On Sun, Jan 30, 2011 at 2:55 PM, Martin Millnert milln...@gmail.com wrote:
Here be dragons,
snip
It should be fairly obvious, by most recently what's going on in
Egypt, why allowing a government to control the Internet is a Really
Bad Idea.
how is the egypt thing related to rPKI?
How is the
On Feb 1, 2011, at 9:14 AM, Christopher Morrow wrote:
On Sun, Jan 30, 2011 at 2:55 PM, Martin Millnert milln...@gmail.com wrote:
Here be dragons,
snip
It should be fairly obvious, by most recently what's going on in
Egypt, why allowing a government to control the Internet is a Really
Bad
On Feb 1, 2011, at 11:14 AM, Christopher Morrow wrote:
On Sun, Jan 30, 2011 at 2:55 PM, Martin Millnert milln...@gmail.com wrote:
Here be dragons,
snip
It should be fairly obvious, by most recently what's going on in
Egypt, why allowing a government to control the Internet is a Really
Bad
Le mardi 01 février 2011 à 12:14 -0500, Christopher Morrow a écrit :
On Sun, Jan 30, 2011 at 2:55 PM, Martin Millnert milln...@gmail.com wrote:
Here be dragons,
snip
It should be fairly obvious, by most recently what's going on in
Egypt, why allowing a government to control the Internet
Le mardi 01 février 2011 à 13:20 -0800, Owen DeLong a écrit :
On Feb 1, 2011, at 9:14 AM, Christopher Morrow wrote:
On Sun, Jan 30, 2011 at 2:55 PM, Martin Millnert milln...@gmail.com wrote:
Here be dragons,
snip
It should be fairly obvious, by most recently what's going on in
Egypt,
Is it really a better alternative? Do we want to pay the cost of a
fully distributed RPKI architecture?
Or do we just abandon the idea of protecting the routing infrastructure?
There is no free-lunch, we just need to select the price that we want
to pay.
-as
On Feb 1, 2011, at 1:36 PM, Michael Hallgren wrote:
Le mardi 01 février 2011 à 13:20 -0800, Owen DeLong a écrit :
On Feb 1, 2011, at 9:14 AM, Christopher Morrow wrote:
On Sun, Jan 30, 2011 at 2:55 PM, Martin Millnert milln...@gmail.com wrote:
Here be dragons,
snip
It should be fairly
On 1 Feb 2011, at 22:20, Owen DeLong wrote:
On Feb 1, 2011, at 9:14 AM, Christopher Morrow wrote:
On Sun, Jan 30, 2011 at 2:55 PM, Martin Millnert milln...@gmail.com wrote:
Here be dragons,
snip
It should be fairly obvious, by most recently what's going on in
Egypt, why allowing a
Le mardi 01 février 2011 à 16:54 -0500, Martin Millnert a écrit :
On Tue, Feb 1, 2011 at 4:36 PM, Michael Hallgren m.hallg...@free.fr wrote:
But RIR is (at least supposed to be) regional, so
(hopefully) more stable from a policy point of view (since the number of
national stake holders need
In this context, at least, perhaps the NIR should be considered
superfluous or redundant? What is the operational rationale behind the
NIR level? Wouldn't a flatter RIR-LIR structure do just fine?
and then, by inference, what is the use of the RIR level?
randy
On Feb 1, 2011, at 3:43 PM, Arturo Servin wrote:
Is it really a better alternative? Do we want to pay the cost of a
fully distributed RPKI architecture?
Or do we just abandon the idea of protecting the routing infrastructure?
There is no free-lunch, we just need to
Although I support Rpki as a technology, there are legitimate concerns that it
could be abused. I now believe that Rpki needs work in this area at IETF level
so the concerns are adressed.
I imagine some form of secret sharing among different parties or sme form of
key escrow. I am sure that it
There is not a single RIR that is not physically located in a country.
You can hope they are more stable from a policy point of view, but, the
reality is that if someone shows up at the front door with tanks and
mortars, my money is not on the RIR.
But they might choose a country in that
On Feb 1, 2011, at 2:40 PM, Rubens Kuhl wrote:
There is not a single RIR that is not physically located in a country.
