Posing the question about 4-byte ASNs in my review of the BGPSec design reqs draft yesterday makes me wonder about the same in pfx-validate. The draft makes reference to AS_PATH in several locations. I'm thinking that we need a comment early in the draft stating that for the remainder of the draft no distinction is being made between AS_PATH and AS4_PATH, and that this standard is expected to support origin validation of both. Or alternatively, specify that this validation is performed on AS4_PATH and require support for 4893 as a prerequisite for SIDR. If we don't explicitly require hosts that support SIDR origin validation to support 4-byte ASN, we may also need some direction regarding specific handling for AS23456, such as to always treat as unknown since there is no way to determine validity for the combination of a prefix and a non-unique placeholder ASN (except for local TA), but we don't necessarily want those routes to be treated as invalid.
I'm not sure if some of this belongs within sidr-arch, roa-validation, origin-ops, etc, but a quick scan through those docs don't reveal any obvious references to 4893, AS4_PATH, etc. Thanks Wes George > -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf Of > [email protected] > Sent: Monday, October 31, 2011 2:21 PM > To: [email protected] > Cc: [email protected] > Subject: [sidr] I-D Action: draft-ietf-sidr-pfx-validate-03.txt > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. This draft is a work item of the Secure Inter-Domain > Routing Working Group of the IETF. > > Title : BGP Prefix Origin Validation > Author(s) : Pradosh Mohapatra > John Scudder > David Ward > Randy Bush > Rob Austein > Filename : draft-ietf-sidr-pfx-validate-03.txt > Pages : 13 > Date : 2011-10-31 > > To help reduce well-known threats against BGP including prefix mis- > announcing and monkey-in-the-middle attacks, one of the security > requirements is the ability to validate the origination AS of BGP > routes. More specifically, one needs to validate that the AS number > claiming to originate an address prefix (as derived from the AS_PATH > attribute of the BGP route) is in fact authorized by the prefix > holder to do so. This document describes a simple validation > mechanism to partially satisfy this requirement. > > > A URL for this Internet-Draft is: > http://www.ietf.org/internet-drafts/draft-ietf-sidr-pfx-validate-03.txt > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > This Internet-Draft can be retrieved at: > ftp://ftp.ietf.org/internet-drafts/draft-ietf-sidr-pfx-validate-03.txt > _______________________________________________ > sidr mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/sidr This E-mail and any of its attachments may contain Time Warner Cable proprietary information, which is privileged, confidential, or subject to copyright belonging to Time Warner Cable. This E-mail is intended solely for the use of the individual or entity to which it is addressed. If you are not the intended recipient of this E-mail, you are hereby notified that any dissemination, distribution, copying, or action taken in relation to the contents of and attachments to this E-mail is strictly prohibited and may be unlawful. If you have received this E-mail in error, please notify the sender immediately and permanently delete the original and any copy of this E-mail and any printout. _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
