Re: [sidr] SIDR Charter Question

Thu, 29 Apr 2010 09:12:42 -0700 


On Thu, 29 Apr 2010, Geoff Huston wrote:



On 29/04/2010, at 5:24 AM, Chris Morrow wrote:




Sandra Murphy wrote:

The relative frequency of use of AS_SETs is interesting, but not really
germane to the point here.

If we were trying to develop a protection for AS_SETs then we might want
to ask the engineering question of where and how often they were used.

But for the purpose of validating received updates, we need a rule for
what is done with AS_SETs that appear in the AS_PATH origin.  Lack of
rules leaves opportunities for deliberate or accidental mischief.

AS_SETs might not be used very often, but that doesn't stop someone from
using AS_SETs deliberately with malicious intent.


right so as a starting point:
"AS_SET in an origin is unvalidatable."

how about that? (I think this is fine since:
1) they aren't used in production very much anymore
2) where used, they seem to be mis-used
3) the rules for how you do verification/validation of an AS_SET are at
best murky.

-chris
(regular user)




You ask: "how about that?"

That still works for me. Ironically (or any other adjective that matches - I can think of 
quite a few more extreme ones that I could substitute) this is _precisely_ where all this 
started when I proposed using the following definition of an "origin AS" (in my 
note from 4 April):

"A route's "origin AS" is the final element of the route object's
AS_PATH attribute.  If the final AS_PATH element is an AS Set,
indicating that the route is an aggregate, then the origin AS
cannot be determined."




Ironically, this also works to satisfy the requirement I stated that 
there needed to be some statement of what to do with AS_SETs.



(Presuming that you intend that "cannot be determined" will lead to one of 
the defined validation conditions (e.g., "unknown", but that's not my 
call), not be left to some arbitrary action devised by the implementer.)



Just to be clear, even the current language in 
draft-ietf-sidr-roa-validation-05 satisfies the requirement.  I am not 
making a consensus statement about which statement should be chosen.


--Sandy, speaking as wg chair





 Geoff




_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr


























					Reply via email to