On Feb 1, 2011, at 3:58 PM, Martin Millnert wrote:
> On Tue, Feb 1, 2011 at 5:15 PM, Carlos M. Martinez
> wrote:
>> Although I support Rpki as a technology, there are legitimate concerns that
>> it could be abused. I now believe that Rpki needs work in this area at IETF
>> level so the concern
On Feb 1, 2011, at 3:53 PM, Karl Auer wrote:
> On Tue, 2011-02-01 at 14:51 -0800, Owen DeLong wrote:
>> If the RIR is signing the "invalid" ROA, how does one distinguish the
>> invalid from the valid?
>
> In systems where the outputs from a computer system are very, very
> critical, a sort of "c
On Tue, Feb 1, 2011 at 6:13 PM, Dongting Yu wrote:
> Since we are already talking about RIRs, I am curious, who will sign
> the legacy blocks in RPKI?
my recollection is that IANA COULD do that...
(presuming a single root of the tree not 5 roots)
-chris
Alex,
On Tue, Feb 1, 2011 at 4:57 PM, Alex Band wrote:
> On 1 Feb 2011, at 22:20, Owen DeLong wrote:
>> RPKI is a big knob governments might be tempted to turn.
>
> Of course we looked into this, cause we're running our service from
> Amsterdam, the Netherlands. The possibilities for law enforce
On Tue, Feb 1, 2011 at 5:15 PM, Carlos M. Martinez
wrote:
> Although I support Rpki as a technology, there are legitimate concerns that
> it could be abused. I now believe that Rpki needs work in this area at IETF
> level so the concerns are adressed.
>
> I imagine some form of secret sharing am
Le mardi 01 février 2011 à 18:01 -0500, Christopher Morrow a écrit :
> On Tue, Feb 1, 2011 at 4:33 PM, Michael Hallgren wrote:
> > Le mardi 01 février 2011 à 12:14 -0500, Christopher Morrow a écrit :
>
> >> countries do not have RIR's, countries have NIR's... regions have RIR's.
> >
> > In this c
On Tue, 2011-02-01 at 14:51 -0800, Owen DeLong wrote:
> If the RIR is signing the "invalid" ROA, how does one distinguish the
> invalid from the valid?
In systems where the outputs from a computer system are very, very
critical, a sort of "consensus" takes place (I think they did this in
some spac
>>> In this context, at least, perhaps the NIR should be considered
>>> superfluous or redundant? What is the operational rationale behind the
>>> NIR level? Wouldn't a flatter RIR-LIR structure do just fine?
>>
>> and then, by inference, what is the use of the RIR level?
>
> A meeting point for
Le mercredi 02 février 2011 à 07:04 +0900, Randy Bush a écrit :
> > In this context, at least, perhaps the NIR should be considered
> > superfluous or redundant? What is the operational rationale behind the
> > NIR level? Wouldn't a flatter RIR-LIR structure do just fine?
>
> and then, by inferenc
So a possible road to ruin I was thinking of when I mentioned my unease
is, to state the obvious, -
Some large ISPs do RPKI as it's secure and their government contract
says they have to be secure, keep the terrists out, so all directly
attached ISP have to do it too kicking off a domino
Other la
On Feb 1, 2011, at 3:13 PM, Dongting Yu wrote:
> Since we are already talking about RIRs, I am curious, who will sign
> the legacy blocks in RPKI?
>
> Dongting
I suspect that if you want RPKI, you'll need to sign an agreement with the RIR.
In ARIN region, this would be the LRSA or the RSA.
Ow
On Feb 1, 2011, at 5:13 PM, Dongting Yu wrote:
> Since we are already talking about RIRs, I am curious, who will sign
> the legacy blocks in RPKI?
Since they pre-exist the RIR, it's not clear that any one RIR has authority
until asked.
(For a discussion of rights, authority, etc, see
http://c
On Feb 1, 2011, at 3:01 PM, Christopher Morrow wrote:
> On Tue, Feb 1, 2011 at 4:33 PM, Michael Hallgren wrote:
>> Le mardi 01 février 2011 à 12:14 -0500, Christopher Morrow a écrit :
>
>>> countries do not have RIR's, countries have NIR's... regions have RIR's.
>>
>> In this context, at least
Since we are already talking about RIRs, I am curious, who will sign
the legacy blocks in RPKI?
Dongting
On Tue, Feb 1, 2011 at 4:33 PM, Michael Hallgren wrote:
> Le mardi 01 février 2011 à 12:14 -0500, Christopher Morrow a écrit :
>> countries do not have RIR's, countries have NIR's... regions have RIR's.