You can hope they are more stable from a policy point of view, but, the
reality is that if someone shows up at the front door with tanks and
mortars, my money is not on
On Feb 1, 2011, at 1:57 PM, Alex Band wrote:
On 1 Feb 2011, at 22:20, Owen DeLong wrote:
On Feb 1, 2011, at 9:14 AM, Christopher Morrow wrote:
On Sun, Jan 30, 2011 at 2:55 PM, Martin Millnert milln...@gmail.com wrote:
Here be dragons,
snip
It should be fairly obvious, by most
On Tue, Feb 1, 2011 at 4:33 PM, Michael Hallgren m.hallg...@free.fr wrote:
Le mardi 01 février 2011 à 12:14 -0500, Christopher Morrow a écrit :
countries do not have RIR's, countries have NIR's... regions have RIR's.
In this context, at least, perhaps the NIR should be considered
superfluous
Since we are already talking about RIRs, I am curious, who will sign
the legacy blocks in RPKI?
Dongting
On Feb 1, 2011, at 3:01 PM, Christopher Morrow wrote:
On Tue, Feb 1, 2011 at 4:33 PM, Michael Hallgren m.hallg...@free.fr wrote:
Le mardi 01 février 2011 à 12:14 -0500, Christopher Morrow a écrit :
countries do not have RIR's, countries have NIR's... regions have RIR's.
In this context,
On Feb 1, 2011, at 5:13 PM, Dongting Yu wrote:
Since we are already talking about RIRs, I am curious, who will sign
the legacy blocks in RPKI?
Since they pre-exist the RIR, it's not clear that any one RIR has authority
until asked.
(For a discussion of rights, authority, etc, see
On Feb 1, 2011, at 3:13 PM, Dongting Yu wrote:
Since we are already talking about RIRs, I am curious, who will sign
the legacy blocks in RPKI?
Dongting
I suspect that if you want RPKI, you'll need to sign an agreement with the RIR.
In ARIN region, this would be the LRSA or the RSA.
Owen
So a possible road to ruin I was thinking of when I mentioned my unease
is, to state the obvious, -
Some large ISPs do RPKI as it's secure and their government contract
says they have to be secure, keep the terrists out, so all directly
attached ISP have to do it too kicking off a domino
Other
Le mercredi 02 février 2011 à 07:04 +0900, Randy Bush a écrit :
In this context, at least, perhaps the NIR should be considered
superfluous or redundant? What is the operational rationale behind the
NIR level? Wouldn't a flatter RIR-LIR structure do just fine?
and then, by inference, what
In this context, at least, perhaps the NIR should be considered
superfluous or redundant? What is the operational rationale behind the
NIR level? Wouldn't a flatter RIR-LIR structure do just fine?
and then, by inference, what is the use of the RIR level?
A meeting point for communities,
On Tue, 2011-02-01 at 14:51 -0800, Owen DeLong wrote:
If the RIR is signing the invalid ROA, how does one distinguish the
invalid from the valid?
In systems where the outputs from a computer system are very, very
critical, a sort of consensus takes place (I think they did this in
some space
Le mardi 01 février 2011 à 18:01 -0500, Christopher Morrow a écrit :
On Tue, Feb 1, 2011 at 4:33 PM, Michael Hallgren m.hallg...@free.fr wrote:
Le mardi 01 février 2011 à 12:14 -0500, Christopher Morrow a écrit :
countries do not have RIR's, countries have NIR's... regions have RIR's.
On Tue, Feb 1, 2011 at 5:15 PM, Carlos M. Martinez
carlosm3...@gmail.com wrote:
Although I support Rpki as a technology, there are legitimate concerns that
it could be abused. I now believe that Rpki needs work in this area at IETF
level so the concerns are adressed.
I imagine some form of
Alex,
On Tue, Feb 1, 2011 at 4:57 PM, Alex Band al...@ripe.net wrote:
On 1 Feb 2011, at 22:20, Owen DeLong wrote:
RPKI is a big knob governments might be tempted to turn.
Of course we looked into this, cause we're running our service from
Amsterdam, the Netherlands. The possibilities for
On Tue, Feb 1, 2011 at 6:13 PM, Dongting Yu dongting...@cl.cam.ac.uk wrote:
Since we are already talking about RIRs, I am curious, who will sign
the legacy blocks in RPKI?
my recollection is that IANA COULD do that...
