Hi Randy,
On 12/11/2008, at 10:40 AM, Randy Bush wrote:
the security model of the boa is seriously flawed. it mixes a
negative
model with the existing positive one. this will vastly complicate
things and to little utility.
As I see it the BOA draft introduces and allows for the reality of
several shades of routing intent, as exists on the internet today and
will also exist in the future, but adds a strong level of
predictability. Certainly it does add an additional function that you
could argue as complexity - however I see benefits of the BOA as we
have cases that don't fall into a singularly positive stance (and
logically what is not positive - is negative).
Progressing through the world of a partial deployment (thinking that
is the only level of deployment we will probably ever see) there are
states of, 'must route', 'must not route' and the horrible greyness of
local relying party' policy mixed with various resources that compound
the corner cases.
We know 'must route' is well understood, and using a singularly
positive stance that implies everything else is negative or black, or
grey-ish as mixed with local policy.
Having the BOA provides for the 'must not route', eg reserved
resources, unallocated resources, and prefixes that a publishing
entity simply does not want routed on the internet (a way to enforce
their own policy transcending configuration errors). So even when
mixed with local policy it also provides for a clean line of fairly
universal and well known bogon behaviours that can't go stale.
What it further allows, is the greyness of global anycast prefixes
(somewhat known as problem resources in RPKI) like 6to4, and AS23456
(AS-TRANS). Here the prefix can fall nicely into a grey area by not
having a ROA, and not having a BOA. The concerns of local policy
become much simpler on weather to accept this route or not regardless
of who announces the resource.
Terry
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
