Joseph,
On 14 Mar 2012, at 10:13, Joseph Gersch wrote:
> This thread is raising two questions:
> 1) should the discussion be in GROW or SIDR?
> 2) hasn't this idea been discussed before
>
> --- Regarding the location for the draft, the group presented arguments on
> both sides. We believe that GROW is the proper place to lead the
> discussion. However we have been invited to give a summary presentation at
> SIDR to ensure that all interested parties are aware of this proposal.
> However, SIDR limits their scope to:
>
>> * Is an Autonomous System (AS) authorized to originate an IP prefix
>> * Is the AS-Path represented in the route the same as the path through
>> which the NLRI traveled
>
> Neither of these really fit our draft well. You cannot use our approach to
> see all the prefixes that are authorized to originate from a given AS.
> Instead of looking at prefix ranges or an AS, this approach starts from a
> specific prefix and asks to identify its origin AS. This is similar, but
> not identical to what SIDR seeks to do.
Validating a prefix using the origin ASN looks a lot to RPKI-Origin
Validation.
>
> The second SIDR objective does not fit our work at all. We do not seek to
> validate a complete many hop path. In this sense, we don't fit SIDR. As
> we mentioned above, we are interested in getting comments from SIDR, but we
> feel GROW is a better fit. In addition, we have an operational testbed
> and are working to get more participants in operations. This is something
> people can participate in now. So in this sense, we were shooting for
> something we view as more of a routing operation issue and hence GROW.
>
> This proposal also impacts the DNSOP and DNSEXT groups. We have asked people
> on those mailing lists for comments, and a presentation will be made at DNSOP
> as well.
>
> --- Regarding the "already discussed issue":
> This earlier proposal was the T Bates / R Bush draft from 1998. A lot of
> progress has taken place during the last 14 years. The root zone and
> in-addr.arpa are signed with DNSSEC. A naming convention for CIDR addresses
> in the reverse DNS is being proposed at DNSOP. These new record types
> enable some interesting capabilities that are
> worth discussing at GROW.
>
> - Joe Gersch and Dan Massey
As I mentioned before, I do not think this work belongs to GROW. I
would rather prefer to see it in SIDR as a WG item and to be discussed in
parallel here and DNSOP, but not the other way.
In the end if your approach is to secure bgp, then secure IDR, then
SIDR.
Also, from SIDR charter I read:
"The two vulnerabilities that will be
addressed are:
* Is an Autonomous System (AS) authorized to originate an IP prefix
"
Unless I understood wrongly your draft, I do not see why it does not
fit SIDR's charter.
Regards,
.as
_______________________________________________
GROW mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/grow