(presuming a single root of the tree not 5 roots)
-chris
On Feb 1, 2011, at 3:53 PM, Karl Auer wrote:
On Tue, 2011-02-01 at 14:51 -0800, Owen DeLong wrote:
If the RIR is signing the invalid ROA, how does one distinguish the
invalid from the valid?
In systems where the outputs from a computer system are very, very
critical, a sort of consensus
On Feb 1, 2011, at 3:58 PM, Martin Millnert wrote:
On Tue, Feb 1, 2011 at 5:15 PM, Carlos M. Martinez
carlosm3...@gmail.com wrote:
Although I support Rpki as a technology, there are legitimate concerns that
it could be abused. I now believe that Rpki needs work in this area at IETF
level
Hey Martin,
I see your point and I believe it is a concern that should be addressed.
tks
Carlos
On 1/31/11 3:59 AM, Martin Millnert wrote:
Carlos,
On Sun, Jan 30, 2011 at 9:22 PM, Carlos Martinez-Cagnazzo
carlosm3...@gmail.com wrote:
Hi,
this is the second mention I see of RPKI and
On 1/31/2011 1:18 AM, Randy Bush wrote:
Based on this draft the recommended preference order is:
1) Validation ok
2) not found
3) Validation nok
Suppose an operator would use local-pref to achieve this.
This intention (preferring validated routes) will break, when there's a
more specific
666.42.0.0/16 has a roa for as 777
you start receiving
666.42.0.0/24 and 666.42.1.0/24, both unsigned. Changing preference
isn't enough to stop routing, as it's a more specific route and
automatically wins if it gets into the table.
nope
when there is no roa for the arriving prefix, a
when there is no roa for the arriving prefix, a roa for the covering
prefix is used. see draft-pmohapat-sidr-pfx-validate-07.txt.
which, btw, is why draft-ietf-sidr-rpki-origin-ops-04.txt warns
Before issuing a ROA for a block, an operator MUST ensure that any
sub-allocations from that
On 2011-01-30, at 12:15, Nick Hilliard wrote:
On 30/01/2011 09:08, Jeff Wheeler wrote:
This brings me to my point, which is that IRR is very good for
preventing accidents and automating some common tasks. It should be
secure to a point, but just because a route: object exists does not
mean
On 1/31/2011 7:59 AM, Randy Bush wrote:
when there is no roa for the arriving prefix, a roa for the covering
prefix is used. see draft-pmohapat-sidr-pfx-validate-07.txt.
Ahh, very good. I think that was the only concern. Presumably that would
invalidate the route and it would be discarded
when there is no roa for the arriving prefix, a roa for the covering
prefix is used. see draft-pmohapat-sidr-pfx-validate-07.txt.
Ahh, very good. I think that was the only concern. Presumably that
would invalidate the route and it would be discarded vs deprefed.
well, i am not sure you want
On 31/01/2011 14:16, Joe Abley wrote:
On 2011-01-30, at 12:15, Nick Hilliard wrote:
Depends on which IRR you use. The IRRDBs run by RIPE, APNIC and
AfriNIC implement hierarchical object ownership, which means that if
you're registering their address space, you can only do so if that
address
On 1/31/2011 8:35 AM, Randy Bush wrote:
when there is no roa for the arriving prefix, a roa for the covering
prefix is used. see draft-pmohapat-sidr-pfx-validate-07.txt.
Ahh, very good. I think that was the only concern. Presumably that
would invalidate the route and it would be discarded vs
Hi Randy,
.-- My secret spy satellite informs me that at 11-01-30 11:18 PM Randy
Bush wrote:
so i am not sure what your point is. please clarify with a concrete
example.
Adjusting a route's degree of preference in the selection algorithm
based on its validation state only works if it's
On Mon, Jan 31, 2011 at 6:17 PM, Andree Toonk andree+na...@toonk.nl wrote:
Now AS17557 start to announce a more specific: 208.65.153.0/24. Validators
would classify this as Invalid (2).
Would it be classified as invalid or unknown? Or are both possible
depending on whether 208.65.153.0/24 is
On 1/31/2011 12:40 PM, Dongting Yu wrote:
Would it be classified as invalid or unknown? Or are both possible
depending on whether 208.65.153.0/24 is signed? Do these two cases
differ in this particular case?