>
> In this context, at least, perhaps the NIR should be considered
> superfluous or redundant
On Feb 1, 2011, at 1:57 PM, Alex Band wrote:
>
> On 1 Feb 2011, at 22:20, Owen DeLong wrote:
>
>>
>> On Feb 1, 2011, at 9:14 AM, Christopher Morrow wrote:
>>
>>> On Sun, Jan 30, 2011 at 2:55 PM, Martin Millnert wrote:
Here be dragons,
>>>
It should be fairly obvious, by most recen
On Feb 1, 2011, at 2:40 PM, Rubens Kuhl wrote:
>> There is not a single RIR that is not physically located in a country.
>
>
>> You can hope they are more stable from a policy point of view, but, the
>> reality is that if someone shows up at the front door with tanks and
>> mortars, my money is
> There is not a single RIR that is not physically located in a country.
> You can hope they are more stable from a policy point of view, but, the
> reality is that if someone shows up at the front door with tanks and
> mortars, my money is not on the RIR.
But they might choose a country in that
Although I support Rpki as a technology, there are legitimate concerns that it
could be abused. I now believe that Rpki needs work in this area at IETF level
so the concerns are adressed.
I imagine some form of secret sharing among different parties or sme form of
key escrow. I am sure that it
On Feb 1, 2011, at 3:43 PM, Arturo Servin wrote:
> Is it really a better alternative? Do we want to pay the cost of a
> fully distributed RPKI architecture?
>
> Or do we just abandon the idea of protecting the routing infrastructure?
>
> There is no free-lunch, we just need t
> In this context, at least, perhaps the NIR should be considered
> superfluous or redundant? What is the operational rationale behind the
> NIR level? Wouldn't a flatter RIR-LIR structure do just fine?
and then, by inference, what is the use of the RIR level?
randy
Le mardi 01 février 2011 à 16:54 -0500, Martin Millnert a écrit :
> On Tue, Feb 1, 2011 at 4:36 PM, Michael Hallgren wrote:
> > But RIR is (at least supposed to be) regional, so
> > (hopefully) more stable from a policy point of view (since the number of
> > national "stake holders" need to agree
On 1 Feb 2011, at 22:20, Owen DeLong wrote:
>
> On Feb 1, 2011, at 9:14 AM, Christopher Morrow wrote:
>
>> On Sun, Jan 30, 2011 at 2:55 PM, Martin Millnert wrote:
>>> Here be dragons,
>>
>>> It should be fairly obvious, by most recently what's going on in
>>> Egypt, why allowing a government
On Tue, Feb 1, 2011 at 4:36 PM, Michael Hallgren wrote:
> But RIR is (at least supposed to be) regional, so
> (hopefully) more stable from a policy point of view (since the number of
> national "stake holders" need to agree on a common policy). In theory,
> at least...
For Europe and RIPE, the EU
On Feb 1, 2011, at 1:36 PM, Michael Hallgren wrote:
> Le mardi 01 février 2011 à 13:20 -0800, Owen DeLong a écrit :
>> On Feb 1, 2011, at 9:14 AM, Christopher Morrow wrote:
>>
>>> On Sun, Jan 30, 2011 at 2:55 PM, Martin Millnert wrote:
Here be dragons,
>>>
It should be fairly obvious
Is it really a better alternative? Do we want to pay the cost of a
fully distributed RPKI architecture?
Or do we just abandon the idea of protecting the routing infrastructure?
There is no free-lunch, we just need to select the price that we want
to pay.
-as
O
Le mardi 01 février 2011 à 13:20 -0800, Owen DeLong a écrit :
> On Feb 1, 2011, at 9:14 AM, Christopher Morrow wrote:
>
> > On Sun, Jan 30, 2011 at 2:55 PM, Martin Millnert wrote:
> >> Here be dragons,
> >
> >> It should be fairly obvious, by most recently what's going on in
> >> Egypt, why allo
Le mardi 01 février 2011 à 12:14 -0500, Christopher Morrow a écrit :
> On Sun, Jan 30, 2011 at 2:55 PM, Martin Millnert wrote:
> > Here be dragons,
>
> > It should be fairly obvious, by most recently what's going on in
> > Egypt, why allowing a government to control the Internet is a Really
> >
On Feb 1, 2011, at 11:14 AM, Christopher Morrow wrote:
> On Sun, Jan 30, 2011 at 2:55 PM, Martin Millnert wrote:
>> Here be dragons,
>
>> It should be fairly obvious, by most recently what's going on in
>> Egypt, why allowing a government to control the Internet is a Really
>> Bad Idea.
