U2lkcm9wc0BpZXRmLm9yZz4NCj4gaHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9s aXN0aW5mby9zaWRyb3BzDQoNCl9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fDQpTaWRyb3BzIG1haWxpbmcgbGlzdA0KU2lkcm9wc0BpZXRmLm9yZzxtYWlsdG86 U2lkcm9wc0BpZXRmLm9yZz4NCmh0dHBzOi8vd3d3LmlldGYub3JnL21haWxtYW4vbGlzdGluZm8v c2lkcm9wcw0KDQoNCi0tDQpCZXN0IHJlZ2FyZHMsDQpBbGV4YW5kZXIgQXppbW92DQo= --_000_BN8PR11MB3746BB52BF5F0E4779C5F73FC0900BN8PR11MB3746namp_ Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTUgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxl PjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6 IkNhbWJyaWEgTWF0aCI7DQoJcGFub3NlLTE6MiA0IDUgMyA1IDQgNiAzIDIgNDt9DQpAZm9udC1m YWNlDQoJe2ZvbnQtZmFtaWx5OkRlbmdYaWFuOw0KCXBhbm9zZS0xOjIgMSA2IDAgMyAxIDEgMSAx IDE7fQ0KQGZvbnQtZmFjZQ0KCXtmb250LWZhbWlseTpDYWxpYnJpOw0KCXBhbm9zZS0xOjIgMTUg NSAyIDIgMiA0IDMgMiA0O30NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6IlxARGVuZ1hpYW4i Ow0KCXBhbm9zZS0xOjIgMSA2IDAgMyAxIDEgMSAxIDE7fQ0KLyogU3R5bGUgRGVmaW5pdGlvbnMg Ki8NCnAuTXNvTm9ybWFsLCBsaS5Nc29Ob3JtYWwsIGRpdi5Nc29Ob3JtYWwNCgl7bWFyZ2luOjBp bjsNCgltYXJnaW4tYm90dG9tOi4wMDAxcHQ7DQoJZm9udC1zaXplOjExLjBwdDsNCglmb250LWZh bWlseToiQ2FsaWJyaSIsc2Fucy1zZXJpZjt9DQphOmxpbmssIHNwYW4uTXNvSHlwZXJsaW5rDQoJ e21zby1zdHlsZS1wcmlvcml0eTo5OTsNCgljb2xvcjpibHVlOw0KCXRleHQtZGVjb3JhdGlvbjp1 bmRlcmxpbmU7fQ0KYTp2aXNpdGVkLCBzcGFuLk1zb0h5cGVybGlua0ZvbGxvd2VkDQoJe21zby1z dHlsZS1wcmlvcml0eTo5OTsNCgljb2xvcjpwdXJwbGU7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVy bGluZTt9DQpwLm1zb25vcm1hbDAsIGxpLm1zb25vcm1hbDAsIGRpdi5tc29ub3JtYWwwDQoJe21z by1zdHlsZS1uYW1lOm1zb25vcm1hbDsNCgltc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzsNCgltYXJn aW4tcmlnaHQ6MGluOw0KCW1zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvOw0KCW1hcmdpbi1sZWZ0 OjBpbjsNCglmb250LXNpemU6MTEuMHB0Ow0KCWZvbnQtZmFtaWx5OiJDYWxpYnJpIixzYW5zLXNl cmlmO30NCnNwYW4uRW1haWxTdHlsZTE4DQoJe21zby1zdHlsZS10eXBlOnBlcnNvbmFsLXJlcGx5 Ow0KCWZvbnQtZmFtaWx5OiJDb3VyaWVyIE5ldyI7DQoJY29sb3I6IzcwMzBBMDt9DQouTXNvQ2hw RGVmYXVsdA0KCXttc28tc3R5bGUtdHlwZTpleHBvcnQtb25seTsNCglmb250LWZhbWlseToiQ2Fs aWJyaSIsc2Fucy1zZXJpZjt9DQpAcGFnZSBXb3JkU2VjdGlvbjENCgl7c2l6ZTo4LjVpbiAxMS4w aW47DQoJbWFyZ2luOjEuMGluIDEuMGluIDEuMGluIDEuMGluO30NCmRpdi5Xb3JkU2VjdGlvbjEN Cgl7cGFnZTpXb3JkU2VjdGlvbjE7fQ0KLS0+PC9zdHlsZT48IS0tW2lmIGd0ZSBtc28gOV0+PHht bD4NCjxvOnNoYXBlZGVmYXVsdHMgdjpleHQ9ImVkaXQiIHNwaWRtYXg9IjEwMjYiIC8+DQo8L3ht bD48IVtlbmRpZl0tLT48IS0tW2lmIGd0ZSBtc28gOV0+PHhtbD4NCjxvOnNoYXBlbGF5b3V0IHY6 ZXh0PSJlZGl0Ij4NCjxvOmlkbWFwIHY6ZXh0PSJlZGl0IiBkYXRhPSIxIiAvPg0KPC9vOnNoYXBl bGF5b3V0PjwveG1sPjwhW2VuZGlmXS0tPg0KPC9oZWFkPg0KPGJvZHkgbGFuZz0iRU4tVVMiIGxp bms9ImJsdWUiIHZsaW5rPSJwdXJwbGUiPg0KPGRpdiBjbGFzcz0iV29yZFNlY3Rpb24xIj4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuMHB0O2ZvbnQtZmFt aWx5OiZxdW90O0NvdXJpZXIgTmV3JnF1b3Q7O2NvbG9yOiM3MDMwQTAiPkkgdGhpbmsgdGhlIHVs dGltYXRlIHRlc3Qgb2Ygd2hldGhlciBhbiBBUy1wYXRoIGNvbmZvcm1zIHRvIHBvbGljeSBpcyB0 aGF0IHRoZSBhcy1wYXRoIGNvbnRhaW5zIG9ubHkgQVNOcyB0aGF0IGFyZSBhdXRob3JpemVkIGJ5 IHRoZSBlbmRwb2ludHMgdG8gY2FycnkgdHJhZmZpYyBiZXR3ZWVuDQogdGhlIGVuZHBvaW50cy4g QVNQQSBpcyBhIGJsdW50IGhhbW1lciB0byBhY2hpZXZlIHRoaXMuIFRvIGJlIHN1cmUsIEkgdGhp bmsgaXQgaGl0cyBtb3N0IG9mIHRoZSBuYWlscyBhbmQgZm9yIHRoZSBuYWlscyBpdCBtaXNzZXMs IGl0IGhhcyBzaWJsaW5ncy4gSSB3YW50IHRvIGxlYXZlIHRoZSBkb29yIG9wZW4gdG8gaW1wcm92 ZSBpdCBzbyBpdCBjYW4gaGl0IG1vcmUgbmFpbHMuPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAg Y2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC4wcHQ7Zm9udC1mYW1p bHk6JnF1b3Q7Q291cmllciBOZXcmcXVvdDs7Y29sb3I6IzcwMzBBMCI+PG86cD4mbmJzcDs8L286 cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6 ZToxMC4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q291cmllciBOZXcmcXVvdDs7Y29sb3I6IzcwMzBB MCI+T25lIGltcHJvdmVtZW50IHdvdWxkIGJlIHRvIGFkZCBhIHByZWZpeC1zZXQgdG8gYSBwcm92 aWRlcjogVGhlIHN0YXRlZCBwcm92aWRlciBpcyBwcm92aWRlciBmb3IgdGhlIHN0YXRlZCBwcmVm aXhlcy4gQW5vdGhlciB3b3VsZCBiZSB0byBnaXZlIGFuIEFTIHRoZSBhYmlsaXR5IHRvIGV4Y2x1 ZGUNCiBhbnkgQVNOcyBmcm9tIGFueXdoZXJlIGluIHRoZSBBUy1wYXRoIHRoYXQgaXQgaXMgYW4g ZW5kcG9pbnQgb2YsIGV2ZW4gaWYgaXRzIHVwc3RyZWFtcyBhbGxvdyBpdC4gVGhpcyB3b3VsZCBo YXZlIHRvIGJlIGNvbmRpdGlvbmFsIG9uIGEgcHJlZml4LXNldCBhdCBsZWFzdC48bzpwPjwvbzpw Pjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXpl OjEwLjBwdDtmb250LWZhbWlseTomcXVvdDtDb3VyaWVyIE5ldyZxdW90Oztjb2xvcjojNzAzMEEw Ij48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3Bh biBzdHlsZT0iZm9udC1zaXplOjEwLjBwdDtmb250LWZhbWlseTomcXVvdDtDb3VyaWVyIE5ldyZx dW90Oztjb2xvcjojNzAzMEEwIj5UaGUgdGltZSBmb3Igc3VjaCBlbmhhbmNlbWVudHMgaXMgbm90 IG5vdyBhbmQgbWF5IG5ldmVyIGhhcHBlbiwgYnV0IHdlIHNob3VsZCB0aGluayBhYm91dCBpdCB3 aGVuIGNob29zaW5nIHRoZSBmb3JtYXQgZm9yIHRoZSBvYmplY3QuPG86cD48L286cD48L3NwYW4+ PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC4wcHQ7 Zm9udC1mYW1pbHk6JnF1b3Q7Q291cmllciBOZXcmcXVvdDs7Y29sb3I6IzcwMzBBMCI+PG86cD4m bmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9 ImZvbnQtc2l6ZToxMC4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q291cmllciBOZXcmcXVvdDs7Y29s b3I6IzcwMzBBMCI+UmVnYXJkcyw8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNv Tm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjBwdDtmb250LWZhbWlseTomcXVvdDtD b3VyaWVyIE5ldyZxdW90Oztjb2xvcjojNzAzMEEwIj5KYWtvYi48bzpwPjwvbzpwPjwvc3Bhbj48 L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjBwdDtm b250LWZhbWlseTomcXVvdDtDb3VyaWVyIE5ldyZxdW90Oztjb2xvcjojNzAzMEEwIj48bzpwPiZu YnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48Yj5Gcm9tOjwvYj4g U2lkcm9wcyAmbHQ7c2lkcm9wcy1ib3VuY2VzQGlldGYub3JnJmd0OyA8Yj5PbiBCZWhhbGYgT2YN CjwvYj5BbGV4YW5kZXIgQXppbW92PGJyPg0KPGI+U2VudDo8L2I+IE1vbmRheSwgT2N0b2JlciAx NCwgMjAxOSAxOjU5IFBNPGJyPg0KPGI+VG86PC9iPiBUaW0gQnJ1aWpuemVlbHMgJmx0O3RpbUBu bG5ldGxhYnMubmwmZ3Q7PGJyPg0KPGI+Q2M6PC9iPiBTSURSIE9wZXJhdGlvbnMgV0cgJmx0O3Np ZHJvcHNAaWV0Zi5vcmcmZ3Q7OyBKYWtvYiBIZWl0eiAoamhlaXR6KSAmbHQ7amhlaXR6QGNpc2Nv LmNvbSZndDs7IEpheSBCb3JrZW5oYWdlbiAmbHQ7amF5YkBicmFlYnVybi5vcmcmZ3Q7OyBOaWNr IEhpbGxpYXJkICZsdDtuaWNrQGZvb2Jhci5vcmcmZ3Q7PGJyPg0KPGI+U3ViamVjdDo8L2I+IFJl OiBbU2lkcm9wc10gTWlub3IgY29tbWVudHMgb24gZHJhZnQtaWV0Zi1zaWRyb3BzLWFzcGEtcHJv ZmlsZS0wMDxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8 L286cD48L3A+DQo8ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPkhpIGFsbCw8bzpw PjwvbzpwPjwvcD4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpw PjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPkkgd291bGQgdHJ5IHRv IHN1bW1hcml6ZSB0aGUgcG9pbnRzIHRoYXQgd2VyZSBwcmVzZW50ZWQgaW4gdGhpcyB0aHJlYWQu PGJyPg0KPGJyPg0KVGhlIHF1ZXN0aW9uIGlzIHdoZXRoZXIgd2Ugc2hvdWxkIGRlZmluZSBBU1BB IGxpa2UgaXQgd2FzIGRvbmUgZm9yIFJPQXMgb3Igc2hvdWxkIHdlIGRvIGl0IGluIGEgc2xpZ2h0 bHkgZGlmZmVyZW50IGFuZCBzbGlnaHRseSBtb3JlIHJlbGlhYmxlIG1hbm5lci4NCjxicj4NClRo ZSBkYXRhIHN0cnVjdHVyZSB0aGF0IHdlIG5lZWQgYXQgdGhlIHJvdXRlciB0byB2ZXJpZnkgQVNQ QVRIIGlzIGEgc2ltcGxlIHtjdXN0b21lcjogc2V0IG9mIHByb3ZpZGVyc30uIEFuZCB0byBoYXZl IGEgcmVmbGVjdGlvbiBvZiBzdWNoIHR1cGxlIGl0IGluIG9uZSBSUEtJIG9iamVjdCBzZWVtcyB0 byBiZSBuYXRpdmUgKCYjNDM7IGFsbCBwb2ludHMgdGhhdCB3ZXJlIGxpc3RlZCBhYm92ZSkuIElm IHdlIHVuYm91bmQgQVNQQSBvYmplY3Qgc3RydWN0dXJlDQogZnJvbSBST0EtbGlrZSBzdHJ1Y3R1 cmUgd2UgbWF5IGFsc28gZ2V0IHJpZCBvZiBBU1BBMCAtIGVtcHR5IHNldCBpcyBhIHNpbXBsZSBm b3JtIHRvIHNpZ25hbCB0aGF0IEFTTiBkb2VzIG5vdCBoYXZlIGFueSB0cmFuc2l0IHByb3ZpZGVy cy4gU28sIHRoZSBzcGVjIHNob3VsZCBzYXk6PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjwvZGl2Pg0KPC9k aXY+DQo8YmxvY2txdW90ZSBzdHlsZT0ibWFyZ2luLWxlZnQ6MzAuMHB0O21hcmdpbi1yaWdodDow aW4iPg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5wcm92aWRlckFTSUQgJm5i c3A7U0VRVUVOQ0UgKFNJWkUoMC4uTUFYKSkgT0YgQVNJRDxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+ DQo8L2Rpdj4NCjwvYmxvY2txdW90ZT4NCjxkaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1h bCI+PGJyPg0KSW4gdGhpcyBjYXNlLCB0byBzaWduYWwgdGhhdCBwcmVmaXggc2hvdWxkIG5vdCBi ZSBzZWVuIGluIHRoZSBCR1AgZGVmYXVsdC1mcmVlIHpvbmUgUk9BMCBzaG91bGQgYmUgaXNzdWVk OyB0byBzaWduYWwgdGhhdCBBU04gaXMmbmJzcDtwcm92aWRlci1mcmVlIEFTUEEtRU1QVFkgKGlu c3RlYWQgb2YgQVNQQTApIHNob3VsZCBiZSBpc3N1ZWQuIElmIHdlIGJlbGlldmUgdGhhdCB0aGlz IHdpbGwgbm90IGFkZCBhbWJpZ3VpdHkgZm9yIHRoZSB1c2VycyBJJ20gb2sNCiB0byBjaGFuZ2Ug aXQuPG86cD48L286cD48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+ PG86cD4mbmJzcDs8L286cD48L3A+DQo8ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi PtCy0YIsIDgg0L7QutGCLiAyMDE5INCzLiDQsiAwOTo0OSwgVGltIEJydWlqbnplZWxzICZsdDs8 YSBocmVmPSJtYWlsdG86dGltQG5sbmV0bGFicy5ubCIgdGFyZ2V0PSJfYmxhbmsiPnRpbUBubG5l dGxhYnMubmw8L2E+Jmd0Ozo8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGJsb2NrcXVvdGUgc3R5 bGU9ImJvcmRlcjpub25lO2JvcmRlci1sZWZ0OnNvbGlkICNDQ0NDQ0MgMS4wcHQ7cGFkZGluZzow aW4gMGluIDBpbiA2LjBwdDttYXJnaW4tbGVmdDo0LjhwdDttYXJnaW4tcmlnaHQ6MGluIj4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiPkhpLDxicj4NCjxicj4NClNvLCB0byByZS1pdGVyYXRlOiBJIGRv bid0IHRoaW5rIHRoZSBwcm9ibGVtIG9mIGdldHRpbmcgb25seSBhIHN1Yi1zZXQgb2YgQVNQQSBv YmplY3RzIGlzIHZlcnkgbGlrZWx5IHRvIG9jY3VyLCBlc3BlY2lhbGx5IHdoZW4gdXNpbmcgUlJE UC4gV2l0aCBSUkRQIHRoZXJlIGFyZSBkZWx0YXMgdGhhdCBwcm92aWRlIHRyYW5zYWN0aW9uYWxp dHkgaW4gcHVibGljYXRpb24sIHdoaWNoIGF0IGxlYXN0IGFsbG93cyBvcGVyYXRvcnMgdG8gcHVi bGlzaCBtdWx0aXBsZQ0KIG9iamVjdHMgYXMgYSBzaW5nbGUgZGVsdGEuIEJ1dCwgb2YgY291cnNl LCB0aGVpciBDQSBzb2Z0d2FyZSBoYXMgdG8gc3VwcG9ydCB0aGlzIGlkZWEsIHJhdGhlciB0aGFu IHB1Ymxpc2ggb2JqZWN0cyAoJiM0MzttZnQgJiM0MzsgY3JsKSBvbmUgYnkgb25lLjxicj4NCjxi cj4NCkhvd2V2ZXIsIGhhdmluZyB0aGUgb3B0aW9uIG9mIG11bHRpcGxlIHByb3ZpZGVyIEFTTnMg aW4gYSBzaW5nbGUgb2JqZWN0IGFsbG93cyBmb3IgYSBwdWJsaWNhdGlvbiBzdHJhdGVneSAodXNp bmcgYSBmaXhlZCBuYW1lZCBvYmplY3QpIHRoYXQgYXZvaWRzIHRoZSBpc3N1ZSBhbHRvZ2V0aGVy LCBhcyBhIGJvbnVzIEkgZmluZCBpdCBhIGJpdCBlYXNpZXIgdG8gbWFuYWdlIGZvciBteSBwYXJ0 aWN1bGFyIGltcGxlbWVudGF0aW9uLCBhbmQgaXQgc2F2ZXMNCiBhIGJpdCBvZiBzcGFjZSAoQ01T IHdyYXBwaW5nLCBFRSBjZXJ0IDIwNDggd2l0aCBiaXQga2V5KS4gQW5kIG9uIHRoZSBvdGhlciBo YW5kLCBJIGRvbid0IHRoaW5rIHRoYXQgaGF2aW5nOjxicj4NCjxicj4NCiZuYnNwOyAmbmJzcDsg Jm5ic3A7ICZuYnNwOyBwcm92aWRlckFTSUQmbmJzcDsgU0VRVUVOQ0UgKFNJWkUoMS4uTUFYKSkg T0YgQVNJRCA8YnI+DQo8YnI+DQpJbnN0ZWFkIG9mOjxicj4NCjxicj4NCiZuYnNwOyAmbmJzcDsg Jm5ic3A7ICZuYnNwOyBwcm92aWRlckFTSUQmbmJzcDsgQVNJRDxicj4NCjxicj4NCmFkZHMgbXVj aCBpbiB0ZXJtcyBvZiBjb21wbGV4aXR5LCBhbmQgSSBkbyBub3Qgc2VlIGFueSBvdGhlciBjbGVh ciBkcmF3YmFja3MgKGUuZy4gZmF0ZSBzaGFyaW5nKS48YnI+DQo8YnI+DQo8YnI+DQpJZiBtdWx0 aXBsZSBwcm92aWRlciBBU05zIGFyZSBhbGxvd2VkIEkgd291bGQgZ28gb24gdG8gUkVDT01NRU5E IHRoYXQgYSBzaW5nbGUgb2JqZWN0IGlzIHVzZWQsIGJ1dCBpbiBwcmluY2lwbGUgaW1wbGVtZW50 YXRpb25zIGNhbiBzdGlsbCBoYXZlIG11bHRpcGxlIEFTUEEgb2JqZWN0cywgZWFjaCB3aXRoIGEg U0VRVUVOQ0UgT0YgMSBBU0lELiBJIGV4cGVjdCB0aGF0IFJQcyB3aWxsIHZhbGlkYXRlIEFTUEEg b2JqZWN0cyBhbmQgYnVpbGQgdXAgYQ0KIGxpc3Qgb2YgJ1ZhbGlkYXRlZCBDdXN0b21lciBQcm92 aWRlciBSZWxhdGlvbnMnLCBhbmQgdGhhdCB0aGlzIGxpc3QvZGVsdGFzIC0gZXhjbHVkaW5nIGR1 cGxpY2F0ZXMgLSBpcyBjb21tdW5pY2F0ZWQgdG8gcm91dGVycyBpbiBhIG5ldyB2ZXJzaW9uIG9m IHRoZSBSUEtJLVJUUiBwcm90b2NvbC4gU28sIGl0IHNob3VsZCBub3QgbWF0dGVyIGlmIHRoZSBy ZWxhdGlvbnMgd2VyZSBmb3VuZCBvbiAxIG9yIG1vcmUgb2JqZWN0cy48YnI+DQo8YnI+DQpJbiBS T0FzIHdlIGNhbiBvbmx5IGhhdmUgb25lIEFTTiwgc28gbXVsdGlwbGUgYXJlIG5lZWRlZCBpbiBj YXNlIGEgcHJlZml4IGlzIG11bHRpLWhvbWVkLiBBbHRob3VnaCwgaW4gcmV0cm8tc3BlY3QgbXVs dGlwbGUgQVNOcyBjb3VsZCBoYXZlIGJlZW4gYSBuaWNlIGlkZWEgaGVyZSB0b28sIGJ1dCBJIGRv bid0IHRoaW5rIHRoZSBwcm9ibGVtIGlzIGFueXdoZXJlIG5lYXIgYmlnIGVub3VnaCB0byB3YXJy YW50IGEgcmUtZGVzaWduIG9mIHRoZSBST0ENCiBzcGVjLjxicj4NCjxicj4NClRpbTxicj4NCjxi cj4NCjxicj4NCjxicj4NCiZndDsgT24gOCBPY3QgMjAxOSwgYXQgMDA6MjcsIEpha29iIEhlaXR6 IChqaGVpdHopICZsdDs8YSBocmVmPSJtYWlsdG86amhlaXR6QGNpc2NvLmNvbSIgdGFyZ2V0PSJf YmxhbmsiPmpoZWl0ekBjaXNjby5jb208L2E+Jmd0OyB3cm90ZTo8YnI+DQomZ3Q7IDxicj4NCiZn dDsgSWYgdGhlIGN1c3RvbWVyLXByb3ZpZGVyIG9iamVjdHMgYXJlIGluZGl2aWR1YWwsIHRoZW4g YSByZWx5aW5nIHBhcnR5PGJyPg0KJmd0OyBtYXkgaGF2ZSBhIHBhcnRpYWwgbGlzdCBvZiBwcm92 aWRlcnMgZm9yIG9uZSBjdXN0b21lci48YnI+DQomZ3Q7IDxicj4NCiZndDsgSWYgYWxsIHRoZSBw cm92aWRlcnMgZm9yIG9uZSBjdXN0b21lciBhcmUgaW4gYSBzaW5nbGUgb2JqZWN0LDxicj4NCiZn dDsgdGhlbiwgdXBvbiBhIGNoYW5nZSwgdGhlIFJQIGNhbiBoYXZlIGVpdGhlciB0aGUgb2xkIG9i amVjdDxicj4NCiZndDsgb3IgdGhlIG5ldyBvYmplY3QsIGJ1dCBuZXZlciBhIHBhcnRpYWwgdmll dy48YnI+DQomZ3Q7IDxicj4NCiZndDsgQSBwYXJ0aWFsIHZpZXcsIElNTyBpcyB3b3JzZSB0aGF0 IGhhdmluZyB0aGUgb2xkIHZpZXcgYSBsaXR0bGUgbG9uZ2VyPGJyPg0KJmd0OyB0aGFuIHBvc3Np YmxlLiBBIHBhcnRpYWwgdmlldyBjYW4gY2F1c2Ugc29tZSBBUy1wYXRocyB0byBiZSBjb25zaWRl cmVkPGJyPg0KJmd0OyBpbnZhbGlkIHdoZW4gdGhleSBhcmUgbm90Ljxicj4NCiZndDsgPGJyPg0K Jmd0OyBSZWdhcmRzLDxicj4NCiZndDsgSmFrb2IuPGJyPg0KJmd0OyA8YnI+DQomZ3Q7IC0tLS0t T3JpZ2luYWwgTWVzc2FnZS0tLS0tPGJyPg0KJmd0OyBGcm9tOiBTaWRyb3BzICZsdDs8YSBocmVm PSJtYWlsdG86c2lkcm9wcy1ib3VuY2VzQGlldGYub3JnIiB0YXJnZXQ9Il9ibGFuayI+c2lkcm9w cy1ib3VuY2VzQGlldGYub3JnPC9hPiZndDsgT24gQmVoYWxmIE9mIE5pY2sgSGlsbGlhcmQ8YnI+ DQomZ3Q7IFNlbnQ6IE1vbmRheSwgT2N0b2JlciA3LCAyMDE5IDU6MzIgQU08YnI+DQomZ3Q7IFRv OiBKYXkgQm9ya2VuaGFnZW4gJmx0OzxhIGhyZWY9Im1haWx0bzpqYXliQGJyYWVidXJuLm9yZyIg dGFyZ2V0PSJfYmxhbmsiPmpheWJAYnJhZWJ1cm4ub3JnPC9hPiZndDs8YnI+DQomZ3Q7IENjOiBT SURSIE9wZXJhdGlvbnMgV0cgJmx0OzxhIGhyZWY9Im1haWx0bzpzaWRyb3BzQGlldGYub3JnIiB0 YXJnZXQ9Il9ibGFuayI+c2lkcm9wc0BpZXRmLm9yZzwvYT4mZ3Q7PGJyPg0KJmd0OyBTdWJqZWN0 OiBSZTogW1NpZHJvcHNdIE1pbm9yIGNvbW1lbnRzIG9uIGRyYWZ0LWlldGYtc2lkcm9wcy1hc3Bh LXByb2ZpbGUtMDA8YnI+DQomZ3Q7IDxicj4NCiZndDsgSmF5IEJvcmtlbmhhZ2VuIHdyb3RlIG9u IDA3LzEwLzIwMTkgMTI6NTY6PGJyPg0KJmd0OyZndDsgSXQncyBjcml0aWNhbCB0aGF0IHVzZXJz IG9mIEFTUEEgZGF0YSBvcGVyYXRlIHVzaW5nIGEgY29tcGxldGUgc2V0IG9mPGJyPg0KJmd0OyZn dDsgYW4gQVNOJ3MgYXV0aG9yaXplZCB1cHN0cmVhbSBBU05zLiZuYnNwOyBUaGUgc2ltcGxlc3Qg d2F5IHRvIGNvbW11bmljYXRlPGJyPg0KJmd0OyZndDsgc3VjaCBhIHZlcmlmaWFibHktY29tcGxl dGUgc2V0IGlzIHRvIHVzZSBhIHNpbmdsZSBvYmplY3QuPGJyPg0KJmd0OyA8YnI+DQomZ3Q7IGJp dHMgb2YgbWUgYWdyZWUgd2l0aCB0aGlzLCBidXQgb3RoZXIgYml0cyBub3QuJm5ic3A7IEl0J3Mg c2hpZnRpbmcgdGhlIDxicj4NCiZndDsgcHJvYmxlbSBmcm9tIGFuIFJQS0kgZGF0YWJhc2Ugc3lu Y2hyb25pc2F0aW9uIHByb2JsZW0gdG8gYSA8YnI+DQomZ3Q7IGh1bWFuLW9yaWVudGVkIGRhdGEg c3luY2hyb25pc2F0aW9uIHByb2JsZW0uJm5ic3A7IEJvdGggYXJlIGhpZGVvdXNseSA8YnI+DQom Z3Q7IGRpZmZpY3VsdCBwcm9ibGVtcyB0byBzb2x2ZSwgYnV0IHRoZSBvbmUgd2hpY2ggaW52b2x2 ZXMgaHVtYW4gaW5wdXQgaXMgPGJyPg0KJmd0OyBhbG1vc3QgY2VydGFpbmx5IGxlc3MgcmVsaWFi bGUuPGJyPg0KJmd0OyA8YnI+DQomZ3Q7IE5pY2s8YnI+DQomZ3Q7IDxicj4NCiZndDsgX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX188YnI+DQomZ3Q7IFNpZHJv cHMgbWFpbGluZyBsaXN0PGJyPg0KJmd0OyA8YSBocmVmPSJtYWlsdG86U2lkcm9wc0BpZXRmLm9y ZyIgdGFyZ2V0PSJfYmxhbmsiPlNpZHJvcHNAaWV0Zi5vcmc8L2E+PGJyPg0KJmd0OyA8YSBocmVm PSJodHRwczovL3d3dy5pZXRmLm9yZy9tYWlsbWFuL2xpc3RpbmZvL3NpZHJvcHMiIHRhcmdldD0i X2JsYW5rIj5odHRwczovL3d3dy5pZXRmLm9yZy9tYWlsbWFuL2xpc3RpbmZvL3NpZHJvcHM8L2E+ PGJyPg0KJmd0OyA8YnI+DQomZ3Q7IF9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fPGJyPg0KJmd0OyBTaWRyb3BzIG1haWxpbmcgbGlzdDxicj4NCiZndDsgPGEg aHJlZj0ibWFpbHRvOlNpZHJvcHNAaWV0Zi5vcmciIHRhcmdldD0iX2JsYW5rIj5TaWRyb3BzQGll dGYub3JnPC9hPjxicj4NCiZndDsgPGEgaHJlZj0iaHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1h bi9saXN0aW5mby9zaWRyb3BzIiB0YXJnZXQ9Il9ibGFuayI+aHR0cHM6Ly93d3cuaWV0Zi5vcmcv bWFpbG1hbi9saXN0aW5mby9zaWRyb3BzPC9hPjxicj4NCjxicj4NCl9fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fPGJyPg0KU2lkcm9wcyBtYWlsaW5nIGxpc3Q8 YnI+DQo8YSBocmVmPSJtYWlsdG86U2lkcm9wc0BpZXRmLm9yZyIgdGFyZ2V0PSJfYmxhbmsiPlNp ZHJvcHNAaWV0Zi5vcmc8L2E+PGJyPg0KPGEgaHJlZj0iaHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFp bG1hbi9saXN0aW5mby9zaWRyb3BzIiB0YXJnZXQ9Il9ibGFuayI+aHR0cHM6Ly93d3cuaWV0Zi5v cmcvbWFpbG1hbi9saXN0aW5mby9zaWRyb3BzPC9hPjxvOnA+PC9vOnA+PC9wPg0KPC9ibG9ja3F1 b3RlPg0KPC9kaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48YnIgY2xlYXI9ImFsbCI+DQo8bzpw PjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5i c3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj4tLSA8bzpwPjwvbzpw PjwvcD4NCjxkaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+QmVzdCByZWdhcmRzLDxv OnA+PC9vOnA+PC9wPg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPkFsZXhhbmRlciBBemlt b3Y8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9ib2R5 Pg0KPC9odG1sPg0K --_000_BN8PR11MB3746BB52BF5F0E4779C5F73FC0900BN8PR11MB3746namp_-- From nobody Tue Oct 15 02:12:32 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F11611200B3 for ; Tue, 15 Oct 2019 02:12:30 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.119 X-Spam-Level: X-Spam-Status: No, score=-1.119 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NEUTRAL=0.779] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nlnetlabs-nl.20150623.gappssmtp.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GH-tNdVA0wa2 for ; Tue, 15 Oct 2019 02:12:28 -0700 (PDT) Received: from mail-ed1-x535.google.com (mail-ed1-x535.google.com [IPv6:2a00:1450:4864:20::535]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 107471200A4 for ; Tue, 15 Oct 2019 02:12:28 -0700 (PDT) Received: by mail-ed1-x535.google.com with SMTP id r4so17293861edy.4 for ; Tue, 15 Oct 2019 02:12:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nlnetlabs-nl.20150623.gappssmtp.com; s=20150623; h=mime-version:subject:from:in-reply-to:date:cc:message-id:references :to; bh=4RYisT/jnyS93GKNvSZkdGwKDJVOnUberiSW3eD6iUQ=; b=eS4P9pZk47XF+nTSrcE2A7A7yOoVdZeAkf9jrGdNvjn+LRqzZx0UOu38WmOdz9mejC zjzC1J/8rJ0PGiExzGCxfdYiV20NKTFbc5sU2NAbrbYWI/YysGgHaESq79R7d3nDFZOV APmM8mJ9eCv3hu6Jwk2fN4rj4v1btl82xVnb3/VLzXIC1J2/5WkC2RgynKJzRM8Sgg9N ogfRmCPBwvXposYukp+JoHpNEAMwC1lgjWc23jzdb3QhiHqmyF3XTt/qUldk/E3DGAMN /bzCjgdmCjLgEv+Cm4ITHhCzRxRYnvyqs4DsiAqwqx5h85d9Ab5InByGKUSUR2T4Q7yb rL3w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :message-id:references:to; bh=4RYisT/jnyS93GKNvSZkdGwKDJVOnUberiSW3eD6iUQ=; b=Q4mfj0fTjD47MuGJst+8CLymuYPxo4XeakHhgJOGLEGG2hhuxBql9QSJG0UnOHiTDe FOl5EEDqS7fJ//OTyiPgk21JnYJj2brnVxIXhxrkMgohxQVmLQhJzFN/mq56GdcBFKwA Pe7tqoPmfgnH0GQxkSI3VJ10P97LgeV4ro4MOnuwhfSZy38XM7/EYkptH8ONQyr74zfO MutcgBINWef6qJuLIymbbNreO+dGTEuO9w8/iZs74ja/FJDZphmU1F69wpmZQf0uClSy nnOS1JQH9kxpML1nhZmF04c+08TXlRk9RYtwRjqEPTG5hPhK6/S4qjbFocUpXVwEw/kG FYAQ== X-Gm-Message-State: APjAAAVvcEJPOf3C5wscm17oqgoTbFDgLl7vpqPQ0S4z6ROLZyq4JJPj YMEIUGBzUXPRNlhJA61jzcb8qw== X-Google-Smtp-Source: APXvYqxNzutyb25NQtpCNTMzE9rIBb9KCxyltIlB1F6lDUNOXnnVBKU4TqthJ+/d64FbzW+6MRExLQ== X-Received: by 2002:a05:6402:154e:: with SMTP id p14mr11776700edx.274.1571130746423; Tue, 15 Oct 2019 02:12:26 -0700 (PDT) Received: from ?IPv6:2001:981:4b52:1:6821:9913:675f:a444? ([2001:981:4b52:1:6821:9913:675f:a444]) by smtp.gmail.com with ESMTPSA id c6sm2655198ejz.79.2019.10.15.02.12.24 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 15 Oct 2019 02:12:25 -0700 (PDT) Content-Type: multipart/alternative; boundary="Apple-Mail=_7D6F3736-1CE2-48C6-8B5D-0BD5ADA27019" Mime-Version: 1.0 (Mac OS X Mail 13.0 \(3594.4.19\)) From: Tim Bruijnzeels In-Reply-To: Date: Tue, 15 Oct 2019 11:12:24 +0200 Cc: "Jakob Heitz (jheitz)" , Jay Borkenhagen , SIDR Operations WG , Nick Hilliard Message-Id: <670F2CA3-3C29-4BD7-9D37-A70943D9C331@nlnetlabs.nl> References: <1CF3E143-98E7-4B66-AEE5-02617A639BCC@nlnetlabs.nl> <9579DFEC-6653-4CD2-A4DE-2DC5B7427782@nlnetlabs.nl> <23963.10240.12287.137386@oz.mt.att.com> <29669e33-2ae9-1aab-0cf2-63e9d0f3857e@foobar.org> <39E6D50C-7112-4C0B-90BF-99C91665C193@nlnetlabs.nl> To: Alexander Azimov X-Mailer: Apple Mail (2.3594.4.19) Archived-At: Subject: Re: [Sidrops] Minor comments on draft-ietf-sidrops-aspa-profile-00 X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Oct 2019 09:12:31 -0000 --Apple-Mail=_7D6F3736-1CE2-48C6-8B5D-0BD5ADA27019 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Hi Alexander, > On 14 Oct 2019, at 22:59, Alexander Azimov > wrote: >=20 > Hi all, >=20 > I would try to summarize the points that were presented in this = thread. >=20 > The question is whether we should define ASPA like it was done for = ROAs or should we do it in a slightly different and slightly more = reliable manner.=20 > The data structure that we need at the router to verify ASPATH is a = simple {customer: set of providers}. And to have a reflection of such = tuple it in one RPKI object seems to be native (+ all points that were = listed above). If we unbound ASPA object structure from ROA-like = structure we may also get rid of ASPA0 - empty set is a simple form to = signal that ASN does not have any transit providers. So, the spec should = say: >=20 > providerASID SEQUENCE (SIZE(0..MAX)) OF ASID >=20 > In this case, to signal that prefix should not be seen in the BGP = default-free zone ROA0 should be issued; to signal that ASN is = provider-free ASPA-EMPTY (instead of ASPA0) should be issued. If we = believe that this will not add ambiguity for the users I'm ok to change = it. I am leaning towards (ab)using AS0 again. I can live with empty sets, = but then we need to be okay with the impact on the RTR protocol (which = is still to be defined). The empty set makes sense to me from the perspective of the ASPA = profile. But it begs the question: what if multiple ASPA objects exist = for the same customer AS. And one uses the empty set, and others don't. = I would expect that the union of all provider ASNs from all objects are = accepted. I.e. the empty set on one object cannot negate other objects. = I don't expect that people will disagree with this (but please speak up = if you do!) - but, this will need to be spelled out explicitly. We still need an RTR extension to communicate the data to routers. If = this is done similar to ROAs then I would expect data structures like: 0 8 16 24 31 .-------------------------------------------. | Protocol | PDU | | | Version | Type | zero | | 2 | X/Y | | +-------------------------------------------+ | | | Length=3D16 | | | +-------------------------------------------+ | | | Customer Autonomous System Number | | | +-------------------------------------------+ | | | Provider Autonomous System Number | | | `-------------------------------------------' Where X indicates 'announce', and Y indicates 'withdraw', similar to the = flags in RFC8210 section 5.6. (Or.. an explicit flag is introduced in = the header - no strong opinion on that..) Question then is how to communicate the empty set. You would probably = need a new PDU for that with its own PDU type (~Z) where there is no = Provider ASN, like: 0 8 16 24 31 .-------------------------------------------. | Protocol | PDU | | | Version | Type | zero | | 2 | Z | | +-------------------------------------------+ | | | Length=3D12 | | | +-------------------------------------------+ | | | Customer Autonomous System Number | | | +-------------------------------------------+ And if there were 'announce' tuples sent earlier, then the cache would = have to send a 'withdraw' for each of those as well. In that regard using AS0 may be easier. AS0 is just another AS that you = will never see in the wild for other reasons. Using it in RTR eliminates = the need for an extra PDU type, and if we use it there then I think we = should also use it in the ASPA profile for consistency and easier = reasoning between what you see in a router, and what is published. Tim >=20 > =D0=B2=D1=82, 8 =D0=BE=D0=BA=D1=82. 2019 =D0=B3. =D0=B2 09:49, Tim = Bruijnzeels >: > Hi, >=20 > So, to re-iterate: I don't think the problem of getting only a sub-set = of ASPA objects is very likely to occur, especially when using RRDP. = With RRDP there are deltas that provide transactionality in publication, = which at least allows operators to publish multiple objects as a single = delta. But, of course, their CA software has to support this idea, = rather than publish objects (+mft + crl) one by one. >=20 > However, having the option of multiple provider ASNs in a single = object allows for a publication strategy (using a fixed named object) = that avoids the issue altogether, as a bonus I find it a bit easier to = manage for my particular implementation, and it saves a bit of space = (CMS wrapping, EE cert 2048 with bit key). And on the other hand, I = don't think that having: >=20 > providerASID SEQUENCE (SIZE(1..MAX)) OF ASID=20 >=20 > Instead of: >=20 > providerASID ASID >=20 > adds much in terms of complexity, and I do not see any other clear = drawbacks (e.g. fate sharing). >=20 >=20 > If multiple provider ASNs are allowed I would go on to RECOMMEND that = a single object is used, but in principle implementations can still have = multiple ASPA objects, each with a SEQUENCE OF 1 ASID. I expect that RPs = will validate ASPA objects and build up a list of 'Validated Customer = Provider Relations', and that this list/deltas - excluding duplicates - = is communicated to routers in a new version of the RPKI-RTR protocol. = So, it should not matter if the relations were found on 1 or more = objects. >=20 > In ROAs we can only have one ASN, so multiple are needed in case a = prefix is multi-homed. Although, in retro-spect multiple ASNs could have = been a nice idea here too, but I don't think the problem is anywhere = near big enough to warrant a re-design of the ROA spec. >=20 > Tim >=20 >=20 >=20 > > On 8 Oct 2019, at 00:27, Jakob Heitz (jheitz) > wrote: > >=20 > > If the customer-provider objects are individual, then a relying = party > > may have a partial list of providers for one customer. > >=20 > > If all the providers for one customer are in a single object, > > then, upon a change, the RP can have either the old object > > or the new object, but never a partial view. > >=20 > > A partial view, IMO is worse that having the old view a little = longer > > than possible. A partial view can cause some AS-paths to be = considered > > invalid when they are not. > >=20 > > Regards, > > Jakob. > >=20 > > -----Original Message----- > > From: Sidrops > On Behalf Of Nick Hilliard > > Sent: Monday, October 7, 2019 5:32 AM > > To: Jay Borkenhagen > > > Cc: SIDR Operations WG > > > Subject: Re: [Sidrops] Minor comments on = draft-ietf-sidrops-aspa-profile-00 > >=20 > > Jay Borkenhagen wrote on 07/10/2019 12:56: > >> It's critical that users of ASPA data operate using a complete set = of > >> an ASN's authorized upstream ASNs. The simplest way to communicate > >> such a verifiably-complete set is to use a single object. > >=20 > > bits of me agree with this, but other bits not. It's shifting the=20= > > problem from an RPKI database synchronisation problem to a=20 > > human-oriented data synchronisation problem. Both are hideously=20 > > difficult problems to solve, but the one which involves human input = is=20 > > almost certainly less reliable. > >=20 > > Nick > >=20 > > _______________________________________________ > > Sidrops mailing list > > Sidrops@ietf.org > > https://www.ietf.org/mailman/listinfo/sidrops = > >=20 > > _______________________________________________ > > Sidrops mailing list > > Sidrops@ietf.org > > https://www.ietf.org/mailman/listinfo/sidrops = >=20 > _______________________________________________ > Sidrops mailing list > Sidrops@ietf.org > https://www.ietf.org/mailman/listinfo/sidrops = >=20 >=20 > --=20 > Best regards, > Alexander Azimov --Apple-Mail=_7D6F3736-1CE2-48C6-8B5D-0BD5ADA27019 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8
Hi Alexander,

On 14 Oct 2019, at 22:59, Alexander Azimov = <a.e.azimov@gmail.com> wrote:

Hi all,

I would try to summarize the points = that were presented in this thread.

The = question is whether we should define ASPA like it was done for ROAs or = should we do it in a slightly different and slightly more reliable = manner.
The data structure that we need at the router to = verify ASPATH is a simple {customer: set of providers}. And to have a = reflection of such tuple it in one RPKI object seems to be native (+ all = points that were listed above). If we unbound ASPA object structure from = ROA-like structure we may also get rid of ASPA0 - empty set is a simple = form to signal that ASN does not have any transit providers. So, the = spec should say:

providerASID  SEQUENCE (SIZE(0..MAX)) OF = ASID

In this case, to signal that prefix should not = be seen in the BGP default-free zone ROA0 should be issued; to signal = that ASN is provider-free ASPA-EMPTY (instead of ASPA0) should be = issued. If we believe that this will not add ambiguity for the users I'm = ok to change it.


I = am leaning towards (ab)using AS0 again. I can live with empty sets, but = then we need to be okay with the impact on the RTR protocol (which is = still to be defined).

The empty set makes sense to me from the perspective of the = ASPA profile. But it begs the question: what if multiple ASPA objects = exist for the same customer AS. And one uses the empty set, and others = don't. I would expect that the union of all provider ASNs from all = objects are accepted. I.e. the empty set on one object cannot negate = other objects. I don't expect that people will disagree with this (but = please speak up if you do!) - but, this will need to be spelled out = explicitly.

We = still need an RTR extension to communicate the data to routers. If this = is done similar to ROAs then I would expect data structures = like:


   0   =        8          16   =       24        31
  =  .-------------------------------------------.
   | Protocol |   PDU    |   =                   = |
   | Version  |   Type   = |         zero       =  |
   |    2     = |    X/Y   |             =         |
  =  +-------------------------------------------+
   |             =                     =           |
   | =                 Length=3D16 =                 |
   |             =                     =           |
  =  +-------------------------------------------+
   |             =                     =           |
   | =      Customer Autonomous System Number   =  |
   |         =                     =               |
  =  +-------------------------------------------+
   |         =                     =               |
   |      Provider Autonomous System = Number    |
   |     =                     =                   = |
  =  `-------------------------------------------'

Where X indicates = 'announce', and Y indicates 'withdraw', similar to the flags in RFC8210 = section 5.6. (Or.. an explicit flag is introduced in the header - no = strong opinion on that..)

Question then is how to communicate the empty set. You would = probably need a new PDU for that with its own PDU type (~Z) where there = is no Provider ASN, like:

   0     =      8          16     =     24        31
 =  .-------------------------------------------.
   | Protocol |   PDU    |   =                   = |
   | Version  |   Type   = |         zero       =  |
   |    2     = |    Z     |           =           |
  =  +-------------------------------------------+
   |             =                     =           |
   | =                 Length=3D12 =                 |
   |             =                     =           |
  =  +-------------------------------------------+
   |             =                     =           |
   | =      Customer Autonomous System Number   =  |
   |         =                     =               |
  =  +-------------------------------------------+

And if there were 'announce' tuples sent earlier, then the = cache would have to send a 'withdraw' for each of those as = well.

In that = regard using AS0 may be easier. AS0 is just another AS that you will = never see in the wild for other reasons. Using it in RTR eliminates the = need for an extra PDU type, and if we use it there then I think we = should also use it in the ASPA profile for consistency and easier = reasoning between what you see in a router, and what is = published.



Tim





=D0=B2=D1=82, 8 =D0=BE=D0=BA=D1=82. = 2019 =D0=B3. =D0=B2 09:49, Tim Bruijnzeels <tim@nlnetlabs.nl>:
Hi,

So, to re-iterate: I don't think the problem of getting only a sub-set = of ASPA objects is very likely to occur, especially when using RRDP. = With RRDP there are deltas that provide transactionality in publication, = which at least allows operators to publish multiple objects as a single = delta. But, of course, their CA software has to support this idea, = rather than publish objects (+mft + crl) one by one.

However, having the option of multiple provider ASNs in a single object = allows for a publication strategy (using a fixed named object) that = avoids the issue altogether, as a bonus I find it a bit easier to manage = for my particular implementation, and it saves a bit of space (CMS = wrapping, EE cert 2048 with bit key). And on the other hand, I don't = think that having:

        providerASID  SEQUENCE (SIZE(1..MAX)) = OF ASID

Instead of:

        providerASID  ASID

adds much in terms of complexity, and I do not see any other clear = drawbacks (e.g. fate sharing).


If multiple provider ASNs are allowed I would go on to RECOMMEND that a = single object is used, but in principle implementations can still have = multiple ASPA objects, each with a SEQUENCE OF 1 ASID. I expect that RPs = will validate ASPA objects and build up a list of 'Validated Customer = Provider Relations', and that this list/deltas - excluding duplicates - = is communicated to routers in a new version of the RPKI-RTR protocol. = So, it should not matter if the relations were found on 1 or more = objects.

In ROAs we can only have one ASN, so multiple are needed in case a = prefix is multi-homed. Although, in retro-spect multiple ASNs could have = been a nice idea here too, but I don't think the problem is anywhere = near big enough to warrant a re-design of the ROA spec.