Based on the draft it is invalid, as the shorter covering prefix is
signed, so the
On 31 Jan 2011, at 19:40, Dongting Yu wrote:
On Mon, Jan 31, 2011 at 6:17 PM, Andree Toonk andree+na...@toonk.nl wrote:
Now AS17557 start to announce a more specific: 208.65.153.0/24. Validators
would classify this as Invalid (2).
Would it be classified as invalid or unknown? Or are both
I think the issue is not between valid vs invalid, but that using
route-maps and local preference a more specific not valid route would be used
over another less specific valid because of the routing decision process,
right?
Perhaps this would help?
On Mon, Jan 31, 2011 at 1:17 PM, Andree Toonk andree+na...@toonk.nl wrote:
Hi Randy,
.-- My secret spy satellite informs me that at 11-01-30 11:18 PM Randy Bush
wrote:
so i am not sure what your point is. please clarify with a concrete
example.
Adjusting a route's degree of preference
On Jan 31, 2011, at 3:11 PM, Christopher Morrow wrote:
I understand this is by design, but I can imagine some operators will be
reluctant to actually drop routes when they start testing RPKI deployments
in their networks.
yes, but what is the way forward?
RPKI in my IPv6? :)
Someone is
well, i am not sure you want to discard it. this is where the op has to
make a decision. in a world of partial deployment and ops and customers
still learning how to deal with this stuff, should it be discarded?
I agree and definitely understand the turnup viewpoint. However, RPKI is
.-- My secret spy satellite informs me that at 11-01-31 12:11 PM
Christopher Morrow wrote:
I understand this is by design, but I can imagine some operators will be
reluctant to actually drop routes when they start testing RPKI deployments
in their networks.
yes, but what is the way forward?
Jack already sort of explained what I meant, but here's an example
Assume that youtube's prefix had a roa like this
Origin ASN: AS36561
Prefixes: 208.65.152.0/22
Now AS17557 start to announce a more specific: 208.65.153.0/24.
Validators would classify this as Invalid (2).
If
Now AS17557 start to announce a more specific: 208.65.153.0/24.
Validators would classify this as Invalid (2).
Would it be classified as invalid or unknown?
invalid
Or are both possible
no. the result is a single value
depending on whether 208.65.153.0/24 is signed?
pedant=on
roas,
On 1/31/2011 3:06 PM, Randy Bush wrote:
some folk will want to drop that, i encourage them to, and have done my
best to see that they have the capability to do so. i am in that camp.
I definitely recommend it as BCP.
others fear rir and black helicopter control of their routing. they
others fear rir and black helicopter control of their routing. they
may not want to drop the 'bad' announcement. i tried to document how
they might do so.
I think this is fine. It will fix a few minor problems (the problem
network will have to be the same length or shorter to be ignored
On 1/31/2011 3:45 PM, Randy Bush wrote:
i have another half which fears that we have not completely connected
the dots between the egyptian net shut off of their nets and the media
interests who own the us government shutting off domain names without a
court order.
I agree, which is why I
On Mon, Jan 31, 2011 at 3:55 PM, Andree Toonk andree+na...@toonk.nl wrote:
.-- My secret spy satellite informs me that at 11-01-31 12:11 PM Christopher
Morrow wrote:
yes, but what is the way forward?
Not sure, that was my original question:
Are there any suggestions or recommendations for
I think the issue is not between valid vs invalid, but that using
route-maps and local preference a more specific not valid route
would be used over another less specific valid because of the
routing decision process, right?
in a word, no
please read draft-pmohapat-sidr-pfx-validate
randy
On 30/01/2011 09:08, Jeff Wheeler wrote:
This brings me to my point, which is that IRR is very good for
preventing accidents and automating some common tasks. It should be
secure to a point, but just because a route: object exists does not
mean that mntner: really has authority over that
The solution to this problem (theoretical at least) already exist in
the form of RPKI.