>>
>
On Feb 1, 2011, at 9:14 AM, Christopher Morrow wrote:
> On Sun, Jan 30, 2011 at 2:55 PM, Martin Millnert wrote:
>> Here be dragons,
>
>> It should be fairly obvious, by most recently what's going on in
>> Egypt, why allowing a government to control the Internet is a Really
>> Bad Idea.
>>
>
>
On Sun, Jan 30, 2011 at 2:55 PM, Martin Millnert wrote:
> Here be dragons,
> It should be fairly obvious, by most recently what's going on in
> Egypt, why allowing a government to control the Internet is a Really
> Bad Idea.
>
how is the egypt thing related to rPKI?
How is the propsed rPKI work
> I think the issue is not between valid vs invalid, but that using
> route-maps and local preference a "more specific not valid" route
> would be used over another "less specific valid" because of the
> routing decision process, right?
in a word, no
please read draft-pmohapat-sidr-pfx-validate
On Mon, Jan 31, 2011 at 3:55 PM, Andree Toonk wrote:
> .-- My secret spy satellite informs me that at 11-01-31 12:11 PM Christopher
> Morrow wrote:
>> yes, but what is the way forward?
>
> Not sure, that was my original question:
> Are there any suggestions or recommendations for how to handle th
On 1/31/2011 3:45 PM, Randy Bush wrote:
i have another half which fears that we have not completely connected
the dots between the egyptian net shut off of their nets and the media
interests who own the us government shutting off domain names without a
court order.
I agree, which is why I ha
>> others fear rir and black helicopter control of their routing. they
>> may not want to drop the 'bad' announcement. i tried to document how
>> they might do so.
>
> I think this is fine. It will fix a few minor problems (the problem
> network will have to be the same length or shorter to be i
On 1/31/2011 3:06 PM, Randy Bush wrote:
some folk will want to drop that, i encourage them to, and have done my
best to see that they have the capability to do so. i am in that camp.
I definitely recommend it as BCP.
others fear rir and black helicopter control of their routing. they may
>> Now AS17557 start to announce a more specific: 208.65.153.0/24.
>> Validators would classify this as Invalid (2).
> Would it be classified as invalid or unknown?
invalid
> Or are both possible
no. the result is a single value
> depending on whether 208.65.153.0/24 is signed?
roas, which a
> Jack already sort of explained what I meant, but here's an example
>
> Assume that youtube's prefix had a roa like this
> Origin ASN: AS36561
> Prefixes: 208.65.152.0/22
>
> Now AS17557 start to announce a more specific: 208.65.153.0/24.
> Validators would classify this as Invalid (2
.-- My secret spy satellite informs me that at 11-01-31 12:11 PM
Christopher Morrow wrote:
I understand this is by design, but I can imagine some operators will be
reluctant to actually drop routes when they start testing RPKI deployments
in their networks.
yes, but what is the way forward?
>> well, i am not sure you want to discard it. this is where the op has to
>> make a decision. in a world of partial deployment and ops and customers
>> still learning how to deal with this stuff, should it be discarded?
>
> I agree and definitely understand the turnup viewpoint. However, RPKI i
On Jan 31, 2011, at 3:11 PM, Christopher Morrow wrote:
>> I understand this is by design, but I can imagine some operators will be
>> reluctant to actually drop routes when they start testing RPKI deployments
>> in their networks.
>
> yes, but what is the way forward?
RPKI in my IPv6? :)
Someo
On Mon, Jan 31, 2011 at 1:17 PM, Andree Toonk wrote:
> Hi Randy,
>
> .-- My secret spy satellite informs me that at 11-01-30 11:18 PM Randy Bush
> wrote:
>
>> so i am not sure what your point is. please clarify with a concrete
>> example.
>
> Adjusting a route's degree of preference in the selec
I think the issue is not between valid vs invalid, but that using
route-maps and local preference a "more specific not valid" route would be used
over another "less specific valid" because of the routing decision process,
right?
Perhaps this would help?
http://www.ietf.org/mai
On 31 Jan 2011, at 19:40, Dongting Yu wrote:
> On Mon, Jan 31, 2011 at 6:17 PM, Andree Toonk wrote:
>>
>> Now AS17557 start to announce a more specific: 208.65.153.0/24. Validators
>> would classify this as Invalid (2).
>
> Would it be classified as invalid or unknown? Or are both possible
> d
On 1/31/2011 12:40 PM, Dongting Yu wrote:
Would it be classified as invalid or unknown? Or are both possible
depending on whether 208.65.153.0/24 is signed? Do these two cases
differ in this particular case?
