Hi, there's a typo in Section 2: I believe " - should significantly improve the security of global inter-domain routing system." Should be: " - should significantly improve the security of the global inter-domain routing system."
Section 4 has text of: " The procedure takes (AS1, AS2, AFI) as input parameters" and " Therefore, the above procedure with the input (AS1, AS2, AFI) may have different outputs for different AFI values." But it looks like in section 3 the notation given is: " (AS1, AFI, [AS2,...])" Not sure if that's a mistake or no. Section 8.1 states: " While the described upgrades to BGP are quite useful," I would recommend: " While the above described upgrades to BGP are quite useful," Or something similar to clarify that this statement is referring to ASPA. In Section 8, it may be useful to reference route filters that are dynamically generated using IRR data and how they compare to ASPA. In Section 10 there's a typo. " ...violation should have legal consequences or customer can just drop the relationship with such a provider and remove the corresponding ASPA record." Should be: " ...violation should have legal consequences or the customer can just drop the relationship with such a provider and remove the corresponding ASPA record." On 10/27/22, 8:07 AM, "Sidrops on behalf of Sriram, Kotikalapudi (Fed)" <[email protected] on behalf of [email protected]> wrote: CAUTION: The e-mail below is from an external source. Please exercise caution before opening attachments, clicking links, or following guidance. Hi all, The new version (v-11) significantly updates the draft for accuracy of the ASPA-based AS path verification algorithm, presentation, and text clarity. https://datatracker.ietf.org/doc/html/draft-ietf-sidrops-aspa-verification-11 A diff file (v-09 vs. v-11) is attached (pdf) and can be also found here: https://github.com/ksriram25/IETF/blob/main/Diff_%20draft-ietf-sidrops-aspa-verification-09.txt%20-%20draft-ietf-sidrops-aspa-verification-11.txt.pdf The main changes incorporated are: 1. Enhanced algorithm for correctly differentiating between "Invalid" and "Unknown" validation cases (v-09+). The enhanced algorithm with formal proof that was presented at IETF 110: https://datatracker.ietf.org/meeting/110/materials/slides-110-sidrops-sriram-aspa-alg-accuracy-01 2. Re-wrote the algorithm descriptions avoiding the use of Segment(i) notation. See WG discussion and feedback about that at: https://mailarchive.ietf.org/arch/msg/sidrops/wdRFY7RQCnwI3I3MK3qEgBKl-9c/ 3. AS_SET is taken care of in the algorithm in accordance with the WG consensus. Presence of AS_SET anywhere now makes the AS_PATH Invalid. See WG discussion and feedback about that at: https://mailarchive.ietf.org/arch/browse/sidrops/?gbt=1&index=02l6GBeR9E3u6ff-EB7PvoRTyds 4. A new Section on AS Confederations is included; see WG feedback here: https://mailarchive.ietf.org/arch/msg/sidrops/E-SS_hUgxuS5PmjToUC96UEWluU/ 5. RS (IXP) (transparent/non-transparent) is appropriately taken care of in the algorithms. See WG discussion and feedback about that at: https://mailarchive.ietf.org/arch/browse/sidrops/?gbt=1&index=eAvyo_zOw_LfHMlY1gjJRQNqehI 6. Created other new sections: 5.4. ASPA Registration Recommendations; 5.5. AS Path Verification Recommendation; 7. Operational Considerations; 8. Comparison to Other Technologies; and 9. IANA Considerations. 7. Arranged the references more accurately in Normative and Informational categories. Further comments/feedback are welcome. Thank you. Sriram (w/ authors) =========================== A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the SIDR Operations WG of the IETF. Title : BGP AS_PATH Verification Based on Resource Public Key Infrastructure (RPKI) Autonomous System Provider Authorization (ASPA) Objects Authors : Alexander Azimov Eugene Bogomazov Randy Bush Keyur Patel Job Snijders Kotikalapudi Sriram Filename : draft-ietf-sidrops-aspa-verification-11.txt Pages : 15 Date : 2022-10-24 Abstract: This document defines the semantics of an Autonomous System Provider Authorization object in the Resource Public Key Infrastructure to verify the Border Gateway Protocol (BGP) AS_PATH attribute of advertised routes. This type of AS_PATH verification is primarily intended for detection and mitigation of route leaks. It also to some degree provides protection against forged-origin prefix hijacks. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-sidrops-aspa-verification/ There is also an htmlized version available at: https://datatracker.ietf.org/doc/html/draft-ietf-sidrops-aspa-verification-11 E-MAIL CONFIDENTIALITY NOTICE: The contents of this e-mail message and any attachments are intended solely for the addressee(s) and may contain confidential and/or legally privileged information. If you are not the intended recipient of this message or if this message has been addressed to you in error, please immediately alert the sender by reply e-mail and then delete this message and any attachments. If you are not the intended recipient, you are notified that any use, dissemination, distribution, copying, or storage of this message or any attachment is strictly prohibited. _______________________________________________ GROW mailing list [email protected] https://www.ietf.org/mailman/listinfo/grow