On Sun, Jan 30, 2011 at 6:23 AM, Andrew Alston a...@tenet.ac.za wrote:
Hi All,
I've just noticed that Level 3 is allowing people to register space in its
IRR database that A.) is not assigned to the people
On 1/30/2011 11:15 AM, Nick Hilliard wrote:
Depends on which IRR you use. The IRRDBs run by RIPE, APNIC and
AfriNIC implement hierarchical object ownership, which means that if
you're registering their address space, you can only do so if that
address space legitimately belongs to you.
Here be dragons,
On Sun, Jan 30, 2011 at 12:39 PM, Carlos Martinez-Cagnazzo
carlosm3...@gmail.com wrote:
The solution to this problem (theoretical at least) already exist in
the form of RPKI.
Any top-down RPKI model is intrinsically flawed.
Deploying an overlay of single-point(s) of failure
On 30/01/2011 17:39, Carlos Martinez-Cagnazzo wrote:
The solution to this problem (theoretical at least) already exist in
the form of RPKI.
So, what are peoples' routing policies on RPKI going to be? Are people
going to drop prefixes with no RPKI record? Or drop prefixes with an
incorrect
I think we just don't know (yet) how people are going to apply RPKI. If
I were operating a large network today, I would try to run RPKI in a
sort of warning-only mode, i.e. getting some sort of alert if an invalid
route was detected.
While this wouldn't have prevented YouTube's incident, it would
On Sun, 30 Jan 2011 19:06:05 -0200, Carlos M. Martinez said:
I think it is too early in the deployment process to start dropping
routes based on RPKI alone. We'll get there at some point, I guess.
Do we really *want* to get to that point?
pgpkwGoDsk8jO.pgp
Description: PGP signature
So, what are peoples' routing policies on RPKI going to be? Are people
going to drop prefixes with no RPKI record? Or drop prefixes with an
incorrect RPKI record? Or drop prefixes with a revoked status?
draft-ietf-sidr-rpki-origin-ops-04.txt
randy
I think it is too early in the deployment process to start dropping
routes based on RPKI alone. We'll get there at some point, I guess.
Do we really *want* to get to that point?
I thought that was the point and the goal of securing the routing
infrastructure is laudable. But the voices in
On 1/30/2011 2:47 PM, Nick Hilliard wrote:
I'm concerned that if we're trying to avoid another Youtube affair,
the RPKI policy acceptability criteria will have to be so strict that
this may have a serious effect on overall reachability via the internet.
Not really. Just a simple, if route
On Sun, Jan 30, 2011 at 5:08 PM, Jack Bates jba...@brightok.net wrote:
Just a simple, if route invalidly signed, drop it.
What constitutes a invalidly signed route more exactly?
Would a signed route by a signer (ISP) who's status has been revoked
by an entity in the RPKI-hierarchy-of-trust
On 1/30/2011 4:53 PM, Brandon Butterworth wrote:
I think it is too early in the deployment process to start dropping
routes based on RPKI alone. We'll get there at some point, I guess.
Do we really *want* to get to that point?
I thought that was the point and the goal of securing the routing
I would hope the response to the USG pressuring ARIN to diddle the RPKI
db would be disabling of RPKI queries by most BGP speakers.
no need. break down, take a break from typing, and actually read
draft-ietf-sidr-rpki-origin-ops-04.txt
.-- My secret spy satellite informs me that at 11-01-30 1:22 PM Randy
Bush wrote:
So, what are peoples' routing policies on RPKI going to be? Are people
going to drop prefixes with no RPKI record? Or drop prefixes with an
incorrect RPKI record? Or drop prefixes with a revoked status?
Hi,
this is the second mention I see of RPKI and Egypt in the same
context. I sincerely fail to see the connection between both
situations.
Egypt cut their links the old fashioned way: they pulled the plug. I
fail to see how such a situation could be made worse by RPKI. It
simply has nothing to
Carlos,
On Sun, Jan 30, 2011 at 9:22 PM, Carlos Martinez-Cagnazzo
carlosm3...@gmail.com wrote:
Hi,
this is the second mention I see of RPKI and Egypt in the same
context. I sincerely fail to see the connection between both
situations.
It is quite simple actually.
1. Governments
Based on this draft the recommended preference order is:
1) Validation ok
2) not found
3) Validation nok
Suppose an operator would use local-pref to achieve this.
This intention (preferring validated routes) will break, when there's a
more specific announcement that doesn't validate.
72 matches
Mail list logo