Nick,
>Ben Maddison wrote on 11/03/2022 07:23:
>> Essential, I would think: how could a far end relying party know that
>> an AS in the middle of a received AS_PATH is a non-transparent IXP RS
>> in order to apply any other treatment?
>given that they're a shrinking rarity, would it not make sense to completely
>exclude non-transparent RSs from the ASPA definition? In the short term this
>would cause problems for ASNs which connect to non-transparent RSs, but there
>are hardly any left, and only one sizeable one.
>I wonder whether it's a good idea to design a long term security mechanism
>which includes a specific carve-out for a legacy corner case like this.
Not sure why Ben even raised that question. To me, it doesn't seem relevant. In
the route leak detection procedures, the receiving/validating AS does not
require information about the nature of ASes (RS or not RS) in the AS Path
except for the sending/neighbor AS which it knows to be an RS in case it knows
itself to be an RS-client. The procedures rely only on ASPA objects for the
origin AS and ASes in the middle.
Sriram
_______________________________________________
GROW mailing list
GROW@ietf.org
https://www.ietf.org/mailman/listinfo/grow