Tim



> On 8 Oct 2019, at 00:27, Jakob Heitz (jheitz) <jheitz@cisco.com> wrote:
>
> If the customer-provider objects are individual, then a relying = party
> may have a partial list of providers for one customer.
= >
> If all the providers for one customer are in a single object,
> then, upon a change, the RP can have either the old object
> or the new object, but never a partial view.
>
> A partial view, IMO is worse that having the old view a little = longer
> than possible. A partial view can cause some AS-paths to be = considered
> invalid when they are not.
>
> Regards,
> Jakob.
>
> -----Original Message-----
> From: Sidrops <sidrops-bounces@ietf.org> On Behalf = Of Nick Hilliard
> Sent: Monday, October 7, 2019 5:32 AM
> To: Jay Borkenhagen <jayb@braeburn.org>
> Cc: SIDR Operations WG <sidrops@ietf.org>
> Subject: Re: [Sidrops] Minor comments on = draft-ietf-sidrops-aspa-profile-00
>
> Jay Borkenhagen wrote on 07/10/2019 12:56:
>> It's critical that users of ASPA data operate using a complete = set of
>> an ASN's authorized upstream ASNs.  The simplest way to = communicate
>> such a verifiably-complete set is to use a single object.
>
> bits of me agree with this, but other bits not.  It's shifting = the
> problem from an RPKI database synchronisation problem to a
> human-oriented data synchronisation problem.  Both are = hideously
> difficult problems to solve, but the one which involves human input = is
> almost certainly less reliable.
>
> Nick
>
> _______________________________________________
> Sidrops mailing list
> Sidrops@ietf.org
> https://www.ietf.org/mailman/listinfo/sidrops
>
> _______________________________________________
> Sidrops mailing list
> Sidrops@ietf.org
> https://www.ietf.org/mailman/listinfo/sidrops

_______________________________________________
Sidrops mailing list
Sidrops@ietf.org
https://www.ietf.org/mailman/listinfo/sidrops


--
Best regards,
Alexander = Azimov

= --Apple-Mail=_7D6F3736-1CE2-48C6-8B5D-0BD5ADA27019-- From nobody Tue Oct 15 06:35:27 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 07CF11200FB for ; Tue, 15 Oct 2019 06:35:25 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.119 X-Spam-Level: X-Spam-Status: No, score=-1.119 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NEUTRAL=0.779] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nlnetlabs-nl.20150623.gappssmtp.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F0jdbUW9DRmc for ; Tue, 15 Oct 2019 06:35:23 -0700 (PDT) Received: from mail-ed1-x533.google.com (mail-ed1-x533.google.com [IPv6:2a00:1450:4864:20::533]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 69A4212004C for ; Tue, 15 Oct 2019 06:35:23 -0700 (PDT) Received: by mail-ed1-x533.google.com with SMTP id a15so18028237edt.6 for ; Tue, 15 Oct 2019 06:35:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nlnetlabs-nl.20150623.gappssmtp.com; s=20150623; h=mime-version:subject:from:in-reply-to:date:cc:message-id:references :to; bh=87heG1ZTELjEMyo1HNSVvZaMW/Gd2DMNqTaZuvMulSk=; b=XQvYvutw2NI0sv6Cm7WP1KLkh2EGszGCUAbGf+i5cwOAh2gSX0GN20+bowsXxJJ37F Jd/Lilbc93rH/ENi/es4CmPJlkUvOlhm3Pr4QQ/fvMagQBGRKFqqx91eNCwefbbx3bDV IpvZq1QvNrIFMTLWnjxHQhIC5xtmrMvlHfvaELPpl0wTTvI3Rmcd8/JVLupQ/3ba827U E2LskkTrHx1TylyLPKazu75QcRSuYNnYbnS2OZxuh4pXCbC/9jpQBmFD/+xabKcO6LyC UJ5hceguSCkdMz4WvhWZ2tltqlqTEL3zBfWJZ081Zf8xhLMUqNHy+TB19bnjQxInnuYe tHpw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :message-id:references:to; bh=87heG1ZTELjEMyo1HNSVvZaMW/Gd2DMNqTaZuvMulSk=; b=CO8s6djwHB/YWKjP4JKjaa+Vkl4n7A9W9hZrPQa9EdmGxtEmNobhv1pU9tRr6iKgR5 PGoXDgeuB6hhj91jSiMxCg1M2LsfSsWeu3tHDgITxyptA8zIctUkOm+tcHxZDIQRRI5C 9f3Ud6g7sLd9qxhUwZEfxgA2m6qBDzyRv6Ooi6i7bfL32T0bUdx4FwrDyla3hDflCxFq NwZy02KC1/0nEfb8ltS469m3O/nWobQD0Y1r4hGakxNH1HWe8nRt08NuzUzMJ3N4e8e+ 6EvgVJFpxytAFILnMorliQnqAanjTiPD3gwYYGxokktxsC+zjEb+r8TXa+FaYiVatEs+ Nw3g== X-Gm-Message-State: APjAAAWoH3m0h/dDvZiSHUw8unHlxgVUbewayUDt2uU8pYkcQ6l+WkX1 Js0QXKY6N3wHDPHgS+gfuNy+sg== X-Google-Smtp-Source: APXvYqzHBIKAs5uYsHoIf5a44mcizKAfSW6VX7fJG5DVGr0sthc046aaoYKRW7cIGpV9YKU3HV5QAw== X-Received: by 2002:a17:906:68f:: with SMTP id u15mr33987407ejb.306.1571146521057; Tue, 15 Oct 2019 06:35:21 -0700 (PDT) Received: from ?IPv6:2001:981:4b52:1:6821:9913:675f:a444? ([2001:981:4b52:1:6821:9913:675f:a444]) by smtp.gmail.com with ESMTPSA id n3sm2735819eje.34.2019.10.15.06.35.19 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 15 Oct 2019 06:35:20 -0700 (PDT) Content-Type: multipart/alternative; boundary="Apple-Mail=_0690ABED-3B29-4DE4-B914-3337B4465CCC" Mime-Version: 1.0 (Mac OS X Mail 13.0 \(3594.4.19\)) From: Tim Bruijnzeels In-Reply-To: Date: Tue, 15 Oct 2019 15:35:19 +0200 Cc: Alexander Azimov , SIDR Operations WG , Jay Borkenhagen , Nick Hilliard Message-Id: References: <1CF3E143-98E7-4B66-AEE5-02617A639BCC@nlnetlabs.nl> <9579DFEC-6653-4CD2-A4DE-2DC5B7427782@nlnetlabs.nl> <23963.10240.12287.137386@oz.mt.att.com> <29669e33-2ae9-1aab-0cf2-63e9d0f3857e@foobar.org> <39E6D50C-7112-4C0B-90BF-99C91665C193@nlnetlabs.nl> To: "Jakob Heitz (jheitz)" X-Mailer: Apple Mail (2.3594.4.19) Archived-At: Subject: Re: [Sidrops] Minor comments on draft-ietf-sidrops-aspa-profile-00 X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Oct 2019 13:35:25 -0000 --Apple-Mail=_0690ABED-3B29-4DE4-B914-3337B4465CCC Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Hi Jakob, all, > On 14 Oct 2019, at 23:49, Jakob Heitz (jheitz) = wrote: >=20 > The time for such enhancements is not now and may never happen, but we = should think about it when choosing the format for the object. I am not convinced about that. The object has a distinct OID and = version, either of which could be updated by possible future versions. Tim --Apple-Mail=_0690ABED-3B29-4DE4-B914-3337B4465CCC Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii Hi = Jakob, all,

On 14 Oct 2019, at 23:49, Jakob Heitz = (jheitz) <jheitz@cisco.com> wrote:

The time for such enhancements is = not now and may never happen, but we should think about it when choosing = the format for the object.

I am not convinced about that. The object has a = distinct OID and version, either of which could be updated by possible = future versions.

Tim

= --Apple-Mail=_0690ABED-3B29-4DE4-B914-3337B4465CCC-- From nobody Tue Oct 15 16:45:12 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 005491207FC for ; Tue, 15 Oct 2019 16:45:10 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.5 X-Spam-Level: X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=PwPmv/TJ; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=Oh5pF996 Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id quWWNxeAhLr5 for ; Tue, 15 Oct 2019 16:45:08 -0700 (PDT) Received: from alln-iport-7.cisco.com (alln-iport-7.cisco.com [173.37.142.94]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F2292120019 for ; Tue, 15 Oct 2019 16:45:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=8910; q=dns/txt; s=iport; t=1571183108; x=1572392708; h=from:to:subject:date:message-id:mime-version; bh=KbLapL439WGLCcb99qp8ekdKwRZmNSV6+2x8AL9rm4E=; b=PwPmv/TJFXHr4cEwRTTKtEHGdR2e0Pv5mcgtBK5+mMKI67PkBq6iy+K/ gw+W9zXZoOzS1gY6dFgLzw2u7QRwlqb7ZV8YWXNhP3rrrsbfshANv9COF 2WYL2Ij8r5qh30TSJhmJGyH6UecGzNtDscpQUkxLcTMUHvexly3iUr1VH w=; IronPort-PHdr: =?us-ascii?q?9a23=3AQVOWcxIP5tGp7FaljdmcpTVXNCE6p7X5OBIU4Z?= =?us-ascii?q?M7irVIN76u5InmIFeCtKd2lFGcW4Ld5roEkOfQv636EU04qZea+DFnEtRXUg?= =?us-ascii?q?Mdz8AfngguGsmAXE/7If/2fQQxHd9JUxlu+HToeUU=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0C7DADEWaZd/5BdJa1mHQEBAQkBEQU?= =?us-ascii?q?FAYF7gRwvUAVsVyAECyqHbAOKT02VLIRhglIDVAkBAQEMAQEtAgEBhEACgm4?= =?us-ascii?q?kOBMCAwkBAQQBAQECAQUEbYUtDIVkGxMBATgRAYEAJgEEGxqDAYF5TQMuAQK?= =?us-ascii?q?jeQKBOIhhgieCfQEBBYUBGIIXCYE0jA4YgUA/gRFGh1CDPoIsjGdKh3mCOYZ?= =?us-ascii?q?2jnYKgiKVNplCp2wCBAIEBQIOAQEFgWkigVhwFYMnUBAUgU+Dc4pTdIEpkCg?= =?us-ascii?q?BAQ?= X-IronPort-AV: E=Sophos;i="5.67,301,1566864000"; d="scan'208,217";a="343924693" Received: from rcdn-core-8.cisco.com ([173.37.93.144]) by alln-iport-7.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 15 Oct 2019 23:45:04 +0000 Received: from XCH-RCD-012.cisco.com (xch-rcd-012.cisco.com [173.37.102.22]) by rcdn-core-8.cisco.com (8.15.2/8.15.2) with ESMTPS id x9FNj3ps007535 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL) for ; Tue, 15 Oct 2019 23:45:03 GMT Received: from xhs-rcd-001.cisco.com (173.37.227.246) by XCH-RCD-012.cisco.com (173.37.102.22) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 15 Oct 2019 18:45:02 -0500 Received: from xhs-aln-001.cisco.com (173.37.135.118) by xhs-rcd-001.cisco.com (173.37.227.246) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 15 Oct 2019 18:45:02 -0500 Received: from NAM02-CY1-obe.outbound.protection.outlook.com (173.37.151.57) by xhs-aln-001.cisco.com (173.37.135.118) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Tue, 15 Oct 2019 18:45:01 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=WyF3vc+kSofXgRPWVtVlXK3Wh+FjI9n7Ck5GUSR7k3JR6vDnoG6Dhhqdu10iu+zq4qWzFEALL3ym5jiBYp3tg6YFdRlbaVYvO8FQ6/dls+P8zgHYP/eY/Fx+SFb1oKAJyTCeASDIs9747X8kcGt3sCANTr2mzpt66KYPIllUijYeIZxBuDcfqPrRxm8x5PGY6RAaRMqamcJWKM4WCbnrTejqDOT2zjnuNneg/ZbwznukQcz3N8kQtwyFDQ5pV79Yj2/tmY/0ihbM88iLXAzb9V7L+ypoH6zLnNjkee+tisDjREUpxPo2iOJqt4hJcYfgwAkJHnAMyoy8KwKtAzd1cg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=JkvcTA9Bxw3FXVYao01nmjaMSPAObUwab7JesROWvlw=; b=k+ILYZFIKkx1LMVNH5stNo2/5W42R9SD2x9DoHjJm/KcJhuLt8N4WJ/dj1GOLbPlgunGnaEDod1gFdPIZl+c0jssAZnePkyL7E+GUS7SWDkU98SHXtz0yZsD7upBT2Y3nyB79acRYMBDzptMEtZB3yRSp1Ruf3sLd3Dx8Trxyc38jORonpUkHausZUYavJtBfqhmhaVBQqPLSzadN+190QbCQA7nC+hqCSQTjzePjC5Cm+Vuv5iWQ8tkiutaSRf5p9B9ie0Y9y+TOuYCK2v2CMUlhw5++02qr0pxes4K7JaTsDZxFDH0cBwb7tzZd4Dm+G/mvMJ1qJbEcArac6PdBg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=JkvcTA9Bxw3FXVYao01nmjaMSPAObUwab7JesROWvlw=; b=Oh5pF996ty/uSiuAE4VqGLPssnm0x2/oLiTN/aHPcNmQJeVyDLD0sEtyWYIzKDQIGr0QGQWxgVQ4MPUV+IdNsBOQssSjFIcKFRvpHQO7hEihOFiUTGlaf7s0oEVuMv8ds0mr56/LYRI+D+18creOLxEcGHoKoaRGTI5KVinWZZY= Received: from BN8PR11MB3746.namprd11.prod.outlook.com (20.178.221.23) by BN8PR11MB3635.namprd11.prod.outlook.com (20.178.219.148) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2347.19; Tue, 15 Oct 2019 23:45:01 +0000 Received: from BN8PR11MB3746.namprd11.prod.outlook.com ([fe80::c1ad:20a:be24:fe90]) by BN8PR11MB3746.namprd11.prod.outlook.com ([fe80::c1ad:20a:be24:fe90%5]) with mapi id 15.20.2347.023; Tue, 15 Oct 2019 23:45:01 +0000 From: "Jakob Heitz (jheitz)" To: SIDR Operations WG Thread-Topic: ASPA false leak Thread-Index: AdWDr4IJUqd9dgFSRaS/zGHcilvp8Q== Date: Tue, 15 Oct 2019 23:45:00 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=jheitz@cisco.com; x-originating-ip: [2001:420:30d:1254:68ee:ac2e:9d42:aa6f] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: f306ff44-4bb8-4e36-a6a2-08d751c9b1d9 x-ms-traffictypediagnostic: BN8PR11MB3635: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:8882; x-forefront-prvs: 01917B1794 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(396003)(39860400002)(366004)(346002)(136003)(376002)(199004)(189003)(6306002)(486006)(55016002)(476003)(478600001)(9686003)(54896002)(3480700005)(25786009)(4744005)(6436002)(5660300002)(7116003)(316002)(6506007)(86362001)(2906002)(46003)(6116002)(790700001)(7696005)(6916009)(81156014)(14454004)(66946007)(76116006)(66476007)(64756008)(8676002)(33656002)(8936002)(81166006)(14444005)(256004)(66446008)(66556008)(7736002)(99286004)(186003)(52536014)(74316002)(71200400001)(71190400001)(102836004); DIR:OUT; SFP:1101; SCL:1; SRVR:BN8PR11MB3635; H:BN8PR11MB3746.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: YIBX5K0qbeFVC5CQP37o9q2boOd5KHp8fLw8bXVJpuonGbTpi1tVO0UHllC6IJxYzS/o8lfeaQZrsOFRmP3ZLWD2FerWQbiRCrNCThiJc7NcziYeWg5CJASW+dfSFmECWG2fxJfYEoBu78u1qClwillLsnuV1MApe+ab1IwH3hRfoAhnN1T8ilIPl0d1pbdJ1kw/WoBezEdlxQl+ikE8CE+g+46u24PLbNJY1bJhrPckgzYq708yGU8pev9Pw/fOmtF9e3i9YP0pjS0mcfwXmwm8H+DT8B6bZ9ngxtSfCqvNiIrRPH5v7GtUGmjvr8gQtz/G5kUDgJMJWkDZW26JmV7oqm/DJmeWF0s2+2zjHrnEfcAGT3TaNAjCbnYsdMtjDTApezvDEJXENI6OHs+HIKgdKA+IpPsvO9FohUcJnRw= x-ms-exchange-transport-forked: True Content-Type: multipart/alternative; boundary="_000_BN8PR11MB37463090DCE5AF62C9D8B9E5C0930BN8PR11MB3746namp_" MIME-Version: 1.0 X-MS-Exchange-CrossTenant-Network-Message-Id: f306ff44-4bb8-4e36-a6a2-08d751c9b1d9 X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Oct 2019 23:45:00.9152 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: H9Nvz3LM+EvPSC57ZZ+P5x+TaFlNF7QevsWK8QgigKrlNPNlQNXdfz8HJwvq9Is4H30SN6nOov+xG1ToBnKiRw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN8PR11MB3635 X-OriginatorOrg: cisco.com X-Outbound-SMTP-Client: 173.37.102.22, xch-rcd-012.cisco.com X-Outbound-Node: rcdn-core-8.cisco.com Archived-At: Subject: [Sidrops] ASPA false leak X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Oct 2019 23:45:10 -0000 --_000_BN8PR11MB37463090DCE5AF62C9D8B9E5C0930BN8PR11MB3746namp_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Consider the topology: AS5 AS3 \ / \ \ / \ AS4 AS2 \ / \ / AS1 AS1 has providers AS2 and AS4. AS2 has provider AS3. AS4 has providers AS3 and AS5. AS5 receives a route with AS-path (4 3 2 1). ASPA would declare that AS4 leaked the route from AS3 to AS5. However, AS4 is an authorized provider for AS1. Even though AS4 has a path to AS1, it chose to use an alternative valid path to reach AS1. This might be to relieve congestion or to avoid an outage. Regardless of the reason, I don't think this route should be rejected. I think we need an additional rule: If an AS is found to be leaking a route, but an alternative valid path can be found from that AS to the originator AS, then the AS is not leaking. A path (X(1), ..., X(n)) is a valid alternative if for each X(i), X(i+1) attests that X(i) is its provider. Thoughts? Regards, Jakob. --_000_BN8PR11MB37463090DCE5AF62C9D8B9E5C0930BN8PR11MB3746namp_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Consider the topology:

 

   AS5     &nb= sp;AS3

     \    = ; /   \

      \   = ;/     \

       AS4&nbs= p;    AS2

       &n= bsp; \     /

       &n= bsp;  \   /

       &n= bsp;   AS1

 

AS1 has providers AS2 and AS4.

AS2 has provider  AS3.

AS4 has providers AS3 and AS5.

 

AS5 receives a route with AS-path (4 3 2 1).=

ASPA would declare that AS4 leaked the route= from AS3 to AS5.

However, AS4 is an authorized provider for A= S1.

Even though AS4 has a path to AS1, it chose = to use an alternative

valid path to reach AS1. This might be to re= lieve congestion or to

avoid an outage. Regardless of the reason, I= don't think this

route should be rejected.<= /p>

 

I think we need an additional rule:

If an AS is found to be leaking a route, but= an alternative valid

path can be found from that AS to the origin= ator AS, then the AS

is not leaking. A path (X(1), ..., X(n)) is = a valid alternative

if for each X(i), X(i+1) attests that X(= i) is its provider.

 

Thoughts?

 

Regards,

Jakob.

 

--_000_BN8PR11MB37463090DCE5AF62C9D8B9E5C0930BN8PR11MB3746namp_-- From nobody Tue Oct 15 18:45:50 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 37B69120843 for ; Tue, 15 Oct 2019 18:45:48 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.9 X-Spam-Level: X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xHkegHZ-_uJO for ; Tue, 15 Oct 2019 18:45:47 -0700 (PDT) Received: from ran.psg.com (ran.psg.com [IPv6:2001:418:8006::18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E51E5120819 for ; Tue, 15 Oct 2019 18:45:46 -0700 (PDT) Received: from localhost ([127.0.0.1] helo=ryuu.rg.net) by ran.psg.com with esmtp (Exim 4.90_1) (envelope-from ) id 1iKYNl-0008JC-1W; Wed, 16 Oct 2019 01:45:45 +0000 Date: Wed, 16 Oct 2019 03:45:44 +0200 Message-ID: From: Randy Bush To: Jakob Heitz Cc: SIDR Operations WG In-Reply-To: References: User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/26.2 Mule/6.0 (HANACHIRUSATO) MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") Content-Type: text/plain; charset=US-ASCII Archived-At: Subject: Re: [Sidrops] ASPA false leak X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Oct 2019 01:45:49 -0000 > Consider the topology: > > AS5 AS3 > \ / \ > \ / \ > AS4 AS2 > \ / > \ / > AS1 > > AS1 has providers AS2 and AS4. > AS2 has provider AS3. > AS4 has providers AS3 and AS5. > > AS5 receives a route with AS-path (4 3 2 1). > ASPA would declare that AS4 leaked the route from AS3 to AS5. > However, AS4 is an authorized provider for AS1. > Even though AS4 has a path to AS1, it chose to use an alternative > valid path to reach AS1. and that alternate path sure looks a lot like a route leak. randy From nobody Tue Oct 15 20:32:06 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B77E2120849 for ; Tue, 15 Oct 2019 20:32:04 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.5 X-Spam-Level: X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=eo8V70Sr; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=Cj4JPo4O Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kTXw6s6Qgj3g for ; Tue, 15 Oct 2019 20:32:02 -0700 (PDT) Received: from alln-iport-7.cisco.com (alln-iport-7.cisco.com [173.37.142.94]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BF87B120848 for ; Tue, 15 Oct 2019 20:32:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1206; q=dns/txt; s=iport; t=1571196722; x=1572406322; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=JpeESruTs/j2Ih/B21ZegSWOuLvkotcO6F6LQnu9O7w=; b=eo8V70SrXs4PlIs9qDftSYWhuTl4obx2gV03RlM6nZdAtZamYshlLRcP Y1Rx37kqBK5VbCR8De0DrjHf2e/Z3K5fvLRCMisdLPke3Vl+5usZW0fdy HyM/r8QX8B047WzcUX+rl9eSnCE+nuiF1caRZcXNG2fTA2xXjQ/gPPeNJ 0=; IronPort-PHdr: =?us-ascii?q?9a23=3AVxkhRhAWi9cP6S3ArVApUyQJPHJ1sqjoPgMT9p?= =?us-ascii?q?ssgq5PdaLm5Zn5IUjD/qg83kTRU9Dd7PRJw6rNvqbsVHZIwK7JsWtKMfkuHw?= =?us-ascii?q?QAld1QmgUhBMCfDkiuLv7nbjAoNM9DT1RiuXq8NBsdFQ=3D=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0AYAACCjqZd/5BdJa1mGwEBAQEBAQE?= =?us-ascii?q?FAQEBEQEBAwMBAQGBZwYBAQELAYFKUAVsVyAECyqHbAOEWIV3glyXfoEugSQ?= =?us-ascii?q?DVAkBAQEMAQEYCwoCAQGDe0UCgm4kNAkOAgMJAQEEAQEBAgEFBG2FLQyFSwE?= =?us-ascii?q?BAQMBAQEQKAYBASwLAQQHBAIBCBEEAQEeARAnCx0IAQEEDgUIGoMBgkYDDiA?= =?us-ascii?q?BAgyiHQKBOIhhgieCfQEBBYULGIIXAwaBNAGMDRiBQD+BEUaCTD6CYQEBgWO?= =?us-ascii?q?DPoIsrU8KgiKVNplCp2wCBAIEBQIOAQEFgVI5gVhwFTuCbFAQFIFPg3OFFIU?= =?us-ascii?q?/dIEpkCgBAQ?= X-IronPort-AV: E=Sophos;i="5.67,302,1566864000"; d="scan'208";a="344011709" Received: from rcdn-core-8.cisco.com ([173.37.93.144]) by alln-iport-7.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 16 Oct 2019 03:32:00 +0000 Received: from XCH-ALN-007.cisco.com (xch-aln-007.cisco.com [173.36.7.17]) by rcdn-core-8.cisco.com (8.15.2/8.15.2) with ESMTPS id x9G3W0s1020001 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 16 Oct 2019 03:32:00 GMT Received: from xhs-rcd-003.cisco.com (173.37.227.248) by XCH-ALN-007.cisco.com (173.36.7.17) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 15 Oct 2019 22:32:00 -0500 Received: from xhs-rtp-002.cisco.com (64.101.210.229) by xhs-rcd-003.cisco.com (173.37.227.248) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 15 Oct 2019 22:31:59 -0500 Received: from NAM03-BY2-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-002.cisco.com (64.101.210.229) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Tue, 15 Oct 2019 23:31:59 -0400 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=cofycMzoejwU7kcMH6KZK0wgT2KRjmEDYWfE1bumB6rVUyUz7Ml8kTl1V+w5DC0QLHZBH/jQcQZvATo7XejN+RMzwuYT2rFYe2XqD0IyqxC6XCFLRh6FcKg6LIwOFiKcPjGuGpY8aNbDB8tM8NNujnAPSE2Q6cQKBdksVwL2Q7jXIhxKDNiRL9T8/nd+fk16ue+KtBSZmcNusijHUTcYNDLwB6b6IIVsjJ2NacOvwAjzn/JY+8FxzSxMKEwd1dLUoTTBLfakF+KILaWdiJg3gpN51S9C9zMHSrz8ZjW5xfeKA44ZaDmso7y7+ABPJ/PZXsy3WYSQ8RUpmIDhOkbJvQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=qm8+LFkMIUavHd3Im3hbFokKEZftP6IbO0n411zSFC0=; b=Y/NQB3AiJh/0J0tCrNZ7pbzGCQEXG3J7Eg8xx4FYQ6gte/rzLt9AooF0Vfk/acX6cbof15IdDOr3U8i6ofNRzmy1sbOzZIY2cEGkkmwgXRJ4M1UwJZYL1UVJ8/1JhfXy4lk0apQfbJiINjATsbtvukX5YxtnfEInQl2ROfr9DSmjjZuRO1GavHpS81Asx4/6wY4QPxR7uqzLjOX/cU+m/AtKyNw5ca7TA0yt0uipXYzdI120A+WoYoGVIY9beiAADj+U3X/i920z7VFkNX7TUJtu6npPHa32M5jEf/NvvxF2SP9oMyg2z22YK9XSzD0ojZam6U7QVwZNVFQSm6Vk8A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=qm8+LFkMIUavHd3Im3hbFokKEZftP6IbO0n411zSFC0=; b=Cj4JPo4O8GXYgAx14FtRYlhmfjQvVJIG8my7K+V/5n+8kuitFjE6zZ9VrxibQBudYzEM8HtYfwvmQwicOsL6h0t2OZM9W19vGKWyWgWQYBhTsvBcfo4Lndhf7NzGdwMdhA7CLo+mT0rWfAH2Jqt9a/UBLAdnHAmYZ2XMFEQCvuA= Received: from BN8PR11MB3746.namprd11.prod.outlook.com (20.178.221.23) by BN8PR11MB3713.namprd11.prod.outlook.com (20.178.221.156) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2347.18; Wed, 16 Oct 2019 03:31:57 +0000 Received: from BN8PR11MB3746.namprd11.prod.outlook.com ([fe80::c1ad:20a:be24:fe90]) by BN8PR11MB3746.namprd11.prod.outlook.com ([fe80::c1ad:20a:be24:fe90%5]) with mapi id 15.20.2347.023; Wed, 16 Oct 2019 03:31:57 +0000 From: "Jakob Heitz (jheitz)" To: Randy Bush CC: SIDR Operations WG Thread-Topic: [Sidrops] ASPA false leak Thread-Index: AdWDr4IJUqd9dgFSRaS/zGHcilvp8QAE+p8AAAOVAtA= Date: Wed, 16 Oct 2019 03:31:57 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=jheitz@cisco.com; x-originating-ip: [2001:420:c0c8:1001::44c] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 6d5a7a86-e82e-4307-6afa-08d751e96618 x-ms-traffictypediagnostic: BN8PR11MB3713: x-ms-exchange-purlcount: 1 x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:7219; x-forefront-prvs: 0192E812EC x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(396003)(376002)(39860400002)(366004)(136003)(346002)(189003)(13464003)(199004)(71200400001)(476003)(446003)(71190400001)(4326008)(256004)(11346002)(186003)(53546011)(64756008)(316002)(86362001)(66556008)(66946007)(66476007)(66446008)(76176011)(14444005)(102836004)(6506007)(9686003)(6306002)(55016002)(76116006)(7696005)(6116002)(46003)(229853002)(966005)(5660300002)(25786009)(52536014)(8676002)(2906002)(81156014)(81166006)(6916009)(7736002)(305945005)(74316002)(99286004)(6246003)(486006)(14454004)(33656002)(478600001)(6436002)(8936002); DIR:OUT; SFP:1101; SCL:1; SRVR:BN8PR11MB3713; H:BN8PR11MB3746.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: Hy2K0juznapjr+MNW7w85PNuQKH7qX91NDAol2GyG0Oepg0FGiC0z0aKoSiQ+tS4Vv4wiuZRZ1J2abH6bphCPP+81iB/Lvr+ZdBzFD3sa+DPdslv4uh5pYfAmvzV70s6JBpIADK/ycTjcP0Bjaw0PffXnkea7GAoOschDDcHiPGzm5lvu5dTmTPBYJ77I3ccjgECpucMTEo2jiJYpThtr4ZQ11n4LA3V74T0j03ze9YdpZwIeGI0bil2OhUabaC1WDRPegJe1gS5/15WiuMnThpdP3eHDCdQ3AzknYb5iKkOKBcWtXt5mmyZp1iKtE5LLJLvQxGwM/cp5duX9+qTDwBbvg73mGdfHQIc5S4RNaJPzYpgGaWs9Rmz0cUG9YjK2PY3XXTnnperRxc3ODJyA8+Ptn0vJlaT4NjZ5C/G4FNlezG+SSoOJeujH7nUJeUtUUs6yaSw04mQB6FJ50RcaQ== x-ms-exchange-transport-forked: True Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-MS-Exchange-CrossTenant-Network-Message-Id: 6d5a7a86-e82e-4307-6afa-08d751e96618 X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Oct 2019 03:31:57.6841 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: SqXkmY9Fgh4XQDeS4LzTXuRZAg3znRlRA/pAEUJhEQ07EtX8/HBo7JGkHS8YZ8iaZHQPJZlEkBrUtrsVwxR/fg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN8PR11MB3713 X-OriginatorOrg: cisco.com X-Outbound-SMTP-Client: 173.36.7.17, xch-aln-007.cisco.com X-Outbound-Node: rcdn-core-8.cisco.com Archived-At: Subject: Re: [Sidrops] ASPA false leak X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Oct 2019 03:32:05 -0000 The actual path is (5 4 3 2 1). Technically a leak. However, all transited ASes are authorized, therefore it should be allowed. The alternative is (5 4 1). Not a leak. Regards, Jakob. -----Original Message----- From: Sidrops On Behalf Of Randy Bush Sent: Tuesday, October 15, 2019 6:46 PM To: Jakob Heitz (jheitz) Cc: SIDR Operations WG Subject: Re: [Sidrops] ASPA false leak > Consider the topology: >=20 > AS5 AS3 > \ / \ > \ / \ > AS4 AS2 > \ / > \ / > AS1 >=20 > AS1 has providers AS2 and AS4. > AS2 has provider AS3. > AS4 has providers AS3 and AS5. >=20 > AS5 receives a route with AS-path (4 3 2 1). > ASPA would declare that AS4 leaked the route from AS3 to AS5. > However, AS4 is an authorized provider for AS1. > Even though AS4 has a path to AS1, it chose to use an alternative > valid path to reach AS1. and that alternate path sure looks a lot like a route leak. randy _______________________________________________ Sidrops mailing list Sidrops@ietf.org https://www.ietf.org/mailman/listinfo/sidrops From nobody Tue Oct 15 23:36:04 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F0DF2120048 for ; Tue, 15 Oct 2019 23:36:02 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=workonline.africa Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9cESwOT7qkFh for ; Tue, 15 Oct 2019 23:36:00 -0700 (PDT) Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-eopbgr70082.outbound.protection.outlook.com [40.107.7.82]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5F9F5120018 for ; Tue, 15 Oct 2019 23:35:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=kV2HKTiDQGAZG6zxsGSMkfdsmwcyaLrNkScyN/M8j+yK8gblj+pJawVfdwTNC1ECHHzOnpJvjl05j9//UaTAyURsiPPOUdr9ixE6CwebS7A56xY1XxkGPMScGsANX4rVOWdAKZrA3rQmuiEn6sGwUa7A1vC+KcMi9TGZ52AKRmlvvtQjVgqut5WK7XnA+522rvHCLjdRHV2871GN6N0MGYC+Yrdb1t0FCR454HlrNyLVimbjjpjCnr4dZT+A4uQkGj43eEj1lljqPYXKVmL0ogcGDzd5+waFVvnnC0QYajsCCvnQatcHoHXOUCV6i7J844H/pk6+73+y79TG6xqCyg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=BhlA8BAvJ8TNMdlkwCfte3DL0BH0vk6JF/KwbGHDY1A=; b=ePuo9niNICZzosPUmp/lZx1vWEGBtftg6EyPPpzYzaMi70TxjC2AmaQgO5s8oJNESQt1DiZZfstwmu9UbHr6e3GNP1P4peDAMHQTnoO5RZqvhvgfkR7VPpc3McJ0svWjlknqKtfrewBcExLwY5L23JbXQs21Dv/slZKGYLoK9QnCABEHaVt4ZJn11VrjP6tK3suKtxah0kyxDj5yBMwhkZuFbL57nidsfFkTOu3VEX6JknPsppi47y7HL9qLot4aT1pXBdaqPRsWgYBDa5a5cQbakqfPySqWJeonUwdsrM8tiDo6q5guGY1MnPUhDYU4PyvIG+Xx4DcHzJrrzkodBw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=workonline.africa; dmarc=pass action=none header.from=workonline.africa; dkim=pass header.d=workonline.africa; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=workonline.africa; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=BhlA8BAvJ8TNMdlkwCfte3DL0BH0vk6JF/KwbGHDY1A=; b=Gwq0rminUDtzObxZZ3wdu4XIY220Jx8sewAUFPTbkVF7yAQS1x8ORY45QoNs9BEaI6fFHSUCdpNDbkokMrGb4rfApu1DLVr8HKoZiOXbVg+bLvfe6nmIL/44vbP96t9CKMvaThLENiIOnQQ2MkRhMlWETs0j5ZVM3JE0j352d40= Received: from AM0P190MB0756.EURP190.PROD.OUTLOOK.COM (10.186.131.142) by AM0P190MB0787.EURP190.PROD.OUTLOOK.COM (10.186.128.79) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2347.16; Wed, 16 Oct 2019 06:35:55 +0000 Received: from AM0P190MB0756.EURP190.PROD.OUTLOOK.COM ([fe80::6df9:89d5:e427:3a4]) by AM0P190MB0756.EURP190.PROD.OUTLOOK.COM ([fe80::6df9:89d5:e427:3a4%4]) with mapi id 15.20.2347.023; Wed, 16 Oct 2019 06:35:55 +0000 From: Ben Maddison To: "Jakob Heitz (jheitz)" , Randy Bush CC: SIDR Operations WG Thread-Topic: [Sidrops] ASPA false leak Thread-Index: AdWDr4IJUqd9dgFSRaS/zGHcilvp8QAE+p8AAAOVAtAABiPTrA== Date: Wed, 16 Oct 2019 06:35:55 +0000 Message-ID: References: , In-Reply-To: Accept-Language: en-GB, en-US Content-Language: en-GB X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=benm@workonline.africa; x-originating-ip: [197.157.89.213] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 67352285-191c-422f-0ff4-08d752031908 x-ms-traffictypediagnostic: AM0P190MB0787: x-ms-exchange-purlcount: 2 x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:4502; x-forefront-prvs: 0192E812EC x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(366004)(136003)(39840400004)(376002)(396003)(346002)(13464003)(199004)(189003)(6436002)(229853002)(55016002)(316002)(8936002)(54896002)(6306002)(2906002)(9686003)(446003)(14454004)(4326008)(606006)(25786009)(476003)(486006)(966005)(8676002)(508600001)(11346002)(45080400002)(236005)(6246003)(52536014)(81156014)(81166006)(7736002)(66946007)(5660300002)(66066001)(186003)(76116006)(91956017)(33656002)(86362001)(71200400001)(26005)(71190400001)(10916006)(74316002)(102836004)(99286004)(6116002)(3846002)(110136005)(66476007)(14444005)(64756008)(76176011)(7696005)(256004)(66446008)(66556008)(6506007)(53546011)(46492003); DIR:OUT; SFP:1101; SCL:1; SRVR:AM0P190MB0787; H:AM0P190MB0756.EURP190.PROD.OUTLOOK.COM; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:3; received-spf: None (protection.outlook.com: workonline.africa does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: PuqeS63XkwdEACZe+6RarDCNDr1XqbX3suhHrKy4muaLVuNZ12UF9xnF16Ei9jHq4sG7MHC4jUqI5bfdXX0U04uRlhwuWdQ0ByuEt+I8neWu8uayW1tRhFwbdjWmy2Zkn3Nd8EI8gWutJqYdLy+kAk3eTYORYrFLfERKbYzlfP7Zjmk7L2r1CIF2R08m6ix0C9ZXUyToqcLLyO+PUE5w382CtWTX3+0Uof2/HknHSpwhUIkSy9uUS7Ur7tvRy2q//G8YZdCmbrDiE4e1wT1zxMlpo1Yw1cNflQsf8quqkdTixWepx+yIltVORxZ+5uAoYcsZcPl+WRD48yacZ9mErGcYr0ONiwYc3EXNCozHodhrNW3eFSgSnjTY0yFfBXTtmbl2z4MlB50JTBP1xDNIDVEx0iyexWoPUfRZJkQ8h4Ck9JyQM/poHbwrDVyVGsmk5Lc9/CFNX4NC0nOBgY01MQ== x-ms-exchange-transport-forked: True Content-Type: multipart/alternative; boundary="_000_AM0P190MB0756169E6093C2C101BAF4EBC0920AM0P190MB0756EURP_" MIME-Version: 1.0 X-OriginatorOrg: workonline.africa X-MS-Exchange-CrossTenant-Network-Message-Id: 67352285-191c-422f-0ff4-08d752031908 X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Oct 2019 06:35:55.3019 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: b4e811d5-95e8-453a-b640-0fba8d3b9ef7 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: 89Xfe7ijN0n/tyEcXj8ECyhGSU7wLGiJayHGuOpSUsRDEa6nO6gQMH36yeDMzEFryHMcnbmroQ1VYu80OmgfyA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0P190MB0787 Archived-At: Subject: Re: [Sidrops] ASPA false leak X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Oct 2019 06:36:03 -0000 --_000_AM0P190MB0756169E6093C2C101BAF4EBC0920AM0P190MB0756EURP_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi Jakob, The distinction here is between path selection and announcing transit. AS4 = in this example is entirely entitled to select the path via AS3, but unless= authorized to do so, is not entitled to announce it to non-customer peers. I think the operation of the model is correct in this example. In fact, today, if AS4 is replaced by AS37271 in this example (us), and AS1= were to set 37271:120* on their direct session with us, the result would b= e that we select the path via peering with AS3, but not announce it to non-= customers: exactly as expected in the ASPA model. Cheers, Ben * set LP below default value for routes from peers Get Outlook for Android ________________________________ From: Sidrops on behalf of Jakob Heitz (jheitz) = Sent: Wednesday, October 16, 2019 5:31:57 AM To: Randy Bush Cc: SIDR Operations WG Subject: Re: [Sidrops] ASPA false leak The actual path is (5 4 3 2 1). Technically a leak. However, all transited ASes are authorized, therefore it should be allowed. The alternative is (5 4 1). Not a leak. Regards, Jakob. -----Original Message----- From: Sidrops On Behalf Of Randy Bush Sent: Tuesday, October 15, 2019 6:46 PM To: Jakob Heitz (jheitz) Cc: SIDR Operations WG Subject: Re: [Sidrops] ASPA false leak > Consider the topology: > > AS5 AS3 > \ / \ > \ / \ > AS4 AS2 > \ / > \ / > AS1 > > AS1 has providers AS2 and AS4. > AS2 has provider AS3. > AS4 has providers AS3 and AS5. > > AS5 receives a route with AS-path (4 3 2 1). > ASPA would declare that AS4 leaked the route from AS3 to AS5. > However, AS4 is an authorized provider for AS1. > Even though AS4 has a path to AS1, it chose to use an alternative > valid path to reach AS1. and that alternate path sure looks a lot like a route leak. randy _______________________________________________ Sidrops mailing list Sidrops@ietf.org https://www.ietf.org/mailman/listinfo/sidrops _______________________________________________ Sidrops mailing list Sidrops@ietf.org https://www.ietf.org/mailman/listinfo/sidrops --_000_AM0P190MB0756169E6093C2C101BAF4EBC0920AM0P190MB0756EURP_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable
Hi Jakob,

The distinction here is between path selection and announcing transit. AS4 = in this example is entirely entitled to select the path via AS3, but unless= authorized to do so, is not entitled to announce it to non-customer peers.=
I think the operation of the model is correct in this example.

In fact, today, if AS4 is replaced by AS37271 in this example (us), and AS1= were to set 37271:120* on their direct session with us, the result would b= e that we select the path via peering with AS3, but not announce it to non-= customers: exactly as expected in the ASPA model.

Cheers,

Ben

* set LP below default value for routes from peers

From: Sidrops <sidrops= -bounces@ietf.org> on behalf of Jakob Heitz (jheitz) <jheitz@cisco.co= m>
Sent: Wednesday, October 16, 2019 5:31:57 AM
To: Randy Bush <randy@psg.com>
Cc: SIDR Operations WG <sidrops@ietf.org>
Subject: Re: [Sidrops] ASPA false leak
 
The actual path is (5 4 3 2 1). Technically a leak= .
However, all transited ASes are authorized, therefore it should be allowed.=
The alternative is (5 4 1). Not a leak.

Regards,
Jakob.

-----Original Message-----
From: Sidrops <sidrops-bounces@ietf.org> On Behalf Of Randy Bush
Sent: Tuesday, October 15, 2019 6:46 PM
To: Jakob Heitz (jheitz) <jheitz@cisco.com>
Cc: SIDR Operations WG <sidrops@ietf.org>
Subject: Re: [Sidrops] ASPA false leak

> Consider the topology:
>
>    AS5      AS3
>      \     /   = \
>       \   /   &= nbsp; \
>        AS4     = AS2
>          \  &nb= sp;  /
>           \ &nb= sp; /
>            AS1<= br> >
> AS1 has providers AS2 and AS4.
> AS2 has provider  AS3.
> AS4 has providers AS3 and AS5.
>
> AS5 receives a route with AS-path (4 3 2 1).
> ASPA would declare that AS4 leaked the route from AS3 to AS5.
> However, AS4 is an authorized provider for AS1.
> Even though AS4 has a path to AS1, it chose to use an alternative
> valid path to reach AS1.

and that alternate path sure looks a lot like a route leak.

randy

_______________________________________________
Sidrops mailing list
Sidrops@ietf.org
https://www.ietf.= org/mailman/listinfo/sidrops

_______________________________________________
Sidrops mailing list
Sidrops@ietf.org
https://www.ietf.= org/mailman/listinfo/sidrops
 --_000_AM0P190MB0756169E6093C2C101BAF4EBC0920AM0P190MB0756EURP_-- From nobody Tue Oct 15 23:42:38 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 962A312006F for ; Tue, 15 Oct 2019 23:42:36 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.9 X-Spam-Level: X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7Sw811muc7oV for ; Tue, 15 Oct 2019 23:42:35 -0700 (PDT) Received: from ran.psg.com (ran.psg.com [IPv6:2001:418:8006::18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B6DFF120018 for ; Tue, 15 Oct 2019 23:42:35 -0700 (PDT) Received: from localhost ([127.0.0.1] helo=ryuu.rg.net) by ran.psg.com with esmtp (Exim 4.90_1) (envelope-from ) id 1iKd0u-0000hO-Qs; Wed, 16 Oct 2019 06:42:29 +0000 Date: Wed, 16 Oct 2019 08:42:27 +0200 Message-ID: From: Randy Bush To: Ben Maddison Cc: "Jakob Heitz (jheitz)" , SIDR Operations WG In-Reply-To: References: User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/26.2 Mule/6.0 (HANACHIRUSATO) MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") Content-Type: text/plain; charset=US-ASCII Archived-At: Subject: Re: [Sidrops] ASPA false leak X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Oct 2019 06:42:37 -0000 >> Consider the topology: >> >> AS5 AS3 >> \ / \ >> \ / \ >> AS4 AS2 >> \ / >> \ / >> AS1 >> >> AS1 has providers AS2 and AS4. >> AS2 has provider AS3. >> AS4 has providers AS3 and AS5. >> >> AS5 receives a route with AS-path (4 3 2 1). >> ASPA would declare that AS4 leaked the route from AS3 to AS5. >> However, AS4 is an authorized provider for AS1. >> Even though AS4 has a path to AS1, it chose to use an alternative >> valid path to reach AS1. > > and that alternate path sure looks a lot like a route leak. lemme try a different way the attacker A3 wishes tio siphon jelly beans from A5's traffic to A1. so she convinces A4 to prefer the A4 A3 A2 A1 path, which A4 then announces to A5 as her best path. profit. randy From nobody Wed Oct 16 13:41:36 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3E47E12022D for ; Wed, 16 Oct 2019 13:41:35 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.997 X-Spam-Level: X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pEKNgQZCxRxU for ; Wed, 16 Oct 2019 13:41:32 -0700 (PDT) Received: from mail-oi1-x244.google.com (mail-oi1-x244.google.com [IPv6:2607:f8b0:4864:20::244]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8077312008B for ; Wed, 16 Oct 2019 13:41:32 -0700 (PDT) Received: by mail-oi1-x244.google.com with SMTP id w6so181553oie.11 for ; Wed, 16 Oct 2019 13:41:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Ht6Vhsa5IwbFevh15q7fKJxAyYdYN/I4pwNTPi6ryAw=; b=uSJC7lATmBNPrvBdSQzDatACjf27bEemQLMO22oFUmH2v2UgH2b46YIVUJ8TV2fnep SgVYEtJcXWdpdt1FlPRAH4Hzmg0xlHM8Gx44iQ1zwVUjP+46suD+ghDMb+3TlY/uS3Gy M/GJfYcuz4k5dgdQPiPkmc8spd7s9Th575+/+NzLZMzFOQdqhaGBM13sFKnu9z0gawnP 9zJ32sdRnJtMxd41kPYKcc6Q2kpa5qu7nH9ptgQnSL7JLvBUuV3TFfL7Wqx3HMV2dwDI SUaFIiGI0eueHlj/qjZp+5ubNcaQNqxgJDM67YRRXYDuwwW7a5ydx2SS4sfnTAdr+Lkm sCWA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Ht6Vhsa5IwbFevh15q7fKJxAyYdYN/I4pwNTPi6ryAw=; b=pl9JVygndmlxN6MP0KCAwSsNAWMDCEIy/ku7b1lxJBCrkhu+LZYc+M6i5oJBKIIOLz 93vKqi+UTKmbmg0Sm+KkQUeh7WWVvvDFKe5M8OICB5h0ktedDjt3X/Sk/zzrQNvroJ0U rXNAegq2tkO8k9XijC6PiHUK4Z+FAQFlpLV4lhxnEqCu/rRfSszh+WH6SABP6lN12SRX 4l1SWZHMFDdTajJ57jxbR3UY9yIMm6pDJzH4IWuHPBNHq3XxfOlTmvUJVALQkzznGL6t gndqR9lINV0VadoqERge8gMgkJmud7aZgzUSr9YeaV3JAgYPdo/bJ+NpLCbzxTjHj3ae rxtw== X-Gm-Message-State: APjAAAXCg8XJx0SJnnUxDOsHpsPoM0cHBu29B1pC65Gt8bhplcHhChk7 gdw702iupAogLGjjuhnvNcbhvR9u56hhVIUF1kE= X-Google-Smtp-Source: APXvYqylsReFUrLMLN3o+DduKiB0AeEmoNNARGiDCPYTaxy8+uqRXAor8FALh86gyVf6AVKjziHXkH/Bfgyu6RmD6yI= X-Received: by 2002:aca:f01:: with SMTP id 1mr229941oip.32.1571258491673; Wed, 16 Oct 2019 13:41:31 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Alexander Azimov Date: Wed, 16 Oct 2019 23:41:17 +0300 Message-ID: To: Randy Bush Cc: Ben Maddison , "Jakob Heitz (jheitz)" , SIDR Operations WG Content-Type: multipart/alternative; boundary="0000000000003f1ef005950d2078" Archived-At: Subject: Re: [Sidrops] ASPA false leak X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Oct 2019 20:41:35 -0000 --0000000000003f1ef005950d2078 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable And another real-world scenario. The significant number of route leaks today happens when an ISP is using the prefix-list of their customers as the only egress filter (no ingress filters/no communities). In this case, just like in your scenario, it starts to leak customer's prefixes when it gets them from providers/peers, thus spoiling TE of their customers. More then, the customer even can't redirect traffic from such misconfigured upstream provider even if it experiences a service degradation. I don't believe we should legitimize such behavior. =D1=81=D1=80, 16 =D0=BE=D0=BA=D1=82. 2019 =D0=B3. =D0=B2 09:42, Randy Bush = : > >> Consider the topology: > >> > >> AS5 AS3 > >> \ / \ > >> \ / \ > >> AS4 AS2 > >> \ / > >> \ / > >> AS1 > >> > >> AS1 has providers AS2 and AS4. > >> AS2 has provider AS3. > >> AS4 has providers AS3 and AS5. > >> > >> AS5 receives a route with AS-path (4 3 2 1). > >> ASPA would declare that AS4 leaked the route from AS3 to AS5. > >> However, AS4 is an authorized provider for AS1. > >> Even though AS4 has a path to AS1, it chose to use an alternative > >> valid path to reach AS1. > > > > and that alternate path sure looks a lot like a route leak. > > lemme try a different way > > the attacker A3 wishes tio siphon jelly beans from A5's traffic to A1. > so she convinces A4 to prefer the A4 A3 A2 A1 path, which A4 then > announces to A5 as her best path. profit. > > randy > > _______________________________________________ > Sidrops mailing list > Sidrops@ietf.org > https://www.ietf.org/mailman/listinfo/sidrops > --=20 Best regards, Alexander Azimov --0000000000003f1ef005950d2078 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
And another real-world scenario.

