>A newer ROA competes with an older ROA if the newer ROA points to a different ASN, contains the same or a more specific prefix, and is issued by a different CA.
For DDoS mitigation service, (as an example) a /16 prefix owner may create (well in advance) two new ROAs for more specific /17s (covered by the /16 prefix). The new ROAs would have a different ASN – the ASN of the DDoS mitigation service provider. The CA remains the same. (The prefix owner already has a /16 ROA with its own ASN for its normal route announcement.) The idea is that in the event of a DDoS attack, the mitigation service provider will be able to announce the more specifics immediately and attract the attack traffic away from the victim. Would you consider these two new ROAs as competing ROAs? Or, is there a different name for them? They would be competing (for a good purpose) with the /16 ROA only in emergency scenarios. Sriram From: sidr [mailto:[email protected]] On Behalf Of Stephen Kent Sent: Wednesday, July 06, 2016 1:42 PM To: Randy Bush <[email protected]>; Sandra Murphy <[email protected]> Cc: sidr wg list <[email protected]> Subject: Re: [sidr] wglc for draft-ietf-sidr-adverse-actions-00 Here is the revised text for the relevant part of the intro. I don't see a need to change the text in the specific attack descriptions, given this revised intro text. Additionally, when a ROA or router certificate is created that "competes" with an existing ROA or router certificate (respectively), the creation of the new ROA or router certificate may be adverse. (A newer ROA competes with an older ROA if the newer ROA points to a different ASN, contains the same or a more specific prefix, and is issued by a different CA. A newer router certificate competes with an older router certificate if the newer one contains the same ASN a different public key, and is issued by a different CA.) Note that transferring resources, or changing of upstream providers may yield competing ROAs and/or router certificates, under some circumstances. Thus not all instances of competition are adverse actions. Steve
_______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