Based on the draft it is invalid, as the shorter covering prefix is
signed, so the l
On Mon, Jan 31, 2011 at 6:17 PM, Andree Toonk wrote:
>
> Now AS17557 start to announce a more specific: 208.65.153.0/24. Validators
> would classify this as Invalid (2).
Would it be classified as invalid or unknown? Or are both possible
depending on whether 208.65.153.0/24 is signed? Do these two
Hi Randy,
.-- My secret spy satellite informs me that at 11-01-30 11:18 PM Randy
Bush wrote:
so i am not sure what your point is. please clarify with a concrete
example.
Adjusting a route's degree of preference in the selection algorithm
based on its validation state only works if it's e
On 1/31/2011 8:35 AM, Randy Bush wrote:
when there is no roa for the arriving prefix, a roa for the covering
prefix is used. see draft-pmohapat-sidr-pfx-validate-07.txt.
Ahh, very good. I think that was the only concern. Presumably that
would invalidate the route and it would be discarded vs de
On 31/01/2011 14:16, Joe Abley wrote:
On 2011-01-30, at 12:15, Nick Hilliard wrote:
Depends on which IRR you use. The IRRDBs run by RIPE, APNIC and
AfriNIC implement hierarchical object ownership, which means that if
you're registering their address space, you can only do so if that
address spa
>> when there is no roa for the arriving prefix, a roa for the covering
>> prefix is used. see draft-pmohapat-sidr-pfx-validate-07.txt.
> Ahh, very good. I think that was the only concern. Presumably that
> would invalidate the route and it would be discarded vs deprefed.
well, i am not sure you
On 1/31/2011 7:59 AM, Randy Bush wrote:
when there is no roa for the arriving prefix, a roa for the covering
prefix is used. see draft-pmohapat-sidr-pfx-validate-07.txt.
Ahh, very good. I think that was the only concern. Presumably that would
invalidate the route and it would be discarded
On 2011-01-30, at 12:15, Nick Hilliard wrote:
> On 30/01/2011 09:08, Jeff Wheeler wrote:
>> This brings me to my point, which is that IRR is very good for
>> preventing accidents and automating some common tasks. It should be
>> "secure" to a point, but just because a route: object exists does n
> when there is no roa for the arriving prefix, a roa for the covering
> prefix is used. see draft-pmohapat-sidr-pfx-validate-07.txt.
which, btw, is why draft-ietf-sidr-rpki-origin-ops-04.txt warns
Before issuing a ROA for a block, an operator MUST ensure that any
sub-allocations from that
> 666.42.0.0/16 has a roa for as 777
>
> you start receiving
>
> 666.42.0.0/24 and 666.42.1.0/24, both unsigned. Changing preference
> isn't enough to stop routing, as it's a more specific route and
> automatically wins if it gets into the table.
nope
when there is no roa for the arriving pre
On 1/31/2011 1:18 AM, Randy Bush wrote:
Based on this draft the recommended preference order is:
1) Validation ok
2) not found
3) Validation nok
Suppose an operator would use local-pref to achieve this.
This intention (preferring validated routes) will break, when there's a
more specific announ
Hey Martin,
I see your point and I believe it is a concern that should be addressed.
tks
Carlos
On 1/31/11 3:59 AM, Martin Millnert wrote:
> Carlos,
>
> On Sun, Jan 30, 2011 at 9:22 PM, Carlos Martinez-Cagnazzo
> wrote:
>> Hi,
>>
>> this is the second mention I see of RPKI and Egypt in the sam
> Based on this draft the recommended preference order is:
>
> 1) Validation ok
> 2) not found
> 3) Validation nok
>
> Suppose an operator would use local-pref to achieve this.
> This intention (preferring validated routes) will break, when there's a
> more specific announcement that doesn't val
Carlos,
On Sun, Jan 30, 2011 at 9:22 PM, Carlos Martinez-Cagnazzo
wrote:
> Hi,
>
> this is the second mention I see of RPKI and Egypt in the same
> context. I sincerely fail to see the connection between both
> situations.
>
It is quite simple actually.
1. Governments (eventually) want to take
Hi,
this is the second mention I see of RPKI and Egypt in the same
context. I sincerely fail to see the connection between both
situations.