The signific= ant number of route leaks today=C2=A0happens when an ISP is using the prefi= x-list of their customers as the only egress filter (no ingress filters/no = communities).
In this case, just like in your scenario, it starts to lea= k customer's prefixes when it gets them from providers/peers, thus spoi= ling TE of their customers. More then, the customer even can't redirect= traffic from such misconfigured upstream provider even if it experiences a= service degradation.=C2=A0

I don't believ= e=C2=A0we should legitimize such behavior.

=D1=81=D1=80, 16 = =D0=BE=D0=BA=D1=82. 2019 =D0=B3. =D0=B2 09:42, Randy Bush <randy@psg.com>:
>> Consider the topology:
>>
>>=C2=A0 =C2=A0 AS5=C2=A0 =C2=A0 =C2=A0 AS3
>>=C2=A0 =C2=A0 =C2=A0 \=C2=A0 =C2=A0 =C2=A0/=C2=A0 =C2=A0\
>>=C2=A0 =C2=A0 =C2=A0 =C2=A0\=C2=A0 =C2=A0/=C2=A0 =C2=A0 =C2=A0\
>>=C2=A0 =C2=A0 =C2=A0 =C2=A0 AS4=C2=A0 =C2=A0 =C2=A0AS2
>>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 \=C2=A0 =C2=A0 =C2=A0/
>>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0\=C2=A0 =C2=A0/
>>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 AS1
>>
>> AS1 has providers AS2 and AS4.
>> AS2 has provider=C2=A0 AS3.
>> AS4 has providers AS3 and AS5.
>>
>> AS5 receives a route with AS-path (4 3 2 1).
>> ASPA would declare that AS4 leaked the route from AS3 to AS5.
>> However, AS4 is an authorized provider for AS1.
>> Even though AS4 has a path to AS1, it chose to use an alternative<= br> >> valid path to reach AS1.
>
> and that alternate path sure looks a lot like a route leak.

lemme try a different way

the attacker A3 wishes tio siphon jelly beans from A5's traffic to A1.<= br> so she convinces A4 to prefer the A4 A3 A2 A1 path, which A4 then
announces to A5 as her best path.=C2=A0 profit.

randy

_______________________________________________
Sidrops mailing list
Sidrops@ietf.org<= br> https://www.ietf.org/mailman/listinfo/sidrops


--
Best regards,
Alexander Azi= mov
--0000000000003f1ef005950d2078-- From nobody Wed Oct 16 14:31:54 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D936512083B for ; Wed, 16 Oct 2019 14:31:52 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.499 X-Spam-Level: X-Spam-Status: No, score=-14.499 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=unavailable autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=CpWL3xNe; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=Ctgh3dlO Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pmwfkXa5RYij for ; Wed, 16 Oct 2019 14:31:50 -0700 (PDT) Received: from rcdn-iport-8.cisco.com (rcdn-iport-8.cisco.com [173.37.86.79]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7B86C1201EF for ; Wed, 16 Oct 2019 14:31:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=11792; q=dns/txt; s=iport; t=1571261510; x=1572471110; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=W9kXVVXEpsP+C65udq4Z5m6R7qP60ky6xwxNyrw9V/Q=; b=CpWL3xNeuGkr/EjRiyQEdLd26yoj6X2JteL65mNHM9OJ2nJVsXCiYcnP JGUayJyX6XbRuh1igTFsqgJZJe87l8F5D/0k2F5BQMjG0hXpovyCCd1Tx PZWxUpCowWXVw6B8NJqSFKFlZEFl0GK66otfXf7xWTvwkeDNTTnHi160e Y=; IronPort-PHdr: =?us-ascii?q?9a23=3AMMOXmRMLlb5VIFNfi40l6mtXPHoupqn0MwgJ65?= =?us-ascii?q?Eul7NJdOG58o//OFDEuKQ/l0fHCIPc7f8My/HbtaztQyQh2d6AqzhDFf4ETB?= =?us-ascii?q?oZkYMTlg0kDtSCDBj5LPPrcz4SF8VZX1gj9Ha+YgBY?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0AwAADqiqdd/4sNJK1mGgEBAQEBAQE?= =?us-ascii?q?BAQMBAQEBEQEBAQICAQEBAYFqAgEBAQELAYEbL1AFbFcgBAsqCoQbg0cDilC?= =?us-ascii?q?CXH6IbIkzhGGCUgNUCQEBAQwBARgBCgoCAQGDe0UCF4JkJDcGDgIDCQEBBAE?= =?us-ascii?q?BAQIBBQRthS0MhUsBAQEBAgEBARARChMBASwLAQ8CAQYCDgMEAQEoAwICAh8?= =?us-ascii?q?GCxQJCAIEAQ0FCBqDAYF5TQMOIAECDJJUkGICgTiIYXWBMoJ9AQEFhQINC4I?= =?us-ascii?q?XAwaBNAGMDRiBQD+BEUaCFzU+ghpHAQECgWErCYJYMoIsjTyCN4U5iS+ONUE?= =?us-ascii?q?KgiKRE4QjmUKOMIozjwkCBAIEBQIOAQEFgWgjgVhwFTuCbFAQFIFQg3OFFIU?= =?us-ascii?q?/dAGBKI58AYEiAQE?= X-IronPort-AV: E=Sophos;i="5.67,305,1566864000"; d="scan'208,217";a="646342719" Received: from alln-core-6.cisco.com ([173.36.13.139]) by rcdn-iport-8.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 16 Oct 2019 21:31:48 +0000 Received: from XCH-RCD-005.cisco.com (xch-rcd-005.cisco.com [173.37.102.15]) by alln-core-6.cisco.com (8.15.2/8.15.2) with ESMTPS id x9GLVmFk003475 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 16 Oct 2019 21:31:48 GMT Received: from xhs-rtp-001.cisco.com (64.101.210.228) by XCH-RCD-005.cisco.com (173.37.102.15) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Wed, 16 Oct 2019 16:31:48 -0500 Received: from xhs-aln-003.cisco.com (173.37.135.120) by xhs-rtp-001.cisco.com (64.101.210.228) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Wed, 16 Oct 2019 17:31:46 -0400 Received: from NAM05-DM3-obe.outbound.protection.outlook.com (173.37.151.57) by xhs-aln-003.cisco.com (173.37.135.120) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Wed, 16 Oct 2019 16:31:46 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=l/k0qYlTnRX7+CfcvyLov2iW5Lqpu0TR/llXoyKOjOZIJuGvMbh+6SXT2kFCPCRn+mwVGdbYIa/r9HvK0fzHM/IpA+GUtu+yIMEBoJshEtNvboUiFVhRVT4Hc+5K6fomUtUE+uw7qJ8I0pkBARUyMacKW4CRlqD/T6VWm6cNpkhtniYGgN91YEvnS92ieb/qsyQbc7AOyW2MT9xbxJvArNcUShfL0fiZ+JUPOgs4cuJe2A9caSYMAyqfWgV2mZDsSeVl40BsShp7HzSyU5CO0pe3Kl0zZ/uT4oZXMnJffRXODZywG+JaSPk7kwP03zqHjH5DfmkBZjMVDc0u8v7h9A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=W9kXVVXEpsP+C65udq4Z5m6R7qP60ky6xwxNyrw9V/Q=; b=GzmuW0MvGWzZSHy3H491w942IUZz6DLgvfaraTn/hwARtw2GJJ1AYwALCYiwWACYE9K4Qr4lLH1XqzSgH3aOlqiYFzbqWTZ9xFzeRe+cuVbSaoQ0xyFs/hdp2JF2VfY8HnYqn4SqaYbYXThpacx/ef4E7srf+oQo+64MSv19WgE6z88rCp92ddw8qBeh91P38Z0wrKb/f7K3DD7JJhys26OfbGy0SEVUgIR8ArdrLKpW3Psdq7+PDSFcaS0mKTtXwt3D8h6vtNtNqSZb45h3QxHim9P543tsfCZo9aYcA4tpXNNt6d25fCfiM5Eg06a6x/uLGyw7Sq2TGIL5TCeQfg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=W9kXVVXEpsP+C65udq4Z5m6R7qP60ky6xwxNyrw9V/Q=; b=Ctgh3dlO8B2mpXuRLZL4eNxzF2Bi3ds4zBsmtt4loK9vxBfbXmW7gkOlnLSkO4ph4dTL+WpGVL/Otku+KVR4EClRMv2alXXNV32aoJMX6iHx5J+/kqSUaB2kv+Ns+ioEXMk4V9rm/zeFj8reTY1zOMgtg+LQGcBW6+8jYGB4MNs= Received: from DM6PR11MB3755.namprd11.prod.outlook.com (20.179.16.81) by DM6PR11MB3915.namprd11.prod.outlook.com (10.255.61.152) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2347.16; Wed, 16 Oct 2019 21:31:46 +0000 Received: from DM6PR11MB3755.namprd11.prod.outlook.com ([fe80::f190:c680:b58b:946b]) by DM6PR11MB3755.namprd11.prod.outlook.com ([fe80::f190:c680:b58b:946b%7]) with mapi id 15.20.2347.023; Wed, 16 Oct 2019 21:31:46 +0000 From: "Jakob Heitz (jheitz)" To: Alexander Azimov , Randy Bush CC: Ben Maddison , SIDR Operations WG Thread-Topic: [Sidrops] ASPA false leak Thread-Index: AdWDr4IJUqd9dgFSRaS/zGHcilvp8QAE+p8AAAOVAtAABiPTrAAApAaAAB1LwYAAAZbA8A== Date: Wed, 16 Oct 2019 21:31:46 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=jheitz@cisco.com; x-originating-ip: [128.107.241.164] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 376a5311-0ba5-4859-14f7-08d752803ef6 x-ms-traffictypediagnostic: DM6PR11MB3915: x-ms-exchange-purlcount: 1 x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:8882; x-forefront-prvs: 0192E812EC x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(39860400002)(136003)(346002)(396003)(366004)(376002)(199004)(189003)(9686003)(446003)(2906002)(6436002)(74316002)(606006)(4326008)(3846002)(790700001)(6116002)(33656002)(102836004)(7736002)(14444005)(86362001)(66446008)(11346002)(229853002)(256004)(236005)(71190400001)(71200400001)(6306002)(54896002)(52536014)(8936002)(7696005)(966005)(6506007)(53546011)(66476007)(66556008)(186003)(26005)(14454004)(55016002)(8676002)(81156014)(64756008)(76176011)(5660300002)(316002)(476003)(81166006)(99286004)(66946007)(76116006)(486006)(110136005)(6246003)(54906003)(66066001)(25786009)(478600001); DIR:OUT; SFP:1101; SCL:1; SRVR:DM6PR11MB3915; H:DM6PR11MB3755.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: AMrFa7RID3xIp5mw/9BDEhERJUcso/ca+jZaiFFqWfGgY6+P+3h+tglXuwz8waLXZ7n6BuYMzoh7Q0jCaK1g2ruIroaonV71YvLDO8v1qI5p0wDFA5tgc7lP9UMSQv8JXzd5G49BTZjlzTGrq11ofTySYUgtU1I/QklalKd4JxmpfzEdoJ9XPjyVYYslTjDTgiL1qIxyHQbnZYVhXxK/rVi3Ht8/dX/GWwrqZbusst3GE01i2/T9YPa9bk7pK9YdLTLkK2+uONEQVlqf9tCOLToDqmlBXe9sVnFJtbeBA4DEMiSkkL99xIaLnoborigUr9nq+8Fu7QliIyw93QArJcC0WyNk41kDocE2F4sTq/RgSG8WsUe8NfbXSUINl9mIqXsjhAfvN3WREAPXAlTNpryxagSUsTPGBFscps56p5rV5b8Cdhv7GwDcy6/J1YERTVrqjXRfORyhI7O15ACzDA== x-ms-exchange-transport-forked: True Content-Type: multipart/alternative; boundary="_000_DM6PR11MB375560CF6609B2006C52196CC0920DM6PR11MB3755namp_" MIME-Version: 1.0 X-MS-Exchange-CrossTenant-Network-Message-Id: 376a5311-0ba5-4859-14f7-08d752803ef6 X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Oct 2019 21:31:46.1161 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: 6SpApIEEmyKAsvjlHCgXBGIHIQqzuzx6KKXCWHptxnMnhcoFqReMNpie6n04pTNCBZBfRmTTEqfVf5kp2I61Tw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR11MB3915 X-OriginatorOrg: cisco.com X-Outbound-SMTP-Client: 173.37.102.15, xch-rcd-005.cisco.com X-Outbound-Node: alln-core-6.cisco.com Archived-At: Subject: Re: [Sidrops] ASPA false leak X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Oct 2019 21:31:53 -0000 --_000_DM6PR11MB375560CF6609B2006C52196CC0920DM6PR11MB3755namp_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 U28sIHNob3VsZCBBUzUganVzdCBkcm9wIHRoZSB0cmFmZmljPw0KDQpSZWdhcmRzLA0KSmFrb2Iu DQoNCkZyb206IEFsZXhhbmRlciBBemltb3YgPGEuZS5hemltb3ZAZ21haWwuY29tPg0KU2VudDog V2VkbmVzZGF5LCBPY3RvYmVyIDE2LCAyMDE5IDE6NDEgUE0NClRvOiBSYW5keSBCdXNoIDxyYW5k eUBwc2cuY29tPg0KQ2M6IEJlbiBNYWRkaXNvbiA8YmVubT00MHdvcmtvbmxpbmUuYWZyaWNhQGRt YXJjLmlldGYub3JnPjsgSmFrb2IgSGVpdHogKGpoZWl0eikgPGpoZWl0ekBjaXNjby5jb20+OyBT SURSIE9wZXJhdGlvbnMgV0cgPHNpZHJvcHNAaWV0Zi5vcmc+DQpTdWJqZWN0OiBSZTogW1NpZHJv cHNdIEFTUEEgZmFsc2UgbGVhaw0KDQpBbmQgYW5vdGhlciByZWFsLXdvcmxkIHNjZW5hcmlvLg0K DQpUaGUgc2lnbmlmaWNhbnQgbnVtYmVyIG9mIHJvdXRlIGxlYWtzIHRvZGF5IGhhcHBlbnMgd2hl biBhbiBJU1AgaXMgdXNpbmcgdGhlIHByZWZpeC1saXN0IG9mIHRoZWlyIGN1c3RvbWVycyBhcyB0 aGUgb25seSBlZ3Jlc3MgZmlsdGVyIChubyBpbmdyZXNzIGZpbHRlcnMvbm8gY29tbXVuaXRpZXMp Lg0KSW4gdGhpcyBjYXNlLCBqdXN0IGxpa2UgaW4geW91ciBzY2VuYXJpbywgaXQgc3RhcnRzIHRv IGxlYWsgY3VzdG9tZXIncyBwcmVmaXhlcyB3aGVuIGl0IGdldHMgdGhlbSBmcm9tIHByb3ZpZGVy cy9wZWVycywgdGh1cyBzcG9pbGluZyBURSBvZiB0aGVpciBjdXN0b21lcnMuIE1vcmUgdGhlbiwg dGhlIGN1c3RvbWVyIGV2ZW4gY2FuJ3QgcmVkaXJlY3QgdHJhZmZpYyBmcm9tIHN1Y2ggbWlzY29u ZmlndXJlZCB1cHN0cmVhbSBwcm92aWRlciBldmVuIGlmIGl0IGV4cGVyaWVuY2VzIGEgc2Vydmlj ZSBkZWdyYWRhdGlvbi4NCg0KSSBkb24ndCBiZWxpZXZlIHdlIHNob3VsZCBsZWdpdGltaXplIHN1 Y2ggYmVoYXZpb3IuDQoNCtGB0YAsIDE2INC+0LrRgi4gMjAxOSDQsy4g0LIgMDk6NDIsIFJhbmR5 IEJ1c2ggPHJhbmR5QHBzZy5jb208bWFpbHRvOnJhbmR5QHBzZy5jb20+PjoNCj4+IENvbnNpZGVy IHRoZSB0b3BvbG9neToNCj4+DQo+PiAgICBBUzUgICAgICBBUzMNCj4+ICAgICAgXCAgICAgLyAg IFwNCj4+ICAgICAgIFwgICAvICAgICBcDQo+PiAgICAgICAgQVM0ICAgICBBUzINCj4+ICAgICAg ICAgIFwgICAgIC8NCj4+ICAgICAgICAgICBcICAgLw0KPj4gICAgICAgICAgICBBUzENCj4+DQo+ PiBBUzEgaGFzIHByb3ZpZGVycyBBUzIgYW5kIEFTNC4NCj4+IEFTMiBoYXMgcHJvdmlkZXIgIEFT My4NCj4+IEFTNCBoYXMgcHJvdmlkZXJzIEFTMyBhbmQgQVM1Lg0KPj4NCj4+IEFTNSByZWNlaXZl cyBhIHJvdXRlIHdpdGggQVMtcGF0aCAoNCAzIDIgMSkuDQo+PiBBU1BBIHdvdWxkIGRlY2xhcmUg dGhhdCBBUzQgbGVha2VkIHRoZSByb3V0ZSBmcm9tIEFTMyB0byBBUzUuDQo+PiBIb3dldmVyLCBB UzQgaXMgYW4gYXV0aG9yaXplZCBwcm92aWRlciBmb3IgQVMxLg0KPj4gRXZlbiB0aG91Z2ggQVM0 IGhhcyBhIHBhdGggdG8gQVMxLCBpdCBjaG9zZSB0byB1c2UgYW4gYWx0ZXJuYXRpdmUNCj4+IHZh bGlkIHBhdGggdG8gcmVhY2ggQVMxLg0KPg0KPiBhbmQgdGhhdCBhbHRlcm5hdGUgcGF0aCBzdXJl IGxvb2tzIGEgbG90IGxpa2UgYSByb3V0ZSBsZWFrLg0KDQpsZW1tZSB0cnkgYSBkaWZmZXJlbnQg d2F5DQoNCnRoZSBhdHRhY2tlciBBMyB3aXNoZXMgdGlvIHNpcGhvbiBqZWxseSBiZWFucyBmcm9t IEE1J3MgdHJhZmZpYyB0byBBMS4NCnNvIHNoZSBjb252aW5jZXMgQTQgdG8gcHJlZmVyIHRoZSBB NCBBMyBBMiBBMSBwYXRoLCB3aGljaCBBNCB0aGVuDQphbm5vdW5jZXMgdG8gQTUgYXMgaGVyIGJl c3QgcGF0aC4gIHByb2ZpdC4NCg0KcmFuZHkNCg0KX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX18NClNpZHJvcHMgbWFpbGluZyBsaXN0DQpTaWRyb3BzQGlldGYu b3JnPG1haWx0bzpTaWRyb3BzQGlldGYub3JnPg0KaHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1h bi9saXN0aW5mby9zaWRyb3BzDQoNCg0KLS0NCkJlc3QgcmVnYXJkcywNCkFsZXhhbmRlciBBemlt b3YNCg== --_000_DM6PR11MB375560CF6609B2006C52196CC0920DM6PR11MB3755namp_ Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTUgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxl PjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6 IkNhbWJyaWEgTWF0aCI7DQoJcGFub3NlLTE6MiA0IDUgMyA1IDQgNiAzIDIgNDt9DQpAZm9udC1m YWNlDQoJe2ZvbnQtZmFtaWx5OkRlbmdYaWFuOw0KCXBhbm9zZS0xOjIgMSA2IDAgMyAxIDEgMSAx IDE7fQ0KQGZvbnQtZmFjZQ0KCXtmb250LWZhbWlseTpDYWxpYnJpOw0KCXBhbm9zZS0xOjIgMTUg NSAyIDIgMiA0IDMgMiA0O30NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6IlxARGVuZ1hpYW4i Ow0KCXBhbm9zZS0xOjIgMSA2IDAgMyAxIDEgMSAxIDE7fQ0KLyogU3R5bGUgRGVmaW5pdGlvbnMg Ki8NCnAuTXNvTm9ybWFsLCBsaS5Nc29Ob3JtYWwsIGRpdi5Nc29Ob3JtYWwNCgl7bWFyZ2luOjBp bjsNCgltYXJnaW4tYm90dG9tOi4wMDAxcHQ7DQoJZm9udC1zaXplOjExLjBwdDsNCglmb250LWZh bWlseToiQ2FsaWJyaSIsc2Fucy1zZXJpZjt9DQphOmxpbmssIHNwYW4uTXNvSHlwZXJsaW5rDQoJ e21zby1zdHlsZS1wcmlvcml0eTo5OTsNCgljb2xvcjpibHVlOw0KCXRleHQtZGVjb3JhdGlvbjp1 bmRlcmxpbmU7fQ0KYTp2aXNpdGVkLCBzcGFuLk1zb0h5cGVybGlua0ZvbGxvd2VkDQoJe21zby1z dHlsZS1wcmlvcml0eTo5OTsNCgljb2xvcjpwdXJwbGU7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVy bGluZTt9DQpwLm1zb25vcm1hbDAsIGxpLm1zb25vcm1hbDAsIGRpdi5tc29ub3JtYWwwDQoJe21z by1zdHlsZS1uYW1lOm1zb25vcm1hbDsNCgltc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzsNCgltYXJn aW4tcmlnaHQ6MGluOw0KCW1zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvOw0KCW1hcmdpbi1sZWZ0 OjBpbjsNCglmb250LXNpemU6MTEuMHB0Ow0KCWZvbnQtZmFtaWx5OiJDYWxpYnJpIixzYW5zLXNl cmlmO30NCnNwYW4uRW1haWxTdHlsZTE4DQoJe21zby1zdHlsZS10eXBlOnBlcnNvbmFsLXJlcGx5 Ow0KCWZvbnQtZmFtaWx5OiJDb3VyaWVyIE5ldyI7DQoJY29sb3I6IzcwMzBBMDt9DQouTXNvQ2hw RGVmYXVsdA0KCXttc28tc3R5bGUtdHlwZTpleHBvcnQtb25seTsNCglmb250LWZhbWlseToiQ2Fs aWJyaSIsc2Fucy1zZXJpZjt9DQpAcGFnZSBXb3JkU2VjdGlvbjENCgl7c2l6ZTo4LjVpbiAxMS4w aW47DQoJbWFyZ2luOjEuMGluIDEuMGluIDEuMGluIDEuMGluO30NCmRpdi5Xb3JkU2VjdGlvbjEN Cgl7cGFnZTpXb3JkU2VjdGlvbjE7fQ0KLS0+PC9zdHlsZT48IS0tW2lmIGd0ZSBtc28gOV0+PHht bD4NCjxvOnNoYXBlZGVmYXVsdHMgdjpleHQ9ImVkaXQiIHNwaWRtYXg9IjEwMjYiIC8+DQo8L3ht bD48IVtlbmRpZl0tLT48IS0tW2lmIGd0ZSBtc28gOV0+PHhtbD4NCjxvOnNoYXBlbGF5b3V0IHY6 ZXh0PSJlZGl0Ij4NCjxvOmlkbWFwIHY6ZXh0PSJlZGl0IiBkYXRhPSIxIiAvPg0KPC9vOnNoYXBl bGF5b3V0PjwveG1sPjwhW2VuZGlmXS0tPg0KPC9oZWFkPg0KPGJvZHkgbGFuZz0iRU4tVVMiIGxp bms9ImJsdWUiIHZsaW5rPSJwdXJwbGUiPg0KPGRpdiBjbGFzcz0iV29yZFNlY3Rpb24xIj4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuMHB0O2ZvbnQtZmFt aWx5OiZxdW90O0NvdXJpZXIgTmV3JnF1b3Q7O2NvbG9yOiM3MDMwQTAiPlNvLCBzaG91bGQgQVM1 IGp1c3QgZHJvcCB0aGUgdHJhZmZpYz88bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0i TXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjBwdDtmb250LWZhbWlseTomcXVv dDtDb3VyaWVyIE5ldyZxdW90Oztjb2xvcjojNzAzMEEwIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bh bj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjBw dDtmb250LWZhbWlseTomcXVvdDtDb3VyaWVyIE5ldyZxdW90Oztjb2xvcjojNzAzMEEwIj5SZWdh cmRzLDxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0 eWxlPSJmb250LXNpemU6MTAuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NvdXJpZXIgTmV3JnF1b3Q7 O2NvbG9yOiM3MDMwQTAiPkpha29iLjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuMHB0O2ZvbnQtZmFtaWx5OiZxdW90 O0NvdXJpZXIgTmV3JnF1b3Q7O2NvbG9yOiM3MDMwQTAiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFu PjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxiPkZyb206PC9iPiBBbGV4YW5kZXIgQXppbW92 ICZsdDthLmUuYXppbW92QGdtYWlsLmNvbSZndDsgPGJyPg0KPGI+U2VudDo8L2I+IFdlZG5lc2Rh eSwgT2N0b2JlciAxNiwgMjAxOSAxOjQxIFBNPGJyPg0KPGI+VG86PC9iPiBSYW5keSBCdXNoICZs dDtyYW5keUBwc2cuY29tJmd0Ozxicj4NCjxiPkNjOjwvYj4gQmVuIE1hZGRpc29uICZsdDtiZW5t PTQwd29ya29ubGluZS5hZnJpY2FAZG1hcmMuaWV0Zi5vcmcmZ3Q7OyBKYWtvYiBIZWl0eiAoamhl aXR6KSAmbHQ7amhlaXR6QGNpc2NvLmNvbSZndDs7IFNJRFIgT3BlcmF0aW9ucyBXRyAmbHQ7c2lk cm9wc0BpZXRmLm9yZyZndDs8YnI+DQo8Yj5TdWJqZWN0OjwvYj4gUmU6IFtTaWRyb3BzXSBBU1BB IGZhbHNlIGxlYWs8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5i c3A7PC9vOnA+PC9wPg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPkFuZCBhbm90aGVyIHJl YWwtd29ybGQgc2NlbmFyaW8uPG86cD48L286cD48L3A+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05v cm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+ VGhlIHNpZ25pZmljYW50IG51bWJlciBvZiByb3V0ZSBsZWFrcyB0b2RheSZuYnNwO2hhcHBlbnMg d2hlbiBhbiBJU1AgaXMgdXNpbmcgdGhlIHByZWZpeC1saXN0IG9mIHRoZWlyIGN1c3RvbWVycyBh cyB0aGUgb25seSBlZ3Jlc3MgZmlsdGVyIChubyBpbmdyZXNzIGZpbHRlcnMvbm8gY29tbXVuaXRp ZXMpLjxicj4NCkluIHRoaXMgY2FzZSwganVzdCBsaWtlIGluIHlvdXIgc2NlbmFyaW8sIGl0IHN0 YXJ0cyB0byBsZWFrIGN1c3RvbWVyJ3MgcHJlZml4ZXMgd2hlbiBpdCBnZXRzIHRoZW0gZnJvbSBw cm92aWRlcnMvcGVlcnMsIHRodXMgc3BvaWxpbmcgVEUgb2YgdGhlaXIgY3VzdG9tZXJzLiBNb3Jl IHRoZW4sIHRoZSBjdXN0b21lciBldmVuIGNhbid0IHJlZGlyZWN0IHRyYWZmaWMgZnJvbSBzdWNo IG1pc2NvbmZpZ3VyZWQgdXBzdHJlYW0gcHJvdmlkZXIgZXZlbiBpZg0KIGl0IGV4cGVyaWVuY2Vz IGEgc2VydmljZSBkZWdyYWRhdGlvbi4mbmJzcDs8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRp dj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8 ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+SSBkb24ndCBiZWxpZXZlJm5ic3A7d2Ugc2hvdWxk IGxlZ2l0aW1pemUgc3VjaCBiZWhhdmlvci48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPC9kaXY+ DQo8L2Rpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPGRp dj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj7RgdGALCAxNiDQvtC60YIuIDIwMTkg0LMu INCyIDA5OjQyLCBSYW5keSBCdXNoICZsdDs8YSBocmVmPSJtYWlsdG86cmFuZHlAcHNnLmNvbSI+ cmFuZHlAcHNnLmNvbTwvYT4mZ3Q7OjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8YmxvY2txdW90 ZSBzdHlsZT0iYm9yZGVyOm5vbmU7Ym9yZGVyLWxlZnQ6c29saWQgI0NDQ0NDQyAxLjBwdDtwYWRk aW5nOjBpbiAwaW4gMGluIDYuMHB0O21hcmdpbi1sZWZ0OjQuOHB0O21hcmdpbi1yaWdodDowaW4i Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+Jmd0OyZndDsgQ29uc2lkZXIgdGhlIHRvcG9sb2d5Ojxi cj4NCiZndDsmZ3Q7PGJyPg0KJmd0OyZndDsmbmJzcDsgJm5ic3A7IEFTNSZuYnNwOyAmbmJzcDsg Jm5ic3A7IEFTMzxicj4NCiZndDsmZ3Q7Jm5ic3A7ICZuYnNwOyAmbmJzcDsgXCZuYnNwOyAmbmJz cDsgJm5ic3A7LyZuYnNwOyAmbmJzcDtcPGJyPg0KJmd0OyZndDsmbmJzcDsgJm5ic3A7ICZuYnNw OyAmbmJzcDtcJm5ic3A7ICZuYnNwOy8mbmJzcDsgJm5ic3A7ICZuYnNwO1w8YnI+DQomZ3Q7Jmd0 OyZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyBBUzQmbmJzcDsgJm5ic3A7ICZuYnNwO0FTMjxi cj4NCiZndDsmZ3Q7Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyBcJm5ic3A7ICZu YnNwOyAmbmJzcDsvPGJyPg0KJmd0OyZndDsmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5i c3A7ICZuYnNwO1wmbmJzcDsgJm5ic3A7Lzxicj4NCiZndDsmZ3Q7Jm5ic3A7ICZuYnNwOyAmbmJz cDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgQVMxPGJyPg0KJmd0OyZndDs8YnI+DQomZ3Q7Jmd0OyBB UzEgaGFzIHByb3ZpZGVycyBBUzIgYW5kIEFTNC48YnI+DQomZ3Q7Jmd0OyBBUzIgaGFzIHByb3Zp ZGVyJm5ic3A7IEFTMy48YnI+DQomZ3Q7Jmd0OyBBUzQgaGFzIHByb3ZpZGVycyBBUzMgYW5kIEFT NS48YnI+DQomZ3Q7Jmd0Ozxicj4NCiZndDsmZ3Q7IEFTNSByZWNlaXZlcyBhIHJvdXRlIHdpdGgg QVMtcGF0aCAoNCAzIDIgMSkuPGJyPg0KJmd0OyZndDsgQVNQQSB3b3VsZCBkZWNsYXJlIHRoYXQg QVM0IGxlYWtlZCB0aGUgcm91dGUgZnJvbSBBUzMgdG8gQVM1Ljxicj4NCiZndDsmZ3Q7IEhvd2V2 ZXIsIEFTNCBpcyBhbiBhdXRob3JpemVkIHByb3ZpZGVyIGZvciBBUzEuPGJyPg0KJmd0OyZndDsg RXZlbiB0aG91Z2ggQVM0IGhhcyBhIHBhdGggdG8gQVMxLCBpdCBjaG9zZSB0byB1c2UgYW4gYWx0 ZXJuYXRpdmU8YnI+DQomZ3Q7Jmd0OyB2YWxpZCBwYXRoIHRvIHJlYWNoIEFTMS48YnI+DQomZ3Q7 IDxicj4NCiZndDsgYW5kIHRoYXQgYWx0ZXJuYXRlIHBhdGggc3VyZSBsb29rcyBhIGxvdCBsaWtl IGEgcm91dGUgbGVhay48YnI+DQo8YnI+DQpsZW1tZSB0cnkgYSBkaWZmZXJlbnQgd2F5PGJyPg0K PGJyPg0KdGhlIGF0dGFja2VyIEEzIHdpc2hlcyB0aW8gc2lwaG9uIGplbGx5IGJlYW5zIGZyb20g QTUncyB0cmFmZmljIHRvIEExLjxicj4NCnNvIHNoZSBjb252aW5jZXMgQTQgdG8gcHJlZmVyIHRo ZSBBNCBBMyBBMiBBMSBwYXRoLCB3aGljaCBBNCB0aGVuPGJyPg0KYW5ub3VuY2VzIHRvIEE1IGFz IGhlciBiZXN0IHBhdGguJm5ic3A7IHByb2ZpdC48YnI+DQo8YnI+DQpyYW5keTxicj4NCjxicj4N Cl9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fPGJyPg0KU2lk cm9wcyBtYWlsaW5nIGxpc3Q8YnI+DQo8YSBocmVmPSJtYWlsdG86U2lkcm9wc0BpZXRmLm9yZyIg dGFyZ2V0PSJfYmxhbmsiPlNpZHJvcHNAaWV0Zi5vcmc8L2E+PGJyPg0KPGEgaHJlZj0iaHR0cHM6 Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9zaWRyb3BzIiB0YXJnZXQ9Il9ibGFuayI+ aHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9zaWRyb3BzPC9hPjxvOnA+PC9v OnA+PC9wPg0KPC9ibG9ja3F1b3RlPg0KPC9kaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48YnIg Y2xlYXI9ImFsbCI+DQo8bzpwPjwvbzpwPjwvcD4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFs Ij48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjwvZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+LS0g PG86cD48L286cD48L3A+DQo8ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPkJlc3Qg cmVnYXJkcyw8bzpwPjwvbzpwPjwvcD4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5BbGV4 YW5kZXIgQXppbW92PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rp dj4NCjwvYm9keT4NCjwvaHRtbD4NCg== --_000_DM6PR11MB375560CF6609B2006C52196CC0920DM6PR11MB3755namp_-- From nobody Wed Oct 16 18:29:16 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3C105120019 for ; Wed, 16 Oct 2019 18:29:14 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.9 X-Spam-Level: X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3LmdRxo1Mv6Y for ; Wed, 16 Oct 2019 18:29:13 -0700 (PDT) Received: from ran.psg.com (ran.psg.com [IPv6:2001:418:8006::18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8FF631200F6 for ; Wed, 16 Oct 2019 18:29:13 -0700 (PDT) Received: from localhost ([127.0.0.1] helo=ryuu.rg.net) by ran.psg.com with esmtp (Exim 4.90_1) (envelope-from ) id 1iKubE-0003hX-2U; Thu, 17 Oct 2019 01:29:08 +0000 Date: Thu, 17 Oct 2019 03:29:06 +0200 Message-ID: From: Randy Bush To: "Jakob Heitz (jheitz)" Cc: Alexander Azimov , Ben Maddison , SIDR Operations WG In-Reply-To: References: User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/26.2 Mule/6.0 (HANACHIRUSATO) MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") Content-Type: text/plain; charset=US-ASCII Archived-At: Subject: Re: [Sidrops] ASPA false leak X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Oct 2019 01:29:14 -0000 > So, should AS5 just drop the traffic? yes it is a leak or an attack randy From nobody Wed Oct 16 23:59:55 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 23D9A120059 for ; Wed, 16 Oct 2019 23:59:53 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.999 X-Spam-Level: X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=workonline.africa Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5D11ZLCv0oFH for ; Wed, 16 Oct 2019 23:59:49 -0700 (PDT) Received: from EUR03-DB5-obe.outbound.protection.outlook.com (mail-eopbgr40048.outbound.protection.outlook.com [40.107.4.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F099A120018 for ; Wed, 16 Oct 2019 23:59:47 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=glQWGYipsCVp4AlWHfpFVclKvOFluxsDdevdIqTKsCpUrMx+xEx1J6FdgYzQ2cOoFpiuxwmitNeVO1vYt3OPkH2QvQ21Z2Xt4G3gEtbefa/U2/WZjyR9A5ljRTh7oZGShOZW+/TFlxYu3vefczjF+csoevSImkJ+FGcL2Miip6bGCcwAKDr01Cv0DZy6DmGIozBl09ENtWyNP7AuzGy2eEB6Asr8fc45San+88uDR/STPihVZUVUvUp6s1FPRw4Y/tsQGKBwi3RH9vlMqjwDZE9nuwZALP3I20BN+zpIyWI9hgB3QGESeovpk1PQvvoORJsHzkgMZfFftY7Vi+CB7A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+s/eM+1v5cbsLxSENJD0JYaApFM8TBI+MIZ5UOfdSeM=; b=UzGg+U0TUasbitE6jZfK8p7F6t4o1DrmVsBqkw44cmv091MxNDWEKkTxLad4Ly7jD+aZktI6eOoJg0++4GFM+x8Tirm6SNK+bj3AsQhDmVnSJci7mfRTSQ1dqmXJ2yUOIIf+PGgJPMG5b49L8UULal1g/fFbX+wWBXeuvXYap4J+eP9p+8UVjXocwkdzAvEThV7FC3LaC4lBRaK4AJ9F0sj3/se6tJmcijWsPcvFojPRnLvF0d4DnlF/viHbXIVZ93VbDXcg71yNHLvnC5Y/Ag7YMwMCu3mYLTcrlD1rDoEt+ldxgLldjELst6Kj5fAGrJ/Fef7An3x+XjIVH1ruKQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=workonline.africa; dmarc=pass action=none header.from=workonline.africa; dkim=pass header.d=workonline.africa; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=workonline.africa; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+s/eM+1v5cbsLxSENJD0JYaApFM8TBI+MIZ5UOfdSeM=; b=QzZ4VxfHY/HY1+ofI630YrQY37eFla0kk55UpTnSjwOLzY27gzRSeUe2FbGVNOvCAXq4/XuTHSknLCRWQ6zrzSugpzc8JwTEV6p0foBgMvLFTfsQRDGsdwYz9xDVtug2EzF0BNvGp/s+KLsVUe+Pj0zPnzT5D6uDg4J76eKvz0o= Received: from AM0P190MB0756.EURP190.PROD.OUTLOOK.COM (10.186.131.142) by AM0P190MB0692.EURP190.PROD.OUTLOOK.COM (10.186.129.10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2347.16; Thu, 17 Oct 2019 06:59:45 +0000 Received: from AM0P190MB0756.EURP190.PROD.OUTLOOK.COM ([fe80::6df9:89d5:e427:3a4]) by AM0P190MB0756.EURP190.PROD.OUTLOOK.COM ([fe80::6df9:89d5:e427:3a4%4]) with mapi id 15.20.2347.023; Thu, 17 Oct 2019 06:59:44 +0000 From: Ben Maddison To: "Jakob Heitz (jheitz)" , Alexander Azimov , Randy Bush CC: SIDR Operations WG Thread-Topic: [Sidrops] ASPA false leak Thread-Index: AdWDr4IJUqd9dgFSRaS/zGHcilvp8QAE+p8AAAOVAtAABiPTrAAApAaAAB1LwYAAAZbA8AAT/Q/E Date: Thu, 17 Oct 2019 06:59:44 +0000 Message-ID: References: , In-Reply-To: Accept-Language: en-GB, en-US Content-Language: en-GB X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=benm@workonline.africa; x-originating-ip: [197.157.89.213] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: ae26940c-d7af-40d4-4ca9-08d752cf9777 x-ms-traffictypediagnostic: AM0P190MB0692: x-ms-exchange-purlcount: 2 x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:6108; x-forefront-prvs: 01930B2BA8 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(396003)(39840400004)(366004)(136003)(346002)(376002)(189003)(199004)(11346002)(508600001)(5660300002)(45080400002)(186003)(486006)(9686003)(236005)(4326008)(966005)(102836004)(66066001)(6306002)(6436002)(3846002)(2906002)(33656002)(476003)(55016002)(54896002)(52536014)(25786009)(446003)(26005)(229853002)(790700001)(6246003)(71200400001)(71190400001)(316002)(10916006)(6116002)(76176011)(256004)(74316002)(14444005)(14454004)(66946007)(66446008)(64756008)(66476007)(66556008)(53546011)(8676002)(7736002)(81156014)(86362001)(76116006)(91956017)(7696005)(606006)(81166006)(6506007)(8936002)(110136005)(99286004)(46492003); DIR:OUT; SFP:1101; SCL:1; SRVR:AM0P190MB0692; H:AM0P190MB0756.EURP190.PROD.OUTLOOK.COM; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: workonline.africa does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: qR5j0B07hAJKJGazGdvxRjyHYo3ybUpCb2ODDsxEG1qmVes2dxQVrIi5u58ZQZo4LwFFNHepzStIAfffd9J35LzRfPiBPUlZ5R/5X4mRydMrQyxzDxuqL1qESo49VtYjIHfSas/bqZnL6E1PlOzR6Qx2jWkjwElLGJ3ZDZPVKahlZZ+lS3/SvLjmWHh/WKZMhkALX6RosLBdgw4Uq4aEbFM2/gNqn4Xy/gUB4+NYB+fY2bRul+DOmrC4KZBIzMB8pqa2nMYN4M06DAVbOIZOIz87mrZuSQfnVvwGHQQQDT1lsd6/TcutZVWhMuBjL9x4kZR8Ie4ejQzplrJ6usC1HOgQv5UhA8R3EhAWJyYc6z1Pt2xZIPN/9AoU+VFMJI99uzbh1Sd3DyBocQNvpr6RNGdtzIx3gx/D6Rv6Rq/Z4A9bYOvUY9SocMojmx/DyEuMoxj+aQ5/k7jGfFTkpGdBsQ== x-ms-exchange-transport-forked: True Content-Type: multipart/alternative; boundary="_000_AM0P190MB0756A616DC740EF70E749BF0C06D0AM0P190MB0756EURP_" MIME-Version: 1.0 X-OriginatorOrg: workonline.africa X-MS-Exchange-CrossTenant-Network-Message-Id: ae26940c-d7af-40d4-4ca9-08d752cf9777 X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Oct 2019 06:59:44.7626 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: b4e811d5-95e8-453a-b640-0fba8d3b9ef7 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: BXCLtNKNR5aGohGz8IKjRKMHO+CAa5G6iCTXxqD4PpTnd2/xUZcUIt4oB8BcdeJOgVyG1zjzn49telvgNGTx5w== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0P190MB0692 Archived-At: Subject: Re: [Sidrops] ASPA false leak X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Oct 2019 06:59:53 -0000 --_000_AM0P190MB0756A616DC740EF70E749BF0C06D0AM0P190MB0756EURP_ Content-Type: text/plain; charset="koi8-r" Content-Transfer-Encoding: quoted-printable Yes. Right on the floor. Get Outlook for Android ________________________________ From: Jakob Heitz (jheitz) Sent: Wednesday, October 16, 2019 11:31:46 PM To: Alexander Azimov ; Randy Bush Cc: Ben Maddison ; SIDR Operations WG Subject: RE: [Sidrops] ASPA false leak So, should AS5 just drop the traffic? Regards, Jakob. From: Alexander Azimov Sent: Wednesday, October 16, 2019 1:41 PM To: Randy Bush Cc: Ben Maddison ; Jakob Heitz (= jheitz) ; SIDR Operations WG Subject: Re: [Sidrops] ASPA false leak And another real-world scenario. The significant number of route leaks today happens when an ISP is using th= e prefix-list of their customers as the only egress filter (no ingress filt= ers/no communities). In this case, just like in your scenario, it starts to leak customer's pref= ixes when it gets them from providers/peers, thus spoiling TE of their cust= omers. More then, the customer even can't redirect traffic from such miscon= figured upstream provider even if it experiences a service degradation. I don't believe we should legitimize such behavior. =D3=D2, 16 =CF=CB=D4. 2019 =C7. =D7 09:42, Randy Bush >: >> Consider the topology: >> >> AS5 AS3 >> \ / \ >> \ / \ >> AS4 AS2 >> \ / >> \ / >> AS1 >> >> AS1 has providers AS2 and AS4. >> AS2 has provider AS3. >> AS4 has providers AS3 and AS5. >> >> AS5 receives a route with AS-path (4 3 2 1). >> ASPA would declare that AS4 leaked the route from AS3 to AS5. >> However, AS4 is an authorized provider for AS1. >> Even though AS4 has a path to AS1, it chose to use an alternative >> valid path to reach AS1. > > and that alternate path sure looks a lot like a route leak. lemme try a different way the attacker A3 wishes tio siphon jelly beans from A5's traffic to A1. so she convinces A4 to prefer the A4 A3 A2 A1 path, which A4 then announces to A5 as her best path. profit. randy _______________________________________________ Sidrops mailing list Sidrops@ietf.org https://www.ietf.org/mailman/listinfo/sidrops -- Best regards, Alexander Azimov --_000_AM0P190MB0756A616DC740EF70E749BF0C06D0AM0P190MB0756EURP_ Content-Type: text/html; charset="koi8-r" Content-Transfer-Encoding: quoted-printable
Yes. Right on the floor. 
From: Jakob Heitz (jheitz) = <jheitz@cisco.com>
Sent: Wednesday, October 16, 2019 11:31:46 PM
To: Alexander Azimov <a.e.azimov@gmail.com>; Randy Bush <ra= ndy@psg.com>
Cc: Ben Maddison <benm@workonline.africa>; SIDR Operations WG = <sidrops@ietf.org>
Subject: RE: [Sidrops] ASPA false leak
 

So, should AS5 just drop the traffic?

 

Regards,

Jakob.

 

From: Alexander Azimov <a.e.azimov@gmail.c= om>
Sent: Wednesday, October 16, 2019 1:41 PM
To: Randy Bush <randy@psg.com>
Cc: Ben Maddison <benm=3D40workonline.africa@dmarc.ietf.org>; = Jakob Heitz (jheitz) <jheitz@cisco.com>; SIDR Operations WG <sidro= ps@ietf.org>
Subject: Re: [Sidrops] ASPA false leak

 

And another real-world scenario.

 

The significant number of route leaks today hap= pens when an ISP is using the prefix-list of their customers as the only eg= ress filter (no ingress filters/no communities).
In this case, just like in your scenario, it starts to leak customer's pref= ixes when it gets them from providers/peers, thus spoiling TE of their cust= omers. More then, the customer even can't redirect traffic from such miscon= figured upstream provider even if it experiences a service degradation. 

 

I don't believe we should legitimize such behav= ior.

