Re: [sidr] draft-pmohapat-sidr-pfx-validate-03.txt as SIDR WG document

To: "sidr at ietf.org" <sidr at ietf.org>
Subject: Re: [sidr] draft-pmohapat-sidr-pfx-validate-03.txt as SIDR WG document
From: "Sriram, Kotikalapudi" <kotikalapudi.sriram at nist.gov>
Date: Mon, 2 Nov 2009 12:11:44 -0500
Accept-language: en-US
Acceptlanguage: en-US
Delivered-to: sidr at core3.amsl.com
In-reply-to: <alpine.BSF.2.00.0910301148440.74082 at fledge.watson.org>
List-archive: <http://www.ietf.org/mail-archive/web/sidr>
List-help: <mailto:sidr-request@ietf.org?subject=help>
List-id: Secure Interdomain Routing <sidr.ietf.org>
List-post: <mailto:sidr@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
References: <C710BB6C.1256%terry.manderson at icann.org> <4AEA821D.7040305 at apnic.net> <4AEB07E9.7010107 at joelhalpern.com> <alpine.BSF.2.00.0910301148440.74082 at fledge.watson.org>
Thread-index: AcpZeRJOWf8qcwXJSPGj1FSLDJuM+QCZWNAg
Thread-topic: [sidr] draft-pmohapat-sidr-pfx-validate-03.txt as SIDR WG document

At the end of Section 4, you may consider adding a sentence to the effect: It is expected that the AGGREGATOR AS will have a ROA registered that permits the AGGREGATOR AS to originate the aggregate prefix. 

The following comments are similar to what I have observed for draft-ietf-sidr-roa-validation-03:

There is substantial commonality in the problem space addressed as well as the solution (algorithm) described between the two documents: draft-pmohapat-sidr-pfx-validate-03 and draft-ietf-sidr-roa-validation-03.

The algorithm in this ID and also that in draft-ietf-sidr-roa-validation-03 do not cover another case of partial deployment where suballocations legitimately originate from a different AS and while a parent prefix has a ROA with ISP's AS origin, the suballocation (customer's) has no ROA registered yet. Please see slide 4 in link below (I had emailed this to SIDR list soon after the SIDR WG meeting in Stockholm):
http://www.antd.nist.gov/~ksriram/SIDR_ROA_BOA_Interpretation.pdf 
I must admit that I am a bit torn about how to cater to this type of partial deployment condition. One way out is to have a deadline prior to which the validation decisions would be soft ("not found") for this case and then the hard decision ("invalid") kicks in after the deadline (again see my slides; use of BOA or ROA with AS0 may be helpful but not essential as discussed in my slides 5 and 6). 

Sriram
K. Sriram
+1 301 975 3793
http://www.antd.nist.gov/~ksriram/

Follow-Ups:
- Re: [sidr] draft-pmohapat-sidr-pfx-validate-03.txt as SIDR WG document
  - From: Larry Blunk

References:
- Re: [sidr] draft-pmohapat-sidr-pfx-validate-03.txt as SIDR WG document
  - From: Terry Manderson
- Re: [sidr] draft-pmohapat-sidr-pfx-validate-03.txt as SIDR WG document
  - From: Robert Loomans
- Re: [sidr] draft-pmohapat-sidr-pfx-validate-03.txt as SIDR WG document
  - From: Joel M. Halpern
- Re: [sidr] draft-pmohapat-sidr-pfx-validate-03.txt as SIDR WG document
  - From: Samuel Weiler

Prev by Date: Re: [sidr] revision to draft-ietf-sidr-roa-validation
Next by Date: Re: [sidr] Working Group Last Call - draft-ietf-sidr-rescerts-provisioning-05.txt
Previous by thread: Re: [sidr] draft-pmohapat-sidr-pfx-validate-03.txt as SIDR WG document
Next by thread: Re: [sidr] draft-pmohapat-sidr-pfx-validate-03.txt as SIDR WG document
Index(es):
- Date
- Thread

Re: [sidr] draft-pmohapat-sidr-pfx-validate-03.txt as SIDR WG document

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.