Egypt cut their links the old fashioned way: they pulled the plug. I
fail to see how such a situation could be made worse by RPKI. It
simply has nothing to d
.-- My secret spy satellite informs me that at 11-01-30 1:22 PM Randy
Bush wrote:
So, what are peoples' routing policies on RPKI going to be? Are people
going to drop prefixes with no RPKI record? Or drop prefixes with an
incorrect RPKI record? Or drop prefixes with a revoked status?
draft-
> I would hope the response to the USG pressuring ARIN to diddle the RPKI
> db would be disabling of RPKI queries by most BGP speakers.
no need. break down, take a break from typing, and actually read
draft-ietf-sidr-rpki-origin-ops-04.txt
On 1/30/2011 4:53 PM, Brandon Butterworth wrote:
I think it is too early in the deployment process to start dropping
routes based on RPKI alone. We'll get there at some point, I guess.
Do we really *want* to get to that point?
I thought that was the point and the goal of securing the routing
On Sun, Jan 30, 2011 at 5:08 PM, Jack Bates wrote:
> Just a simple, if route invalidly signed, drop it.
What constitutes a invalidly signed route more exactly?
Would a signed route by a signer (ISP) who's status has been revoked
by an entity in the RPKI-hierarchy-of-trust above (for whatever
rea
On 1/30/2011 2:47 PM, Nick Hilliard wrote:
I'm concerned that if we're trying to avoid another Youtube affair,
the RPKI policy acceptability criteria will have to be so strict that
this may have a serious effect on overall reachability via the internet.
Not really. Just a simple, if route inv
> > I think it is too early in the deployment process to start dropping
> > routes based on RPKI alone. We'll get there at some point, I guess.
>
> Do we really *want* to get to that point?
I thought that was the point and the goal of securing the routing
infrastructure is laudable. But the voice
> So, what are peoples' routing policies on RPKI going to be? Are people
> going to drop prefixes with no RPKI record? Or drop prefixes with an
> incorrect RPKI record? Or drop prefixes with a revoked status?
draft-ietf-sidr-rpki-origin-ops-04.txt
randy
On Sun, 30 Jan 2011 19:06:05 -0200, "Carlos M. Martinez" said:
> I think it is too early in the deployment process to start dropping
> routes based on RPKI alone. We'll get there at some point, I guess.
Do we really *want* to get to that point?
pgpkwGoDsk8jO.pgp
Description: PGP signature
I think we just don't know (yet) how people are going to apply RPKI. If
I were operating a large network today, I would try to run RPKI in a
sort of warning-only mode, i.e. getting some sort of alert if an invalid
route was detected.
While this wouldn't have prevented YouTube's incident, it would
On 30/01/2011 17:39, Carlos Martinez-Cagnazzo wrote:
The solution to this problem (theoretical at least) already exist in
the form of RPKI.
So, what are peoples' routing policies on RPKI going to be? Are people
going to drop prefixes with no RPKI record? Or drop prefixes with an
incorrect R
Here be dragons,
On Sun, Jan 30, 2011 at 12:39 PM, Carlos Martinez-Cagnazzo
wrote:
> The solution to this problem (theoretical at least) already exist in
> the form of RPKI.
Any top-down RPKI model is intrinsically flawed.
Deploying an overlay of single-point(s) of failure on top of a
well-func
On 1/30/2011 11:15 AM, Nick Hilliard wrote:
Depends on which IRR you use. The IRRDBs run by RIPE, APNIC and
AfriNIC implement hierarchical object ownership, which means that if
you're registering their address space, you can only do so if that
address space legitimately belongs to you. This
The solution to this problem (theoretical at least) already exist in
the form of RPKI.
On Sun, Jan 30, 2011 at 6:23 AM, Andrew Alston wrote:
> Hi All,
>
> I've just noticed that Level 3 is allowing people to register space in its
> IRR database that A.) is not assigned to the people registering
On 30/01/2011 09:08, Jeff Wheeler wrote:
This brings me to my point, which is that IRR is very good for
preventing accidents and automating some common tasks. It should be
"secure" to a point, but just because a route: object exists does not
mean that mntner: really has authority over that addre
On Sun, Jan 30, 2011 at 3:23 AM, Andrew Alston wrote:
> I've just noticed that Level 3 is allowing people to register space in its
> IRR database that A.) is not assigned to the people registering it and B.) is
> not assigned via/to Level 3.
This is not unique to Level3 -- it is the industry st
Hi All,
I've just noticed that Level 3 is allowing people to register space in its IRR
database that A.) is not assigned to the people registering it and B.) is not
assigned via/to Level 3.
So, I have two queries
A.) Are only customers of Level 3 allowed to use this database
B.) Can someone fr
75 matches
Mail list logo