 

=D3=D2, 16 =CF=CB=D4. 2019 =C7. =D7 09:42, Randy Bus= h <randy@psg.com>:

>> Consider the topology:
>>
>>    AS5      AS3
>>      \     /   \
>>       \   /     \
>>        AS4     AS2
>>          \     /
>>           \   /
>>            AS1
>>
>> AS1 has providers AS2 and AS4.
>> AS2 has provider  AS3.
>> AS4 has providers AS3 and AS5.
>>
>> AS5 receives a route with AS-path (4 3 2 1).
>> ASPA would declare that AS4 leaked the route from AS3 to AS5.
>> However, AS4 is an authorized provider for AS1.
>> Even though AS4 has a path to AS1, it chose to use an alternative<= br> >> valid path to reach AS1.
>
> and that alternate path sure looks a lot like a route leak.

lemme try a different way

the attacker A3 wishes tio siphon jelly beans from A5's traffic to A1.
so she convinces A4 to prefer the A4 A3 A2 A1 path, which A4 then
announces to A5 as her best path.  profit.

randy

_______________________________________________
Sidrops mailing list
Sidrops@ietf.org<= br> https://www.ietf.org/mailman/listinfo/sidrops


 

--

Best regards,

Alexander Azimov

--_000_AM0P190MB0756A616DC740EF70E749BF0C06D0AM0P190MB0756EURP_-- From nobody Wed Oct 23 08:45:30 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E4FE91200DF; Wed, 23 Oct 2019 08:45:21 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nist.gov Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HhsGvZLUOrN0; Wed, 23 Oct 2019 08:45:19 -0700 (PDT) Received: from GCC02-DM3-obe.outbound.protection.outlook.com (mail-dm3gcc02on2120.outbound.protection.outlook.com [40.107.91.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3414512013B; Wed, 23 Oct 2019 08:45:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=SiAwcxJKvmW9mqRSKgiRz2e3KkxDpT3Xj8H8pQF/4H7+jasJi2w4wfLlRRfspfANSPl35iMxKHOU3eeABhqNyEH736wDxZU0iivViA8SjeB3wtmwulmPB8wvG7lmxcjuD+Sh3IN7JlbbND9VmtZp9Z9OTLg5f91UPTjEa34vPqxn+pBMUgQBkeFLFkgYgS+BfL6CgBBNkbc7AyEXF0TZHkcGv+RCdnHsKq95NnJqWIXnNYvopxbJxP1zYTbqveMJUqwN0dIjfkKBlLlcUAIOcYNspBnNibMnI9ovp6yaMGMhOMpvgN+X4rZsn0w8GlfHfqNZt2LIIpyS2uIMKUMLlw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=llzPa9//2trNfrh0BevsujoOJGe0zXTE45dAyRIrLrw=; b=hkqMMyJZybvWimAjMVcwv0LcYrQxAXq2gdjUb3LhaXK95uskgBsqMfcLBW6EIrRF2ss6/LWLX8sFIJpJvv0STeeqZF6dObeEyShMH0KXrX1Y0eUwzZSYhSD4ng9QzolVUcBFBm8oE4LU8Q3eKY75u9FSdX/UcZk3BmfjQtdVrxwmBaDW7pLjqS89Vy2uCHbZSH+Uim0S8HE2BZcjoHjHzjjs7it0DAsVxxKARycuYZbv8H88X/YadHH3Mhpx/bJHe7PuMl0FO7LHUbmRJ9c9lPLRUX2LCvF7Z+2Fp7gg33VyLD4rEbaIu93BeJvUjEUT+RZrh0a5NVi2JkHCEQ4EVQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nist.gov; dmarc=pass action=none header.from=nist.gov; dkim=pass header.d=nist.gov; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nist.gov; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=llzPa9//2trNfrh0BevsujoOJGe0zXTE45dAyRIrLrw=; b=zywIzMGeo0w8Qc8zuBanAeFoyGxhtYmZ6aI09uZeOxJdn8WSoT6Hz09CwQvcOUpLpDG8+LzXwGYnDaOoxKNYtVnc+yi/2S/njECdjkf6Fzoi90bTE9IKGE6mRRRzT3yUZyuYttclP2KH2aI6EK11DyxQmyv5afXB/0QVITt0JTo= Received: from BL0PR0901MB4563.namprd09.prod.outlook.com (52.135.47.206) by BL0PR0901MB3732.namprd09.prod.outlook.com (52.132.25.25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2347.22; Wed, 23 Oct 2019 15:45:17 +0000 Received: from BL0PR0901MB4563.namprd09.prod.outlook.com ([fe80::9cca:9bbb:99ac:f806]) by BL0PR0901MB4563.namprd09.prod.outlook.com ([fe80::9cca:9bbb:99ac:f806%5]) with mapi id 15.20.2387.019; Wed, 23 Oct 2019 15:45:17 +0000 From: "Sriram, Kotikalapudi (Fed)" To: Jared Mauch , Jeffrey Haas CC: IDR , GROW WG , Warren Kumari , "sidrops@ietf.org" Thread-Topic: [GROW] [Sidrops] Deprecation of AS_SET and AS_CONFED_SET -- feedback requested Thread-Index: AQHVeihPlTEW1P2ILEaAUTmwwiqSm6dJeyMAgB78u0s= Date: Wed, 23 Oct 2019 15:45:17 +0000 Message-ID: References: <01c201d54d3c$74375ee0$5ca61ca0$@ndzh.com> <69F03192-CE2E-4126-910D-A7E3B3AA8848@puck.nether.net> <20191003202515.GE28365@pfrc.org>, In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=kotikalapudi.sriram@nist.gov; x-originating-ip: [129.6.222.204] x-ms-publictraffictype: Email x-ms-office365-filtering-ht: Tenant x-ms-office365-filtering-correlation-id: a2fc9499-1a6c-49a3-ef4f-08d757d000ce x-ms-traffictypediagnostic: BL0PR0901MB3732: x-ms-exchange-purlcount: 1 x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:9508; x-forefront-prvs: 019919A9E4 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(136003)(39860400002)(346002)(376002)(366004)(396003)(189003)(199004)(6506007)(6116002)(76176011)(74316002)(478600001)(486006)(25786009)(66066001)(3846002)(7696005)(81166006)(8676002)(81156014)(86362001)(99286004)(256004)(102836004)(8936002)(476003)(71200400001)(316002)(54906003)(71190400001)(110136005)(11346002)(2906002)(229853002)(66556008)(186003)(14454004)(5660300002)(4326008)(33656002)(446003)(966005)(7736002)(305945005)(91956017)(76116006)(66946007)(9686003)(26005)(6436002)(6306002)(52536014)(66476007)(64756008)(55016002)(66446008)(6246003); DIR:OUT; SFP:1102; SCL:1; SRVR:BL0PR0901MB3732; H:BL0PR0901MB4563.namprd09.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: KqSbZj0Scar7eTwQN9H8wDS62sd4WHEKMT03i0SMnYRMJsygWNV6lacRWkzVeUhTI17O4ESGugV9pJn8OsPH6nTjd2b7ZOcynj2WlPzFh+XHLy0uoIjspCDUfC2w2OjXVSkIShy3eaNCPH2+ZHtXDInRO7AsCZ8SH+RkyfD3pFzh7iZzGLOmd2EP7vQBner1bvJCWnHVB0L+F7W93IC1xWRQxqMk8IRhNcrY5PyoFnAZT4/auJIc7POSUEJG6XQc2H1V+zJOOPHz9aLbMVtROrllnm629+FGvJcmPDTn52h20fqE38K7w4II8IriwCicpE5Lct7CFTNcnInHyWA4GXMAw3m+65zP/2qWJqwaNETrKrx6mbnFl86lA521Jx7mJibQJQQPIsodTpmwueNdEWHuuAdl+PWokBxjNbiNeGo53L4M4mLLtkVp7qYnGtgxAwtaicmh6g/z33z1b1seaoGI90o6GvCcMOAF8YR8IIw= x-ms-exchange-transport-forked: True Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: nist.gov X-MS-Exchange-CrossTenant-Network-Message-Id: a2fc9499-1a6c-49a3-ef4f-08d757d000ce X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Oct 2019 15:45:17.3027 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: hv1SiDCoHgDAIyIevts21n8gNuOO7idyoUztDlsurIzzlCy5AoHfJAvU8kXldUssimyS7Zith9oMqsf59n8/6g== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR0901MB3732 Archived-At: Subject: Re: [Sidrops] [GROW] Deprecation of AS_SET and AS_CONFED_SET -- feedback requested X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Oct 2019 15:45:22 -0000 Earlier in this thread, there was discussion about some measurements that w= ere shared (by Jared, Warren, myself).=0A= Jeff's suggestion: why don't we list all routes with AS_SET in addition to = the stats.=0A= Now we have a detailed analysis (thanks once again to Lilia Hannachi my col= league at NIST):=0A= https://www.nist.gov/sites/default/files/documents/2019/10/23/detailed-as_s= et-analysis.txt =0A= =0A= The analysis includes the following:=0A= 1. Summary stats=0A= 2. List of ASes (AGGREGATORs) Ranked according to # Routes with AS_SET=0A= (including the organization name of the AGGREGATOR)=0A= 3. List of routes with AS_SET that seem meaningless or malformed.=0A= 4. List of routes with AS_SET that seem meaningful.=0A= 3. List of all routes with AS_SET (listed per AGGREGATOR)=0A= =0A= The summary stats are copied here, but please see other details at the link= provided.=0A= =0A= AS_SET ANALYSIS (OREGON 2019-10-03:00)=0A= The Routeviews OREGON collector peers with 43 ASes. =0A= =0A= Summary stats:=0A= =0A= Total # Updates : 30052331=0A= # Updates with AS_SET : 14348=0A= Percentage of Updates with AS_SET : 0.048%=0A= # Total # ASes (globally) : 66205=0A= # ASes that create Updates with AS_SET : 144=0A= % ASes that create Updates with AS_SET : 0.218%=0A= =0A= # Routes with AS_SET (after eliminating AS path redundancy): 477=0A= Explanation: These are routes with unique {prefix, AS_SET, 1st AS after AS= _SET, AGGREGATOR} combinations.=0A= =0A= Out of the 477 routes with AS_SETs:=0A= *** Identifying Routes with AS_SET that seem meaningless or malformed ***= =0A= # Routes with only one AS in AS_SET : 383=0A= # Routes with Reserved ASN in AS_SET : 131=0A= # Routes with common AS in the AS_SEQUENCE and AS_SET : 139=0A= # Routes with repeated ASes in the AS_SET : 0=0A= # Routes that are /24 prefix (aggregate) announcements : 239=0A= Total # Routes that seem meaningless or malformed : 456=0A= =0A= Total # Routes that seem meaningful : 21=0A= =0A= Distribution of # unique ASes in the AS_SET : 1:383, 2:68, 3:14, 4:5, 5:2,= 6:3, 23:1, 31:1=0A= =0A= # Routes with AS_SET where AGGREGATOR does not match the right most AS in = AS_SEQUENCE : 47=0A= =0A= # Routes with unique {prefix, AS_SET, AGGREGATOR} : 469=0A= # Routes with unique {prefix, AS_SET} : 455=0A= =0A= *** When there is an AGGREGATOR but no AS_SET ***=0A= # Unique prefixes (with or without AS_SET) : 826535=0A= # Unique prefixes without AS_SET but with AGGREGATOR: 75698=0A= % Unique prefixes without AS_SET but with AGGREGATOR: 9.158%=0A= =0A= Sriram= From nobody Wed Oct 23 11:20:32 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 42DD0120CC6; Wed, 23 Oct 2019 11:20:30 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DLs72mL7W-n5; Wed, 23 Oct 2019 11:20:27 -0700 (PDT) Received: from slice.pfrc.org (slice.pfrc.org [67.207.130.108]) by ietfa.amsl.com (Postfix) with ESMTP id 05FD1120CD1; Wed, 23 Oct 2019 11:20:23 -0700 (PDT) Received: from dresden.attlocal.net (99-59-193-67.lightspeed.livnmi.sbcglobal.net [99.59.193.67]) by slice.pfrc.org (Postfix) with ESMTPSA id 42EBA1E2D2; Wed, 23 Oct 2019 14:23:50 -0400 (EDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 13.0 \(3594.4.19\)) From: Jeffrey Haas In-Reply-To: Date: Wed, 23 Oct 2019 14:20:21 -0400 Cc: Jared Mauch , IDR , GROW WG , Warren Kumari , "sidrops@ietf.org" Content-Transfer-Encoding: quoted-printable Message-Id: <5844BA80-217F-45AD-8FC5-48CCCED33926@pfrc.org> References: <01c201d54d3c$74375ee0$5ca61ca0$@ndzh.com> <69F03192-CE2E-4126-910D-A7E3B3AA8848@puck.nether.net> <20191003202515.GE28365@pfrc.org> To: "Sriram, Kotikalapudi (Fed)" X-Mailer: Apple Mail (2.3594.4.19) Archived-At: Subject: Re: [Sidrops] [GROW] Deprecation of AS_SET and AS_CONFED_SET -- feedback requested X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Oct 2019 18:20:30 -0000 Sriram, > On Oct 23, 2019, at 11:45 AM, Sriram, Kotikalapudi (Fed) = wrote: > Out of the 477 routes with AS_SETs: > *** Identifying Routes with AS_SET that seem meaningless or = malformed *** > # Routes with only one AS in AS_SET : 383 > # Routes with Reserved ASN in AS_SET : 131 > # Routes with common AS in the AS_SEQUENCE and AS_SET : 139 The three of these have a strong feeling of bugs related to aggregation = interacting with either confederations or private internal AS numbers = and remote-private. Operators with diverse labs may wish to play around and see what they = can generate. :-) (I don't claim our implementation is bug-free here. But I know what I'd = look for if doing a code audit.) > # Routes with repeated ASes in the AS_SET : 0 This one is somewhat expected. The practice of canonicalizing sets in = most people's code base should generally ensure that if you have a = single sane BGP implementation in the path of the route to the = observatory that the duplicates would be pruned. -- Jeff From nobody Thu Oct 24 09:29:40 2019 Return-Path: X-Original-To: sidrops@ietf.org Delivered-To: sidrops@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 4F2B4120013; Thu, 24 Oct 2019 09:29:31 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: Cc: sidrops@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.108.0 Auto-Submitted: auto-generated Precedence: bulk Reply-To: sidrops@ietf.org Message-ID: <157193457128.11345.8163888964309891372@ietfa.amsl.com> Date: Thu, 24 Oct 2019 09:29:31 -0700 Archived-At: Subject: [Sidrops] I-D Action: draft-ietf-sidrops-rpkimaxlen-03.txt X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 Oct 2019 16:29:32 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the SIDR Operations WG of the IETF. Title : The Use of Maxlength in the RPKI Authors : Yossi Gilad Sharon Goldberg Kotikalapudi Sriram Job Snijders Ben Maddison Filename : draft-ietf-sidrops-rpkimaxlen-03.txt Pages : 12 Date : 2019-10-24 Abstract: This document recommends ways to reduce forged-origin attack surface by prudently limiting the address space that is included in Route Origin Authorizations (ROAs). One recommendation is to avoid using the maxLength attribute in ROAs except in some specific cases. The recommendations complement and extend those in RFC 7115. The document also discusses creation of ROAs for facilitating Distributed Denial of Service (DDoS) mitigation services. Considerations related to ROAs and origin validation for the case of destination-based Remote Triggered Black Hole (RTBH) filtering are also highlighted. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-sidrops-rpkimaxlen/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-sidrops-rpkimaxlen-03 https://datatracker.ietf.org/doc/html/draft-ietf-sidrops-rpkimaxlen-03 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-sidrops-rpkimaxlen-03 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Thu Oct 24 13:39:08 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2782B12009C for ; Thu, 24 Oct 2019 13:38:57 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=kumari-net.20150623.gappssmtp.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gHc44bn0aSi8 for ; Thu, 24 Oct 2019 13:38:52 -0700 (PDT) Received: from mail-qt1-x82b.google.com (mail-qt1-x82b.google.com [IPv6:2607:f8b0:4864:20::82b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 69E89120071 for ; Thu, 24 Oct 2019 13:38:52 -0700 (PDT) Received: by mail-qt1-x82b.google.com with SMTP id e14so20135795qto.1 for ; Thu, 24 Oct 2019 13:38:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kumari-net.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=uVZlsP3GNrCg8mELOu6BtOAYSfjGvna67Vwl8YgtORs=; b=Sx69ndIOO/tzLPg7thrSNJZHyuepJr19ez5Vx0IxPEq6WkixiK0BAl3ro6spTI94LX s/W6D4ZReKwJMWHDTVO5H7sFcyhbh8KjoAhEKITGp/Xdg+bWyOLDNAcZ4orUZBYGjXi/ m7mWU5+//SRSc9VEzIS5Di3qmv4LqnRVhI10XC7Hn7dCmjpgY0AovhA/aFrijngN4+m6 5+sY+PKxO3aQH9JxkyIrzuJ0v6/smMl/S33V+OkuZjpDrhqUlEVNzSz9kAgZhL0M5Rkd xgILRKVxl5hPwA/mhKZe2o/ofbcRCzvsEV2Ya66Jzuwt7tFrqc3xiPCkhP8mFAxcoV+6 g1jg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=uVZlsP3GNrCg8mELOu6BtOAYSfjGvna67Vwl8YgtORs=; b=sWIuaj2HCK32jIH/k79sfYophV/6NraHNsc2GP0yzsY7yfFD/PIZf4avE6WjABaAoo sGVn0wm56du/qFBG8cLT4YWXdHj+nPhOxw0C0xUnLglXjgzCkQulST/2xFLLbKOjX18q 8e2yWUHgNblcRZKsAKboJXt07rrcoVizm8D+gzeE6yyp62ATip8jyVjMQ5HMnl/c55P/ Fj7qmlpkXlOX3HC8l7Tw/SbhmKSUblGbaKEvN6H9nx7EfWuF57xGbhpxQoy/0poFvpMw JDS0OybVPsrqcjBIfMrg+3+CfivWz954KIrR3Oeje+8BltCgcA9DXQl876vO95ZbYcHB ZQ9Q== X-Gm-Message-State: APjAAAWMmIJkTmvKVubhF5ZglQKvPeVUXPZqwNVCGuxjJNK2mR/vmz0t 1MazBnc7tVviK1RKLG53tHlQVwJflN1ejXL4DpqBOw== X-Google-Smtp-Source: APXvYqzpPfv2Z29hM6fWD2xxrCsL+ebUXrG0MPMHv9Itf9JHlFxcIIzGOy8cj+eYatxZgTbdWwxrAQlefVNOeS5hLOk= X-Received: by 2002:a0c:fdcc:: with SMTP id g12mr14836281qvs.104.1571949530898; Thu, 24 Oct 2019 13:38:50 -0700 (PDT) MIME-Version: 1.0 References: <01c201d54d3c$74375ee0$5ca61ca0$@ndzh.com> <69F03192-CE2E-4126-910D-A7E3B3AA8848@puck.nether.net> <20191003202515.GE28365@pfrc.org> In-Reply-To: From: Warren Kumari Date: Thu, 24 Oct 2019 16:38:14 -0400 Message-ID: To: "Sriram, Kotikalapudi (Fed)" Cc: Jared Mauch , Jeffrey Haas , IDR , GROW WG , "sidrops@ietf.org" Content-Type: text/plain; charset="UTF-8" Archived-At: Subject: Re: [Sidrops] [GROW] Deprecation of AS_SET and AS_CONFED_SET -- feedback requested X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 Oct 2019 20:38:58 -0000 Thank you Sriram and Lilia -- this is helpful / useful. I wonder if the people who configured the 21 "Routes that seem meaningful" still know that they are doing this, or if it is a lurking horror.... W On Wed, Oct 23, 2019 at 11:45 AM Sriram, Kotikalapudi (Fed) wrote: > > Earlier in this thread, there was discussion about some measurements that were shared (by Jared, Warren, myself). > Jeff's suggestion: why don't we list all routes with AS_SET in addition to the stats. > Now we have a detailed analysis (thanks once again to Lilia Hannachi my colleague at NIST): > https://www.nist.gov/sites/default/files/documents/2019/10/23/detailed-as_set-analysis.txt > > The analysis includes the following: > 1. Summary stats > 2. List of ASes (AGGREGATORs) Ranked according to # Routes with AS_SET > (including the organization name of the AGGREGATOR) > 3. List of routes with AS_SET that seem meaningless or malformed. > 4. List of routes with AS_SET that seem meaningful. > 3. List of all routes with AS_SET (listed per AGGREGATOR) > > The summary stats are copied here, but please see other details at the link provided. > > AS_SET ANALYSIS (OREGON 2019-10-03:00) > The Routeviews OREGON collector peers with 43 ASes. > > Summary stats: > > Total # Updates : 30052331 > # Updates with AS_SET : 14348 > Percentage of Updates with AS_SET : 0.048% > # Total # ASes (globally) : 66205 > # ASes that create Updates with AS_SET : 144 > % ASes that create Updates with AS_SET : 0.218% > > # Routes with AS_SET (after eliminating AS path redundancy): 477 > Explanation: These are routes with unique {prefix, AS_SET, 1st AS after AS_SET, AGGREGATOR} combinations. > > Out of the 477 routes with AS_SETs: > *** Identifying Routes with AS_SET that seem meaningless or malformed *** > # Routes with only one AS in AS_SET : 383 > # Routes with Reserved ASN in AS_SET : 131 > # Routes with common AS in the AS_SEQUENCE and AS_SET : 139 > # Routes with repeated ASes in the AS_SET : 0 > # Routes that are /24 prefix (aggregate) announcements : 239 > Total # Routes that seem meaningless or malformed : 456 > > Total # Routes that seem meaningful : 21 > > Distribution of # unique ASes in the AS_SET : 1:383, 2:68, 3:14, 4:5, 5:2, 6:3, 23:1, 31:1 > > # Routes with AS_SET where AGGREGATOR does not match the right most AS in AS_SEQUENCE : 47 > > # Routes with unique {prefix, AS_SET, AGGREGATOR} : 469 > # Routes with unique {prefix, AS_SET} : 455 > > *** When there is an AGGREGATOR but no AS_SET *** > # Unique prefixes (with or without AS_SET) : 826535 > # Unique prefixes without AS_SET but with AGGREGATOR: 75698 > % Unique prefixes without AS_SET but with AGGREGATOR: 9.158% > > Sriram -- I don't think the execution is relevant when it was obviously a bad idea in the first place. This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants. ---maf From nobody Fri Oct 25 09:39:10 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7D756120219 for ; Fri, 25 Oct 2019 09:39:09 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=netorgft1331857.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cnsAetstve-I for ; Fri, 25 Oct 2019 09:39:07 -0700 (PDT) Received: from NAM03-CO1-obe.outbound.protection.outlook.com (mail-eopbgr790082.outbound.protection.outlook.com [40.107.79.82]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9EA36120105 for ; Fri, 25 Oct 2019 09:39:07 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=A4hHLAyyoDrhppM9v4iJiuPhfKWV05LoV4jk5hFkWBkRWs6TUK9xXf4fooq67X9/CEAS4EABkbr0UXVLwNm6oHpFxDLJWdKQV9h7PGqn4TLgWKGHA+nNikxOfUdqE6FVi9ctvR9FxryCx8WEG6T50DHMZtAYPXHgFE71SFav2ZNPA0O3kc49zJVGIZofBZz+cTrMZ24mfgq3lYftm3AqpWBWm0KaDm9UfRbJdEH3S/sRzaNqXzAGDMuiXQ0pV2PBkjM5kJ5Pa8MzJ+knTDVeS2Fd9I9hNBbwnrjfBYFGTQKJ0DZaMcj68lzYSSW7bOnGO/3Nk+2IXiRN0qPDGFuTZQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ThCv55iL3ys+zm8knlEIgPsZgMHMdbqZ5g23WD70Dps=; b=WrKxES87J5eBTw9MJNV8jZbRqbEFS/+KyLJpEGky7u0GDLC0Vm0GieGWn8HIcxojW2+tU4dezQuYYDmle3dHR/xqTXU2TXsX442v4alj/N9G8LgfASFvYurlvaHqdCCFTv6mL/+qxZgIEAHofUOGDNfiIHgUN+5QNs6kZW4k+CM45ETmUxzgM/zqDinzGlf44326nIxwUTe5nVdMqMalIDDXixgl+6z3bIUlIw840H+1FLmYP9Ezdojxh+wO10QdFwu6umUVAO3DQQB/WqPxaygXAOAdjztv4HVmlErDZ1mXMSdnappjpVFdw6CI8kN9P29jD07kZoDKnJz6CeQaaA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arrcus.com; dmarc=pass action=none header.from=arrcus.com; dkim=pass header.d=arrcus.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=NETORGFT1331857.onmicrosoft.com; s=selector2-NETORGFT1331857-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ThCv55iL3ys+zm8knlEIgPsZgMHMdbqZ5g23WD70Dps=; b=ADk7aK9ZAn68lsUkb45UE5yHB+9XNvy0c4RYr6QLWPpjHhR/jz4u8BMSXIhnvT0vLjnwMaIkBAVlWqV3h3YhWd+e90YaF+FlHUJRCwrgdN3/752RfUxSWhDZqaCV4GLpzw+OzUr62+4bOxJsL5AoFeAPxr7bvQ3xxDb4uw6ze8A= Received: from BYAPR18MB2856.namprd18.prod.outlook.com (20.179.59.30) by BYAPR18MB2967.namprd18.prod.outlook.com (20.179.56.95) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2367.20; Fri, 25 Oct 2019 16:39:05 +0000 Received: from BYAPR18MB2856.namprd18.prod.outlook.com ([fe80::6182:28f2:3566:d173]) by BYAPR18MB2856.namprd18.prod.outlook.com ([fe80::6182:28f2:3566:d173%3]) with mapi id 15.20.2347.030; Fri, 25 Oct 2019 16:39:05 +0000 From: Keyur Patel To: "sidrops@ietf.org" Thread-Topic: IETF106 -- Singapore -- Call for Agenda Items Thread-Index: AQHVi1K2ftA5GeJ/p0OFOuKRXPv1gQ== Date: Fri, 25 Oct 2019 16:39:04 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=keyur@arrcus.com; x-originating-ip: [70.234.233.187] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 057c03da-9669-4469-5943-08d75969d9b2 x-ms-traffictypediagnostic: BYAPR18MB2967: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:9508; x-forefront-prvs: 02015246A9 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(396003)(376002)(346002)(136003)(39830400003)(366004)(189003)(199004)(6436002)(4744005)(6306002)(2351001)(54896002)(2501003)(6512007)(86362001)(99286004)(71190400001)(71200400001)(102836004)(3846002)(256004)(6486002)(186003)(6506007)(26005)(316002)(6116002)(5640700003)(66066001)(14454004)(2616005)(5660300002)(6916009)(66946007)(36756003)(8936002)(486006)(8676002)(2906002)(1730700003)(7736002)(64756008)(66556008)(476003)(66446008)(66476007)(76116006)(81156014)(81166006)(508600001)(33656002)(25786009); DIR:OUT; SFP:1101; SCL:1; SRVR:BYAPR18MB2967; H:BYAPR18MB2856.namprd18.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: arrcus.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: o/1exN5XsX8CZEu8uCbYYKfUQTicy5AozUMJwl2VHjEZiGWQSIlx97pCoOOprOosfKAPaPvHaetE8JmQngtDWtDA/cUQ2+JWCYfTz/APrFRtJnaw94PiFfrGijvY1yDjbvxju4vUFFGL+Xor+cChQdBHxvIrEA5jY501VRgKayLU3ASfAUSRtJon7tPjxKjoW1CYFnnGM2nKXHwQcNfgZhEhipouPGZgSWPHy6XjkLozjGI1PWL96UCJYGWsC0zlCvRXQS1YO/zSneeXU7HkM9NqFwmLGrgTL7Wke9lieGL4wwvwlKPe8RrpFW2tvTLEalNNfB+MXaVbP/aPcG9Yb6CvXmjGxGqCbEVO5MgOCVOrirp/FIss8/HtcP+x/wKatQIRt/SYvb9XQ93xGdDRddqZcH8B3DsZtcC/1ZU7EGNtIVnFgP4ged1l9iW/aX3Z x-ms-exchange-transport-forked: True Content-Type: multipart/alternative; boundary="_000_F42B4991EE3D4EF2A8511EB10F164C34arrcuscom_" MIME-Version: 1.0 X-OriginatorOrg: arrcus.com X-MS-Exchange-CrossTenant-Network-Message-Id: 057c03da-9669-4469-5943-08d75969d9b2 X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Oct 2019 16:39:05.1748 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 697b3529-5c2b-40cf-a019-193eb78f6820 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: +vGxYrKKhAN2+QsPWZkIGHg1a8YTSb98QUbYTXCWPFgS3yPYKxNP5KIYFK7iSBxdeZKoHDpyjpTgAbrG3SJ6yQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR18MB2967 Archived-At: Subject: [Sidrops] IETF106 -- Singapore -- Call for Agenda Items X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 Oct 2019 16:39:09 -0000 --_000_F42B4991EE3D4EF2A8511EB10F164C34arrcuscom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 SGkgZm9sa3MsDQoNClNJRFJPUFMgd2lsbCBtZWV0IGF0IElFVEYxMDYgb24gV2VkbmVzZGF5LCBO b3ZlbWJlciAyMHRoIGZyb20gMzoyMCBwbSDigJMgNDo1MCBwbS4gUGxlYXNlIGZvcndhcmQgYW55 IFNJRFJPUFMgYWdlbmRhIGl0ZW1zIHlvdSBtYXkgaGF2ZSB0byBDaHJpcyBhbmQgbWUuIFBsZWFz ZSBhbHNvIG1ha2Ugc3VyZSB0aGF0IHlvdXIgc2xpZGVzIGFyZSBhdmFpbGFibGUgdG8gdGhlIGNo YWlycyBieSBGcmlkYXkgbW9ybmluZyAoMTEvMTUvMjAxOSkuIFNsaWRlcyByZWNlaXZlZCBhZnRl ciB0aGUgZGVhZGxpbmUgbWF5IG5vdCBiZSBhdmFpbGFibGUgZm9yIHVzZSBkdXJpbmcgdGhlIG1l ZXRpbmcuDQoNClJlZ2FyZHMsDQpDaHJpcyBhbmQgS2V5dXINCg0K --_000_F42B4991EE3D4EF2A8511EB10F164C34arrcuscom_ Content-Type: text/html; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6bz0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6b2ZmaWNlIiB4 bWxuczp3PSJ1cm46c2NoZW1hcy1taWNyb3NvZnQtY29tOm9mZmljZTp3b3JkIiB4bWxuczptPSJo dHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL29mZmljZS8yMDA0LzEyL29tbWwiIHhtbG5zPSJo dHRwOi8vd3d3LnczLm9yZy9UUi9SRUMtaHRtbDQwIj4NCjxoZWFkPg0KPG1ldGEgaHR0cC1lcXVp dj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9dXRmLTgiPg0KPG1l dGEgbmFtZT0iR2VuZXJhdG9yIiBjb250ZW50PSJNaWNyb3NvZnQgV29yZCAxNSAoZmlsdGVyZWQg bWVkaXVtKSI+DQo8c3R5bGU+PCEtLQ0KLyogRm9udCBEZWZpbml0aW9ucyAqLw0KQGZvbnQtZmFj ZQ0KCXtmb250LWZhbWlseToiQ2FtYnJpYSBNYXRoIjsNCglwYW5vc2UtMToyIDQgNSAzIDUgNCA2 IDMgMiA0O30NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6Q2FsaWJyaTsNCglwYW5vc2UtMToy IDE1IDUgMiAyIDIgNCAzIDIgNDt9DQovKiBTdHlsZSBEZWZpbml0aW9ucyAqLw0KcC5Nc29Ob3Jt YWwsIGxpLk1zb05vcm1hbCwgZGl2Lk1zb05vcm1hbA0KCXttYXJnaW46MGluOw0KCW1hcmdpbi1i b3R0b206LjAwMDFwdDsNCglmb250LXNpemU6MTIuMHB0Ow0KCWZvbnQtZmFtaWx5OiJDYWxpYnJp IixzYW5zLXNlcmlmO30NCmE6bGluaywgc3Bhbi5Nc29IeXBlcmxpbmsNCgl7bXNvLXN0eWxlLXBy aW9yaXR5Ojk5Ow0KCWNvbG9yOiMwNTYzQzE7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9 DQphOnZpc2l0ZWQsIHNwYW4uTXNvSHlwZXJsaW5rRm9sbG93ZWQNCgl7bXNvLXN0eWxlLXByaW9y aXR5Ojk5Ow0KCWNvbG9yOiM5NTRGNzI7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQpz cGFuLkVtYWlsU3R5bGUxNw0KCXttc28tc3R5bGUtdHlwZTpwZXJzb25hbC1jb21wb3NlOw0KCWZv bnQtZmFtaWx5OiJDYWxpYnJpIixzYW5zLXNlcmlmOw0KCWNvbG9yOndpbmRvd3RleHQ7fQ0KLk1z b0NocERlZmF1bHQNCgl7bXNvLXN0eWxlLXR5cGU6ZXhwb3J0LW9ubHk7DQoJZm9udC1mYW1pbHk6 IkNhbGlicmkiLHNhbnMtc2VyaWY7fQ0KQHBhZ2UgV29yZFNlY3Rpb24xDQoJe3NpemU6OC41aW4g MTEuMGluOw0KCW1hcmdpbjoxLjBpbiAxLjBpbiAxLjBpbiAxLjBpbjt9DQpkaXYuV29yZFNlY3Rp b24xDQoJe3BhZ2U6V29yZFNlY3Rpb24xO30NCi0tPjwvc3R5bGU+DQo8L2hlYWQ+DQo8Ym9keSBs YW5nPSJFTi1VUyIgbGluaz0iIzA1NjNDMSIgdmxpbms9IiM5NTRGNzIiPg0KPGRpdiBjbGFzcz0i V29yZFNlY3Rpb24xIj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNp emU6MTEuMHB0O2NvbG9yOmJsYWNrIj5IaSBmb2xrcyw8L3NwYW4+PHNwYW4gc3R5bGU9ImNvbG9y OmJsYWNrIj48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3Bh biBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtjb2xvcjpibGFjayI+Jm5ic3A7PC9zcGFuPjxzcGFu IHN0eWxlPSJjb2xvcjpibGFjayI+PG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1z b05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Y29sb3I6YmxhY2siPlNJRFJP UFMmbmJzcDt3aWxsIG1lZXQgYXQgSUVURjEwNiBvbiBXZWRuZXNkYXksIE5vdmVtYmVyIDIwdGgg ZnJvbSAzOjIwIHBtIOKAkyA0OjUwIHBtLiBQbGVhc2UgZm9yd2FyZCBhbnkmbmJzcDtTSURST1BT Jm5ic3A7YWdlbmRhIGl0ZW1zIHlvdSBtYXkgaGF2ZSB0byBDaHJpcyBhbmQgbWUuIFBsZWFzZSBh bHNvIG1ha2Ugc3VyZSB0aGF0IHlvdXIgc2xpZGVzIGFyZQ0KIGF2YWlsYWJsZSB0byB0aGUgY2hh aXJzIGJ5IEZyaWRheSBtb3JuaW5nICgxMS8xNS8yMDE5KS4gU2xpZGVzIHJlY2VpdmVkIGFmdGVy IHRoZSBkZWFkbGluZSBtYXkgbm90IGJlIGF2YWlsYWJsZSBmb3IgdXNlIGR1cmluZyB0aGUgbWVl dGluZy48L3NwYW4+PHNwYW4gc3R5bGU9ImNvbG9yOmJsYWNrIj48bzpwPjwvbzpwPjwvc3Bhbj48 L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtj b2xvcjpibGFjayI+Jm5ic3A7PC9zcGFuPjxzcGFuIHN0eWxlPSJjb2xvcjpibGFjayI+PG86cD48 L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQt c2l6ZToxMS4wcHQ7Y29sb3I6YmxhY2siPlJlZ2FyZHMsPC9zcGFuPjxzcGFuIHN0eWxlPSJjb2xv cjpibGFjayI+PG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNw YW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Y29sb3I6YmxhY2siPkNocmlzIGFuZCZuYnNwO0tl eXVyJm5ic3A7PC9zcGFuPjxzcGFuIHN0eWxlPSJjb2xvcjpibGFjayI+PG86cD48L286cD48L3Nw YW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4w cHQiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPC9ib2R5Pg0KPC9odG1s Pg0K --_000_F42B4991EE3D4EF2A8511EB10F164C34arrcuscom_-- From nobody Fri Oct 25 14:14:10 2019 Return-Path: X-Original-To: sidrops@ietf.org Delivered-To: sidrops@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 68C9F1209B0; Fri, 25 Oct 2019 14:12:05 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: "\"IETF Secretariat\"" To: , Cc: sidrops@ietf.org, warren@kumari.net X-Test-IDTracker: no X-IETF-IDTracker: 6.108.0 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <157203792542.2724.9257959079779042064.idtracker@ietfa.amsl.com> Date: Fri, 25 Oct 2019 14:12:05 -0700 Archived-At: Subject: [Sidrops] sidrops - Requested session has been scheduled for IETF 106 X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 Oct 2019 21:12:10 -0000 Dear Chris Morrow, The session(s) that you have requested have been scheduled. Below is the scheduled session information followed by the original request. sidrops Session 1 (1:30 requested) Wednesday, 20 November 2019, Afternoon Session II 1520-1650 Room Name: VIP A size: 100 --------------------------------------------- iCalendar: https://datatracker.ietf.org/meeting/106/sessions/sidrops.ics Request Information: --------------------------------------------------------- Working Group Name: SIDR Operations Area Name: Operations and Management Area Session Requester: Chris Morrow Number of Sessions: 1 Length of Session(s): 1.5 Hours Number of Attendees: 62 Conflicts to Avoid: Chair Conflict: pim mpls lsr rtgwg lsvr grow idr spring 6man People who must be present: Keyur Patel Chris Morrow Warren "Ace" Kumari Resources Requested: Special Requests: --------------------------------------------------------- From nobody Mon Oct 28 00:54:01 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 89A46120041 for ; Mon, 28 Oct 2019 00:53:59 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.999 X-Spam-Level: X-Spam-Status: No, score=-6.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nlnetlabs.nl Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qzcXtyRHWGov for ; Mon, 28 Oct 2019 00:53:58 -0700 (PDT) Received: from dicht.nlnetlabs.nl (open.nlnetlabs.nl [185.49.140.10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 37C7F12002E for ; Mon, 28 Oct 2019 00:53:58 -0700 (PDT) Received: from [10.87.1.119] (unknown [145.15.244.32]) by dicht.nlnetlabs.nl (Postfix) with ESMTPSA id D6C9112447; Mon, 28 Oct 2019 08:53:55 +0100 (CET) Authentication-Results: dicht.nlnetlabs.nl; dmarc=fail (p=none dis=none) header.from=nlnetlabs.nl Authentication-Results: dicht.nlnetlabs.nl; spf=fail smtp.mailfrom=tim@nlnetlabs.nl DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=nlnetlabs.nl; s=default; t=1572249236; bh=cs6m9yZ6yAO6cIpMc4zso9IYmLEz52qH/oDgkTaJ4rY=; h=Subject:From:In-Reply-To:Date:Cc:References:To; b=kpCirMc2tbqfsImZy08mYTP/4hJpS7DepGqqIKo+l5DVt77N2SzK3dRfGm4xBoroX lhRm48ZIC8oAPw40+qEc2SbLUisGucPrkRHJamcTF9K63WWubHK1W2JlCBEUZVnrs9 q1Gi4KWRRAuzQ8yiWSjjf9nQ3vh4y29KqLEyFZ3w= Content-Type: multipart/alternative; boundary="Apple-Mail=_562878E9-B6C6-40E5-B12A-076165C19876" Mime-Version: 1.0 (Mac OS X Mail 13.0 \(3594.4.19\)) From: Tim Bruijnzeels In-Reply-To: Date: Mon, 28 Oct 2019 08:53:53 +0100 Cc: "sidrops@ietf.org" Message-Id: References: To: Keyur Patel X-Mailer: Apple Mail (2.3594.4.19) Archived-At: Subject: Re: [Sidrops] IETF106 -- Singapore -- Call for Agenda Items X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Oct 2019 07:53:59 -0000 --Apple-Mail=_562878E9-B6C6-40E5-B12A-076165C19876 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Hi Keyur, I would like to take 10-15 minutes to talk about phasing out rsync as a = mandatory transport in future.=20 Spoiler: I believe that we can should start a discussion to make RRDP = mandatory to implement, and rsync optional. But we need to do an = inventory, and probably do measurements to track capabilities of servers = and RPs. There is no draft yet, but I will submit something before the = cut-off. Tim > On 25 Oct 2019, at 18:39, Keyur Patel wrote: >=20 > Hi folks, > =20 > SIDROPS will meet at IETF106 on Wednesday, November 20th from 3:20 pm = =E2=80=93 4:50 pm. Please forward any SIDROPS agenda items you may have = to Chris and me. Please also make sure that your slides are available to = the chairs by Friday morning (11/15/2019). Slides received after the = deadline may not be available for use during the meeting. > =20 > Regards, > Chris and Keyur=20 > =20 > _______________________________________________ > Sidrops mailing list > Sidrops@ietf.org > https://www.ietf.org/mailman/listinfo/sidrops = --Apple-Mail=_562878E9-B6C6-40E5-B12A-076165C19876 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8 Hi = Keyur,

I would like = to take 10-15 minutes to talk about phasing out rsync as a mandatory = transport in future. 

Spoiler: I believe that we can should start a discussion to = make RRDP mandatory to implement, and rsync optional. But we need to do = an inventory, and probably do measurements to track capabilities of = servers and RPs. There is no draft yet, but I will submit something = before the cut-off.

Tim

On 25 Oct 2019, at 18:39, Keyur Patel <keyur@arrcus.com> = wrote:

Hi folks,
 
SIDROPS will meet at IETF106 on Wednesday, November 20th = from 3:20 pm =E2=80=93 4:50 pm. Please forward = any SIDROPS agenda items you may have to Chris and me. Please = also make sure that your slides are available to the chairs by Friday = morning (11/15/2019). Slides received after the deadline may not be = available for use during the meeting.
 
Regards,
Chris = and Keyur 
 
_______________________________________________
Sidrops = mailing list
Sidrops@ietf.org
https://www.ietf.org/mailman/listinfo/sidrops

= --Apple-Mail=_562878E9-B6C6-40E5-B12A-076165C19876-- From nobody Mon Oct 28 05:53:46 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4938B12001E for ; Mon, 28 Oct 2019 05:53:45 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=netorgft1331857.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PKJ45AkRaAMF for ; Mon, 28 Oct 2019 05:53:43 -0700 (PDT) Received: from NAM05-CO1-obe.outbound.protection.outlook.com (mail-eopbgr720064.outbound.protection.outlook.com [40.107.72.64]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 162A512000F for ; Mon, 28 Oct 2019 05:53:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Q77Eoc848unn6szsOjR2rzba3ANesUN5HI5fjAA5vlR20gtQym5RWpLItMhW4jmE5OcVWafiUyqSReA/SxArxSNLNGYKUQGPlnyyhlQpmiiq3CMkMtHK/gSe88WpLQADC+2G86f5WjQf0csKki92/ekzZppOfQY2FAqb2dMPipXx/azz1cF1ynTlo7EqORnrLfO8G2vBUSifQKlm3zr6wx1RP/KyR+8XwkVyrYtxVAjiea5y7oWPer2wkekz1hn/IC5H0UmfHz/trS3PwXSwXL+RhEmiQ9UZbjSCvy6BmbSm8NZtHRP9gBa6dllbabFTAOPEdVZc2JWh7eRqL3Gjvg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=muMIrmvq1OuVMvnUHMwcKqHS+ITdj11ZqBP0qhGycDc=; b=V/ThI3mQsEuRAOr+Z2cwhJHYy2SWm+gTd1Nr6ntGENxe0NqIaP9g1F0UdOfUDsuwDObwDI/QE0Tq34pKmOGqrEzaWqseteok/0NoEfaRerfAr0IEYMKYvTLwVDV6iHdWgkfcX/NG78zv3ORpvLplfMuk8tn11Pal05bhj9fR1/TT9FsYrmSw13roUmSuyEozv371YClg4DdSzDbq9bzRICqTDORW6nvXPglGRt5Eu/hQrm/Zr1JN+JJ2clwbXZG6issd34uuBwhPCbQqwFvgunt+mrvgpVFlcmg7Jpy2aAVANx00q4VlhC6iIQikGALnadt7nNlUquSOCkmwCtfUeg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arrcus.com; dmarc=pass action=none header.from=arrcus.com; dkim=pass header.d=arrcus.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=NETORGFT1331857.onmicrosoft.com; s=selector2-NETORGFT1331857-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=muMIrmvq1OuVMvnUHMwcKqHS+ITdj11ZqBP0qhGycDc=; b=pqFeIdM1dkGyGdeh9OQG7qn96Il/AwLfsk1F50aIUowofmneDRyHRy7hR3G4Kw/OvuP9WahurWtQe8gHa/tyEjfSH1HL8Q0rMACfbR2VImTW6Xw1L29imm1/9NVZtsuj9tA41PEkZC7u52OMGQEfXG6BC4A0tFCnqruzSxXMzf0= Received: from BYAPR18MB2856.namprd18.prod.outlook.com (20.179.59.30) by BYAPR18MB2662.namprd18.prod.outlook.com (20.179.91.140) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2387.25; Mon, 28 Oct 2019 12:53:39 +0000 Received: from BYAPR18MB2856.namprd18.prod.outlook.com ([fe80::51d:21b6:1895:ec09]) by BYAPR18MB2856.namprd18.prod.outlook.com ([fe80::51d:21b6:1895:ec09%5]) with mapi id 15.20.2387.025; Mon, 28 Oct 2019 12:53:39 +0000 From: Keyur Patel To: Tim Bruijnzeels CC: "sidrops@ietf.org" Thread-Topic: [Sidrops] IETF106 -- Singapore -- Call for Agenda Items Thread-Index: AQHVi1K2ftA5GeJ/p0OFOuKRXPv1gadvswmAgABTwAA= Date: Mon, 28 Oct 2019 12:53:39 +0000 Message-ID: <0E85EC25-8EDC-4DFB-9A24-A311989809FD@arrcus.com> References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=keyur@arrcus.com; x-originating-ip: [2600:387:a:7::61] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 131ebeb2-a437-493d-cf0e-08d75ba5dacc x-ms-traffictypediagnostic: BYAPR18MB2662: x-ms-exchange-purlcount: 1 x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:8882; x-forefront-prvs: 0204F0BDE2 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(136003)(346002)(39830400003)(376002)(366004)(396003)(189003)(199004)(71190400001)(71200400001)(236005)(4326008)(76116006)(966005)(66946007)(66476007)(66556008)(64756008)(66446008)(86362001)(6246003)(508600001)(91956017)(6436002)(8936002)(81166006)(81156014)(229853002)(53546011)(6486002)(76176011)(102836004)(486006)(6506007)(186003)(8676002)(5660300002)(33656002)(46003)(606006)(11346002)(446003)(2906002)(25786009)(316002)(14454004)(256004)(99286004)(6306002)(54896002)(6512007)(476003)(36756003)(2616005)(6916009)(7736002)(6116002); DIR:OUT; SFP:1101; SCL:1; SRVR:BYAPR18MB2662; H:BYAPR18MB2856.namprd18.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: arrcus.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: tI0GwA0JveLn5MeemeqX03qjyEdw9J5qeY6M0rF/E9FAOS4pVNvebra7sEy3kbgpSW52c+o0hoT+k0ubelHv1hV7KcZIRyKFE6dI/ctWIrsHvvztwiR73ufhNruRIF+SUipA2Zi2n9+NinoJpa6RMiGyjRy/KtbSx7QHZ8TY2UTqMSw8ukfpCkwwu0BTdz6NH7APYsW8o9KZ9gEUX5qlz3Xordm1oGPbdx0/a5KpfvPNzRcZEG2W3TMyvQFGOTqCCY14ndx3NF/OsGL6+vUGzms3ubE8Tg5S3q+5OTqainktNwaYVFLfe+vJx2hlVCl1spI+uH2ibruuJQAKSFy00cvagJW0NIriXLKu06/Dc0cE1k0zSFWADgI4mrj7/3MV0t9qmYUh5rOiQpjtxzU5GHIBRiPnYJ/7myZV0imD1V/M62seKMk7E4YXnbRVCov+qtswwF4XeK047nib+GvY0Cllr20sP94VVo3uXuNRaZM= x-ms-exchange-transport-forked: True Content-Type: multipart/alternative; boundary="_000_0E85EC258EDC4DFB9A24A311989809FDarrcuscom_" MIME-Version: 1.0 X-OriginatorOrg: arrcus.com X-MS-Exchange-CrossTenant-Network-Message-Id: 131ebeb2-a437-493d-cf0e-08d75ba5dacc X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Oct 2019 12:53:39.3112 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 697b3529-5c2b-40cf-a019-193eb78f6820 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: QfT7P3c6Jd4VFRny0TIIt2yhzn6WIXV1NNKZg0wgKlRBo1KYSylZXBlZ2QEyu0SpESjdxYjNVsFoe6IJZMnnsA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR18MB2662 Archived-At: Subject: Re: [Sidrops] IETF106 -- Singapore -- Call for Agenda Items X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Oct 2019 12:53:45 -0000 --_000_0E85EC258EDC4DFB9A24A311989809FDarrcuscom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 QWNrLiBQbGVhc2UgbWFrZSBzdXJlIHRvIHN1Ym1pdCB0aGUgZHJhZnQgYmVmb3JlIHRoZSBjdXQt b2ZmLg0KDQpSZWdhcmRzLA0KS2V5dXINCg0KT24gT2N0IDI4LCAyMDE5LCBhdCAxMjo1NCBBTSwg VGltIEJydWlqbnplZWxzIDx0aW1AbmxuZXRsYWJzLm5sPiB3cm90ZToNCg0K77u/IEhpIEtleXVy LA0KDQpJIHdvdWxkIGxpa2UgdG8gdGFrZSAxMC0xNSBtaW51dGVzIHRvIHRhbGsgYWJvdXQgcGhh c2luZyBvdXQgcnN5bmMgYXMgYSBtYW5kYXRvcnkgdHJhbnNwb3J0IGluIGZ1dHVyZS4NCg0KU3Bv aWxlcjogSSBiZWxpZXZlIHRoYXQgd2UgY2FuIHNob3VsZCBzdGFydCBhIGRpc2N1c3Npb24gdG8g bWFrZSBSUkRQIG1hbmRhdG9yeSB0byBpbXBsZW1lbnQsIGFuZCByc3luYyBvcHRpb25hbC4gQnV0 IHdlIG5lZWQgdG8gZG8gYW4gaW52ZW50b3J5LCBhbmQgcHJvYmFibHkgZG8gbWVhc3VyZW1lbnRz IHRvIHRyYWNrIGNhcGFiaWxpdGllcyBvZiBzZXJ2ZXJzIGFuZCBSUHMuIFRoZXJlIGlzIG5vIGRy YWZ0IHlldCwgYnV0IEkgd2lsbCBzdWJtaXQgc29tZXRoaW5nIGJlZm9yZSB0aGUgY3V0LW9mZi4N Cg0KVGltDQoNCk9uIDI1IE9jdCAyMDE5LCBhdCAxODozOSwgS2V5dXIgUGF0ZWwgPGtleXVyQGFy cmN1cy5jb208bWFpbHRvOmtleXVyQGFycmN1cy5jb20+PiB3cm90ZToNCg0KSGkgZm9sa3MsDQoN ClNJRFJPUFMgd2lsbCBtZWV0IGF0IElFVEYxMDYgb24gV2VkbmVzZGF5LCBOb3ZlbWJlciAyMHRo IGZyb20gMzoyMCBwbSDigJMgNDo1MCBwbS4gUGxlYXNlIGZvcndhcmQgYW55IFNJRFJPUFMgYWdl bmRhIGl0ZW1zIHlvdSBtYXkgaGF2ZSB0byBDaHJpcyBhbmQgbWUuIFBsZWFzZSBhbHNvIG1ha2Ug c3VyZSB0aGF0IHlvdXIgc2xpZGVzIGFyZSBhdmFpbGFibGUgdG8gdGhlIGNoYWlycyBieSBGcmlk YXkgbW9ybmluZyAoMTEvMTUvMjAxOSkuIFNsaWRlcyByZWNlaXZlZCBhZnRlciB0aGUgZGVhZGxp bmUgbWF5IG5vdCBiZSBhdmFpbGFibGUgZm9yIHVzZSBkdXJpbmcgdGhlIG1lZXRpbmcuDQoNClJl Z2FyZHMsDQpDaHJpcyBhbmQgS2V5dXINCg0KX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX18NClNpZHJvcHMgbWFpbGluZyBsaXN0DQpTaWRyb3BzQGlldGYub3Jn PG1haWx0bzpTaWRyb3BzQGlldGYub3JnPg0KaHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9s aXN0aW5mby9zaWRyb3BzDQoNCg== --_000_0E85EC258EDC4DFB9A24A311989809FDarrcuscom_ Content-Type: text/html; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 PGh0bWw+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVudD0i dGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjwvaGVhZD4NCjxib2R5IGRpcj0iYXV0byI+DQo8 ZGl2IGRpcj0ibHRyIj5BY2suIFBsZWFzZSBtYWtlIHN1cmUgdG8gc3VibWl0IHRoZSBkcmFmdCBi ZWZvcmUgdGhlIGN1dC1vZmYuPC9kaXY+DQo8ZGl2IGRpcj0ibHRyIj48YnI+DQo8L2Rpdj4NCjxk aXYgZGlyPSJsdHIiPlJlZ2FyZHMsPC9kaXY+DQo8ZGl2IGRpcj0ibHRyIj5LZXl1cjwvZGl2Pg0K PGRpdiBkaXI9Imx0ciI+PGJyPg0KPGJsb2NrcXVvdGUgdHlwZT0iY2l0ZSI+T24gT2N0IDI4LCAy MDE5LCBhdCAxMjo1NCBBTSwgVGltIEJydWlqbnplZWxzICZsdDt0aW1AbmxuZXRsYWJzLm5sJmd0 OyB3cm90ZTo8YnI+DQo8YnI+DQo8L2Jsb2NrcXVvdGU+DQo8L2Rpdj4NCjxibG9ja3F1b3RlIHR5 cGU9ImNpdGUiPg0KPGRpdiBkaXI9Imx0ciI+77u/IEhpIEtleXVyLA0KPGRpdiBjbGFzcz0iIj48 YnIgY2xhc3M9IiI+DQo8L2Rpdj4NCjxkaXYgY2xhc3M9IiI+SSB3b3VsZCBsaWtlIHRvIHRha2Ug MTAtMTUgbWludXRlcyB0byB0YWxrIGFib3V0IHBoYXNpbmcgb3V0IHJzeW5jIGFzIGEgbWFuZGF0 b3J5IHRyYW5zcG9ydCBpbiBmdXR1cmUuJm5ic3A7PC9kaXY+DQo8ZGl2IGNsYXNzPSIiPjxiciBj bGFzcz0iIj4NCjwvZGl2Pg0KPGRpdiBjbGFzcz0iIj5TcG9pbGVyOiBJIGJlbGlldmUgdGhhdCB3 ZSBjYW4gc2hvdWxkIHN0YXJ0IGEgZGlzY3Vzc2lvbiB0byBtYWtlIFJSRFAgbWFuZGF0b3J5IHRv IGltcGxlbWVudCwgYW5kIHJzeW5jIG9wdGlvbmFsLiBCdXQgd2UgbmVlZCB0byBkbyBhbiBpbnZl bnRvcnksIGFuZCBwcm9iYWJseSBkbyBtZWFzdXJlbWVudHMgdG8gdHJhY2sgY2FwYWJpbGl0aWVz IG9mIHNlcnZlcnMgYW5kIFJQcy4gVGhlcmUgaXMgbm8gZHJhZnQgeWV0LCBidXQNCiBJIHdpbGwg c3VibWl0IHNvbWV0aGluZyBiZWZvcmUgdGhlIGN1dC1vZmYuPC9kaXY+DQo8ZGl2IGNsYXNzPSIi PjxiciBjbGFzcz0iIj4NCjwvZGl2Pg0KPGRpdiBjbGFzcz0iIj5UaW08YnIgY2xhc3M9IiI+DQo8 ZGl2PjxiciBjbGFzcz0iIj4NCjxibG9ja3F1b3RlIHR5cGU9ImNpdGUiIGNsYXNzPSIiPg0KPGRp diBjbGFzcz0iIj5PbiAyNSBPY3QgMjAxOSwgYXQgMTg6MzksIEtleXVyIFBhdGVsICZsdDs8YSBo cmVmPSJtYWlsdG86a2V5dXJAYXJyY3VzLmNvbSIgY2xhc3M9IiI+a2V5dXJAYXJyY3VzLmNvbTwv YT4mZ3Q7IHdyb3RlOjwvZGl2Pg0KPGJyIGNsYXNzPSJBcHBsZS1pbnRlcmNoYW5nZS1uZXdsaW5l Ij4NCjxkaXYgY2xhc3M9IiI+DQo8ZGl2IGNsYXNzPSJXb3JkU2VjdGlvbjEiIHN0eWxlPSJwYWdl OiBXb3JkU2VjdGlvbjE7IGNhcmV0LWNvbG9yOiByZ2IoMCwgMCwgMCk7IGZvbnQtZmFtaWx5OiBN ZW5sby1SZWd1bGFyOyBmb250LXNpemU6IDEycHg7IGZvbnQtc3R5bGU6IG5vcm1hbDsgZm9udC12 YXJpYW50LWNhcHM6IG5vcm1hbDsgZm9udC13ZWlnaHQ6IG5vcm1hbDsgbGV0dGVyLXNwYWNpbmc6 IG5vcm1hbDsgdGV4dC1hbGlnbjogc3RhcnQ7IHRleHQtaW5kZW50OiAwcHg7IHRleHQtdHJhbnNm b3JtOiBub25lOyB3aGl0ZS1zcGFjZTogbm9ybWFsOyB3b3JkLXNwYWNpbmc6IDBweDsgLXdlYmtp dC10ZXh0LXN0cm9rZS13aWR0aDogMHB4OyB0ZXh0LWRlY29yYXRpb246IG5vbmU7Ij4NCjxkaXYg c3R5bGU9Im1hcmdpbjogMGluIDBpbiAwLjAwMDFwdDsgZm9udC1zaXplOiAxMnB0OyBmb250LWZh bWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsiIGNsYXNzPSIiPg0KPHNwYW4gc3R5bGU9ImZvbnQt c2l6ZTogMTFwdDsiIGNsYXNzPSIiPkhpIGZvbGtzLDwvc3Bhbj48c3BhbiBzdHlsZT0iIiBjbGFz cz0iIj48bzpwIGNsYXNzPSIiPjwvbzpwPjwvc3Bhbj48L2Rpdj4NCjxkaXYgc3R5bGU9Im1hcmdp bjogMGluIDBpbiAwLjAwMDFwdDsgZm9udC1zaXplOiAxMnB0OyBmb250LWZhbWlseTogQ2FsaWJy aSwgc2Fucy1zZXJpZjsiIGNsYXNzPSIiPg0KPHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTogMTFwdDsi IGNsYXNzPSIiPiZuYnNwOzwvc3Bhbj48c3BhbiBzdHlsZT0iIiBjbGFzcz0iIj48bzpwIGNsYXNz PSIiPjwvbzpwPjwvc3Bhbj48L2Rpdj4NCjxkaXYgc3R5bGU9Im1hcmdpbjogMGluIDBpbiAwLjAw MDFwdDsgZm9udC1zaXplOiAxMnB0OyBmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsi IGNsYXNzPSIiPg0KPHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTogMTFwdDsiIGNsYXNzPSIiPlNJRFJP UFMmbmJzcDt3aWxsIG1lZXQgYXQgSUVURjEwNiBvbiBXZWRuZXNkYXksIE5vdmVtYmVyIDIwdGgg ZnJvbSAzOjIwIHBtIOKAkyA0OjUwIHBtLiBQbGVhc2UgZm9yd2FyZCBhbnkmbmJzcDtTSURST1BT Jm5ic3A7YWdlbmRhIGl0ZW1zIHlvdSBtYXkgaGF2ZSB0byBDaHJpcyBhbmQgbWUuIFBsZWFzZSBh bHNvIG1ha2Ugc3VyZSB0aGF0IHlvdXIgc2xpZGVzIGFyZSBhdmFpbGFibGUgdG8gdGhlIGNoYWly cw0KIGJ5IEZyaWRheSBtb3JuaW5nICgxMS8xNS8yMDE5KS4gU2xpZGVzIHJlY2VpdmVkIGFmdGVy IHRoZSBkZWFkbGluZSBtYXkgbm90IGJlIGF2YWlsYWJsZSBmb3IgdXNlIGR1cmluZyB0aGUgbWVl dGluZy48L3NwYW4+PHNwYW4gc3R5bGU9IiIgY2xhc3M9IiI+PG86cCBjbGFzcz0iIj48L286cD48 L3NwYW4+PC9kaXY+DQo8ZGl2IHN0eWxlPSJtYXJnaW46IDBpbiAwaW4gMC4wMDAxcHQ7IGZvbnQt c2l6ZTogMTJwdDsgZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IiBjbGFzcz0iIj4N CjxzcGFuIHN0eWxlPSJmb250LXNpemU6IDExcHQ7IiBjbGFzcz0iIj4mbmJzcDs8L3NwYW4+PHNw YW4gc3R5bGU9IiIgY2xhc3M9IiI+PG86cCBjbGFzcz0iIj48L286cD48L3NwYW4+PC9kaXY+DQo8 ZGl2IHN0eWxlPSJtYXJnaW46IDBpbiAwaW4gMC4wMDAxcHQ7IGZvbnQtc2l6ZTogMTJwdDsgZm9u dC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IiBjbGFzcz0iIj4NCjxzcGFuIHN0eWxlPSJm b250LXNpemU6IDExcHQ7IiBjbGFzcz0iIj5SZWdhcmRzLDwvc3Bhbj48c3BhbiBzdHlsZT0iIiBj bGFzcz0iIj48bzpwIGNsYXNzPSIiPjwvbzpwPjwvc3Bhbj48L2Rpdj4NCjxkaXYgc3R5bGU9Im1h cmdpbjogMGluIDBpbiAwLjAwMDFwdDsgZm9udC1zaXplOiAxMnB0OyBmb250LWZhbWlseTogQ2Fs aWJyaSwgc2Fucy1zZXJpZjsiIGNsYXNzPSIiPg0KPHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTogMTFw dDsiIGNsYXNzPSIiPkNocmlzIGFuZCZuYnNwO0tleXVyJm5ic3A7PC9zcGFuPjxzcGFuIHN0eWxl PSIiIGNsYXNzPSIiPjxvOnAgY2xhc3M9IiI+PC9vOnA+PC9zcGFuPjwvZGl2Pg0KPGRpdiBzdHls ZT0ibWFyZ2luOiAwaW4gMGluIDAuMDAwMXB0OyBmb250LXNpemU6IDEycHQ7IGZvbnQtZmFtaWx5 OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyIgY2xhc3M9IiI+DQo8c3BhbiBzdHlsZT0iZm9udC1zaXpl OiAxMXB0OyIgY2xhc3M9IiI+PG86cCBjbGFzcz0iIj4mbmJzcDs8L286cD48L3NwYW4+PC9kaXY+ DQo8L2Rpdj4NCjxzcGFuIHN0eWxlPSJjYXJldC1jb2xvcjogcmdiKDAsIDAsIDApOyBmb250LWZh bWlseTogTWVubG8tUmVndWxhcjsgZm9udC1zaXplOiAxMnB4OyBmb250LXN0eWxlOiBub3JtYWw7 IGZvbnQtdmFyaWFudC1jYXBzOiBub3JtYWw7IGZvbnQtd2VpZ2h0OiBub3JtYWw7IGxldHRlci1z cGFjaW5nOiBub3JtYWw7IHRleHQtYWxpZ246IHN0YXJ0OyB0ZXh0LWluZGVudDogMHB4OyB0ZXh0 LXRyYW5zZm9ybTogbm9uZTsgd2hpdGUtc3BhY2U6IG5vcm1hbDsgd29yZC1zcGFjaW5nOiAwcHg7 IC13ZWJraXQtdGV4dC1zdHJva2Utd2lkdGg6IDBweDsgdGV4dC1kZWNvcmF0aW9uOiBub25lOyBm bG9hdDogbm9uZTsgZGlzcGxheTogaW5saW5lICFpbXBvcnRhbnQ7IiBjbGFzcz0iIj5fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXzwvc3Bhbj48YnIgc3R5bGU9 ImNhcmV0LWNvbG9yOiByZ2IoMCwgMCwgMCk7IGZvbnQtZmFtaWx5OiBNZW5sby1SZWd1bGFyOyBm b250LXNpemU6IDEycHg7IGZvbnQtc3R5bGU6IG5vcm1hbDsgZm9udC12YXJpYW50LWNhcHM6IG5v cm1hbDsgZm9udC13ZWlnaHQ6IG5vcm1hbDsgbGV0dGVyLXNwYWNpbmc6IG5vcm1hbDsgdGV4dC1h bGlnbjogc3RhcnQ7IHRleHQtaW5kZW50OiAwcHg7IHRleHQtdHJhbnNmb3JtOiBub25lOyB3aGl0 ZS1zcGFjZTogbm9ybWFsOyB3b3JkLXNwYWNpbmc6IDBweDsgLXdlYmtpdC10ZXh0LXN0cm9rZS13 aWR0aDogMHB4OyB0ZXh0LWRlY29yYXRpb246IG5vbmU7IiBjbGFzcz0iIj4NCjxzcGFuIHN0eWxl PSJjYXJldC1jb2xvcjogcmdiKDAsIDAsIDApOyBmb250LWZhbWlseTogTWVubG8tUmVndWxhcjsg Zm9udC1zaXplOiAxMnB4OyBmb250LXN0eWxlOiBub3JtYWw7IGZvbnQtdmFyaWFudC1jYXBzOiBu b3JtYWw7IGZvbnQtd2VpZ2h0OiBub3JtYWw7IGxldHRlci1zcGFjaW5nOiBub3JtYWw7IHRleHQt YWxpZ246IHN0YXJ0OyB0ZXh0LWluZGVudDogMHB4OyB0ZXh0LXRyYW5zZm9ybTogbm9uZTsgd2hp dGUtc3BhY2U6IG5vcm1hbDsgd29yZC1zcGFjaW5nOiAwcHg7IC13ZWJraXQtdGV4dC1zdHJva2Ut d2lkdGg6IDBweDsgdGV4dC1kZWNvcmF0aW9uOiBub25lOyBmbG9hdDogbm9uZTsgZGlzcGxheTog aW5saW5lICFpbXBvcnRhbnQ7IiBjbGFzcz0iIj5TaWRyb3BzDQogbWFpbGluZyBsaXN0PC9zcGFu PjxiciBzdHlsZT0iY2FyZXQtY29sb3I6IHJnYigwLCAwLCAwKTsgZm9udC1mYW1pbHk6IE1lbmxv LVJlZ3VsYXI7IGZvbnQtc2l6ZTogMTJweDsgZm9udC1zdHlsZTogbm9ybWFsOyBmb250LXZhcmlh bnQtY2Fwczogbm9ybWFsOyBmb250LXdlaWdodDogbm9ybWFsOyBsZXR0ZXItc3BhY2luZzogbm9y bWFsOyB0ZXh0LWFsaWduOiBzdGFydDsgdGV4dC1pbmRlbnQ6IDBweDsgdGV4dC10cmFuc2Zvcm06 IG5vbmU7IHdoaXRlLXNwYWNlOiBub3JtYWw7IHdvcmQtc3BhY2luZzogMHB4OyAtd2Via2l0LXRl eHQtc3Ryb2tlLXdpZHRoOiAwcHg7IHRleHQtZGVjb3JhdGlvbjogbm9uZTsiIGNsYXNzPSIiPg0K PGEgaHJlZj0ibWFpbHRvOlNpZHJvcHNAaWV0Zi5vcmciIHN0eWxlPSJjb2xvcjogcmdiKDE0OSwg NzksIDExNCk7IHRleHQtZGVjb3JhdGlvbjogdW5kZXJsaW5lOyBmb250LWZhbWlseTogTWVubG8t UmVndWxhcjsgZm9udC1zaXplOiAxMnB4OyBmb250LXN0eWxlOiBub3JtYWw7IGZvbnQtdmFyaWFu dC1jYXBzOiBub3JtYWw7IGZvbnQtd2VpZ2h0OiBub3JtYWw7IGxldHRlci1zcGFjaW5nOiBub3Jt YWw7IG9ycGhhbnM6IGF1dG87IHRleHQtYWxpZ246IHN0YXJ0OyB0ZXh0LWluZGVudDogMHB4OyB0 ZXh0LXRyYW5zZm9ybTogbm9uZTsgd2hpdGUtc3BhY2U6IG5vcm1hbDsgd2lkb3dzOiBhdXRvOyB3 b3JkLXNwYWNpbmc6IDBweDsgLXdlYmtpdC10ZXh0LXNpemUtYWRqdXN0OiBhdXRvOyAtd2Via2l0 LXRleHQtc3Ryb2tlLXdpZHRoOiAwcHg7IiBjbGFzcz0iIj5TaWRyb3BzQGlldGYub3JnPC9hPjxi ciBzdHlsZT0iY2FyZXQtY29sb3I6IHJnYigwLCAwLCAwKTsgZm9udC1mYW1pbHk6IE1lbmxvLVJl Z3VsYXI7IGZvbnQtc2l6ZTogMTJweDsgZm9udC1zdHlsZTogbm9ybWFsOyBmb250LXZhcmlhbnQt Y2Fwczogbm9ybWFsOyBmb250LXdlaWdodDogbm9ybWFsOyBsZXR0ZXItc3BhY2luZzogbm9ybWFs OyB0ZXh0LWFsaWduOiBzdGFydDsgdGV4dC1pbmRlbnQ6IDBweDsgdGV4dC10cmFuc2Zvcm06IG5v bmU7IHdoaXRlLXNwYWNlOiBub3JtYWw7IHdvcmQtc3BhY2luZzogMHB4OyAtd2Via2l0LXRleHQt c3Ryb2tlLXdpZHRoOiAwcHg7IHRleHQtZGVjb3JhdGlvbjogbm9uZTsiIGNsYXNzPSIiPg0KPGEg aHJlZj0iaHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9zaWRyb3BzIiBzdHls ZT0iY29sb3I6IHJnYigxNDksIDc5LCAxMTQpOyB0ZXh0LWRlY29yYXRpb246IHVuZGVybGluZTsg Zm9udC1mYW1pbHk6IE1lbmxvLVJlZ3VsYXI7IGZvbnQtc2l6ZTogMTJweDsgZm9udC1zdHlsZTog bm9ybWFsOyBmb250LXZhcmlhbnQtY2Fwczogbm9ybWFsOyBmb250LXdlaWdodDogbm9ybWFsOyBs ZXR0ZXItc3BhY2luZzogbm9ybWFsOyBvcnBoYW5zOiBhdXRvOyB0ZXh0LWFsaWduOiBzdGFydDsg dGV4dC1pbmRlbnQ6IDBweDsgdGV4dC10cmFuc2Zvcm06IG5vbmU7IHdoaXRlLXNwYWNlOiBub3Jt YWw7IHdpZG93czogYXV0bzsgd29yZC1zcGFjaW5nOiAwcHg7IC13ZWJraXQtdGV4dC1zaXplLWFk anVzdDogYXV0bzsgLXdlYmtpdC10ZXh0LXN0cm9rZS13aWR0aDogMHB4OyIgY2xhc3M9IiI+aHR0 cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9zaWRyb3BzPC9hPjwvZGl2Pg0KPC9i bG9ja3F1b3RlPg0KPC9kaXY+DQo8YnIgY2xhc3M9IiI+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9ibG9j a3F1b3RlPg0KPC9ib2R5Pg0KPC9odG1sPg0K --_000_0E85EC258EDC4DFB9A24A311989809FDarrcuscom_-- From nobody Mon Oct 28 10:11:32 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 13935120113 for ; Mon, 28 Oct 2019 10:11:30 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.999 X-Spam-Level: X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HSOcazlE-tS0 for ; Mon, 28 Oct 2019 10:11:28 -0700 (PDT) Received: from mail-qt1-x833.google.com (mail-qt1-x833.google.com [IPv6:2607:f8b0:4864:20::833]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2118C12008B for ; Mon, 28 Oct 2019 10:11:28 -0700 (PDT) Received: by mail-qt1-x833.google.com with SMTP id o3so15620952qtj.8 for ; Mon, 28 Oct 2019 10:11:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=LDXMJavl9kg8WVPJyFbUPLivzn/jOEAS9i22y/7rZUI=; b=qJSmkY27PSh8aS41M0TfUpdcIaLn9Tt7EtKIGYH7u3rT76Avwe2m+LDIqHMnr+MbI0 VTSduaBi+7LnsatIpleE7746D0+WMMAflIxhuxzkMTFRVcEOilprAuLRDG+h42XdDQgL Y/dx8bk69K7Mzf5e6RZ/i2T2nC/K0JLsfDKoIMY3DtPRfke0jK9ex3YSikEqURcX9EjM FvwVDMe1R7U/d+yYST/T+hZSTyeQYgS9h/dQq84Do27vEOukqkpkkO0d0lvj0bgQqLZ1 M4NcWTept3iy6BgRbh6VuB5ZCc92c9uWnSmN9TXsArUBuqv68M9yGRuaGq6TmeoPnxnw UxxA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=LDXMJavl9kg8WVPJyFbUPLivzn/jOEAS9i22y/7rZUI=; b=N9nlTSxPFrg22SoIw2pDXMt70pnj/QGry06Fd3qIWAQPPT0umDsmra8r3akUEAnJfq +0R4O8buiH1mgbh6yqli6vDwzW4fRbAdm1ffmbQwOD4DwTjc1k7//VIkFbuZ2H47s8Df Q8ZAb9+ToJJT5Ox4pP5+RwCpxAdMT8eZWVmyQz43SSGY7gFe9hEi+7c8pBcdEGTWpAG5 M/Sti91S2qcUgIrHISQTRU//zNIsz5KG2Bd4pnnt39cm+NwIvslpjmGc9VT1HHvwmK2e tiuUpo5MAxlEh2EZtU4Gmisbr3NiOOlj5Hkc0dJ4CSXvjfhiiOGtgiIaTRW+tuiWtRQx Qx5Q== X-Gm-Message-State: APjAAAVvl6PYd1i2x534/ARqX1phQ4j8hsSReG1cWn7CaSnjzgtdD19z jGWLsmMnKSLb2qV0yQHqpDGI3Mjd5Gk72y+o2ydNyFDf X-Google-Smtp-Source: APXvYqyqlvYbALlVloGpV8HlfYyyueRgOqu3iqm/zxRGn8p0/nS/sb3AtjmQOpI7Ki1KPIHJ8W3a2sA1y5UumYCZ2UI= X-Received: by 2002:a0c:becd:: with SMTP id f13mr18433952qvj.70.1572282686875; Mon, 28 Oct 2019 10:11:26 -0700 (PDT) MIME-Version: 1.0 References: <20180822161549.GA1021@hanna.meerval.net> <42CA116C-4F74-4D31-A58E-3D7528FC529F@de-cix.net> <20180905073454.GU3097@hanna.meerval.net> <16AB499B-D859-48D2-9C36-AAF4C6F29B1C@de-cix.net> <20180906134026.GC3097@hanna.meerval.net> In-Reply-To: From: Christopher Morrow Date: Mon, 28 Oct 2019 13:11:15 -0400 Message-ID: To: Daniel Kopp Cc: Job Snijders , SIDR Operations WG Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Archived-At: Subject: Re: [Sidrops] WGLC - draft-ietf-sidrops-validating-bgp-speaker - ENDS 09/07/2018 - Sept 7th 2018 X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Oct 2019 17:11:30 -0000 This WGLC ... has dragged on very much too long :( I think there's not consensus to move this forward at this time. I think I should have said this ~8 months ago, but was hopeful that either we might reach consensus OR the draft would be move to match expectations of the working group. At this point, I think a clear signal from the WG would help the authors change their draft OR abandon it. -chris On Fri, Sep 7, 2018 at 10:03 AM Daniel Kopp wrote: > > > > On 6. Sep 2018, at 15:40, Job Snijders wrote: > > > > In that case, it appears the draft has been taken over by current > > events? From what I understood from your organisation's communications > > related to deploying RPKI origin validation there has been a commitment > > to deploy this fall. > > No, the draft hasn=E2=80=99t been taken over by other events. > The idea was to adjust the implementation according to the draft. > So I don=E2=80=99t see that this draft is outdated in that sense. > > > This puzzles me - AMS-IX already implemented this, some documentation > > can be found here: https://ams-ix.net/technical/specifications-descript= ions/ams-ix-route-servers/route-server-filtering > > (note the 6777:65012, 6777:65022, and 6777:65023) communities. > > Yes, AMS-IX has already some flavour of implementation for that=E2=80=A6 = and one goal of the draft is to have a common and well defined way how to i= mplement this. > > Kind regards > Daniel > > > _______________________________________________ > Sidrops mailing list > Sidrops@ietf.org > https://www.ietf.org/mailman/listinfo/sidrops From nobody Mon Oct 28 11:13:39 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ECB741201DE for ; Mon, 28 Oct 2019 11:13:37 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.9 X-Spam-Level: X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PpDIt6DLcWMo for ; Mon, 28 Oct 2019 11:13:37 -0700 (PDT) Received: from ran.psg.com (ran.psg.com [IPv6:2001:418:8006::18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DCA1A120137 for ; Mon, 28 Oct 2019 11:13:36 -0700 (PDT) Received: from localhost ([127.0.0.1] helo=ryuu.rg.net) by ran.psg.com with esmtp (Exim 4.90_1) (envelope-from ) id 1iP9WH-0002oW-Ay; Mon, 28 Oct 2019 18:13:33 +0000 Date: Mon, 28 Oct 2019 11:13:32 -0700 Message-ID: From: Randy Bush To: Christopher Morrow Cc: Daniel Kopp , SIDR Operations WG , Job Snijders In-Reply-To: References: <20180822161549.GA1021@hanna.meerval.net> <42CA116C-4F74-4D31-A58E-3D7528FC529F@de-cix.net> <20180905073454.GU3097@hanna.meerval.net> <16AB499B-D859-48D2-9C36-AAF4C6F29B1C@de-cix.net> <20180906134026.GC3097@hanna.meerval.net> User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/26.2 Mule/6.0 (HANACHIRUSATO) MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") Content-Type: text/plain; charset=US-ASCII Archived-At: Subject: Re: [Sidrops] WGLC - draft-ietf-sidrops-validating-bgp-speaker - ENDS 09/07/2018 - Sept 7th 2018 X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Oct 2019 18:13:38 -0000 > At this point, I think a clear signal from the WG would help the > authors change their draft OR abandon it. this draft, and others, should merge to use a common signal. i think oliver has the need here. randy From nobody Mon Oct 28 12:25:56 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0B5FB1200F1 for ; Mon, 28 Oct 2019 12:25:55 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=netorgft1331857.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ScSUj_ibeGVV for ; Mon, 28 Oct 2019 12:25:53 -0700 (PDT) Received: from NAM04-BN3-obe.outbound.protection.outlook.com (mail-eopbgr680085.outbound.protection.outlook.com [40.107.68.85]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 170E112006D for ; Mon, 28 Oct 2019 12:25:52 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=oA/Wz7K0axxCR/uk7CUrrXK5ciN0wwCNOEs0SfB5u8hdshCYeyuZzE1FOmoNF+rQBsqTCb7BNEuFIvUbrZ6/PEq5GgPUocxK7EuhX8h9gYaokHB6605TqCGNe/eWNuCPpnCxi0sAITPt5CRKZUXz/62a0hmuL5W7IlCt8auZr/CdUKNZyqbZmUN74RoFZaK0H2o1Gc4yfkgMN+nuGHSf0NKZvDu5+lrDG/yxNhz9Ot+utGDZ0yX9amqSpuGAJLohyPVQXfg/WpqI3w4u7MBWxY4VOzzcFT2FFeMfAYFq2AD+rN1WfvjgAmBNIyNErQswtsBaNTxattoU6ddyFNdnIw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=4b80IZxxlXXzSwkXOeCXKzpBZzmTbIURWaSuE1ySpDo=; b=dCud5SFOtv0a2UiVSbZ9nOxKr21XZAum5q88AaGoqEaEU4A5hCtIjXj/k07Cx50KVcE2nY2l5tv3zetY5bOtuyX+XxLsNVMrn6Z2fiQoiHUjHgVxqn2bteDVHjMwfB/WM+RCN1PYUUD4r55FhUGbukT5Fv356+X5KUsr0N5WVQ7FNnJuJjna8EB/sO5cfe5sWtWQg19eqkmnDAwUMRazBQNlqExwCYkyvf2LYtKiuv/yeAZpXigL6tsD+bGhYTimMRDtoCHoDvYUfJ+tka7bTEHqwYgO8XXN6P9KEJS5uJ+Tqufj22dLOihpZTvRROpev0BHphM2nFO2FAMLC5l1cQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arrcus.com; dmarc=pass action=none header.from=arrcus.com; dkim=pass header.d=arrcus.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=NETORGFT1331857.onmicrosoft.com; s=selector2-NETORGFT1331857-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=4b80IZxxlXXzSwkXOeCXKzpBZzmTbIURWaSuE1ySpDo=; b=rXXOLNhD1B6rsBeW19xOZxJyL0hhkHp+CBgmS6FoNHvFCv1iEUAn96Jn/l+hD2UkC1XLnB0StlwH2OSaAH5UmlYDO6OO0LyxA8f8Q2uIEDofhGajEFgRWVBeiFmOUp47HrVzS89GYltiIuQi74k7qwgzCq4P3oEyvirO3h3bRu8= Received: from BYAPR18MB2856.namprd18.prod.outlook.com (20.179.59.30) by BYAPR18MB2549.namprd18.prod.outlook.com (20.179.93.20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2387.23; Mon, 28 Oct 2019 19:25:50 +0000 Received: from BYAPR18MB2856.namprd18.prod.outlook.com ([fe80::51d:21b6:1895:ec09]) by BYAPR18MB2856.namprd18.prod.outlook.com ([fe80::51d:21b6:1895:ec09%5]) with mapi id 15.20.2387.025; Mon, 28 Oct 2019 19:25:50 +0000 From: Keyur Patel To: "sidrops@ietf.org" Thread-Topic: Closed - WG - Adoption - draft-ymbk-sidrops-ov-egress-01.txt Thread-Index: AQHVjcWB8JRyqPjqsE6GeQZuESjtqQ== Date: Mon, 28 Oct 2019 19:25:49 +0000 Message-ID: <78ADE874-818A-4A76-8B0F-58865B94AEF9@arrcus.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=keyur@arrcus.com; x-originating-ip: [2620:0:ce0:101:9461:b580:bf0:ac4a] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 4c892352-1b5c-44ab-8482-08d75bdca419 x-ms-traffictypediagnostic: BYAPR18MB2549: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:5797; x-forefront-prvs: 0204F0BDE2 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(396003)(346002)(376002)(366004)(136003)(39830400003)(199004)(189003)(2501003)(71200400001)(99286004)(71190400001)(66446008)(186003)(2906002)(2616005)(508600001)(558084003)(256004)(476003)(14444005)(5660300002)(86362001)(6506007)(486006)(2351001)(6486002)(8936002)(76116006)(36756003)(81156014)(8676002)(1730700003)(9326002)(81166006)(102836004)(91956017)(54896002)(6306002)(5640700003)(66946007)(6512007)(46003)(6436002)(33656002)(66476007)(64756008)(66556008)(316002)(7736002)(6916009)(6116002)(14454004)(25786009); DIR:OUT; SFP:1101; SCL:1; SRVR:BYAPR18MB2549; H:BYAPR18MB2856.namprd18.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: arrcus.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: pytMDKFNxh9AwqoK9WXBCvk/UAsnNDxdjt7zJiP16cgpYqKqPRIV/MIprHjDGWxyzp7QviYjIlyol9SccdmmchvA6XqkjXa8ToHAcRbCJTNXWvHDwQ2Tn9Qb6i0SXbuJiJORkYv2VW0SXiwFBCMjaaGv3JjKHTEP1tp4SSmWUhQ5B1fELIIh8yNBwPKvptzqJNg0MWNDEDUbfYFuDFS1oKRIsmXrksAEkcqekvqlKBtM9ccqCqQ6HUgmJDQlJJkwNJMDTJ5PWbq4a/QOmv83QI5nd7bQCvY/a3bjCeJccEG/W6HWVuyS4VQGZ7uB6IJqUBMABPbr3IuzGOo6HlqrnF1wqPAqtgzVdFVkDlXWoCc6j7ChpUjzygtlf0J6Z+ReydWpEWLS/cyaxGIYmrwhdfCgq2EdAdC4ns7gKgck6bAIX2jcgSDi7UUvKmCyWZm5 x-ms-exchange-transport-forked: True Content-Type: multipart/alternative; boundary="_000_78ADE874818A4A768B0F58865B94AEF9arrcuscom_" MIME-Version: 1.0 X-OriginatorOrg: arrcus.com X-MS-Exchange-CrossTenant-Network-Message-Id: 4c892352-1b5c-44ab-8482-08d75bdca419 X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Oct 2019 19:25:49.8004 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 697b3529-5c2b-40cf-a019-193eb78f6820 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: BWHfEf68Dzutb43iqnReONRo1rBBu6wfflBMaGfHSNwb6lSjxh47BSeM/Gri/MNZ0qSHn1E7ExqkrvDCKcQMzw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR18MB2549 Archived-At: Subject: [Sidrops] Closed - WG - Adoption - draft-ymbk-sidrops-ov-egress-01.txt X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Oct 2019 19:25:55 -0000 --_000_78ADE874818A4A768B0F58865B94AEF9arrcuscom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 SGkgRm9sa3MsDQoNCldoaWxlIHRoZSBjaGFpcnMgbmV2ZXIgaXNzdWVkIGEgZm9ybWFsIHJlcXVl c3QgZm9yIGFuIGFkb3B0aW9uIGNhbGwsIHNldmVyYWwgZm9sa3MgaGF2ZSBhbHJlYWR5IHNob3du IGludGVyZXN0IHRvIGFjY2VwdCB0aGlzIGRvY3VtZW50IGFzIGEgd29ya2luZyBncm91cCBkb2N1 bWVudC4gV291bGQgdGhlIGF1dGhvcnMgb2YgdGhlIGRvY3VtZW50IHBsZWFzZSBwdWJsaXNoZWQg dGhlIGRvY3VtZW50IGFzIGEgd2cgZG9jdW1lbnQ/DQoNClJlZ2FyZHMsDQpDaHJpcyAmIEtleXVy DQo= --_000_78ADE874818A4A768B0F58865B94AEF9arrcuscom_ Content-Type: text/html; charset="utf-8" Content-ID: <1354BA4091E4724C8BD3D8BD7E2B7424@namprd18.prod.outlook.com> Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6bz0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6b2ZmaWNlIiB4 bWxuczp3PSJ1cm46c2NoZW1hcy1taWNyb3NvZnQtY29tOm9mZmljZTp3b3JkIiB4bWxuczptPSJo dHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL29mZmljZS8yMDA0LzEyL29tbWwiIHhtbG5zPSJo dHRwOi8vd3d3LnczLm9yZy9UUi9SRUMtaHRtbDQwIj4NCjxoZWFkPg0KPG1ldGEgaHR0cC1lcXVp dj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9dXRmLTgiPg0KPG1l dGEgbmFtZT0iR2VuZXJhdG9yIiBjb250ZW50PSJNaWNyb3NvZnQgV29yZCAxNSAoZmlsdGVyZWQg bWVkaXVtKSI+DQo8c3R5bGU+PCEtLQ0KLyogRm9udCBEZWZpbml0aW9ucyAqLw0KQGZvbnQtZmFj ZQ0KCXtmb250LWZhbWlseToiQ2FtYnJpYSBNYXRoIjsNCglwYW5vc2UtMToyIDQgNSAzIDUgNCA2 IDMgMiA0O30NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6Q2FsaWJyaTsNCglwYW5vc2UtMToy IDE1IDUgMiAyIDIgNCAzIDIgNDt9DQovKiBTdHlsZSBEZWZpbml0aW9ucyAqLw0KcC5Nc29Ob3Jt YWwsIGxpLk1zb05vcm1hbCwgZGl2Lk1zb05vcm1hbA0KCXttYXJnaW46MGluOw0KCW1hcmdpbi1i b3R0b206LjAwMDFwdDsNCglmb250LXNpemU6MTIuMHB0Ow0KCWZvbnQtZmFtaWx5OiJDYWxpYnJp IixzYW5zLXNlcmlmO30NCmE6bGluaywgc3Bhbi5Nc29IeXBlcmxpbmsNCgl7bXNvLXN0eWxlLXBy aW9yaXR5Ojk5Ow0KCWNvbG9yOiMwNTYzQzE7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9 DQphOnZpc2l0ZWQsIHNwYW4uTXNvSHlwZXJsaW5rRm9sbG93ZWQNCgl7bXNvLXN0eWxlLXByaW9y aXR5Ojk5Ow0KCWNvbG9yOiM5NTRGNzI7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQpz cGFuLkVtYWlsU3R5bGUxNw0KCXttc28tc3R5bGUtdHlwZTpwZXJzb25hbC1jb21wb3NlOw0KCWZv bnQtZmFtaWx5OiJDYWxpYnJpIixzYW5zLXNlcmlmOw0KCWNvbG9yOndpbmRvd3RleHQ7fQ0KLk1z b0NocERlZmF1bHQNCgl7bXNvLXN0eWxlLXR5cGU6ZXhwb3J0LW9ubHk7DQoJZm9udC1mYW1pbHk6 IkNhbGlicmkiLHNhbnMtc2VyaWY7fQ0KQHBhZ2UgV29yZFNlY3Rpb24xDQoJe3NpemU6OC41aW4g MTEuMGluOw0KCW1hcmdpbjoxLjBpbiAxLjBpbiAxLjBpbiAxLjBpbjt9DQpkaXYuV29yZFNlY3Rp b24xDQoJe3BhZ2U6V29yZFNlY3Rpb24xO30NCi0tPjwvc3R5bGU+DQo8L2hlYWQ+DQo8Ym9keSBs YW5nPSJFTi1VUyIgbGluaz0iIzA1NjNDMSIgdmxpbms9IiM5NTRGNzIiPg0KPGRpdiBjbGFzcz0i V29yZFNlY3Rpb24xIj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNp emU6MTEuMHB0O2NvbG9yOmJsYWNrIj5IaSBGb2xrcyw8L3NwYW4+PHNwYW4gc3R5bGU9ImNvbG9y OmJsYWNrIj48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3Bh biBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtjb2xvcjpibGFjayI+Jm5ic3A7PC9zcGFuPjxzcGFu IHN0eWxlPSJjb2xvcjpibGFjayI+PG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1z b05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Y29sb3I6YmxhY2siPldoaWxl IHRoZSBjaGFpcnMgbmV2ZXIgaXNzdWVkIGEgZm9ybWFsIHJlcXVlc3QgZm9yIGFuIGFkb3B0aW9u IGNhbGwsIHNldmVyYWwgZm9sa3MgaGF2ZSBhbHJlYWR5IHNob3duIGludGVyZXN0IHRvIGFjY2Vw dCB0aGlzIGRvY3VtZW50IGFzIGEgd29ya2luZyBncm91cCBkb2N1bWVudC4gV291bGQgdGhlIGF1 dGhvcnMgb2YgdGhlIGRvY3VtZW50DQogcGxlYXNlIHB1Ymxpc2hlZCB0aGUgZG9jdW1lbnQgYXMg YSB3ZyBkb2N1bWVudD88L3NwYW4+PHNwYW4gc3R5bGU9ImNvbG9yOmJsYWNrIj48bzpwPjwvbzpw Pjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXpl OjExLjBwdDtjb2xvcjpibGFjayI+Jm5ic3A7PC9zcGFuPjxzcGFuIHN0eWxlPSJjb2xvcjpibGFj ayI+PG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5 bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Y29sb3I6YmxhY2siPlJlZ2FyZHMsPC9zcGFuPjxzcGFuIHN0 eWxlPSJjb2xvcjpibGFjayI+PG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05v cm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Y29sb3I6YmxhY2siPkNocmlzICZh bXA7IEtleXVyPC9zcGFuPjxzcGFuIHN0eWxlPSJjb2xvcjpibGFjayI+PG86cD48L286cD48L3Nw YW4+PC9wPg0KPC9kaXY+DQo8L2JvZHk+DQo8L2h0bWw+DQo= --_000_78ADE874818A4A768B0F58865B94AEF9arrcuscom_-- From nobody Mon Oct 28 17:05:28 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C00CA1200C7 for ; Mon, 28 Oct 2019 17:05:26 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.2 X-Spam-Level: X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mHzZghG1JXWK for ; Mon, 28 Oct 2019 17:05:25 -0700 (PDT) Received: from mail.netability.ie (mail.netability.ie [IPv6:2a03:8900:0:100::5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9C5671200B8 for ; Mon, 28 Oct 2019 17:05:25 -0700 (PDT) X-Envelope-To: sidrops@ietf.org Received: from crumpet.foobar.org (089-101-070074.ntlworld.ie [89.101.70.74] (may be forged)) (authenticated bits=0) by mail.netability.ie (8.15.2/8.15.2) with ESMTPSA id x9T05NSi082409 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 29 Oct 2019 00:05:23 GMT (envelope-from nick@foobar.org) X-Authentication-Warning: cheesecake.ibn.ie: Host 089-101-070074.ntlworld.ie [89.101.70.74] (may be forged) claimed to be crumpet.foobar.org To: Christopher Morrow Cc: SIDR Operations WG References: <20180822161549.GA1021@hanna.meerval.net> <42CA116C-4F74-4D31-A58E-3D7528FC529F@de-cix.net> <20180905073454.GU3097@hanna.meerval.net> <16AB499B-D859-48D2-9C36-AAF4C6F29B1C@de-cix.net> <20180906134026.GC3097@hanna.meerval.net> From: Nick Hilliard Message-ID: Date: Tue, 29 Oct 2019 00:05:22 +0000 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:52.0) Gecko/20100101 PostboxApp/7.0.7 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Archived-At: Subject: Re: [Sidrops] WGLC - draft-ietf-sidrops-validating-bgp-speaker - ENDS 09/07/2018 - Sept 7th 2018 X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Oct 2019 00:05:27 -0000 Christopher Morrow wrote on 28/10/2019 17:11: > This WGLC ... has dragged on very much too long :( > > I think there's not consensus to move this forward at this time. > I think I should have said this ~8 months ago, but was hopeful that > either we might reach consensus OR the draft would be move to match > expectations of the working group. > > At this point, I think a clear signal from the WG would help the > authors change their draft OR abandon it. the ideas behind the draft have fundamental problems which don't appear to be resolveable. Separate to this, since the last proper discussion about this draft in early 2018, proper RPKI has begun to take off in a serious way, so I would question whether the long term justification for progressing the draft is there. Nick From nobody Tue Oct 29 08:29:07 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 676F9120018 for ; Tue, 29 Oct 2019 08:29:05 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.9 X-Spam-Level: X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RiitwnyYTDOI for ; Tue, 29 Oct 2019 08:29:02 -0700 (PDT) Received: from de-cix.net (relay4.de-cix.net [46.31.121.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DEBD212006A for ; Tue, 29 Oct 2019 08:29:01 -0700 (PDT) IronPort-SDR: SIkD/6VYpHZxFTT9+IQ4GJPidow3SZ0E3actCnriAGSPaX2SpKRGeATi77a8cdAc4Ak+wwSKJL agPkW+SbEZ/fYNS9AokNQyjG6DZdy443nMjv4WpsZfbPKmB0hn3x37+YjLwtvRpIJWkfD/mJdG EFbFxr3QVQODZKHAbQ7CkEl13q3WprOFpedS9SaXiUKm+ZBu29es2qiEpslTyM0f+qNFL+9mba BymBLa4tQ75TC5WL3q2xisj2ie3bskAU83TDb9LGfZ2B9SE1oqnXG/b+rQXgXVEJpvvEl8V6rf twM= X-IronPort-AV: E=Sophos;i="5.68,244,1569276000"; d="scan'208";a="12913909" Received: from unknown (HELO smtp.de-cix.net) ([192.168.65.10]) by mailgw014.de-cix.net with ESMTP; 29 Oct 2019 16:25:56 +0100 Received: from EX02.for-the-inter.net (ex02.for-the-inter.net [192.168.49.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.de-cix.net (Postfix) with ESMTPS id 369E0B00B8; Tue, 29 Oct 2019 16:29:00 +0100 (CET) Received: from EX02.for-the-inter.net (192.168.49.20) by EX02.for-the-inter.net (192.168.49.20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1779.2; Tue, 29 Oct 2019 16:28:59 +0100 Received: from EX02.for-the-inter.net ([fe80::1cb2:801e:f870:7df9]) by EX02.for-the-inter.net ([fe80::1cb2:801e:f870:7df9%4]) with mapi id 15.01.1779.005; Tue, 29 Oct 2019 16:28:59 +0100 From: Daniel Kopp To: Christopher Morrow CC: SIDR Operations WG Thread-Topic: [Sidrops] WGLC - draft-ietf-sidrops-validating-bgp-speaker - ENDS 09/07/2018 - Sept 7th 2018 Thread-Index: AQHUOie94b+qhBJXv0aVQvhLDzuGmaTL0PCAgAMH8YCAEWE/gIAA7XyAgAAYbQCAAfNFgIAABTEAgAGYyQCCjg8OgIABdcKA Date: Tue, 29 Oct 2019 15:28:59 +0000 Message-ID: References: <20180822161549.GA1021@hanna.meerval.net> <42CA116C-4F74-4D31-A58E-3D7528FC529F@de-cix.net> <20180905073454.GU3097@hanna.meerval.net> <16AB499B-D859-48D2-9C36-AAF4C6F29B1C@de-cix.net> <20180906134026.GC3097@hanna.meerval.net> In-Reply-To: Accept-Language: de-DE, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-mailer: Apple Mail (2.3445.6.18) x-originating-ip: [192.168.140.236] Content-Type: text/plain; charset="utf-8" Content-ID: <120114722B8D7A488196AC8592C1130E@for-the-inter.net> Content-Transfer-Encoding: base64 MIME-Version: 1.0 Archived-At: Subject: Re: [Sidrops] WGLC - draft-ietf-sidrops-validating-bgp-speaker - ENDS 09/07/2018 - Sept 7th 2018 X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Oct 2019 15:29:05 -0000 TWFueSB0aGFua3MgQ2hyaXMgZm9yIGJyaW5pbmcgdGhpcyB1cCBhZ2Fpbi4gVGhlIGF1dGhvcnMg d291bGQgcmVhbGx5IGxpa2UgdG8gcHJvZ3Jlc3Mgd2l0aCB0aGlzIGRyYWZ0Lg0KRnJvbSBiZWdp bm5pbmcgb2YgdGhpcyB5ZWFyIChhbmQgYWxyZWFkeSBsYXN0IHllYXIpIGl0IHNlZW1zIHRoYXQg UlBLSSBhZG9wdGlvbiBpcyBvbiBhIHN0ZWVwIGFzY2VudC4NCkJ1dCBJIHRoaW5rIHRoaXMgZG9l c27igJl0IGFmZmVjdCB0aGUgaWRlYSBvZiB0aGlzIGRyYWZ0ICh0YWdnaW5nIFJQS0kgdmFsaWRh dGlvbiByZXN1bHRzIG9udG8gQkdQIGFubm91bmNlbWVudHMsIGVzcGVjaWFsbHkgYXQgSVhQcykg aW4gYSB2ZXJ5IG5lZ2F0aXZlIHdheS4NCg0KSSBhcHByZWNpYXRlIFJhbmR54oCZcyBhbmQgTmlj aydzIGZlZWRiYWNrIGFuZCBsb29raW5nIGZvcndhcmQgdG8gZnVydGhlciBjb21tZW50cyBhbmQg b3BpbmlvbnMuDQpIb3BlIHdlIGNhbiBoYXZlIGEgY29uc2Vuc3VzIGFib3V0IHRoZSBkcmFmdCBz b29uLg0KDQpUaGFua3MgYWdhaW4hDQoNCkJlc3QNCkRhbmllbA0KDQoNCj4gT24gMjguIE9jdCAy MDE5LCBhdCAxODoxMSwgQ2hyaXN0b3BoZXIgTW9ycm93IDxjaHJpc3RvcGhlci5tb3Jyb3dAZ21h aWwuY29tPiB3cm90ZToNCj4gDQo+IFRoaXMgV0dMQyAuLi4gaGFzIGRyYWdnZWQgb24gdmVyeSBt dWNoIHRvbyBsb25nIDooDQo+IA0KPiBJIHRoaW5rIHRoZXJlJ3Mgbm90IGNvbnNlbnN1cyB0byBt b3ZlIHRoaXMgZm9yd2FyZCBhdCB0aGlzIHRpbWUuDQo+IEkgdGhpbmsgSSBzaG91bGQgaGF2ZSBz YWlkIHRoaXMgfjggbW9udGhzIGFnbywgYnV0IHdhcyBob3BlZnVsIHRoYXQNCj4gZWl0aGVyIHdl IG1pZ2h0IHJlYWNoIGNvbnNlbnN1cyBPUiB0aGUgZHJhZnQgd291bGQgYmUgbW92ZSB0byBtYXRj aA0KPiBleHBlY3RhdGlvbnMgb2YgdGhlIHdvcmtpbmcgZ3JvdXAuDQo+IA0KPiBBdCB0aGlzIHBv aW50LCBJIHRoaW5rIGEgY2xlYXIgc2lnbmFsIGZyb20gdGhlIFdHIHdvdWxkIGhlbHAgdGhlDQo+ IGF1dGhvcnMgY2hhbmdlIHRoZWlyIGRyYWZ0IE9SIGFiYW5kb24gaXQuDQo+IA0KPiAtY2hyaXMN Cj4gDQo+IA0KPiBPbiBGcmksIFNlcCA3LCAyMDE4IGF0IDEwOjAzIEFNIERhbmllbCBLb3BwIDxk YW5pZWwua29wcEBkZS1jaXgubmV0PiB3cm90ZToNCj4+IA0KPj4gDQo+Pj4gT24gNi4gU2VwIDIw MTgsIGF0IDE1OjQwLCBKb2IgU25pamRlcnMgPGpvYkBudHQubmV0PiB3cm90ZToNCj4+PiANCj4+ PiBJbiB0aGF0IGNhc2UsIGl0IGFwcGVhcnMgdGhlIGRyYWZ0IGhhcyBiZWVuIHRha2VuIG92ZXIg YnkgY3VycmVudA0KPj4+IGV2ZW50cz8gIEZyb20gd2hhdCBJIHVuZGVyc3Rvb2QgZnJvbSB5b3Vy IG9yZ2FuaXNhdGlvbidzIGNvbW11bmljYXRpb25zDQo+Pj4gcmVsYXRlZCB0byBkZXBsb3lpbmcg UlBLSSBvcmlnaW4gdmFsaWRhdGlvbiB0aGVyZSBoYXMgYmVlbiBhIGNvbW1pdG1lbnQNCj4+PiB0 byBkZXBsb3kgdGhpcyBmYWxsLg0KPj4gDQo+PiBObywgdGhlIGRyYWZ0IGhhc27igJl0IGJlZW4g dGFrZW4gb3ZlciBieSBvdGhlciBldmVudHMuDQo+PiBUaGUgaWRlYSB3YXMgdG8gYWRqdXN0IHRo ZSBpbXBsZW1lbnRhdGlvbiBhY2NvcmRpbmcgdG8gdGhlIGRyYWZ0Lg0KPj4gU28gSSBkb27igJl0 IHNlZSB0aGF0IHRoaXMgZHJhZnQgaXMgb3V0ZGF0ZWQgaW4gdGhhdCBzZW5zZS4NCj4+IA0KPj4+ IFRoaXMgcHV6emxlcyBtZSAtIEFNUy1JWCBhbHJlYWR5IGltcGxlbWVudGVkIHRoaXMsIHNvbWUg ZG9jdW1lbnRhdGlvbg0KPj4+IGNhbiBiZSBmb3VuZCBoZXJlOiBodHRwczovL2Ftcy1peC5uZXQv dGVjaG5pY2FsL3NwZWNpZmljYXRpb25zLWRlc2NyaXB0aW9ucy9hbXMtaXgtcm91dGUtc2VydmVy cy9yb3V0ZS1zZXJ2ZXItZmlsdGVyaW5nDQo+Pj4gKG5vdGUgdGhlIDY3Nzc6NjUwMTIsIDY3Nzc6 NjUwMjIsIGFuZCA2Nzc3OjY1MDIzKSBjb21tdW5pdGllcy4NCj4+IA0KPj4gWWVzLCBBTVMtSVgg aGFzIGFscmVhZHkgc29tZSBmbGF2b3VyIG9mIGltcGxlbWVudGF0aW9uIGZvciB0aGF04oCmIGFu ZCBvbmUgZ29hbCBvZiB0aGUgZHJhZnQgaXMgdG8gaGF2ZSBhIGNvbW1vbiBhbmQgd2VsbCBkZWZp bmVkIHdheSBob3cgdG8gaW1wbGVtZW50IHRoaXMuDQo+PiANCj4+IEtpbmQgcmVnYXJkcw0KPj4g RGFuaWVsDQo+PiANCj4+IA0KPj4gX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX18NCj4+IFNpZHJvcHMgbWFpbGluZyBsaXN0DQo+PiBTaWRyb3BzQGlldGYub3Jn DQo+PiBodHRwczovL3d3dy5pZXRmLm9yZy9tYWlsbWFuL2xpc3RpbmZvL3NpZHJvcHMNCg0K From nobody Tue Oct 29 17:51:36 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2AD81120098 for ; Tue, 29 Oct 2019 17:51:34 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.5 X-Spam-Level: X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=UeXYPDJe; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=qUfuU0xT Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iD0K1XStcmQM for ; Tue, 29 Oct 2019 17:51:32 -0700 (PDT) Received: from alln-iport-1.cisco.com (alln-iport-1.cisco.com [173.37.142.88]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1BDCB120052 for ; Tue, 29 Oct 2019 17:51:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1311; q=dns/txt; s=iport; t=1572396692; x=1573606292; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=BGsc1io+RuoMtf9XSpELDsPGWg/Vab2kYw9FD07teaI=; b=UeXYPDJe8BD5wi8oQmHjUrnLsNrIimGkI0wf5RIOKsR2wBKCB35r40MD xQo0QzGYGk2IpXcpXtaWBnqZh2CxwC7TQNm89vdMVxTn25PswHNg80xeH QA4T7Wb9rK+P+xo/ryoWnBLlC5hxlJRJQRJRWqECz3BqcMi/Wr65wKlRO w=; IronPort-PHdr: =?us-ascii?q?9a23=3A/bpUbhd0c5RiGYGdISJU/9VBlGMj4e+mNxMJ6p?= =?us-ascii?q?chl7NFe7ii+JKnJkHE+PFxlwKYD57D5adCjOzb++D7VGoM7IzJkUhKcYcEFn?= =?us-ascii?q?pnwd4TgxRmBceEDUPhK/u/bSw3HdhQfFRk5Hq8d0NSHZW2ag=3D=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0AWAABW3bhd/5ldJa1kGgEBAQEBAQE?= =?us-ascii?q?BAQMBAQEBEQEBAQICAQEBAYFrAwEBAQELAYFKUAVsWCAECyqHbgOKd4JeiVW?= =?us-ascii?q?OFoEugSQDVAkBAQEMAQEYCwoCAQGDe0UCg1kkNgcOAgMJAQEEAQEBAgEFBG2?= =?us-ascii?q?FNwyFUQEBAQECAQEBECgGAQEsCwEEBwQCAQgRBAEBHxAhBgsdCAIEAQ0FCBq?= =?us-ascii?q?DAYJGAw4gAQ6oNgKBOIhggieCfgEBBYUSDQuCFwMGgTYBjBAYgUA/gRFGgkw?= =?us-ascii?q?+gQSBF0cBAYFjg0CCLI1En2lBCoIkkSKEKJlchDyBFohtij2PDgIEAgQFAg4?= =?us-ascii?q?BAQWBWQkpgVhwFTuCbFAQFIMGOIM7hRSFP3SBKItSJQaCEgEB?= X-IronPort-AV: E=Sophos;i="5.68,245,1569283200"; d="scan'208";a="353265624" Received: from rcdn-core-2.cisco.com ([173.37.93.153]) by alln-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 30 Oct 2019 00:51:31 +0000 Received: from XCH-ALN-017.cisco.com (xch-aln-017.cisco.com [173.36.7.27]) by rcdn-core-2.cisco.com (8.15.2/8.15.2) with ESMTPS id x9U0pUwp014122 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 30 Oct 2019 00:51:30 GMT Received: from xhs-rcd-002.cisco.com (173.37.227.247) by XCH-ALN-017.cisco.com (173.36.7.27) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 29 Oct 2019 19:51:29 -0500 Received: from xhs-rtp-002.cisco.com (64.101.210.229) by xhs-rcd-002.cisco.com (173.37.227.247) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 29 Oct 2019 19:51:29 -0500 Received: from NAM01-BN3-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-002.cisco.com (64.101.210.229) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Tue, 29 Oct 2019 20:51:29 -0400 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=lsU7KrIfVPmCJzAvNtqjGdbtTeE754/WeHcswtHmerO7nEaJTUtzmcUIuLP0l+IVWyI79CZ5iuOZa5eG4dNJV6zYdIutDB+lF5/wPkJyGyzBG9Fkj78LzDc5yk7cUg2udVyRcyrsn4ZW9fBGe0E6VbMHcyq3as9wt4hjpNQCr1ddGpN+upwi+QzQwcUv/3R5MUXcXVnIkjSSmrU05txlBqGKB1JYFqBud5BqtZ+B7pAigh8fSW6keMEL4gVcPQocjChQfvTDvameG5O5LfoUf6Enuk9zmv7bqn1ovdUtfQ2EL84tE8863Xo4UCssCM4iAgrtj8lyoyeRMKsbcJJTDg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=p3WxszJfDFRz/6esjyryS8A6YOEolX+NHcxnJXieFr8=; b=fiPZz4AUcf7xRAUWdaTx9TES2JVtw0yuEQC8D9mCQNEfD3kwmvi14fou4dWj5byJZK2mCXwZq5tVSepCzANkPar4hEZ9qChLRW89Qtaroqz7SnFNgU3K8p4TiG6BETUvjpqCBiGZ6Aapf3DHjpE4e0jy7p1mFy7zcFcSGd7bTf5HGRIE+REQgyawPYs4Fmxl8+XNSgNoqPqJ1cD2QQR1IpDHykhV7fNDQtrj3PUp7AobhrwwUH66iHIzfqssd7KJnCr3D2JFIM7hFe97DWfV+WGSJGV+ur6ffKoJN12L45/rOOeyfV7KMl9t68hKjbVjtvFXiyKAVwPxii5MyI2UPQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=p3WxszJfDFRz/6esjyryS8A6YOEolX+NHcxnJXieFr8=; b=qUfuU0xTDeNpwi2GZuZ2YieQrMzK34nrGJTJ4q4SnWDqZ4KUfTWU56Os4Yg0GKveziI6wvzQUM8+IHjIINbYpqmrKmOBgGDOHLQOBBXGnmMvvJn0bflL4G091+V/sCKCUDE7ELxBcbubfAH2Z4LIYerLAgaYfcuDMQ7YOllmkeA= Received: from MWHPR11MB1807.namprd11.prod.outlook.com (10.175.55.20) by MWHPR11MB0046.namprd11.prod.outlook.com (10.164.204.30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2387.24; Wed, 30 Oct 2019 00:51:28 +0000 Received: from MWHPR11MB1807.namprd11.prod.outlook.com ([fe80::249a:e0f:27bc:10be]) by MWHPR11MB1807.namprd11.prod.outlook.com ([fe80::249a:e0f:27bc:10be%9]) with mapi id 15.20.2387.028; Wed, 30 Oct 2019 00:51:28 +0000 From: "Jakob Heitz (jheitz)" To: Randy Bush , Christopher Morrow CC: SIDR Operations WG Thread-Topic: [Sidrops] WGLC - draft-ietf-sidrops-validating-bgp-speaker - ENDS 09/07/2018 - Sept 7th 2018 Thread-Index: AQHUOie+CAJrcZMMbkWyPIZdMywVIKTMRkmAgAMH8gCAEWE9gIAA7X2AgpNm5VA= Date: Wed, 30 Oct 2019 00:51:27 +0000 Message-ID: References: <20180822161549.GA1021@hanna.meerval.net> <42CA116C-4F74-4D31-A58E-3D7528FC529F@de-cix.net> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=jheitz@cisco.com; x-originating-ip: [2001:420:30d:1254:68ee:ac2e:9d42:aa6f] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 211ff1d8-d51f-485b-6e00-08d75cd34c33 x-ms-traffictypediagnostic: MWHPR11MB0046: x-ms-exchange-purlcount: 1 x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:962; x-forefront-prvs: 02065A9E77 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(136003)(39860400002)(376002)(346002)(366004)(396003)(189003)(13464003)(199004)(66446008)(5660300002)(316002)(71190400001)(110136005)(99286004)(7696005)(256004)(74316002)(305945005)(7736002)(76116006)(76176011)(64756008)(66556008)(66946007)(71200400001)(33656002)(14454004)(966005)(186003)(6116002)(102836004)(46003)(11346002)(86362001)(2906002)(478600001)(81156014)(6436002)(229853002)(8936002)(6306002)(9686003)(6506007)(81166006)(66476007)(53546011)(446003)(8676002)(476003)(6246003)(52536014)(55016002)(486006)(4326008)(25786009); DIR:OUT; SFP:1101; SCL:1; SRVR:MWHPR11MB0046; H:MWHPR11MB1807.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: gLMon8HOse/aasTpPbVGdlk+k4RNPpYLsAktYwQEruzQKPm/1fi9GggH0FeVhb4RiWQ3bFnM5gcP0Vu4Tfn/akOaihZZ3hL7UoOW7cEWtCFzaSrAlyzwxG77By4TflEd8LcLGDm7JAvh1sbqJ/1dPIxc1iKDOKFjbmcT1i5WUDNT61iRyAXxQCMts4QYH9G7hMJuBKL2k8NyPDPSTPn0mekA6yvNwQnh8QMycEgQXifOLgX3KXTeFuq0Q2VQKaqzssZcY/M0KubddQjt3pMHv9Wg9yp0mDLQnDRHKtzHpqUKFyNK4mM8Fct5+sAuvhfDIayaav2CmZHtLSrxxbPj8FK6UJ6IW2IyQMb9s06jnMZzUe670NpP5yxUBxQsk1lVS6mgnZHWf/gx5ESj0jB0ZXpcAI5Nv00jC25p9DRm0o+3FSKaRe0jd3qig4wLHKwxqtzSZDOeoKMTABFU6Dhh1oYExt7xWqb6htziEbKaljs= x-ms-exchange-transport-forked: True Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-MS-Exchange-CrossTenant-Network-Message-Id: 211ff1d8-d51f-485b-6e00-08d75cd34c33 X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Oct 2019 00:51:28.0459 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: fLaRuMwIhwMnVahHZnanSGnCbiODbZzmSiIqj8AQMYR3HrSI1SLcrEteylecJP2pcQ68m34QVnA9BP6/mm9WIA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR11MB0046 X-OriginatorOrg: cisco.com X-Outbound-SMTP-Client: 173.36.7.27, xch-aln-017.cisco.com X-Outbound-Node: rcdn-core-2.cisco.com Archived-At: Subject: Re: [Sidrops] WGLC - draft-ietf-sidrops-validating-bgp-speaker - ENDS 09/07/2018 - Sept 7th 2018 X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Oct 2019 00:51:34 -0000 IOS-XR revalidates. Has done since the beginning. Regards, Jakob. -----Original Message----- From: Sidrops On Behalf Of Randy Bush Sent: Tuesday, September 4, 2018 11:07 PM To: Christopher Morrow Cc: SIDR Operations WG Subject: Re: [Sidrops] WGLC - draft-ietf-sidrops-validating-bgp-speaker - E= NDS 09/07/2018 - Sept 7th 2018 > 1) "route origin validation is not as hard to see deploying today" see draft-ietf-sidrops-ov-clarify-05.txt. essentially vendors' implementations are funky and so it is hard for me to do it myself. and it is not only ov-clarify. test whether your fave implementation re-evaluates a bgp prefix when a roa change comes in over rpki-rtr. the messy story goes on. > 2) "just introducing an IXP lan/RS that simply implements the validatio= n > and takes action(s) is the right course of action" s/the right course/one right course/ what is nice is that the ixp-provided filter does not have the same problems as above. so it is a leapfrog while hardware vendors catch up. it is driving origin validation deployment. randy _______________________________________________ Sidrops mailing list Sidrops@ietf.org https://www.ietf.org/mailman/listinfo/sidrops From nobody Tue Oct 29 19:49:55 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9557912007A for ; Tue, 29 Oct 2019 19:49:53 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.9 X-Spam-Level: X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Gh1idMhpj_g1 for ; Tue, 29 Oct 2019 19:49:52 -0700 (PDT) Received: from ran.psg.com (ran.psg.com [IPv6:2001:418:8006::18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 43E9B120123 for ; Tue, 29 Oct 2019 19:49:52 -0700 (PDT) Received: from localhost ([127.0.0.1] helo=ryuu.rg.net) by ran.psg.com with esmtp (Exim 4.90_1) (envelope-from ) id 1iPe3R-0007At-DR; Wed, 30 Oct 2019 02:49:49 +0000 Date: Tue, 29 Oct 2019 19:49:48 -0700 Message-ID: From: Randy Bush To: Jakob Heitz Cc: SIDR Operations WG In-Reply-To: References: <20180822161549.GA1021@hanna.meerval.net> <42CA116C-4F74-4D31-A58E-3D7528FC529F@de-cix.net> User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/26.2 Mule/6.0 (HANACHIRUSATO) MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") Content-Type: text/plain; charset=US-ASCII Archived-At: Subject: Re: [Sidrops] WGLC - draft-ietf-sidrops-validating-bgp-speaker - ENDS 09/07/2018 - Sept 7th 2018 X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Oct 2019 02:49:54 -0000 > IOS-XR revalidates. Has done since the beginning. and that is likely why those rolling out ROV this year were XR users. thank you. >>> 2) "just introducing an IXP lan/RS that simply implements the validation >>> and takes action(s) is the right course of action" >> >> what is nice is that the ixp-provided filter does not have the same >> problems as above. so it is a leapfrog while hardware vendors catch up. >> it is driving origin validation deployment. further to that, as most RSs run bird and bird does not reevaluate, ... it's boiling frog, not leapfrog. sigh. randy From nobody Wed Oct 30 02:49:18 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A0BF31208ED for ; Wed, 30 Oct 2019 02:49:16 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.2 X-Spam-Level: X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UXWU-bby0QRG for ; Wed, 30 Oct 2019 02:49:14 -0700 (PDT) Received: from mail.netability.ie (mail.netability.ie [IPv6:2a03:8900:0:100::5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 69A011208DC for ; Wed, 30 Oct 2019 02:49:14 -0700 (PDT) X-Envelope-To: sidrops@ietf.org Received: from crumpet.foobar.org (089-101-070074.ntlworld.ie [89.101.70.74] (may be forged)) (authenticated bits=0) by mail.netability.ie (8.15.2/8.15.2) with ESMTPSA id x9U9n40k034679 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 30 Oct 2019 09:49:05 GMT (envelope-from nick@foobar.org) X-Authentication-Warning: cheesecake.ibn.ie: Host 089-101-070074.ntlworld.ie [89.101.70.74] (may be forged) claimed to be crumpet.foobar.org To: Randy Bush Cc: Jakob Heitz , SIDR Operations WG References: <20180822161549.GA1021@hanna.meerval.net> <42CA116C-4F74-4D31-A58E-3D7528FC529F@de-cix.net> From: Nick Hilliard Message-ID: Date: Wed, 30 Oct 2019 09:49:02 +0000 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:52.0) Gecko/20100101 PostboxApp/7.0.8 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/mixed; boundary="------------E4488C64399379F07994A7B3" Content-Language: en-US Archived-At: Subject: Re: [Sidrops] WGLC - draft-ietf-sidrops-validating-bgp-speaker - ENDS 09/07/2018 - Sept 7th 2018 X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Oct 2019 09:49:17 -0000 This is a multi-part message in MIME format. --------------E4488C64399379F07994A7B3 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Randy Bush wrote on 30/10/2019 02:49: > further to that, as most RSs run bird and bird does not reevaluate, ... > it's boiling frog, not leapfrog. sigh. bird doesn't re-evaluate, but this can be worked around in a non-ideal way: > 40 11,20 * * * root /usr/sbin/birdc -s /var/run/bird/bird-rs1-lan1-ipv4.ctl reload in all >/dev/null ~100 clients causes CPU spikes as shown in the graph below. The decay profile in the spikes is caused by reloads of other bird instances on the same vm. Nick --------------E4488C64399379F07994A7B3 Content-Type: image/png; name="bird-cpu-spikes.png" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="bird-cpu-spikes.png" iVBORw0KGgoAAAANSUhEUgAABZMAAAIrCAYAAACatAdmAAAABmJLR0QA/wD/AP+gvaeTAAAg AElEQVR4nOzdX4zl6X3X+U/PzNpxmCH+00ZhHI82IRVpbdzM2MQZSBNbKq//rAZbg4JljBEi CiWkkUAabMHFIi7QSlxwsQi0qu5eUoiu3xG7FygXvvF6uaBlgRSCpxPhbhNZysYeZ+N4BhI7 idnE9tmLOoepqXS1q7s+53TVc14v6eg7far6nPOevnl0fo+eXwIAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAADnwIUH/QEAAAAAAHggfviY53/1Tk8+tMIPAgAAAADA2fX7hx5vPzTv6JE1 fSgAAAAAAM6Wry7mY4v5tSTfPe6Xhznm4q/8lb/y5y9cuDD/F//iX3z6QX8WAAAAAIBz4A1J 3prkjyR5KckfT/K7Sf7DnX55iC+T/+Jf/Iuv+77v+77/mCQPP/zw2//5P//n//VBfyYAAAAA gDPuUpIvJ/mtxZ9fl+S/Jpnf6ZeHODP5da973d+5cOHCj1y4cOFHvvvd7/6dB/15AAAAAADO gW/mYHfyDy8eP5jkvz/ul8/9l8k/8zM/8yNJDn+B/HcWzwEAAAAAcLx7ugHfur9M/sUcbJH+ j0ee/2iSryR5McnHT/D8f/Ptb3/7Hyf5vkNPve473/nO/9r6wAAAAAAAg/rq4vGNxZ/vegO+ B+FH8+ovkx/NwYd8Z5Knknw9yevv8vwdPfHEE1cbH26+u/t/NF7npPb3959d5/vp69LXN3qj vi59Xfq69HXp69LXpa/LGrRPX5e+Ln1d+rpG71t4Qw7OTf4zSbaS/FSSdx33y4+s6UPdzbuS /HKSzy/+/Pkk707y/x3z/P+14s/z2yt+/Ve5cOHCm9f5ftFXpW8lRm/UV6SvTl+Rvjp9Rfrq 9BVZg66EviJ9dfqK9NWN3pckb82rb8D3Yg5uwHdHZ+HM5DcleTnJJ5N8KslLi+eOe/5V5teu XZrv7t5+8vHH3zbf3b2aJKeaFy68sfI6J5wXLlx4dJ3vp0/fme5LkgsX3rfO9/sff+/3/po+ ffr06dOnT5++ze2b7+6Ov87Wp0+fPn1D9S2/D51fufJcTu/3klzMwWkSP5rkLUn+ROF1a44e c/GeJJ899OfPJHn/XZ6/o9YxFwAAAAAAG+KZJH/8yOOZ4375LOxM/nwOzuV4cvF4V5JfuMvz K7X8ln9dpmnaWef76evS1zd6o74ufV36uvR16evS16Wvyxq0T1+Xvi59Xfq6Ru9b+FYObr73 /y4e38jBbuUz4eeTzA89PrZ4/mM5OI/jq0k+cej3j3v+D7EzGQAAAADgnrw1yXuTvH3xeG+S H3qAn2c9Wl8mj37FQV+Xvr7RG/V16evS16WvS1+Xvi59Xdagffq69HXp69LXNXrfIa9N8ubF 47UP6DOsx2w2uzhN08729vat5JX/6aZpmqZpmqZpmqZpmqZpmqPN2Wz2/DRNO/v7+89mNX5q Ra97dtiZfDL6uvT1jd6or0tfl74ufV36uvR16euyBu3T16WvS1+Xvq7R++7i2BvwXVjnp1il J5544uqXv/zls/I/HAAAAADgrPtzd3juB5J8et0fZK3sTD4ZfV36+kZv1Nelr0tfl74ufV36 uvR1WYP26evS16WvS1/X6H13cezO5GG0vkwGAAAAANhgTx33g4fW+SlWYXkDvq2trcvJ6Q+w vrm3d6PxOvdwYPb1db6fPn1nuW+app357u7Vdb7f8qFPnz59+vTp06dvM/uS8dfZ+vTp06dv rL7yDfgeSvJ4kh9bPB5P8kuF1z3b7EwGAAAAALgn705yKckPLh5/KsmPH/fL535nctvoZ6Ho 69LXN3qjvi59Xfq69HXp69LXpa/LGrRPX5e+Ln1d+rpG71t4Y5JbSX5j8fhCkjc9gM+xXnYm AwAAAADck7cn+cm8cszFTy6euyM7k48Y/YqDvi59faM36uvS16WvS1+Xvi59Xfq6rEH79HXp 69LXpa9r9L6FL+TgjORvLB6/tHhuTMsb8G1vb99K1ncgtmmapmmapmmapmmapmma5rrnGm7A N/4G5NYxF6NfcdDXpa9v9EZ9Xfq69HXp69LXpa9LX5c1aJ++Ln1d+rr0dY3et3BPN+AbhjOT AQAAAADuyQeTPHLoz48snruj8bcs36PRrzjo69LXN3qjvi59Xfq69HXp69LXpa/LGrRPX5e+ Ln1d+rpG71v4SpKfyCvHXPzE4rmx2ZkMAAAAAHDPHs0rx1w8erdftDP5iNGvOOjr0tc3eqO+ Ln1d+rr0denr0telr8satE9fl74ufV36ukbvW1h+efw7i8fh58Yzm80uTtO0s729fSt58HdT NE3TNE3TNE3TNE3TNE3TXNWczWbPT9O0s7+//2xO75kkT93hMbbWMRejX3HQ16Wvb/RGfV36 uvR16evS16WvS1+XNWifvi59Xfq69HWN3rfwzAN4z1N5KMnVJL+d5NeSfPzQz76dZL54fPpu L+LMZAAAAACAe3Luvkz+YJJ/m+QNSZ5I8sUkP7D42YsnfRE7k09GX5e+vtEb9XXp69LXpa9L X5e+Ln1d1qB9+rr0denr0tc1et/Cn3gA73kqyy+TX5+DL5O/nOQ9i599K8k3k3wpyUfu9iJ2 JgMAAAAArM5DD/oDJPlskl9J8pUk/yrJL+Vgl3KSvG7x388l+bkkjx39y/Nr1y7Nd3dvP/n4 429bXi04zVw+Tvs6J53TNO2s8/306TvLfYt5e53v9/K1azf06dOnT58+ffr0bXTf8Otsffr0 6dM3Vt/y+9D5lSvPhbyQ5M8c8/w7jvtLdiYDAAAAAKzOWdiZvPSaJDtJ3pzk84eefzjJ+5K8 JcmvrvpDLL/lXxdnvXTp63JeXZ++Ln1d+rr0denr0telr8satE9fl74ufV36ukbvO8++mOQP crD7+OnFc88kmSf5TpLbST50txewMxkAAAAAgO+p9WXy6Fcc9HXp6xu9UV+Xvi59Xfq69HXp 69LXZQ3ap69LX5e+Ln1do/cl+aGcrZMrVm82m12cpmlne3v7VvLK/3TTNE3TNE3TNE3TNE3T NM3R5mw2e36app39/f1nczpvSfLuJD+W5LWnfK3zxc7kk9HXpa9v9EZ9Xfq69HXp69LXpa9L X5c1aJ++Ln1d+rr0dY3ed8gbk7wzyaUkf/QBfYb1cmYyAAAAAMB9+/4kb0/y48f9wmadiXEC o19x0Nelr2/0Rn1d+rr0denr0telr0tflzVon74ufV36uvR1jd53B7+X5AtJXnjAn2P17EwG AAAAAFidc78zeXkDvq2trcvJ6Q+wvrm3d6PxOvdwYPb1db6fPn1nuW+app357u7Vdb7f8qFP nz59+vTp06dvM/uS8dfZ+vTp06dvrL7iDfg2l53JAAAAAACrc+53JreNfhaKvi59faM36uvS 16WvS1+Xvi59Xfq6rEH79HXp69LXpa9r9L6NZmcyAAAAAMDq2Jl8xOhXHPR16esbvVFfl74u fV36uvR16evS12UN2qevS1+Xvi59XaP33cVPPegPsDLLG/Btb2/fStZ3ILZpmqZpmqZpmqZp mqZpmua65xpuwPfMil737GgdczH6FQd9Xfr6Rm/U16WvS1+Xvi59Xfq69HVZg/bp69LXpa9L X9fofQt/7g4PXyYDAAAAAPA9HftlsjOTjxj9ioO+Ln19ozfq69LXpa9LX5e+Ln1d+rqsQfv0 denr0telr2v0vrv46oP+ACtnZzIAAAAAwD15KMnjSX5s8Xg8d9mAfO53Ji9vwLe1tXU5Of0B 1jf39m40XuceDsy+vs7306fvLPdN07Qz3929us73Wz706dOnT58+ffr0bWZfMv46W58+ffr0 jdVXvgHfn05yMck3Fo83J3lX4XXPNjuTAQAAAADuyQeTPHLoz48snrujc78zuW30s1D0denr G71RX5e+Ln1d+rr0denr0tdlDdqnr0tfl74ufV2j9y18JclP5JVjLn5i8dyZ9VCSq0l+O8mv Jfn4oZ99NAcf/sUjz/8hdiYDAAAAANyzR5P84OLx6AP+LN/TB5P82yRvSPJEki8m+YEcfPCv JXlnkqeSfD3J6497kdaXyaNfcdDXpa9v9EZ9Xfq69HXp69LXpa9LX5c1aJ++Ln1d+rr0dY3e t/D4MY8za/ll8utz8GXyl5O8Z/H47KHf+0yS9x/3InYmAwAAAADck2eS/PChufzvOzoLZyZ/ Nsmv5OA4i3+V5JdysEv5TUleTvLJJJ9K8tLiuVeZX7t2ab67e/vJxx9/2/JqwWnm8nHa1znp nKaDuyOv6/306TvLfYt5e53v9/K1azf06dOnT58+ffr0bXTf8Otsffr06dM3Vt/y+9D5lSvP 5fTmSf6fxX//2uLx3cLrrs0LSf5M7EwGAAAAAFiln0ryPyT5szm4+d67k/ypB/qJTug1SXZy cLO91yZ5LAdnJj+5eLwUZyafmr4ufX2jN+rr0telr0tfl74ufV36uqxB+/R16evS16Wva/S+ he9P8kM5OMHi+3PwneyZ98Ukf5CDXclPH3r+Yzn4cvmrST5xtxewMxkAAAAA4J684YTPjcXO 5JPR16Wvb/RGfV36uvR16evS16WvS1+XNWifvi59Xfq69HWN3rdwp5vtHXsDvnNvNptdnKZp Z3t7+1byyv900zRN0zRN0zRN0zRN0zTN0eZsNnt+mqad/f39Z3N6zyS5fOQx7pfJS3Ymn4y+ Ln19ozfq69LXpa9LX5e+Ln1d+rqsQfv0denr0telr2v0voXN2pm85MxkAAAAAIB78tAJn7v7 DzbV6Fcc9HXp6xu9UV+Xvi59Xfq69HXp69LXZQ3ap69LX5e+Ln1do/ctfPeEz43FzmQAAAAA gNU59zuTlzfg29raupyc/gDrm3t7Nxqvcw8HZl9f5/vp03eW+6Zp2pnv7l5d5/stH/r06dOn T58+ffo2sy8Zf52tT58+ffrG6ivfgG8z2ZkMAAAAALA6535nctvoZ6Ho69LXN3qjvi59Xfq6 9HXp69LXpa/LGrRPX5e+Ln1d+rpG79todiYDAAAAANyTh5I8nuTHFo/Hc5cNyHYmHzH6FQd9 Xfr6Rm/U16WvS1+Xvi59Xfq69HVZg/bp69LXpa9LX9fofQt/OsnFJN9YPN6c5F0P4HOsx/IG fNvb27eS9R2IbZqmaZqmaZqmaZqmaZqmue5ZvgHfB5M8cujPjyyeG1vrmIvRrzjo69LXN3qj vi59Xfq69HXp69LXpa/LGrRPX5e+Ln1d+rpG71t4e5KfzCvHXPzk4rmxOTMZAAAAAOCePZrk BxePR+/2i85MPmL0Kw76uvT1jd6or0tfl74ufV36uvR16euyBu3T16WvS1+Xvq7R+xbemOQ1 SX5/8XjN4rmx2ZkMAAAAAHBPnsnBsRbLufzvOzr3O5OXN+Db2tq6nJz+AOube3s3Gq9zDwdm X1/n++nTd5b7pmname/uXl3n+y0f+vTp06dPnz59+jazLxl/na1Pnz59+sbqK9+AL0m+cGh+ 4W6/OAw7kwEAAAAA7skzR+bR/36Vs7Iz+e8neTnJf17899K3k8wXj0+v44OMfhaKvi59faM3 6uvS16WvS1+Xvi59Xfq6rEH79HXp69LXpa9r9L6FX1zM//vQc//2AXyOE3trkq8neSLJW5L8 epIfXvzsxZO+iJ3JAAAAAACn9lPH/eAs7Ez+xuLx3cXjd5L89uJnb0ryzSRfSvKRdXyY0a84 6OvS1zd6o74ufV36uvR16evS16Wvyxq0T1+Xvi59Xfq6Ru+7iz/6oD/A9/I3k3wnB18m/+0j P3skyQdycAzGY0f/4vzatUvz3d3bH3766c8t/4FN0zRN0zRN0zRN0zRN0zRHnMvvQ+dXrjyX 0/tzd3gce2byWfDOJC8k+WOLx39I8uN3+L0XkrzjuBdpHXOx/IdZF1dUuvR12RXSp69LX5e+ Ln1d+rr0denrsgbt09elr0tfl76u0fvu4kx/mfzBJDdz8EXyxRwc+nz4Az+c5H1JfjPJo8e9 iDOTAQAAAABO7akH/QHu5uEkV5P81uJxdfHcM0nmOTj+4naSD93tRexMPhl9Xfr6Rm/U16Wv S1+Xvi59Xfq69HVZg/bp69LXpa9LX9fofQtvOOFzY7EzGQAAAADgntzpSItjj7l4aIUf5Fwa /YqDvi59faM36uvS16WvS1+Xvi59Xfq6rEH79HXp69LXpa9r9L5DLh95jGs2m12cpmlne3v7 VvLK/3TTNE3TNE3TNE3TNE3TNM3R5mw2e36app39/f1nc3r3tDN5GM5MPhl9Xfr6Rm/U16Wv S1+Xvi59Xfq69HVZg/bp69LXpa9LX9fofQt3Orli/NMsnJkMAAAAAHBPfvSYxx2N/y3zPRr9 ioO+Ln19ozfq69LXpa9LX5e+Ln1d+rqsQfv0denr0telr2v0voXfXTz+uyQ/eOjPY7MzGQAA AADgnv2RJD+R5KkkfzLJheN+8dzvTF7egG9ra+tycvoDrG/u7d1ovM49HJh9fZ3vp0/fWe6b pmlnvrt7dZ3vt3zo06dPnz59+vTp28y+ZPx1tj59+vTpG6uvfAO+rSSXktxK8kKS/5zkTxVe 92yzMxkAAAAA4J78ifzhnchvPu6Xz/3O5LbRz0LR16Wvb/RGfV36uvR16evS16WvS1+XNWif vi59Xfq69HWN3rfwX5K8IckbDz2+8wA+x3rZmQwAAAAAcE+eSfL2Q3P533dkZ/IRo19x0Nel r2/0Rn1d+rr0denr0telr0tflzVon74ufV36uvR1jd53yBcOzS/c7RfPveUN+La3t28l6zsQ 2zRN0zRN0zRN0zRN0zRNc92zfAO+Z47Mo/89ptYxF6NfcdDXpa9v9EZ9Xfq69HXp69LXpa9L X5c1aJ++Ln1d+rr0dY3et/CDi/l9h5574wP4HOvlzGQAAAAAgHvyw8c87siZyUeMfsVBX5e+ vtEb9XXp69LXpa9LX5e+Ln1d1qB9+rr0denr0tc1et/C7x96vP3QHJudyQAAAAAA9+WxHJyV /EiS/+m4Xzr3O5OXN+Db2tq6nJz+AOube3s3Gq9zDwdmX1/n++nTd5b7pmname/uXl3n+y0f +vTp06dPnz59+jazLxl/na1Pnz59+sbqK9+A7w1JLiX5k0n+U5I/m+Rrhdc92+xMBgAAAAC4 J5eSvP7Qn1+X5MJxv3xWdib//SQvJ/nPi/9e+miSryR5McnH1/FBRj8LRV+Xvr7RG/V16evS 16WvS1+Xvi59Xdagffq69HXp69LXNXrfwi8n+a1Df/5WkvkD+Bwn9tYkX0/yRJK3JPn1HNwx 8NEcbKl+Z5KnFr/z+mNew85kAAAAAIAVOgs7k7+xeHx38fidJL+d5F05+Gb880leWMx3r/rD jH7FQV+Xvr7RG/V16evS16WvS1+Xvi59Xdagffq69HXp69LXNXrfefY3k3wnB18m/+3Fc38h yb9M8skkn0oyJflLR//i/Nq1S/Pd3dsffvrpzy3/gU3TNE3TNE3TNE3TNE3TNEecy+9D51eu PJcN9M4c7Dz+Y4vHf0jy40nek+Szh37vM0nef9yLtI65WP7DrIsrKl36uuwK6dPXpa9LX5e+ Ln1d+rr0dVmD9unr0telr0tf1+h959UHk9zMwRfJF5P8YpJnkjyWgzOTn1w8XoozkwEAAAAA NtbDSa7m4K6Bv7X474cXP/tYkheTfDXJJ+72InYmn4y+Ln19ozfq69LXpa9LX5e+Ln1d+rqs Qfv0denr0telr2v0vo1mZzIAAAAAwOo89KA/wGnNZrOL0zTtbG1tXU5e+Qb/fufNvb0bjdc5 6ZzNZtfX+X769J3lvmmadua7u1fX+X7Lhz59+vTp06dPn77N7EvGX2fr06dPn76x+maz2fPT NO3s7+8/G+6PnckAAAAAAKtz7ncmt41+Foq+Ln19ozfq69LXpa9LX5e+Ln1d+rqsQfv0denr 0telr2v0vo1mZzIAAAAAwOrYmXzE6Fcc9HXp6xu9UV+Xvi59Xfq69HXp69LXZQ3ap69LX5e+ Ln1do/dtNDuTAQAAAABW59zvTJ7NZhenadrZ2tq6nIx7l8bR70KpT99yjn63cH369OnTp0+f Pn1nqy8Zf52tT58+ffrG6pvNZs9P07Szv7//bLg/diYDAAAAAKzOud+Z3Db6WSj6uvT1jd6o r0tfl74ufV36uvR16euyBu3T16WvS1+Xvq7R+zaanckAAAAAAKtjZ/IRo19x0Nelr2/0Rn1d +rr0denr0telr0tflzVon74ufV36uvR1jd63kZY34Nve3r6VrO9AbNM0TdM0TdM0TdM0TdM0 zXVPN+AraB1zMfoVB31d+vpGb9TXpa9LX5e+Ln1d+rr0dVmD9unr0telr0tf1+h9G82ZyQAA AAAAq+PM5CNGv+Kgr0tf3+iN+rr0denr0telr0tfl74ua9A+fV36uvR16esavW+j2ZkMAAAA ALA6535n8vIGfFtbW5eT0x9gfXNv70bjde7hwOzr63w/ffrOct80TTvz3d2r63y/5UOfPn36 9OnTp0/fZvYl46+z9enTp0/fWH1uwFdgZzIAAAAAwOqchZ3JP51kfuTx1OJn3z703KfX8WFG PwtFX5e+vtEb9XXp69LXpa9LX5e+Ln1d1qB9+rr0denr0tc1et8I3pTk3x/684sn/Yt2JgMA AAAArM5Z2Jl82M8m2T/05zcl+WaSLyX5yDo+wOhXHPR16esbvVFfl74ufV36uvR16evS12UN 2qevS1+Xvi59XaP3nXcPJ/likjceef6RJB9I8nKSx47+pfm1a5fmu7u3P/z0059b/gObpmma pmmapmmapmmapmmOOJffh86vXHkuG+zZvHpX8lEvJHnHcT9sHXOx/IdZF1dUuvR12RXSp69L X5e+Ln1d+rr0denrsgbt09elr0tfl76u0fvOu3+d5D13eP7hJO9L8ptJHj3uLzszGQAAAABg dc7KmclvS/JDSf7NoeeeSTJP8vtJ/kmSv5rkd1b9QUa/4qCvS1/f6I36uvR16evS16WvS1+X vi5r0D59Xfq69HXp6xq9b6PZmQwAAAAAsDpnZWfyfZvNZhenadrZ2tq6nLzyDf79zpt7ezca r3PSOZvNrq/z/fTpO8t90zTtzHd3r67z/ZYPffr06dOnT58+fZvZl4y/ztanT58+fWP1zWaz 56dp2tnf33823B87kwEAAAAAVufc70xuG/0sFH1d+vpGb9TXpa9LX5e+Ln1d+rr0dVmD9unr 0telr0tf1+h9G83OZAAAAACA1bEz+YjRrzjo69LXN3qjvi59Xfq69HXp69LXpa/LGrRPX5e+ Ln1d+rpG79tIyxvwbW9v30rWdyC2aZqmaZqmaZqmaZqmaZrmuqcb8BW0jrkY/YqDvi59faM3 6uvS16WvS1+Xvi59Xfq6rEH79HXp69LXpa9r9L6N5sxkAAAAAIDVcWbyEaNfcdDXpa9v9EZ9 Xfq69HXp69LXpa9LX5c1aJ++Ln1d+rr0dY3et9HsTAYAAAAAWJ1zvzN5eQO+ra2ty8npD7C+ ubd3o/E693Bg9vV1vp8+fWe5b5qmnfnu7tV1vt/yoU+fPn369OnTp28z+5Lx19n69OnTp2+s PjfgK7AzGQAAAABgdc79zuS20c9C0delr2/0Rn1d+rr0denr0telr0tflzVon74ufV36uvR1 jd630exMBgAAAABYHTuTjxj9ioO+Ln19ozfq69LXpa9LX5e+Ln1d+rqsQfv0denr0telr2v0 vo1mZzIAAAAAwOqc+53Js9ns4jRNO1tbW5eTce/SOPpdKPXpW87R7xauT58+ffr06dOn72z1 JeOvs/Xp06dP31h9s9ns+Wmadvb3958N98fOZAAAAACA1TkLO5N/Osn8yOOpxc8+muQrSV5M 8vF1fJjRz0LR16Wvb/RGfV36uvR16evS16WvS1+XNWifvi59Xfq69HWN3jeCNyX594v/fjTJ 15K8MwdfLn89yeuP+4t2JgMAAAAArM5Z2Jl82M8m2V/897uS/HKSzyd5YTHfveoPMPoVB31d +vpGb9TXpa9LX5e+Ln1d+rr0dVmD9unr0telr0tf1+h9593DSb6Y5I2LP/+FJP8yySeTfCrJ lOQvHf1L82vXLs13d29/+OmnP7f8BzZN0zRN0zRN0zRN0zRN0xxxLr8PnV+58lw22LN5ZVdy krwnyWcP/fkzSd5/3F9uHXOx/IdZF1dUuvR12RXSp69LX5e+Ln1d+rr0denrsgbt09elr0tf l76u0fvOu3+dgy+Qlx7LwZnJTy4eL8WZyQAAAAAAG+1tSf7THZ7/WJIXk3w1ySfu9gJ2Jp+M vi59faM36uvS16WvS1+Xvi59Xfq6rEH79HXp69LXpa9r9L6NZmcyAAAAAMDqPPSgP8BpzWaz i9M07WxtbV1OXvkG/37nzb29G43XOemczWbX1/l++vSd5b5pmnbmu7tX1/l+y4c+ffr06dOn T5++zexLxl9n69OnT5++sfpms9nz0zTt7O/vPxvuj53JAAAAAACrc+53JreNfhaKvi59faM3 6uvS16WvS1+Xvi59Xfq6rEH79HXp69LXpa9r9L6NZmcyAAAAAMDq2Jl8xOhXHPR16esbvVFf l74ufV36uvR16evS12UN2qevS1+Xvi59XaP3baTlDfi2t7dvJes7ENs0TdM0TdM0TdM0TdM0 TXPd0w34ClrHXIx+xUFfl76+0Rv1denr0telr0tfl74ufV3WoH36uvR16evS1zV630ZzZjIA AAAAwOo4M/mI0a846OvS1zd6o74ufV36uvR16evS16Wvyxq0T1+Xvi59Xfq6Ru/baHYmAwAA AACszrnfmby8Ad/W1tbl5PQHWN/c27vReJ17ODD7+jrfT5++s9w3TdPOfHf36jrfb/nQp0+f Pn369OnTt5l9yfjrbH369OnTN1afG/AV2JkMAAAAALA6535nctvoZ6Ho6653boMAACAASURB VNLXN3qjvi59Xfq69HXp69LXpa/LGrRPX5e+Ln1d+rpG79todiYDAAAAAKyOnclHjH7FQV+X vr7RG/V16evS16WvS1+Xvi59Xdagffq69HXp69LXNXrfRlregG97e/tWsr4DsU3TNE3TNE3T NE3TNE3TNNc93YCvoHXMxehXHPR16esbvVFfl74ufV36uvR16evS12UN2qevS1+Xvi59XaP3 bTRnJgMAAAAArM5ZOTP56SSfT/IHSb546PlvJ5kvHp9exwcZ/YqDvi59faM36uvS16WvS1+X vi59Xfq6rEH79HXp69LXpa9r9L7z6rVJvprkZ5O85sjPXjzpi9iZDAAAAACwOmdhZ/KfzsGX yf97kt8/8rM3Jflmki8l+cg6PszoVxz0denrG71RX5e+Ln1d+rr0denr0tdlDdqnr0tfl74u fV2j951Xzyb5+SQvJPlGkp/Lq7/kfiTJB5K8nOSxo395fu3apfnu7u0PP/3055b/wKZpmqZp mqZpmqZpmqZpmiPO5feh8ytXnssGem+SLyd5Iskbkvy7JB+8w++9kOQdx71I65iL5T/Murii 0qWvy66QPn1d+rr0denr0telr0tflzVon74ufV36uvR1jd53Xv1ADm6690SS1+fgy+QPHPr5 w0nel+Q3kzx63Is4MxkAAAAAYHx/OQe7k7+R5J/l4JiLZ5LMk3wnye0kH7rbC9iZfDL6uvT1 jd6or0tfl74ufV36uvR16euyBu3T16WvS1+Xvq7R+zaanckAAAAAAKvz0Pf+lbNtNptdnKZp Z2tr63Lyyjf49ztv7u3daLzOSedsNru+zvfTp+8s903TtDPf3b26zvdbPvTp06dPnz59+vRt Zl8y/jpbnz59+vSN1TebzZ6fpmlnf3//2XB/7EwGAAAAAFidc78zuW30s1D0denrG71RX5e+ Ln1d+rr0denr0tdlDdqnr0tfl74ufV2j9200O5MBAAAAAFbHzuQjRr/ioK9LX9/ojfq69HXp 69LXpa9LX5e+LmvQPn1d+rr0denrGr1vIy1vwLe9vX0rWd+B2KZpmqZpmqZpmqZpmqZpmuue bsBX0DrmYvQrDvq69PWN3qivS1+Xvi59Xfq69HXp67IG7dPXpa9LX5e+rtH7NpozkwEAAAAA VseZyUeMfsVBX5e+vtEb9XXp69LXpa9LX5e+Ln1d1qB9+rr0denr0tc1et9GszMZAAAAAGB1 zv3O5OUN+La2ti4npz/A+ube3o3G69zDgdnX1/l++vSd5b5pmnbmu7tX1/l+y4c+ffr06dOn T5++zexLxl9n69OnT5++sfrcgK/AzmQAAAAAgNU59zuT20Y/C0Vfl76+0Rv1denr0telr0tf l74ufV3WoH36uvR16evS1zV630azMxkAAAAAYHXsTD5i9CsO+rr09Y3eqK9LX5e+Ln1d+rr0 denrsgbt09elr0tfl76u0fs20vIGfNvb27eS9R2IbZqmaZqmaZqmaZqmaZqmue7pBnwFrWMu Rr/ioK9LX9/ojfq69HXp69LXpa9LX5e+LmvQPn1d+rr0denrGr3vPHs6yeeT/EGSLx56/qNJ vpLkxSQfv9sLODMZAAAAAGBsr03y1SQ/m+Q1h55/NMnXkrwzyVNJvp7k9ce9iJ3JJ6OvS1/f 6I36uvR16evS16WvS1+Xvi5r0D59Xfq69HXp6xq977z6ySS/cIfn35Pks4f+/Jkk7z/uRexM BgAAAABYnYce9AdI8seS/HqSF5J8I8nP5eBzvSnJy0k+meRTSV5aPPcq82vXLs13d28/+fjj b1teLTjNXD5O+zonndM07azz/fTpO8t9i3l7ne/38rVrN/Tp06dPnz59+vRtdN/w62x9+vTp 0zdW3/L70PmVK89lA703yZeTPJHkDUn+XZIPxs5kAAAAAIAz4yzsTH4hye8t/nt+aH4+yaUk Ty4e78qdj8OoWn7Lvy7OeunS1+W8uj59Xfq69HXp69LXpa9LX5c1aJ++Ln1d+rr0dY3ed579 5RzsTv5Gkn+WV77k/liSF3Nwg75P3O0F7EwGAAAAAOB7an2ZPPoVB31d+vpGb9TXpa9LX5e+ Ln1d+rr0dVmD9unr0telr0tf1+h9G83OZAAAAACA1TkLZyafymw2uzhN087W1tbl5JVv8O93 3tzbu9F4nZPO2Wx2fZ3vp0/fWe6bpoO7lq7z/ZYPffr06dOnT58+fZvZl4y/ztanT58+fWP1 zWaz56dp2tnf33823B87kwEAAAAAVufc70xuG/0sFH1d+vpGb9TXpa9LX5e+Ln1d+rr0dVmD 9unr0telr0tf1+h9G83OZAAAAACA1bEz+YjRrzjo69LXN3qjvi59Xfq69HXp69LXpa/LGrRP X5e+Ln1d+rpG79tIyxvwbW9v30rWdyC2aZqmaZqmaZqmaZqmaZrmuqcb8BW0jrkY/YqDvi59 faM36uvS16WvS1+Xvi59Xfq6rEH79HXp69LXpa9r9L6N5sxkAAAAAIDVcWbyEaNfcdDXpa9v 9EZ9Xfq69HXp69LXpa9LX5c1aJ++Ln1d+rr0dY3et9HsTAYAAAAAWJ1zvzN5eQO+ra2ty8np D7C+ubd3o/E693Bg9vV1vp8+fWe5b5qmnfnu7tV1vt/yoU+fPn369OnTp28z+5Lx19n69OnT p2+sPjfgK7AzGQAAAABgdc79zuS20c9C0delr2/0Rn1d+rr0denr0telr0tflzVon74ufV36 uvR1jd630exMBgAAAABYHTuTjxj9ioO+Ln19ozfq69LXpa9LX5e+Ln1d+rqsQfv0denr0tel r2v0vo20vAHf9vb2rWR9B2Kbpmmapmmapmmapmmapmmue7oBX0HrmIvRrzjo69LXN3qjvi59 Xfq69HXp69LXpa/LGrRPX5e+Ln1d+rpG7zvPvp1kvnh8+gTP/yHOTAYAAAAAWJ2zcmbybyS5 sHg8c4LnV2b0Kw76uvT1jd6or0tfl74ufV36uvR16euyBu3T16WvS1+Xvq7R+86zbyX5ZpIv JfnICZ7/Q+xMBgAAAADYDI8k+UCSl5M8doLnkyTza9cuzXd3b3/46ac/t7xacJq5fJz2dU46 p2naWef76dN3lvsW8/Y63+/la9du6NOnT58+ffr06dvovuHX2fr06dOnb6y+5feh8ytXngt5 Ick77uH5JHYmAwAAAACs0lk5MzlJHk7yviRvSfKrJ3h+JZbf8q+Ls1669HU5r65PX5e+Ln1d +rr0denr0tdlDdqnr0tfl74ufV2j951XzySZJ/lOkttJPvQ9nr8jO5MBAAAAAPieWl8mj37F QV+Xvr7RG/V16evS16WvS1+Xvi59Xdagffq69HXp69LXNXrfRprNZhenadrZ3t6+lbzyP900 TdM0TdM0TdM0TdM0TXO0OZvNnp+maWd/f//ZcH/sTD4ZfV36+kZv1Nelr0tfl74ufV36uvR1 WYP26evS16WvS1/X6H0bzZnJAAAAAACr89CD/gBnzehXHPR16esbvVFfl74ufV36uvR16evS 12UN2qevS1+Xvi59XaP3bTQ7kwEAAAAAVsfO5CNGv+Kgr0tf3+iN+rr0denr0telr0tfl74u a9A+fV36uvR16esavW8jzWazi9M07Wxvb99KHvzdFE3TNE3TNE3TNE3TNE3TNFc1Z7PZ89M0 7ezv7z8b7k/rmIvRrzjo69LXN3qjvi59Xfq69HXp69LXpa/LGrRPX5e+Ln1d+rpG79tozkwG AAAAAFgdZyYfMfoVB31d+vpGb9TXpa9LX5e+Ln1d+rr0dVmD9unr0telr0tf1+h9G83OZAAA AACA1Tn3O5OXN+Db2tq6nJz+AOube3s3Gq9zDwdmX1/n++nTd5b7pmname/uXl3n+y0f+vTp 06dPnz59+jazLxl/na1Pnz59+sbqcwO+AjuTAQAAAABW59zvTG4b/SwUfV36+kZv1Nelr0tf l74ufV36uvR1WYP26evS16WvS1/X6H0bzc5kAAAAAIDVsTP5iNGvOOjr0tc3eqO+Ln1d+rr0 denr0telr8satE9fl74ufV36ukbv20jLG/Btb2/fStZ3ILZpmqZpmqZpmqZpmqZpmua6pxvw FbSOuRj9ioO+Ln19ozfq69LXpa9LX5e+Ln1d+rqsQfv0denr0telr2v0vvPs20nmi8enDz3/ 0SRfSfJiko/f7QWcmQwAAAAAML4X7/Dco0m+luSdSZ5K8vUkrz/uBexMPhl9Xfr6Rm/U16Wv S1+Xvi59Xfq69HVZg/bp69LXpa9LX9fofefZt5J8M8mXknxk8dx7knz20O98Jsn7j3sBO5MB AAAAAFbnoQf9ARZel+QNSZ5L8nNJHkvypiQvJ/lkkk8leWnx3KvMr127NN/dvf3k44+/bXm1 4DRz+Tjt65x0TtO0s87306fvLPct5u11vt/L167d0KdPnz59+vTp07fRfcOvs/Xp06dP31h9 y+9D51euPBfyQpJ3xM5kAAAAAIAz46zsTE6Sh5O8L8lbkvxqks8nuZTkycXjXUl+YdUfYvkt /7o466VLX5fz6vr0denr0telr0tfl74ufV3WoH36uvR16evS1zV633n1TJJ5ku8kuZ3kQ4d+ 9rEc3Jzvq0k+cbcXsTMZAAAAAIDvqfVl8uhXHPR16esbvVFfl74ufV36uvR16evS12UN2qev S1+Xvi59XaP3baTZbHZxmqad7e3tW8kr/9NN0zRN0zRN0zRN0zRN0zRHm7PZ7Plpmnb29/ef DffHzuST0delr2/0Rn1d+rr0denr0telr0tflzVon74ufV36uvR1jd630ZyZDAAAAACwOg89 6A9w1ox+xUFfl76+0Rv1denr0telr0tfl74ufV3WoH36uvR16evS1zV630azMxkAAAAAYHXO /c7k5Q34tra2LienP8D65t7ejcbr3MOB2dfX+X769J3lvmmadua7u1fX+X7Lhz59+vTp06dP n77N7EvGX2fr06dPn76x+tyAr8DOZAAAAACA1Tn3O5PbRj8LRV+Xvr7RG/V16evS16WvS1+X vi59Xdagffq69HXp69LXNXrfRrMzGQAAAABgdexMPmL0Kw76uvT1jd6or0tfl74ufV36uvR1 6euyBu3T16WvS1+Xvq7R+zbS8gZ829vbt5L1HYhtmqZpmqZpmqZpmqZpmqa57ukGfAWtYy5G v+Kgr0tf3+iN+rr0denr0telr0tfl74ua9A+fV36uvR16esavW+jOTMZAAAAAGB1nJl8xOhX HPR16esbvVFfl74ufV36uvR16evS12UN2qevS1+Xvi59XaP3bTQ7kwEAAAAAVsfO5CNGv+Kg r0tf3+iN+rr0denr0telr0tfl74ua9A+fV36uvR16esavW8jzWazi9M07Wxvb99KHvzdFE3T NE3TNE3TNE3TNE3TNFc1Z7PZ89M07ezv7z8b7k/rmIvRrzjo69LXN3qjvi59Xfq69HXp69LX pa/LGrRPX5e+Ln1d+rpG7zvvHktyO8k/PfTct5PMF49P3+0vOzMZAAAAAGB1ztKZyf8gyc8f ee43klxYPJ5Zx4cY/YqDvi59faM36uvS16WvS1+Xvi59Xfq6rEH79HXp69LXpa9r9L7z7KeT fDzJ38irdyZ/K8k3k3wpyUfu9gJ2JgMAAAAArM5Z2Jn8liTvTTK7w89el+QNSZ5L8nM5OArj VebXrl2a7+7efvLxx9+2vFpwmrl8nPZ1TjqnadpZ5/vp03eW+xbz9jrf7+Vr127o06dPnz59 +vTp2+i+4dfZ+vTp06dvrL7l96HzK1eeywb6e8l/Oxd5+fhHd/i9F5K847gXsTMZAAAAAGBz HD3mIkkeTvK+JL+Z5NHj/mLry+Tlt/zr4qyXLn1dzqvr09elr0tfl74ufV36uvR1WYP26evS 16WvS1/X6H0jOPxl8jM52KX8nSS3k3zobn/RzmQAAAAAAL4nO5NPRl+Xvr7RG/V16evS16Wv S1+Xvi59Xdagffq69HXp69LXNXrfRprNZhenadrZ3t6+lbzyP900TdM0TdM0TdM0TdM0TXO0 OZvNnp+maWd/f//ZcH/sTD4ZfV36+kZv1Nelr0tfl74ufV36uvR1WYP26evS16WvS1/X6H0b zZnJAAAAAACr89CD/gBnzehXHPR16esbvVFfl74ufV36uvR16evS12UN2qevS1+Xvi59XaP3 bTQ7kwEAAAAAVufc70xe3oBva2vrcnL6A6xv7u3daLzOPRyYfX2d76dP31num6ZpZ767e3Wd 77d86NOnT58+ffr06dvMvmT8dbY+ffr06Rurzw34CuxMBgAAAABYnXO/M7lt9LNQ9HXp6xu9 UV+Xvi59Xfq69HXp69LXZQ3ap69LX5e+Ln1do/dtNDuTAQAAAABWx87kI0a/4qCvS1/f6I36 uvR16evS16WvS1+Xvi5r0D59Xfq69HXp6xq9byMtb8C3vb19K1nfgdimaZqmaZqmaZqmaZqm aZrrnm7AV9A65mL0Kw76uvT1jd6or0tfl74ufV36uvR16euyBu3T16WvS1+Xvq7R+zaaM5MB AAAAAFbHmclHjH7FQV+Xvr7RG/V16evS16WvS1+Xvi59Xdagffq69HXp69LXNXrfRrMzGQAA AABgdc79zuTlDfi2trYuJ6c/wPrm3t6Nxuvcw4HZ19f5fvr0neW+aZp25ru7V9f5fsuHPn36 9OnTp0+fvs3sS8ZfZ+vTp0+fvrH63ICvwM5kAAAAAIDVOfc7k9tGPwtFX5e+vtEb9XXp69LX pa9LX5e+Ln1d1qB9+rr0denr0tc1et9591iS20n+6aHnPprkK0leTPLxu/1lO5MBAAAAAFbn LO1M/gdJfv7Qnx9N8k+SfCTJn0/yj5O8ftUfYvQrDvq69PWN3qivS1+Xvi59Xfq69HXp67IG 7dPXpa9LX5e+rtH7zrOfzsHO47+RV3YmvyfJZw/9zmeSvP+4F7AzGQAAAABgdc7CzuS3JHlv ktmR59+U5OUkn0zyqSQvLZ57lfm1a5fmu7u3n3z88bctrxacZi4fp32dk85pOrg78rreT5++ s9y3mLfX+X4vX7t2Q58+ffr06dOnT99G9w2/ztanT58+fWP1Lb8PnV+58lw20N9LMj/y+Eex MxkAAAAAgGMcPubisSRfS/Lk4vFS7nJmcuvL5OW3/OvirJcufV3Oq+vT16WvS1+Xvi59Xfq6 9HVZg/bp69LXpa9LX9fofSM4/GVyknwsyYtJvprkE3f7i3YmAwAAAADwPdmZfDL6uvT1jd6o r0tfl74ufV36uvR16euyBu3T16WvS1+Xvq7R+zbSbDa7OE3Tzvb29q3klf/ppmmapmmapmma pmmapmmao83ZbPb8NE07+/v7z4b7Y2fyyejr0tc3eqO+Ln1d+rr0denr0telr8satE9fl74u fV36ukbv22jOTAYAAAAAWJ2HHvQHOGtGv+Kgr0tf3+iN+rr0denr0telr0tfl74ua9A+fV36 uvR16esavW+j2ZkMAAAAALA6535n8vIGfFtbW5eT0x9gfXNv70bjde7hwOzr63w/ffrOct80 TTvz3d2r63y/5UOfPn369OnTp0/fZvYl46+z9enTp0/fWH1uwFdgZzIAAAAAwOqc+53JbaOf haKvS1/f6I36uvR16evS16WvS1+Xvi5r0D59Xfq69HXp6xq9b6PZmQwAAAAAsDp2Jh8x+hUH fV36+kZv1Nelr0tfl74ufV36uvR1WYP26evS16WvS1/X6H0baXkDvu3t7VvJ+g7ENk3TNE3T NE3TNE3TNE3TXPd0A76C1jEXo19x0Nelr2/0Rn1d+rr0denr0telr0tflzVon74ufV36uvR1 jd630ZyZDAAAAACwOs5MPmL0Kw76uvT1jd6or0tfl74ufV36uvR16euyBu3T16WvS1+Xvq7R +zaanckAAAAAAKtz7ncmL2/At7W1dTk5/QHWN/f2bjRe5x4OzL6+zvfTp+8s903TtDPf3b26 zvdbPvTp06dPnz59+vRtZl8y/jpbnz59+vSN1ecGfAV2JgMAAAAArM5Z2Jl8IcnfSvIbSX4t yccP/ezbSeaLx6fX8WFGPwtFX5e+vtEb9XXp69LXpa9LX5e+Ln1d1qB9+rr0denr0tc1et95 9XiSf5jkzUkuJfmtJK9Z/OzFk76InckAAAAAAKtzFnYm/3qSv5vkpRx8nt/NwU7kJHlTkm8m +VKSj6zjw4x+xUFfl76+0Rv1denr0telr0tfl74ufV3WoH36uvR16evS1zV633l2MQdfIP9B kk8c+dkjST6Q5OUkjx39i/Nr1y7Nd3dvf/jppz+3/Ac2TdM0TdM0TdM0TdM0TdMccS6/D51f ufJcNtiFJD+W5FeSvPUOP38hyTuO+8utYy6W/zDr4opKl74uu0L69HXp69LXpa9LX5e+Ln1d 1qB9+rr0denr0tc1et959aEkfz0Hu45/NAc34bt06OcPJ3lfkt9M8uhxL+LMZAAAAACA1TkL Zyb/myRPJflykhtJriX55STPJJkn+f0k/yTJX03yO6v+MKNfcdDXpa9v9EZ9Xfq69HXp69LX pa9LX5c1aJ++Ln1d+rr0dY3et9HsTAYAAAAAWJ2zsDP5TBn9ioO+Ln19ozfq69LXpa9LX5e+ Ln1d+rqsQfv0denr0telr2v0vo00m80uTtO0s729fSt55X+6aZqmaZqmaZqmaZqmaZrmaHM2 mz0/TdPO/v7+s+H+tI65GP2Kg74ufX2jN+rr0telr0tfl74ufV36uqxB+/R16evS16Wva/S+ jebMZAAAAACA1XFm8hGjX3HQ16Wvb/RGfV36uvR16evS16WvS1+XNWifvi59Xfq69HWN3rfR 7EwGAAAAAFidc78zeXkDvq2trcvJ6Q+wvrm3d6PxOvdwYPb1db6fPn1nuW+app357u7Vdb7f 8qFPnz59+vTp06dvM/uS8dfZ+vTp06dvrD434CuwMxkAAAAAYHXO/c7kttHPQtHXpa9v9EZ9 Xfq69HXp69LXpa9LX5c1aJ++Ln1d+rr0dY3et9HsTAYAAAAAWB07k48Y/YqDvi59faM36uvS 16WvS1+Xvi59Xfq6rEH79HXp69LXpa9r9L6NtLwB3/b29q1kfQdim6ZpmqZpmqZpmqZpmqZp rnu6AV9B65iL0a846OvS1zd6o74ufV36uvR16evS16Wvyxq0T1+Xvi59Xfq6Ru/baM5MBgAA AABYHWcmHzH6FQd9Xfr6Rm/U16WvS1+Xvi59Xfq69HVZg/bp69LXpa9LX9fofRvNzmQAAAAA gNU59zuTlzfg29raupyc/gDrm3t7Nxqvcw8HZl9f5/vp03eW+6Zp2pnv7l5d5/stH/r06dOn T58+ffo2sy8Zf52tT58+ffrG6nMDvgI7kwEAAAAAVucs7Ey+kORvJfmNJL+W5OOHfvbRJF9J 8uKR51dm9LNQ9HXp6xu9UV+Xvi59Xfq69HXp69LXZQ3ap69LX5e+Ln1do/edV48n+YdJ3pzk UpLfSvKaJI8m+VqSdyZ5KsnXk7z+uBexMxkAAAAAYHXOws7kX0/yd5O8lIPP87tJ5kneleSX k3w+yQuL+e5Vf5jRrzjo69LXN3qjvi59Xfq69HXp69LXpa/LGrRPX5e+Ln1d+rpG7zvPLubg C+Q/SPKJxXN/Icm/TPLJJJ9KMiX5S0f/4vzatUvz3d3bH3766c8t/4FN0zRN0zRN0zRN0zRN 0zRHnMvvQ+dXrjyXDXYhyY8l+ZUkb03yniSfPfTzzyR5/3F/uXXMxfIfZl1cUenS12VXSJ++ Ln1d+rr0denr0telr8satE9fl74ufV36ukbvO68+lOSvJ3ksyY/m4CZ8lxZ//lqSJxePl+LM ZAAAAACAjfX9Sf63JP8lB+cn/8+HfvaxJC8m+WpeOf7ijuxMPhl9Xfr6Rm/U16WvS1+Xvi59 Xfq69HVZg/bp69LXpa9LX9fofRvNzmQAAAAAgNV56EF/gNOazWYXp2na2draupy88g3+/c6b e3s3Gq9z0jmbza6v8/306TvLfdM07cx3d6+u8/2WD3369OnTp0+fPn2b2ZeMv87Wp0+fPn1j 9c1ms+enadrZ399/NtwfO5MBAAAAAFbn3O9Mbhv9LBR9Xfr6Rm/U16WvS1+Xvi59Xfq69HVZ g/bp69LXpa9LX9fofRvNzmQAAAAAgNWxM/mI0a846OvS1zd6o74ufV36uvR16evS16Wvyxq0 T1+Xvi59Xfq6Ru/baHYmAwAAAACszrnfmTybzS5O07SztbV1ORn3Lo2j34VSn77lHP1u4fr0 6dOnT58+ffrOVl8y/jpbnz59+vSN1TebzZ6fpmlnf3//2XB/7EwGAAAAAFidc78zuW30s1D0 denrG71RX5e+Ln1d+rr0denr0tdlDdqnr0tfl74ufV2j9200O5MBAAAAAFbHzuQjRr/ioK9L X9/ojfq69HXp69LXpa9LX5e+LmvQPn1d+rr0denrGr1vIy1vwLe9vX0rWd+B2KZpmqZpmqZp mqZpmqZpmuuebsBX0DrmYvQrDvq69PWN3qivS1+Xvi59Xfq69HXp67IG7dPXpa9LX5e+rtH7 NpozkwEAAAAAVseZyUeMfsVBX5e+vtEb9XXp69LXpa9LX5e+Ln1d1qB9+rr0denr0tc1et9G szMZAAAAAGB1zv3O5OUN+La2ti4npz/A+ube3o3G69zDgdnX1/l++vSd5b5pmnbmu7tX1/l+ y4c+ffr06dOnT5++zexLxl9n69OnT5++sfrcgK/AzmQAAAAAgNU5CzuTH07yvyR5KcmXk/y1 Qz/7dpL54vHpdXyY0c9C0delr2/0Rn1d+rr0denr0telr0tflzVon74ufV36uvR1jd53Xj2Z 5O8neXOSp5P81ySPLn724klfxM5kAAAAAIDN8X1Jfj3JI4s/fyvJ2Vyl4AAAIABJREFUN5N8 KclH7vYXW18mj37FQV+Xvr7RG/V16evS16WvS1+Xvi59Xdagffq69HXp69LXNXrfeXchybUk Hzvy/CNJPpDk5SSPHf1L82vXLs13d29/+OmnP7f8BzZN0zRN0zRN0zRN0zRN0xxxLr8PnV+5 8lw21MNJrib5mbv8zgtJ3nHcD+1MPhl9Xfr6Rm/U16WvS1+Xvi59Xfq69HVZg/bp69LXpa9L X9fofefVa5P8n0k+cczPH07yviS/mVfOUv5DnJkMAAAAADC29yaZH3n8ySTPLP77O0luJ/nQ 3V7EzuST0delr2/0Rn1d+rr0denr0telr0tflzVon74ufV36uvR1jd630exMBgAAAABYnYce 9Ac4rdlsdnGapp2tra3LySvf4N/vvLm3d6PxOieds9ns+jrfT5++s9w3TdPOfHf36jrfb/nQ p0+fPn369OnTt5l9yfjrbH369OnTN1bfbDZ7fpqmnf39/WfD/bEzGQAAAABgdc79zuS20c9C 0ff/t3f/wXHf9Z3HXyupdmzskMROyA9HTlrr2gYwCblQlzq1K9GEtDkyoZ00jY0aeiCCkxto jvT6B3fQTDvDMb3J3XCAIlM7nPXd6XToHS0ZwKF1YzcUKGnj9KgdSgjgOD8c/wwmie1I+vaP 7268WmtXq9Xr+93vfr7Px8zOG62l/e4TfSJ9vd+vv+tFn1/ojfR50edFnxd9XvR50edFnxf7 oH70edHnRZ8XfV6h9xUaZyYDAAAAAAAAQHo4M7lO6Ecc6POizy/0Rvq86POiz4s+L/q86POi z4t9UD/6vOjzos+LPq/Q+wqp+gZ8Q0NDe6TsLojNZDKZTCaTyWQymUwmk8lkMplZT96Az8B1 mYvQjzjQ50WfX+iN9HnR50WfF31e9HnR50WfF/ugfvR50edFnxd9XqH3FRrXTAYAAAAAAACA 9HDN5DqhH3Ggz4s+v9Ab6fOiz4s+L/q86POiz4s+L/ZB/ejzos+LPi/6vELvKzTOTAYAAAAA AACA9HT9mcnVN+AbGBhYK83/Ata7t27d5XicOVwwe1uW26OPvjz3RVE0Eo+OjmW5veqNPvro o48++uijj75i9knh72fTRx999NEXVh9vwGfAmckAAAAAAAAAkJ6uPzPZLfRrodDnRZ9f6I30 edHnRZ8XfV70edHnRZ8X+6B+9HnR50WfF31eofcVGmcmAwAAAAAAAEB6ODO5TuhHHOjzos8v 9Eb6vOjzos+LPi/6vOjzos+LfVA/+rzo86LPiz6v0PsKjTOTAQAAAAAAACA9XX9mcrlcXh5F 0cjAwMBaKdx3aQz9XSjpo686Q3+3cProo48++uijjz768tUnhb+fTR999NFHX1h95XL57iiK RsbHx28W2sOZyQAAAAAAAACQnjycmdwr6Y8lHZK0T9J7a/7sFklPS9ov6bYsnkzo10Khz4s+ v9Ab6fOiz4s+L/q86POiz4s+L/ZB/ejzos+LPi/6vELv61ZXSvqYpPMlrZF0QtKSyu2ApLdK ukrSQUnnNHoQzkwGAAAAAAAAgOI4S9KzkvokrZP0tZo/2y7pukZf6HoxOfQjDvR50ecXeiN9 XvR50edFnxd9XvR50efFPqgffV70edHnRZ9X6H3driRps6RbKx+/W9KfSfqIpHskRZJ+u/6L 4s2bV8ejo3vftWbNI9VvMJPJZDKZTCaTyWQymUwmk8lkhjirr4fG999/pwqqV9KYpN+tuY8z k1NAnxd9fqE30udFnxd9XvR50edFnxd9XuyD+tHnRZ8XfV70eYXe160WSvpzSRvr7l+q5JrJ V1Zuh8Q1kwEAAAAAAACgsNZLiutub6r82a2S9kt6Rme+2DwNZya3hj4v+vxCb6TPiz4v+rzo 86LPiz4v+rzYB/Wjz4s+L/q86PMKva/QODMZAAAAAAAAANLT0+knMF/lcnl5FEUjAwMDa6XT r+C3O3dv3brL8TitznK5vC3L7dFHX577oigaiUdHx7LcXvVGH3300UcfffTRR18x+6Tw97Pp o48++ugLq69cLt8dRdHI+Pj4zUJ7ODMZAAAAAAAAANLT9Wcmu4V+LRT6vOjzC72RPi/6vOjz os+LPi/6vOjzYh/Ujz4v+rzo86LPK/S+QuPMZAAAAAAAAABID2cm1wn9iAN9XvT5hd5Inxd9 XvR50edFnxd9XvR5sQ/qR58XfV70edHnFXpfIVXfgG9oaGiPlN0FsZlMJpPJZDKZTCaTyWQy mUwmM+vJG/AZuC5zEfoRB/q86PMLvZE+L/q86POiz4s+L/q86PNiH9SPPi/6vOjzos8r9L5C 45rJAAAAAAAAAJAerplcJ/QjDvR50ecXeiN9XvR50edFnxd9XvR50efFPqgffV70edHnRZ9X 6H2FxpnJAAAAAAAAAJCerj8zufoGfAMDA2ul+V/AevfWrbscjzOHC2Zvy3J79NGX574oikbi 0dGxLLdXvdFHH3300UcfffTRV8w+Kfz9bProo48++sLq4w34DDgzGQAAAAAAAADS0/VnJruF fi0U+rzo8wu9kT4v+rzo86LPiz4v+rzo82If1I8+L/q86POizyv0vkLjzGQAAAAAAAAASA9n JtcJ/YgDfV70+YXeSJ8XfV70edHnRZ8XfV70ebEP6kefF31e9HnR5xV6XyFV34BvaGhoj5Td BbGZTCaTyWQymUwmk8lkMplMJjPryRvwGbgucxH6EQf6vOjzC72RPi/6vOjzos+LPi/6vOjz Yh/Ujz4v+rzo86LPK/S+QuOayQAAAAAAAACQnrxcM/lRSbGk79TdP1G5P5b0YBZPJPQjDvR5 0ecXeiN9XvR50edFnxd9XvR50efFPqgffV70edHnRZ9X6H3dbpXOfDF5f6tfzJnJAAAAAAAA AJCevJyZ3MgyScclPSnppiw2GPoRB/q86PMLvZE+L/q86POiz4s+L/q86PNiH9SPPi/6vOjz os8r9L5uN9OZyZLUJ+l6SYclLa3/w3jz5tXx6Ojed61Z80j1G8xkMplMJpPJZDKZTCaTyWQy mSHO6uuh8f3336kCa/RictVjkt7c6A9dl7mofmOywhEVL/q8OCvEjz4v+rzo86LPiz4v+rzo 82If1I8+L/q86POizyv0vm7X6MXkXknvkPSCpCWNvphrJgMAAAAAAABAevJyzeQvSvqepDdK iiXdKunGyv8+JelTkn5H0k/SfiKhH3Ggz4s+v9Ab6fOiz4s+L/q86POiz4s+L/ZB/ejzos+L Pi/6vELvKzTOTAYAAAAAAACA9OTlzOS2lcvl5VEUjQwMDKyVTr+C3+7cvXXrLsfjtDrL5fK2 LLdHH3157ouiaCQeHR3LcnvVG3300UcfffTRRx99xeyTwt/Ppo8++uijL6y+crl8dxRFI+Pj 4zcL7eHMZAAAAAAAAABIT9efmewW+rVQ6POizy/0Rvq86POiz4s+L/q86POiz4t9UD/6vOjz os+LPq/Q+wqNM5MBAAAAAAAAID2cmVwn9CMO9HnR5xd6I31e9HnR50WfF31e9HnR58U+qB99 XvR50edFn1fofYVUfQO+oaGhPVJ2F8RmMplMJpPJZDKZTCaTyWQymcysJ2/AZ+C6zEXoRxzo 86LPL/RG+rzo86LPiz4v+rzo86LPi31QP/q86POiz4s+r9D7Co1rJgMAAAAAAABAerhmcp3Q jzjQ50WfX+iN9HnR50WfF31e9HnR50WfF/ugfvR50edFnxd9XqH3FRpnJgMAAAAAAABAerr+ zOTqG/ANDAysleZ/AevdW7fucjzOHC6YvS3L7dFHX577oigaiUdHx7LcXvVGH3300UcfffTR R18x+6Tw97Ppo48++ugLq4834DPgzGQAAAAAAAAASE/Xn5nsFvq1UOjzos8v9Eb6vOjzos+L Pi/6vOjzos+LfVA/+rzo86LPiz6v0PsKjTOTAQAAAAAAACA9nJlcJ/QjDvR50ecXeiN9XvR5 0edFnxd9XvR50efFPqgffV70edHnRZ9X6H2FVH0DvqGhoT1SdhfEZjKZTCaTyWQymUwmk8lk MpnMrCdvwGfgusxF6Ecc6POizy/0Rvq86POiz4s+L/q86POiz4t9UD/6vOjzos+LPq/Q+7rZ o5JiSd+pu/8WSU9L2i/ptmYPwDWTAQAAAAAAAKAYVmn6i8lLJB2Q9FZJV0k6KOmcRl/Mmcmt oc+LPr/QG+nzos+LPi/6vOjzos+LPi/2Qf3o86LPiz4v+rxC7+t29S8mr5P0tZqPt0u6rtEX c2YyAAAAAAAAAKSnp9NPoIllkg5L+oikeyQdqtw3Tbx58+p4dHTvlRdffEX1aMF8ZvU238dp dUZRNJLl9uijL899lbk3y+0d3rx5F3300UcfffTRRx99he4Lfj+bPvroo4++sPqqr4fG999/ pwqMM5MBAAAAAAAAIKfyfGbyP0laLenKyu1qSf+Q9karr/JnhWu9eNHnxfXq/Ojzos+LPi/6 vOjzos+LPi/2Qf3o86LPiz4v+rxC7+tmX5QU19xurdx/q6T9kp6RtLHZA3BmMgAAAAAAAABg Vq4Xk0M/4kCfF31+oTfS50WfF31e9HnR50WfF31e7IP60edFnxd9XvR5hd5XaJyZDAAAAAAA AADpyfM1k1tSLpeXR1E0MjAwsFY6/Qp+u3P31q27HI/T6iyXy9uy3B599OW5L4qSdy3NcnvV G3300UcfffTRRx99xeyTwt/Ppo8++uijL6y+crl8dxRFI+Pj4zcL7eHMZAAAAAAAAABIT9ef mewW+rVQ6POizy/0Rvq86POiz4s+L/q86POiz4t9UD/6vOjzos+LPq/Q+wqNM5MBAAAAAAAA ID2cmVwn9CMO9HnR5xd6I31e9HnR50WfF31e9HnR58U+qB99XvR50edFn1fofYVUfQO+oaGh PVJ2F8RmMplMJpPJZDKZTCaTyWQymcysJ2/AZ+C6zEXoRxzo86LPL/RG+rzo86LPiz4v+rzo 86LPi31QP/q86POiz4s+r9D7Co1rJgMAAAAAAABAerhmcp3QjzjQ50WfX+iN9HnR50WfF31e 9HnR50WfF/ugfvR50edFnxd9XqH3FRpnJgMAAAAAAABAerr+zOTqG/ANDAysleZ/AevdW7fu cjzOHC6YvS3L7dFHX577oigaiUdHx7LcXvVGH3300UcfffTRR18x+6Tw97Ppo48++ugLq483 4DPgzGQAAAAAAAAASE/Xn5nsFvq1UOjzos8v9Eb6vOjzos+LPi/6vOjzos+LfVA/+rzo86LP iz6v0PsKjTOTAQAAAAAAACA9nJlcJ/QjDvR50ecXeiN9XvR50edFnxd9XvR50efFPqgffV70 edHnRZ9X6H2FVH0DvqGhoT1SdhfEZjKZTCaTyWQymUwmk8lkMpnMrCdvwGfgusxF6Ecc6POi zy/0Rvq86POiz4s+L/q86POiz4t9UD/6vOjzos+LPq/Q+0I0ISmu3B5s9olcMxkAAAAAAAAA 0pP3ayY/L6lUud2YxQZDP+JAnxd9fqE30udFnxd9XvR50edFnxd9XuyD+tHnRZ8XfV70eYXe F6JXJB2X9KSkm5p9ImcmAwAAAAAAAECx9Um6XtJhSUvr/zDevHl1PDq6911r1jxSPVown1m9 zfdxWp1RFI1kuT366MtzX2XuzXJ7hzdv3kUfffTRRx999NFHX6H7gt/Ppo8++uijL6y+6uuh 8f333yk09JikNzf6Q85MBgAAAAAAAID05P2ayZLUK+kdki6R9IO0N1Z9lT8rXOvFiz4vrlfn R58XfV70edHnRZ8XfV70ebEP6kefF31e9HnR5xV6X2hulBRLmpS0V9INzT6ZM5MBAAAAAAAA ALNyvZgc+hEH+rzo8wu9kT4v+rzo86LPiz4v+rzo82If1I8+L/q86POizyv0vkIql8vLoyga GRoa2iOd/j+dyWQymUwmk5n9fPr3tOjxewfjo5sUP37vYHz0wzonD8+LyWQymUwmk8kMZZbL 5bujKBoZHx+/WWgPZya3Ji99T/+eFh3dpLj2dvw/6fz5bi8vfWkJvU8Kv5E+L/q86PMqat/z 79Pltb/fj3xQ1zq2l5e+tNDnRZ9X6H1S+I30edHnRZ8XfV6h97Wj1Okn4NLf3z+2b9++3P8f jsTBEV2kl/Rs7X29r9O1543pkU49JwAAMH+H/qPeFp/Qt6of97xO7182ps918jkBAAAA8Ojp 9BPIm9CPOOSm72VddMZ9E7pivtvLTV9KQu+Twm+kz4s+L/q8CtsX6+xpH8a60LG93PSlhD4v +rxC75PCb6TPiz4v+rzo8wq9rx2cmYyOOHCbrp96UV+tve+nluuTyz+v/9Kp5wQAAObv0Hv0 7nhKf1H9uLRQn16+RXd18jkBAAAA8ODM5DqhH3HIS9/UqelnLVVcMN/t5aUvLaH3SeE30udF nxd9XoXt653+O74U6w2O7eWmLyX0edHnFXqfFH4jfV70edHnRZ9X6H3t6PoXk8vl8vIoikYG BgbWSoZ3Q1y69FHH47Q6qzJ7t8ec9D1xzQd/XZKeXTWomrkslL7Qv39pztIdd4xkub0NGzaM 0UcfffTRZ+yLdfb+/uT3+/7+QWlKFwbVF/r3jz76Ctgnhb+fTR999NFHX1h95XL57iiKRsbH x28W2tPf3285UhD6EYe89D3/G/rQc7+uuPZ2aKP+uvbd349+WOfMdXt56UtL6H1S+I30edHn RZ9XUfsOvUcfPbhBcfV26Hf0Pcf28tKXFvq86PMKvU8Kv5E+L/q86POizyv0vnZwzWR0xHO3 6L/qJd1be1/PEv3dgmW6tuauq879jHZn/NQAAMA8HB7WJ6cmdU/141Kvjvcu0dLaz+k5qWWv /1Mdyf7ZAQAAAJiPrr/MhVvoRxxy0zc5/S+Vlfv6Jl6UqrfeSV061+3lpi8lofdJ4TfS50Wf F31eRe2bKk3/HR9Pnfk7P+7TVXPdXl760kKfF31eofdJ4TfS50WfF31e9HmF3tcOzkxGRxz4 TX126hXdUXtf70J9u7RI17z28WJ98LzNGs3+2QEAgHYdfI8iTem2Zp9TWqS7ln9On87qOQEA AADw6Pozk91vwLd769Zdjsdp+ULe5fK2LLeXl77v//xvXiVNfwO+yUktrnvDnhXd2hf69y/N GY+OZvqGK9UbffTRRx99nr6S6t6Ab4b53YHhG7q1L/TvX5p9f7Hlvt8/uknx4/cOxtV5+AO6 IpS+0L9/IfdJ4e9n00cfffTRF1ZfJ9+AjzOT0RHP/4a+GJ/QTdPu7NW+vqXqr37Ys1APLNui 92b+5AAAQNsOD2vn1KR+udnn9CzU2LIt+kBWzwn5cGST/kNJ+qu6u//w3M/o4514PgAAAJi7 rj8z2S30a6HkpW+m6ydqSsvrPueSuW4vL31p6ba+w3fqjUc3KX7tdpfWz/Y13dY4V/R55aHv jHW+SfGRO/UJx/by0Jcm+rzy0jc1pbNn+9p4ShfMdXt56UtLEfpK0tX195ek30pje3z/vELv k8JvpM+LPi/6vOjzCr2vHZyZjI448G59c+qkfqHZ5/zU+frW8ge0JqvnBL+jm/RxSR977Y5Y D5/7Wf1Kx54Qut7Ru7ReU/rbaXf26FfO/d96uDPPSDr2AX067tWmOX9hh583kJaDG/V9xfrp Zp9T6tM3ln9eb8/qOSEfjt6hneppfta6JH4+AgAA5BhnJtcJ/YhDXvrieIYzk+s/Z1KluZ7t l5e+tHRh3+3TPipp/Wzf0y5snJO0+45u0sdr//99/N5B21myrZipr/45zevM3cmagxOS9l04 eMZ91u3VmalvUlo/8aJUe4tP6KlZH2xS9832KaGtz3r0eeWmrzT9zOSStH/imFR7i2NN8Tt+ uiL0xdKKln5e1v1cbwffP6/Q+6TwG+nzos+LPi/6vELva0fXn5lcLpeXx3H87i1btnz4Cz/7 Nz+/78JB9T+/Q8x8z+8vuf7wJf+yfdmzqwZ18ZM7NNO89MCOrz93xeAv5eH5MtubP3rDr758 yb9+bfH+/kGt2LdDT69656HLD351eaefF5PpnD+84LrjK7730NLqOm95rrru2GUHHzqn08+f yXTPS/51x6mnLx1c8Np6/8GOnT88e3DdRXt26LkrBnXRnh16Zt1Ne/7d0b+8Io3tX3pgx3// ytujpzZs2DAWRdHIhg0bxr7+J8NfuuKp/3NjHv7/KfJs+eflz15/5LLnt5/X6efLZLY7+TnE ZDLbmXsu37D9l+6J3ln9uRFF0civfX3DxfsuHPxYHp4fM1/zK2vL/zmO45/EcXxw48aN/y/L 12K7/sXkqv7+/rHHb9z3/vk+zuIVG/Xy/nHHU2pJdRFkJS99J/brkCanXyO5XmmBvt27WNfU 3tezUOo5q/HX5KUvLd3WN/mSFE80/5z672m3Nc5V2n1TJ6WpE6c/3t8/qP4DO5r+d+M0U1/9 c5Jm/2+5kVb6nNurN1Pf5HE98eoR/dwZ21tU99xPTH9evUt0rNSnc5o9z9DWZz36vPLSN/mi FNd8PPETfXnysH6t9nNKS/XNBedNv5QVv+PD7zu+d7yln5elPqn3dfPbHt8/r9D7pPAb6fOi z4s+L/q88tp37mc695pu3l9MvkXS/1DyPH9fUrnRJ/b394/947XzfzEZ2Zh4UScVa2HTT+rV C31L5/4GPciP+JQennz59JvuzfQXRoSvfh1IUu8i7Swt1DrHY9Wvq/oXbWf6HKepl7R76lVd OdevK/VJvUvSeEZAvpx8QTv1yvT/3nsW6rnSWbqo9r52fy7Um+lF6ZkOMiF7rf687DlLT/Wc 1fy62wAAhKZ3oZ4q1f3+i1898+8/gCSdH51+TXd4ePhLfX19H9qyZcvsl1s06MtiI21aIulT km5QcoLLQ5K+LOlYoy+YaPgnrTv7LRv148ezO+JQvaxDVnLU1/yFZEma1AVz/Z7mqC8VXdi3 vvaDqZPJrZkubJyTIvbFp6SpV3TGfaUFbW1ife0H1b7Z1lUra68VDfqO1ff1LNLO0oLpL4rF p/Tw1Cs1B1cWaWc80fyFszx8/9JEn1du+07oZ+rvmjqli3rrXvCdfEXr9Er9Z57Wal/vIu2c Onnmf39z/YsY3z+vs9+yUS9+e7yln5dTJ/TT833xn++fV+h9UviN9HnR50VfYkIzHkhdP9ft 5bXPhb4Z3TgxMTE0PDz8yZ6enk888MADqZ5Gkeczk9dJ+qikX618vF3JWcoPzfTJ/f39Y3/f z5nJAAAARTbTi5MzmTohxYaDTAAAAEDWVjwy7czk164yF8fxU5I+vG3bti+lte08n5m8TNJh SR9R8qL3ocp9kqQVK1as7unpuesNS5ee94srVw49/OSTJ+/re5tOvvCkFl6wqu3Zs2Cxpk69 PO/HaXUe7OnR+VNTmW2PPvry3HfyhSe1+PJf0Ms/+FZm2yutvFrxj/6RPvroo4++cPrWnXym xcc90pV9oX//6KMv876FF4S/n00fffTRR19Yfde88aUv/OLKlUM/PHLkXzr0um0urZP0tZqP t0u6rtEn9/f3jzk2Go+OWh6nVVEUjWS5Pfq86PMLvZE+L/q86POiz4s+L/q86PNiH9SPPi/6 vOjzos+rG/qGh4fj4eHhl4eHhz9+++23G956vrk8n5n8T5JWS6+9ScfVkv4hg+1em8E2XlMq lf5vltsTfVb0pSL0RvqM6LOjz4g+O/qM6LOjz4h90FTQZ0SfHX1G9Nl1Q9+DWb4BX97dKmm/ pGckbWz2ibYzkzdvXu14nLyir7uF3ieF30hfd6Ovu9HX3ejrbvR1t9D7pPAb6etu9HU3+rpb 6H2FtmLFCr65AAAAAAAAAAAAAAAAyNRuSRd2+kkATbBGkWesT+QZ67NNPZ1+AiiMRyTFdbdH zdt4tPK436m5r1fSH0s6JGmfpPe28Di3SHpaySVWbmvhfoShU2tUkiZqtvlgC4/DGi2eTq7P j0k6LOlI5X/PhvVZPGmvz2a/yxut20ZYn8VzUFLtG9H0Vu5zcq0r1mcxdWqNliR9SNLzkn4k 1ihm1smfoWuUvJfWq5KemMfjsD7D1an12SNpTNKL4ucnkImPSvqjFB9/lab/hfJKJS9+nK/k l9EJSUuafP0SSQckvVXSVUp+EJ3T5H6EJ+s1KiW/OFrFGi22rNfnpUrWUr+kSyQ9K+nyJl/P +iy2tNbnbL/LZ/q5OhPWZzF9XdJAzccrJX1zDl8/21lLrnXF+iyuTq3RiyV9QsnP1tWSjkla 0MbjsEbD1qn1uVDJe2e9T83X5WyPw/oMW6fW5zsl/b2kc5X8PekJSa9v43G6dn1yZjI6bYmm H2V8RNJllf99h5IzkI5J+p9tPv5uSX+o5D/K3UrOrDtR8+efk/RAzcdXS/pnJUdAH6vMtzW5 H+FLe41K0jJJxyU9Kemmuj9jjaKZtNfnjyu3qcrtJ0qOwFexPtGMa33O9ru8EdYnpGQNrpT0 eSXr4TJJ3638WaN1eJ+Sn3UPKjnLqZl21xXrE1WdWqPPSvoDJf/qo0fSS0r+pUcVaxRS59bn v1fyYvLnJJ2a4etYn5A6tz6rqj8zFys5+aEq+PXZ1+knADTwFkmbJF0r6aikSNI7JP11m49X kvQpSXcruaRA1fvqPm+Zkn/O/ZHK1xyq3Heywf0oLucaXaTk5/GQpLKSX4LHK3/GGkU7XOvz RUn/S8k/3ypJukfJC3lVrE+0o9312eh3eSOsT0in/6J5oZIXJFZW7mu0Dl+RNKjkjPfLlBwE aabddcX6RFWn1qgkLVdyoG5CySWEXq35OtYopM6tz9cpOeDxmKSfkfQFJWtyqvJ1rE9InVuf fy7pViWXp/iupMeVnKVcFfz65MVkdFpc93H1yNBqSW+W9MOaP3tI7b1Q1yvps5K+IenPZvnc w0r+4/2TysfbK/edbHA/wpfFGpWSnfjtSo6eXibp/zf4PNbeL+KAAAACf0lEQVQoaqW9Pt+q 5C+XF1U+/oqkXZK+3eDzWZ+o5Vyfc/ld3gjrs5iekHSDkhclTkm6RtLfqvE6/LGSn3MHK7cf zPL4rnXF+iyuTq1R6fRZyQNKztLbqeTFkbk8Dms0bJ1an6eU7IeuVXKSzZclXSfpq3N8HNZn 2Dq1Picl3V65SclBjwNtPA7rE2jRTNdTfEHJdWbepOQ/7suU/BOBXUqu0TkX9ddNXKjkqNHG Fr9+qZIfAldWboeUXLOm0f0IT9ZrtKpXydHSF9T8ut6s0WLLen2+U8llBS5QcvbSo5JubPL1 rM9iS2t9zva7vNVrJrM+i2lAyTp8r6T3KPleX6HG6/DtSs4wOl/JPz89qebXU3StK9ZncXVq jd4g6f2VP1+l5F8hrW7jcVijYevU+ny9khcK+ysff0PS9W08DuszbJ1an1ULJI0oeQ+khW08 DusTaNFMf9H8b0quw/lXSi6Wflnl/g8qOZI0peTspjWzPPYXNf2d5G+VtF5nvsP8m2q+pv5a Nqp83X4l12ja2ML9CEvWa/TGyv+elLRXyY59LdYoamW9PnuVvFPxscptTNOvLcb6RK201ud6 Nf5dPtO6rWJ9Qkp+Zp1Q8s+kVyr5l0DVN3NqtA7vU3Lw40El/1Ko2V80pfbWFesTVZ1ao4sl fUbJPwF/VsnP8FqsUUid/Rm6Qcm/2vyxpD/V9Pf8Yn1C6uz6fELJpYEe05n7saxPAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC7/Bkz0d1lMZta1AAAAAElFTkSuQmCC --------------E4488C64399379F07994A7B3-- From nobody Wed Oct 30 10:31:13 2019 Return-Path: X-Original-To: sidrops@ietf.org Delivered-To: sidrops@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id ECAC312004F; Wed, 30 Oct 2019 10:31:04 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: Cc: sidrops@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.108.0 Auto-Submitted: auto-generated Precedence: bulk Reply-To: sidrops@ietf.org Message-ID: <157245666486.32616.18111052292290498343@ietfa.amsl.com> Date: Wed, 30 Oct 2019 10:31:04 -0700 Archived-At: Subject: [Sidrops] I-D Action: draft-ietf-sidrops-ov-egress-00.txt X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Oct 2019 17:31:05 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the SIDR Operations WG of the IETF. Title : BGP RPKI-Based Origin Validation on Export Authors : Randy Bush Ruediger Volk Jakob Heitz Filename : draft-ietf-sidrops-ov-egress-00.txt Pages : 4 Date : 2019-10-30 Abstract: A BGP speaker may perform RPKI origin validation not only on routes received from BGP neighbors and routes that are redistributed from other routing protocols, but also on routes it sends to BGP neighbors. For egress policy, it is important that the classification uses the effective origin AS of the processed route, which may specifically be altered by the commonly available knobs such as removing private ASs, confederation handling, and other modifications of the origin AS. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-sidrops-ov-egress/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-sidrops-ov-egress-00 https://datatracker.ietf.org/doc/html/draft-ietf-sidrops-ov-egress-00 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Wed Oct 30 10:50:15 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9DC8212001A for ; Wed, 30 Oct 2019 10:50:13 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nist.gov Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ixaCpSi6lVhZ for ; Wed, 30 Oct 2019 10:50:10 -0700 (PDT) Received: from GCC01-DM2-obe.outbound.protection.outlook.com (mail-eopbgr840122.outbound.protection.outlook.com [40.107.84.122]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3B78112000F for ; Wed, 30 Oct 2019 10:50:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=PEsqCumasCj5bhXofvXGYztl0jIu8ARBlf5Zc4Bntn3wto0z/aoEZuLjpnqe0s6OCHLxqMSeUdeYYLYopSjZhaGrforO/k2L31t2QegMvDUCCa/Tj/Nu/z/GFfx9CjerYe9gT1tthRU5Oz88yOkoIPgveHRH37AHsT6RyAxxFlswuIwnLdIdrnk1/bzgFx4eKU5V5PAaaqNvFiIHqRToVHwDvdccncDOL+t8ZmjRd5oN+Ss7TDXtoX7om3NukZ/HuDj/z3EmTne7v1uatQ8gJ7fmLk9oT/phrBf8XBMaCMHWH0Gb1S+HQN9p9oMfOwLAc1h3VM5g+EW8PEtYhnjNew== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=7UhX4f+zJ1ZrpNQ+9WrfsSK0CQYNdndBoG21EVS+f60=; b=W5oo9F/JNR7M/2mK20usKAGJeaxw9CXHKWBKtH3t0vmyj3Cg5R4fkfa1DWyz5Zy9KAFQkjG6ZsTwNGcXypuAohP1/7QejsIMjcC5ga3RHI2nOpfYpvk3ZTrtKLn7Yb07dC+wvpl62WF0h8S9DHe1D8E5aJCSvRSHUVZQRwiHMBfg4qIpdzUnNz0b5aalixdTEuQs+2GxV0crnmQtJeOTAVTKQGKZGEq7UbuCz5MV9lhHPgvp+RFRnTRhMDAdgSsn9FYcHYZi4Xqdpic3BiXr6cqui7ok5USYusr8rMIH/9tU+k+KmdXZ2m4bLLQULYP6B6kuM32ulxbMbjiSbUvnGA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nist.gov; dmarc=pass action=none header.from=nist.gov; dkim=pass header.d=nist.gov; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nist.gov; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=7UhX4f+zJ1ZrpNQ+9WrfsSK0CQYNdndBoG21EVS+f60=; b=zi+Rg/Kyd2RXzoewYKJP5ZWNPyV6Uj8Xe1m2HzAherDBvKmLotDzVyMBmTu82H7MqxMhu7MoKsEmtfI5ErWTNNsDATyJCdujbKcBH5GAhYgFJsww1eY/XUIumHob2fu3hNYOfGaSAN51iJ9d7YdcJVJJB8d5RazLIfZS6Eh1tr4= Received: from SN6PR09MB3024.namprd09.prod.outlook.com (20.177.251.157) by SN6PR09MB2893.namprd09.prod.outlook.com (52.135.90.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2387.22; Wed, 30 Oct 2019 17:50:07 +0000 Received: from SN6PR09MB3024.namprd09.prod.outlook.com ([fe80::b079:51b9:8bfa:2acd]) by SN6PR09MB3024.namprd09.prod.outlook.com ([fe80::b079:51b9:8bfa:2acd%6]) with mapi id 15.20.2387.028; Wed, 30 Oct 2019 17:50:07 +0000 From: "Borchert, Oliver (Fed)" To: Randy Bush , Christopher Morrow CC: SIDR Operations WG , Daniel Kopp , Job Snijders , "Borchert, Oliver (Fed)" Thread-Topic: [Sidrops] WGLC - draft-ietf-sidrops-validating-bgp-speaker - ENDS 09/07/2018 - Sept 7th 2018 Thread-Index: AQHUOifAhl7zE1LMVU2nqG1i5PteIKTL8neAgAMH8gCAEWE+gIAA7XyAgAAYbQCAAfNCgIAABTQAgAGYyoCCjf5JgIAAEWcAgALbDwA= Date: Wed, 30 Oct 2019 17:50:07 +0000 Message-ID: References: <20180822161549.GA1021@hanna.meerval.net> <42CA116C-4F74-4D31-A58E-3D7528FC529F@de-cix.net> <20180905073454.GU3097@hanna.meerval.net> <16AB499B-D859-48D2-9C36-AAF4C6F29B1C@de-cix.net> <20180906134026.GC3097@hanna.meerval.net> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/10.1e.0.191013 authentication-results: spf=none (sender IP is ) smtp.mailfrom=oliver.borchert@nist.gov; x-originating-ip: [2610:20:6222:140:a4f5:713d:1ea1:f9a2] x-ms-publictraffictype: Email x-ms-office365-filtering-ht: Tenant x-ms-office365-filtering-correlation-id: 5835e85c-486a-41e8-b19e-08d75d619a48 x-ms-traffictypediagnostic: SN6PR09MB2893:|SN6PR09MB2893: x-ms-exchange-purlcount: 1 x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-forefront-prvs: 02065A9E77 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(396003)(376002)(39860400002)(366004)(136003)(346002)(199004)(189003)(76176011)(66556008)(64756008)(186003)(6512007)(66476007)(478600001)(6506007)(66946007)(316002)(86362001)(107886003)(58126008)(66446008)(102836004)(76116006)(45080400002)(4326008)(14454004)(91956017)(6116002)(2906002)(14444005)(7736002)(486006)(5660300002)(6246003)(36756003)(6306002)(6436002)(46003)(8936002)(229853002)(81166006)(33656002)(8676002)(81156014)(2616005)(110136005)(446003)(11346002)(54906003)(256004)(99286004)(71200400001)(476003)(71190400001)(305945005)(25786009)(6486002)(966005); DIR:OUT; SFP:1102; SCL:1; SRVR:SN6PR09MB2893; H:SN6PR09MB3024.namprd09.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: E+Li9tPhkq+dC4G9n8YkgzvPu/08HKo+XMeRWOhpiYPTuRSS21QTRbsJTDMrVBWoCCjklEoBCKoK1gXe5+JrzkiKKpc9VKl5WoUmWqJMxt7GTUDd1P/Y3tjBnhialSQxADjXxv1C1RLOMLtWo1+whuV0MzBpgVc4D5GceeIngCsqjREktSbgWxhCLS4HR5FEQAvIMiQgH6DF/hyNYeedGxJi3YLGaUb0olfYYwNF6Q8kHv8bEqyoGXacuVyRprRnNAuHDZcegpSeWLbCXNfqVD1/a8ncv9Wls8W2hxaL8haMbp6vUB0qmF9h6OMXjLpZ18ZbR4t8D3Sk39D8Shvidn9GUoN6fusaCUFK3nm+zf0a/4LFt06hqpq3NJ4U6dRzNCsGP3wFkSUtlsEdxYK27fLiPAhGMQTro40meDj2UNP3ZQZHwa5uuRdv3RTzhC3usjnxPkpl9WvRs2XWHF6DxxualyHTcrM/8PWLaJw01os= Content-Type: text/plain; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-OriginatorOrg: nist.gov X-MS-Exchange-CrossTenant-Network-Message-Id: 5835e85c-486a-41e8-b19e-08d75d619a48 X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Oct 2019 17:50:07.5142 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: WtC4ccL7oqLjLotif5qaFI3uR40/vH4fw8N5AhlPp8o8sn2+YWkl1W+23C+4ipgJ7C04BE2FVBG3iAJuJIxBHQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR09MB2893 Archived-At: Subject: Re: [Sidrops] WGLC - draft-ietf-sidrops-validating-bgp-speaker - ENDS 09/07/2018 - Sept 7th 2018 X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Oct 2019 17:50:14 -0000 DQpSYW5keSBtYWtlcyBhIGdvb2QgcG9pbnQgYnkgcHJvcG9zaW5nIHRvIG1lcmdlIG11bHRpcGxl IGVmZm9ydHMgaW50byBvbmUgc2luZ2xlIGFwcHJvYWNoLiBUaGlzIHdpbGwgZWxpbWluYXRlIGFu eSBwb3NzaWJsZSBjb25mdXNpb24gZ29pbmcgZm9yd2FyZC4gRHVyaW5nIHRoZSBhZG9wdGlvbiBj YWxsIGZvciBzaWduYWxpbmcgQkdQc2VjIHBhdGggdmFsaWRhdGlvbiwgYSB2YWxpZCBwb2ludCB3 YXMgcmFpc2VkIHRvIHVzZSB0aGUgY3VycmVudCBSRkMgODA5NyBzaWduYWwgYW5kIGV4dGVuZCBp dCB1c2luZyBhIHNlY3Rpb24gb2YgdGhlIHJlc2VydmVkIGZpZWxkLiBVc2luZyBCR1BzZWMgdW52 ZXJpZmllZCBhcyB2YWx1ZSAwIGFsbG93cyBiYWNrd2FyZHMgY29tcGF0aWJpbGl0eSBhbmQgSSBh bSBjdXJyZW50bHkgaW4gdGhlIHByb2Nlc3Mgb2YgbW9kaWZ5aW5nIGRyYWZ0LXNpZHJvcHMtYmdw c2VjLXZhbGlkYXRpb24tc2lnbmFsaW5nIHRvIHVwZGF0ZSA4MDk3IGZvciB0aGF0IHB1cnBvc2Uu DQoNClRvZGF5LCBJIHdhcyB0YWxraW5nIHRvIERhbmllbCBhbmQgSSBiZWxpZXZlIHdlIGNhbiBz b2x2ZSB0aGUgaXNzdWVzIGFkZHJlc3NlZCBpbiBkcmFmdC1pZXRmLXNpZHJvcHMtdmFsaWRhdGlu Zy1iZ3Atc3BlYWtlci4gDQpUaGUgY3VycmVudCBSRkMgODA5NyBhbHJlYWR5IG9wZW5zIHRoZSBk b29yIGZvciBzaWduYWxpbmcgdGhlIGF0dHJpYnV0ZSB2aWEgRUJHUC4gVGhlIGVuZCBvZiBzZWN0 aW9uIFJGQyA4MDk3IHNlY3Rpb24gNSByZWFkczoNCg0KIi4uLiBIb3dldmVyLCBpdCBTSE9VTEQg YmUgcG9zc2libGUgdG8gY29uZmlndXJlIGFuIGltcGxlbWVudGF0aW9uIHRvIHNlbmQgb3IJIAkJ DQphY2NlcHQgdGhlIGNvbW11bml0eSB3aGVuIHdhcnJhbnRlZC4gIEFuIGV4YW1wbGUgb2YgYSBj YXNlIHdoZXJlIHRoZQkgCQkNCmNvbW11bml0eSB3b3VsZCByZWFzb25hYmx5IGJlIHJlY2VpdmVk IGZyb20sIG9yIHNlbnQgdG8sIGFuIEVCR1AgcGVlcgkgCQkNCmlzIHdoZW4gdHdvIGFkamFjZW50 IEFTZXMgYXJlIHVuZGVyIGNvbnRyb2wgb2YgdGhlIHNhbWUJIAkJDQphZG1pbmlzdHJhdGlvbi4g IEEgc2Vjb25kIGV4YW1wbGUgaXMgZG9jdW1lbnRlZCBpbiBbU0lEUi1SUEtJXS4iDQoNCldpdGgg dGhlIGN1cnJlbnQgd29yZGluZyBvZiAid2hlbiB3YXJyYW50ZWQiLCBvbmUgY2FuIG1ha2UgdGhl IGNhc2UgdGhhdCBhIGNvbnRyYWN0dWFsIGFncmVlbWVudCBiZXR3ZWVuIHR3byBhZGphY2VudCBB U2VzIHdoaWNoIGFyZSBOT1QgdW5kZXIgY29udHJvbCBvZiB0aGUgc2FtZSBhZG1pbmlzdHJhdGlv biBjb3VsZCBhbHNvIHdhcnJhbnQgc3VjaCBleGNoYW5nZS4gU2FpZCB0aGF0IHNvbWUgZXh0cmEg d29yZGluZyB0byBtYWtlIHRoaXMgbW9yZSBjbGVhciBvciBldmVuIHNpbXBsaWZ5IHRoZSBpc3N1 ZSBjYW4gZWFzaWx5IGJlIGFkZGVkLiBUaGlzIHdpbGwgYWxzbyBiZSBoZWxwZnVsIGZvciBmdXR1 cmUgQkdQc2VjIHZhbGlkYXRpb24gc3RhdGUgc2lnbmFsaW5nIHdoZXJlIGxhcmdlciBJU1AncyBj b3VsZCBwZXJmb3JtIHRoZSBtYWpvcml0eSBvZiBCR1BzZWMgcGF0aCB2YWxpZGF0aW9uIGFuZCB0 aGUgY2xpZW50IHBlZXIganVzdCB3b3VsZCB2YWxpZGF0ZSB0aGUgbGFzdCBob3AgLSBpZiBhdCBh bGwgbmVlZGVkLg0KDQpSZWdhcmRpbmcgT3BlcmF0aW9uYWwgUmVjb21tZW5kYXRpb25zIChzZWN0 aW9uIDUgb2YgZHJhZnQtaWV0Zi1zaWRyb3BzLXZhbGlkYXRpbmctYmdwLXNwZWFrZXItMDMgKSwg SSB3b3VsZCBwcm9wb3NlIHRvIHB1dCB0aGlzIGludG8gYSBzZXBhcmF0ZSBkcmFmdCBvciBtYXli ZSBCQ1AuIFRoZSBkaWZmZXJlbnQgb3BlcmF0aW9uYWwgbW9kZXMgZGVzY3JpYmVkIHRoZXJlIGFy ZSB3b3J0aHdoaWxlIGtlZXBpbmcgYnV0IHNob3VsZCBiZSBzZXBhcmF0ZSBmcm9tIHRoZSBzaWdu YWxpbmcsDQoNClRob3VnaHRzPw0KDQpPbGl2ZXIgDQoNCg0K77u/T24gMTAvMjgvMTksIDI6MTMg UE0sICJTaWRyb3BzIG9uIGJlaGFsZiBvZiBSYW5keSBCdXNoIiA8c2lkcm9wcy1ib3VuY2VzQGll dGYub3JnIG9uIGJlaGFsZiBvZiByYW5keUBwc2cuY29tPiB3cm90ZToNCg0KICAgID4gQXQgdGhp cyBwb2ludCwgSSB0aGluayBhIGNsZWFyIHNpZ25hbCBmcm9tIHRoZSBXRyB3b3VsZCBoZWxwIHRo ZQ0KICAgID4gYXV0aG9ycyBjaGFuZ2UgdGhlaXIgZHJhZnQgT1IgYWJhbmRvbiBpdC4NCiAgICAN CiAgICB0aGlzIGRyYWZ0LCBhbmQgb3RoZXJzLCBzaG91bGQgbWVyZ2UgdG8gdXNlIGEgY29tbW9u IHNpZ25hbC4gIGkgdGhpbmsNCiAgICBvbGl2ZXIgaGFzIHRoZSBuZWVkIGhlcmUuDQogICAgDQog ICAgcmFuZHkNCiAgICANCiAgICBfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fXw0KICAgIFNpZHJvcHMgbWFpbGluZyBsaXN0DQogICAgU2lkcm9wc0BpZXRmLm9y Zw0KICAgIGh0dHBzOi8vZ2NjMDEuc2FmZWxpbmtzLnByb3RlY3Rpb24ub3V0bG9vay5jb20vP3Vy bD1odHRwcyUzQSUyRiUyRnd3dy5pZXRmLm9yZyUyRm1haWxtYW4lMkZsaXN0aW5mbyUyRnNpZHJv cHMmYW1wO2RhdGE9MDIlN0MwMSU3Q29saXZlci5ib3JjaGVydCU0MG5pc3QuZ292JTdDYzk3MDdj OGYxMDc3NDFkZDdhMjIwOGQ3NWJkMjk0MWYlN0MyYWI1ZDgyZmQ4ZmE0Nzk3YTkzZTA1NDY1NWM2 MWRlYyU3QzElN0MxJTdDNjM3MDc4ODMyMjkyNDE0MTk4JmFtcDtzZGF0YT1MSE0wRGtHTTZzcU13 eTElMkYzdmh6V3ZQeVA1YUhhYUV1am8lMkZaTHQ0SXFSVSUzRCZhbXA7cmVzZXJ2ZWQ9MA0KICAg IA0KDQo= From nobody Wed Oct 30 10:51:22 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DF6C212006E for ; Wed, 30 Oct 2019 10:51:18 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.9 X-Spam-Level: X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9Bd8rFHJcUM2 for ; Wed, 30 Oct 2019 10:51:17 -0700 (PDT) Received: from ran.psg.com (ran.psg.com [IPv6:2001:418:8006::18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A5CD212000F for ; Wed, 30 Oct 2019 10:51:17 -0700 (PDT) Received: from localhost ([127.0.0.1] helo=ryuu.rg.net) by ran.psg.com with esmtp (Exim 4.90_1) (envelope-from ) id 1iPs7o-0007nR-FI for sidrops@ietf.org; Wed, 30 Oct 2019 17:51:16 +0000 Date: Wed, 30 Oct 2019 10:51:16 -0700 Message-ID: From: Randy Bush To: sidrops@ietf.org In-Reply-To: <157245666486.32616.18111052292290498343@ietfa.amsl.com> References: <157245666486.32616.18111052292290498343@ietfa.amsl.com> User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/26.2 Mule/6.0 (HANACHIRUSATO) MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Archived-At: Subject: Re: [Sidrops] I-D Action: draft-ietf-sidrops-ov-egress-00.txt X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Oct 2019 17:51:19 -0000 with apologies to r=FCdiger, > Authors : ... Ruediger Volk the xml has his name correctly. randy From nobody Wed Oct 30 10:53:16 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D884612085C for ; Wed, 30 Oct 2019 10:53:14 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mqste0l83rPD for ; Wed, 30 Oct 2019 10:53:12 -0700 (PDT) Received: from mail.rg.net (mail.rg.net [198.180.150.2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4777E120220 for ; Wed, 30 Oct 2019 10:53:05 -0700 (PDT) Received: from 162-195-241-81.lightspeed.sntcca.sbcglobal.net ([162.195.241.81] helo=[192.168.56.1]) by mail.rg.net with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1iPs9W-0003bz-1Q; Wed, 30 Oct 2019 17:53:02 +0000 From: "Randy Bush" To: "Borchert, Oliver" Cc: "Christopher Morrow" , "SIDR Operations WG" , "Daniel Kopp" , "Job Snijders" Date: Wed, 30 Oct 2019 10:53:00 -0700 X-Mailer: MailMate (1.13r5655) Message-ID: In-Reply-To: References: <20180822161549.GA1021@hanna.meerval.net> <42CA116C-4F74-4D31-A58E-3D7528FC529F@de-cix.net> <20180905073454.GU3097@hanna.meerval.net> <16AB499B-D859-48D2-9C36-AAF4C6F29B1C@de-cix.net> <20180906134026.GC3097@hanna.meerval.net> MIME-Version: 1.0 Content-Type: text/plain Archived-At: Subject: Re: [Sidrops] WGLC - draft-ietf-sidrops-validating-bgp-speaker - ENDS 09/07/2018 - Sept 7th 2018 X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Oct 2019 17:53:15 -0000 > This will eliminate any possible confusion well, how about reduce? :) randy From nobody Thu Oct 31 07:21:02 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 35BDD12011E for ; Thu, 31 Oct 2019 07:21:01 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nist.gov Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C7RtdzYTZmbG for ; Thu, 31 Oct 2019 07:20:59 -0700 (PDT) Received: from GCC01-DM2-obe.outbound.protection.outlook.com (mail-eopbgr840129.outbound.protection.outlook.com [40.107.84.129]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5B95B120811 for ; Thu, 31 Oct 2019 07:20:59 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=S5vmKrIp2nzEAocPgz9mmdtnfcHaPx/3eOOuV3cih8l6sS89MuTFAeprAHv8+G0+oayLqO5p6SkUtUAOCdwEqPkq+Wp3T5yjWzqSwfBDPOSiXcbfRdWTqdPj5dWBwZU9P984c93MGvekX7joxGCJvQ9hNiXGj6NUGzYHTUY/Oy2eGFUfZRMEzOfeY5hVUROZUGZA37szRIv4o+sUwoA0NK1StYk/AcTU6V7/Df9GVj8ue7cTDtP0ZUkDBbHGnznqHl/FD0TOPXD1TZddCbnvvBSAEJwzog+3mmgvRt+Mod7cWYDod6+RiuCk6Sqo83W+DRtPaUUEnKf+bWn80xOo8w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=yumT54TDQD+kHECAm8COZoI2geFmBAHPNdyx9CtKyh8=; b=OIn+NYZwMh6o7+jEPT/vZ3poCa7FcJtSKNihgpBtos+X2Fyq9B+Sd62PG9YHhyHoeHCm6W42Zv1etkvrHm56qGDZkYK8zzBUta8o4v4PIOwHL9cH28QzBGHCnzabpT15GszAyDD9mCEZ1ohff78fC67rl/JfFpLUH1h0dN+hZIWmwKWl+p3TIN/xtc8A66aMxv1TDgsYMKffsXRIYE3UQW+VBnpauIIDMYHZk6EEEQzm4gIZiKx3ndbO81Juo5MlnsQLaRuAzpQ09rIlex1lCsiP1+96z33G1eb7gIpVw9C9e/hXhHoxRnUAh4B69TOQgzSOOaYxe62yyxk4Epx57w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nist.gov; dmarc=pass action=none header.from=nist.gov; dkim=pass header.d=nist.gov; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nist.gov; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=yumT54TDQD+kHECAm8COZoI2geFmBAHPNdyx9CtKyh8=; b=vjNtNufihoGsY8x0D8oy+DGy3cl6sCB2tjCoZL/xZsFWxeswXoaMtHGTc9sLK1H81H6NsP0WatKiDZTQ1Y7nv2phnPTw/MqrwUQbc/4aCz5fruv8aiMcGx/UfmwXD8yyaxYdyqFVPbbGMUH1ENmmoLD7AftTUOFz43syZIQWwJY= Received: from SN6PR09MB3024.namprd09.prod.outlook.com (20.177.251.157) by SN6PR09MB2655.namprd09.prod.outlook.com (52.135.97.25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2387.22; Thu, 31 Oct 2019 14:20:58 +0000 Received: from SN6PR09MB3024.namprd09.prod.outlook.com ([fe80::b079:51b9:8bfa:2acd]) by SN6PR09MB3024.namprd09.prod.outlook.com ([fe80::b079:51b9:8bfa:2acd%6]) with mapi id 15.20.2387.028; Thu, 31 Oct 2019 14:20:58 +0000 From: "Borchert, Oliver (Fed)" To: Randy Bush CC: Christopher Morrow , SIDR Operations WG , Daniel Kopp , Job Snijders Thread-Topic: [Sidrops] WGLC - draft-ietf-sidrops-validating-bgp-speaker - ENDS 09/07/2018 - Sept 7th 2018 Thread-Index: AQHUOifAhl7zE1LMVU2nqG1i5PteIKTL8neAgAMH8gCAEWE+gIAA7XyAgAAYbQCAAfNCgIAABTQAgAGYyoCCjf5JgIAAEWcAgALbDwCAAEPeAIABCBmA Date: Thu, 31 Oct 2019 14:20:57 +0000 Message-ID: References: <20180822161549.GA1021@hanna.meerval.net> <42CA116C-4F74-4D31-A58E-3D7528FC529F@de-cix.net> <20180905073454.GU3097@hanna.meerval.net> <16AB499B-D859-48D2-9C36-AAF4C6F29B1C@de-cix.net> <20180906134026.GC3097@hanna.meerval.net> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/10.1e.0.191013 authentication-results: spf=none (sender IP is ) smtp.mailfrom=oliver.borchert@nist.gov; x-originating-ip: [2610:20:6222:140:116a:64c2:c388:aa08] x-ms-publictraffictype: Email x-ms-office365-filtering-ht: Tenant x-ms-office365-filtering-correlation-id: 6948a93a-17ce-478e-42be-08d75e0d8c76 x-ms-traffictypediagnostic: SN6PR09MB2655: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:4303; x-forefront-prvs: 02070414A1 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(396003)(136003)(376002)(39860400002)(346002)(366004)(189003)(199004)(6916009)(86362001)(71190400001)(76116006)(76176011)(305945005)(66476007)(66946007)(66446008)(64756008)(6512007)(66556008)(186003)(6506007)(91956017)(33656002)(478600001)(71200400001)(102836004)(54906003)(99286004)(6246003)(4326008)(6436002)(558084003)(8936002)(58126008)(14454004)(229853002)(25786009)(486006)(256004)(5660300002)(316002)(6486002)(476003)(7736002)(11346002)(2616005)(2906002)(446003)(36756003)(6116002)(8676002)(81166006)(46003)(81156014); DIR:OUT; SFP:1102; SCL:1; SRVR:SN6PR09MB2655; H:SN6PR09MB3024.namprd09.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: WAudowKg1EMyrwfTgbj2HjnTIgpdwMeRKL5sFU/TDi3h11yyMn8GEmrS+RvFrCpaj7XMiiaIG447NSQO0OYeixCp5wSHGZ2VvaoAo1RBIF3V5fyhH+5rBGiE3Er4Vn8mtuN2Q7LA3EfYGEShWIpa0c0FptSCLSF7NccAYIX0ueTNyBr+kuxntRktk/v0hzsZO2T42T9sXy9pAjNfq+Wsr1PPUbNApv7RH80I4q07IQEKR9iLd/1BDDURAEBuc1lF3pG1czV/CPltkZjPa2FoNu5nKiZ1W2Hp3wKWqelNG1zVsXuFB+dmO2Ic2lwyBBvwcHuv14wTv64edRHuUPCjcahY+/QTRt4OUCaG4Vg9YIU5nc9yb1JXb7e3wgPPhq5uTJ5RNmi67gQ51B+p5Qn7JfEPe8DxiwHO/IozshSkJtVaTjT7VkE+chU01fpppNQH x-ms-exchange-transport-forked: True Content-Type: text/plain; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-OriginatorOrg: nist.gov X-MS-Exchange-CrossTenant-Network-Message-Id: 6948a93a-17ce-478e-42be-08d75e0d8c76 X-MS-Exchange-CrossTenant-originalarrivaltime: 31 Oct 2019 14:20:57.8112 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: dZxXQdwxnriD4JciFuPHQqAAw3TNVqcQCfVfw+3XFY5CRvFY0xyH5VQ0xHE/fPyTx6MN69bTRq2syWTrq5uE6A== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR09MB2655 Archived-At: Subject: Re: [Sidrops] WGLC - draft-ietf-sidrops-validating-bgp-speaker - ENDS 09/07/2018 - Sept 7th 2018 X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Oct 2019 14:21:01 -0000 V2VsbC4uLiB5ZXMsIEkgYWdyZWUgcmVkdWNlIG1pZ2h0IGJlIHRoZSBiZXR0ZXIgd29yZGluZyA6 KQ0KDQrvu79PbiAxMC8zMC8xOSwgMTo1MyBQTSwgIlJhbmR5IEJ1c2giIDxyYW5keUBwc2cuY29t PiB3cm90ZToNCg0KICAgID4gVGhpcyB3aWxsIGVsaW1pbmF0ZSBhbnkgcG9zc2libGUgY29uZnVz aW9uDQogICAgDQogICAgd2VsbCwgaG93IGFib3V0IHJlZHVjZT8gOikNCiAgICANCiAgICByYW5k eQ0KICAgIA0KDQo= From nobody Thu Oct 31 08:41:06 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3AC10120809 for ; Thu, 31 Oct 2019 08:41:05 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.998 X-Spam-Level: X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0ougIR_L5Qpu for ; Thu, 31 Oct 2019 08:41:03 -0700 (PDT) Received: from mail-qt1-x82f.google.com (mail-qt1-x82f.google.com [IPv6:2607:f8b0:4864:20::82f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5B21C1200F4 for ; Thu, 31 Oct 2019 08:41:03 -0700 (PDT) Received: by mail-qt1-x82f.google.com with SMTP id e14so9179891qto.1 for ; Thu, 31 Oct 2019 08:41:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=XJinwkSdROBXj41DHga8Y3Jj3Wd0h0IKj5pnvChOKWE=; b=qgbx+ELtc9i9xS8QpSIAbsUOT4+UKWgXO7kybMPH5murX107Sn7DSwswdA8gAA3Mx1 j4cQzAkMEbSFZk96sy+YcYbbhu50V5x0Z87RZraecsoULl/PPXk/zw5JKeuQ6IyG+Fx5 HSqz08CQEU75RaSrjGClaN6ai6sMqkUzoI2/OqSlTWydpX6zWcm8hQGWtWPLRGWODjfM RkWnyedco+L4k3tOLvI2F07QJYRYQQGnsZHGx24R0ZWAgBQUrzf7VPKKAceN9+6Skbwp +eiN9S/FXBdcqQbUL5bMgFM8Ot3H9NftR2iOqXRjD76F00X6Z8ecIREsP2xpWvP9tbmu cRgg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=XJinwkSdROBXj41DHga8Y3Jj3Wd0h0IKj5pnvChOKWE=; b=rw3IlgBWwdjF+DuuFeLGikW4Eex6W2ZUBVuiqPXCBOXFjRy4euDKv0gs7pceRt2S+D Fa0+Kd4CRc/G8kWqmhkYQzmOjAZcHFtznMMRHHagVQ7qC3u89wAIzqsInHE1HEswPkHE ebT87y62JPTDOtx2Sb+NPfYzcyoEWZc2C5Yey1+FQoeUvaPw79U9KK4w17UI1gZpHnoz rHp75uKUn/pTDmXHPc8//AULx/giLG0SuQ4y9jTKVl2s9404EPcJ7z/ea520YFhn4xcz UAgfbfC0mJXDALiua++0VBY0/57QPEV0dBz3VPatrh+6GGnoAE2NpIzQ7SL3Rp3dlfw+ eFFA== X-Gm-Message-State: APjAAAV5H5115cfD3Y4tkeQ8qdK2JYiG2/RrisW47iLDtNU+RPe3m687 Yyov7QHEFbJV7TcZXoyxX2OM4T7ej+Xdwy1ko+s= X-Google-Smtp-Source: APXvYqwh3O85JrQChOeBgDhU7ADHqSz9bC7an2E77n7Tab3D7wbjRZiH0Z8jYjLlMNTa/O2BuLskKnlGYfScQ0Sw9J8= X-Received: by 2002:a0c:becd:: with SMTP id f13mr5362001qvj.70.1572536462013; Thu, 31 Oct 2019 08:41:02 -0700 (PDT) MIME-Version: 1.0 References: <20180822161549.GA1021@hanna.meerval.net> <42CA116C-4F74-4D31-A58E-3D7528FC529F@de-cix.net> <20180905073454.GU3097@hanna.meerval.net> <16AB499B-D859-48D2-9C36-AAF4C6F29B1C@de-cix.net> <20180906134026.GC3097@hanna.meerval.net> In-Reply-To: From: Christopher Morrow Date: Thu, 31 Oct 2019 11:40:50 -0400 Message-ID: To: "Borchert, Oliver (Fed)" Cc: Randy Bush , SIDR Operations WG , Daniel Kopp , Job Snijders Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Archived-At: Subject: Re: [Sidrops] WGLC - draft-ietf-sidrops-validating-bgp-speaker - ENDS 09/07/2018 - Sept 7th 2018 X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Oct 2019 15:41:05 -0000 So... it sounds like Oliver/Daniel/et-al will chat some more and present a conclusion via draft or meeting presentation? On Thu, Oct 31, 2019 at 10:20 AM Borchert, Oliver (Fed) wrote: > > Well... yes, I agree reduce might be the better wording :) > > =EF=BB=BFOn 10/30/19, 1:53 PM, "Randy Bush" wrote: > > > This will eliminate any possible confusion > > well, how about reduce? :) > > randy > > From nobody Thu Oct 31 09:51:47 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 85E3D120895 for ; Thu, 31 Oct 2019 09:51:39 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.9 X-Spam-Level: X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rQnL7e1RmwIe for ; Thu, 31 Oct 2019 09:51:36 -0700 (PDT) Received: from ran.psg.com (ran.psg.com [IPv6:2001:418:8006::18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CCFF4120875 for ; Thu, 31 Oct 2019 09:51:36 -0700 (PDT) Received: from localhost ([127.0.0.1] helo=ryuu.rg.net) by ran.psg.com with esmtp (Exim 4.90_1) (envelope-from ) id 1iQDfZ-000501-3F; Thu, 31 Oct 2019 16:51:33 +0000 Date: Thu, 31 Oct 2019 09:51:32 -0700 Message-ID: From: Randy Bush To: Christopher Morrow Cc: "Borchert, Oliver (Fed)" , SIDR Operations WG , Daniel Kopp , Job Snijders In-Reply-To: References: <20180822161549.GA1021@hanna.meerval.net> <42CA116C-4F74-4D31-A58E-3D7528FC529F@de-cix.net> <20180905073454.GU3097@hanna.meerval.net> <16AB499B-D859-48D2-9C36-AAF4C6F29B1C@de-cix.net> <20180906134026.GC3097@hanna.meerval.net> User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/26.2 Mule/6.0 (HANACHIRUSATO) MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") Content-Type: text/plain; charset=US-ASCII Archived-At: Subject: Re: [Sidrops] WGLC - draft-ietf-sidrops-validating-bgp-speaker - ENDS 09/07/2018 - Sept 7th 2018 X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Oct 2019 16:51:40 -0000 > So... it sounds like Oliver/Daniel/et-al will chat some more and > present a conclusion via draft or meeting presentation? draft please. let's hope we have not totally become the social engineering task force (SETF). randy From nobody Thu Oct 31 11:02:35 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D06BE12008B for ; Thu, 31 Oct 2019 11:02:33 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nist.gov Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wFgaUXVS6cGj for ; Thu, 31 Oct 2019 11:02:31 -0700 (PDT) Received: from GCC01-CY1-obe.outbound.protection.outlook.com (mail-eopbgr830125.outbound.protection.outlook.com [40.107.83.125]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9A21D120073 for ; Thu, 31 Oct 2019 11:02:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=TdieFmB41Sc/rC6dHmBALqZFQTFvFAWLL5KGoBzYMgL1AAR94Sp8SHAPJU9Nei/gQ7D78eUfgT6cx4L/JnYsl50KqW0WAfTpKb2R8Q6iy8S/uqfQzWr39E9+v3Bqj8/ubMIt08V3KphLlwY1vfOnIEwcbJdBt58qI7GBZ2DU+TS5d2PzOQr8TQ37PjAcQmpSTclnRgjc4z91HtDS+FoitA51BnzgG6EPv+6iQF00umxHY4hbu97wnBdy7mkfefTsmtpGF0nEGDjrfjW0m0P8qmtoXUYNP0h8WFwzhvBbv9S6v0BrPYawYejyS8Zq5SozzJ3KciS75Y91IaTfMQ1akg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=7WldDRd6pX6co2nwZsfLLhRQw93/rMOcoGP2HzRh8NE=; b=naKVHlMVpe4y3eWQEh1Vla/dA4+9ki3cp04tX3assRYbKj9wFT+WLNbsJDOXzXAEK2zievVQHSIgKVUg8iat4z6A3uiUEb6l+BCGaSLgtz1BaARD2INamKFkdI7qDkg4EIw85KIxmjFDgxjr6b74O9ZfT7S5kYFfcYS5x9iwf76yop+lxMfgVBTWIJqwKNqrR/e88D56T3wuOssQvVhQZrI57ICAAjmMWty/KKHwciQxSoZ6zEQMbI+huJrOplYCm3nvVtoefCgqFTO8biDIqBUU9+9EMY7ssAkp96sNVdDa00DgsrNHp41gIKgkQjJxjZu3TizPowTCTrwaYme0Tg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nist.gov; dmarc=pass action=none header.from=nist.gov; dkim=pass header.d=nist.gov; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nist.gov; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=7WldDRd6pX6co2nwZsfLLhRQw93/rMOcoGP2HzRh8NE=; b=gNcDaJjIogy4QwTn2LK2hBZzrKWMoSLJOJCP4ejB94mUM2E8QNfwrOI5glVMLs45Hr9YKYpupe+bz4eALk+2VDOM7EK7lt+EPFrUSPCS8FjjwCiIM7DPqzYTuERkLmaaSgEBALTCSbZT5o7fGJaacfmhEtw4pNgD8x7R+/yOvxc= Received: from SN6PR09MB3024.namprd09.prod.outlook.com (20.177.251.157) by SN6PR09MB3183.namprd09.prod.outlook.com (20.177.250.208) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2408.18; Thu, 31 Oct 2019 18:02:29 +0000 Received: from SN6PR09MB3024.namprd09.prod.outlook.com ([fe80::b079:51b9:8bfa:2acd]) by SN6PR09MB3024.namprd09.prod.outlook.com ([fe80::b079:51b9:8bfa:2acd%6]) with mapi id 15.20.2387.028; Thu, 31 Oct 2019 18:02:29 +0000 From: "Borchert, Oliver (Fed)" To: Christopher Morrow CC: Randy Bush , SIDR Operations WG , Daniel Kopp , Job Snijders Thread-Topic: [Sidrops] WGLC - draft-ietf-sidrops-validating-bgp-speaker - ENDS 09/07/2018 - Sept 7th 2018 Thread-Index: AQHUOifAhl7zE1LMVU2nqG1i5PteIKTL8neAgAMH8gCAEWE+gIAA7XyAgAAYbQCAAfNCgIAABTQAgAGYyoCCjf5JgIAAEWcAgALbDwCAAEPeAIABCBmAgABlTgD//+SFAA== Date: Thu, 31 Oct 2019 18:02:29 +0000 Message-ID: <241C4EA8-E806-4E87-B588-68711116312A@nist.gov> References: <20180822161549.GA1021@hanna.meerval.net> <42CA116C-4F74-4D31-A58E-3D7528FC529F@de-cix.net> <20180905073454.GU3097@hanna.meerval.net> <16AB499B-D859-48D2-9C36-AAF4C6F29B1C@de-cix.net> <20180906134026.GC3097@hanna.meerval.net> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/10.1e.0.191013 authentication-results: spf=none (sender IP is ) smtp.mailfrom=oliver.borchert@nist.gov; x-originating-ip: [2610:20:6222:140:2162:b432:9620:e703] x-ms-publictraffictype: Email x-ms-office365-filtering-ht: Tenant x-ms-office365-filtering-correlation-id: 04f95a2f-2e11-4c8c-b7c7-08d75e2c7ec1 x-ms-traffictypediagnostic: SN6PR09MB3183: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:4714; x-forefront-prvs: 02070414A1 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39860400002)(346002)(376002)(366004)(396003)(136003)(189003)(199004)(6116002)(2906002)(256004)(33656002)(71190400001)(36756003)(4326008)(71200400001)(316002)(8676002)(81156014)(25786009)(8936002)(81166006)(66946007)(66476007)(76116006)(66446008)(91956017)(64756008)(66556008)(14454004)(58126008)(54906003)(11346002)(478600001)(229853002)(6486002)(6246003)(486006)(46003)(476003)(6512007)(6436002)(2616005)(186003)(53546011)(6506007)(305945005)(99286004)(5660300002)(6916009)(86362001)(102836004)(4744005)(76176011)(7736002)(446003); DIR:OUT; SFP:1102; SCL:1; SRVR:SN6PR09MB3183; H:SN6PR09MB3024.namprd09.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: 2I23EweBHoSDli3l3QHsRlfSOKLeAwR3baT/jtlpAq2vEc0LO/3ChFKsCl/GWfiSpXzSPhTfK6yvZcR87ahN+p8NxCiw/J2UKBzDwNc23qPvb7k8tH61DVX+JtLTPZ1tqOpUuSAIC7MipsfJ/VpDEAvj/Z50Wab3+o37erIGWNdDZ2xwOr1kbt6tJh4TgFaTmZDxtdAfQ+osXayJ29C5o6hVlkYZWfC2BzwqAFPcPzOqL4lUPvvt3MjeEaTgzjgqI0779dbfpSlLWobkvxeqVoXeCMSi+LzQNWQTbqjRr1EoaiNR7IfseQU4L6A3vnTtHSZh6qezubftLovpFlnpyU2eWaaWrP4njN+oQ03u8dL9/niuWGxWzsXxe/WhydYWdqa4pIDF8VNaw6F/Nnf2U1E9VPGUDpxI+lY7d+8gKLsPNIsbC3MqhTmCxax7qMMj x-ms-exchange-transport-forked: True Content-Type: text/plain; charset="utf-8" Content-ID: <96CE39D276633346BA305FDE62A2830D@namprd09.prod.outlook.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-OriginatorOrg: nist.gov X-MS-Exchange-CrossTenant-Network-Message-Id: 04f95a2f-2e11-4c8c-b7c7-08d75e2c7ec1 X-MS-Exchange-CrossTenant-originalarrivaltime: 31 Oct 2019 18:02:29.3002 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: PV9PJHuzsLqPLRrmnK/FwqShAUFVUZsbql2GmKBPswzv3R0lLERRpwUmcLvvfl+15GGAW3XKhH9cCUbgpSxV5A== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR09MB3183 Archived-At: Subject: Re: [Sidrops] WGLC - draft-ietf-sidrops-validating-bgp-speaker - ENDS 09/07/2018 - Sept 7th 2018 X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Oct 2019 18:02:34 -0000 SSBhbSBwbGFubmluZyBvbiB0aGF0LiBOb3Qgc3VyZSB5ZXQgaWYgSSBoYXZlIHRvIHJlbW90ZSBp biB0aG91Z2ggb3IgYmUgaW4gcGVyc29uLA0KTmV2ZXJ0aGVsZXNzIGJvb2sgbWUgZm9yIDEwIG1p bnV0ZXMsDQoNCk9saXZlcg0KDQrvu79PbiAxMC8zMS8xOSwgMTE6NDEgQU0sICJDaHJpc3RvcGhl ciBNb3Jyb3ciIDxjaHJpc3RvcGhlci5tb3Jyb3dAZ21haWwuY29tPiB3cm90ZToNCg0KICAgIFNv Li4uIGl0IHNvdW5kcyBsaWtlIE9saXZlci9EYW5pZWwvZXQtYWwgd2lsbCBjaGF0IHNvbWUgbW9y ZSBhbmQNCiAgICBwcmVzZW50IGEgY29uY2x1c2lvbiB2aWEgZHJhZnQgb3IgbWVldGluZyBwcmVz ZW50YXRpb24/DQogICAgDQogICAgT24gVGh1LCBPY3QgMzEsIDIwMTkgYXQgMTA6MjAgQU0gQm9y Y2hlcnQsIE9saXZlciAoRmVkKQ0KICAgIDxvbGl2ZXIuYm9yY2hlcnRAbmlzdC5nb3Y+IHdyb3Rl Og0KICAgID4NCiAgICA+IFdlbGwuLi4geWVzLCBJIGFncmVlIHJlZHVjZSBtaWdodCBiZSB0aGUg YmV0dGVyIHdvcmRpbmcgOikNCiAgICA+DQogICAgPiBPbiAxMC8zMC8xOSwgMTo1MyBQTSwgIlJh bmR5IEJ1c2giIDxyYW5keUBwc2cuY29tPiB3cm90ZToNCiAgICA+DQogICAgPiAgICAgPiBUaGlz IHdpbGwgZWxpbWluYXRlIGFueSBwb3NzaWJsZSBjb25mdXNpb24NCiAgICA+DQogICAgPiAgICAg d2VsbCwgaG93IGFib3V0IHJlZHVjZT8gOikNCiAgICA+DQogICAgPiAgICAgcmFuZHkNCiAgICA+ DQogICAgPg0KICAgIA0KDQo=