Hi Byron,
On 8/10/12 1:18 AM, "Byron Ellacott" <b...@apnic.net> wrote: >Hi Doug, > >On 10/08/2012, at 3:02 PM, Montgomery, Douglas wrote: > >> On 8/10/12 12:36 AM, "Byron Ellacott" <b...@apnic.net> wrote: >> >>> If C has taken some action, LEA triggered or otherwise, that means the >>> RPKI system no longer asserts that G's intent for packet delivery is >>> true, then merely allowing G to issue an RPKI assertion does not >>>prevent >>> C from asserting whatever they like, too. If a LEA requires C to issue >>> an AS0 ROA 10.42.2.0/23, then creating an ASn ROA for the same prefix, >>> same maxLength will not ensure packets are delivered correctly. >> >> The way I understand >> http://tools.ietf.org/html/draft-ietf-sidr-pfx-validate-08, if there is >>a >> valid ROA that matches a route, and a valid AS0 ROA that also covers the >> route, the route will be considered VALID. >> >> AS0 ROAs don't "trump" other valid ROAs. > >Substitute "ASm" for "AS0" in my example. It doesn't change the logic. The validation algorithm basically searches for a match first, only if one is not found is the issue of other non-matching ROAs considered. That being, if no match is found and their exists at least one covering ROA, then the route is INVALID. You can not change a VALID route to any other state by creating additional valid ROAs. You have to delete (revoke, etc) the valid matching ROAs to achieve that. Creating a (covering) ROA can change an UNKNOW to an INVALID. > >I believe you're right about AS 0. I was taking the first sentence of >the Security Considerations of draft-ietf-idr-as0 [1] too literally; AS0 >ROAs are not entirely equivalent to BOAs, after all :-) > >(But this is sort of my point, the RPKI system's verification of right of >use breaks down if you start certifying multiple people as having a >simultaneous right to use resources :-) The issues above can occur even when there is only a single issuer of such ROAs. While draft-ietf-idr-as0 and RFC6491 deal with what the semantics that a single given AS0 ROA conveys, neither draft (maybe rightly so) goes into the level of detail to note there might exist other valid ROAs that contradict the semantics of a AS0 ROA. I would agree on a weaker statement, that we should discuss and come to some understanding about issues of consistency associated with overlapping attestations from multiple levels of the resource hierarchy and/or a single holder. The current syntax of our objects and validation algorithms allow considerable flexibility here. If, and where policies should curtail some of this flexibility is what we are discussing. > > Byron > >[1] http://tools.ietf.org/html/draft-ietf-idr-as0 > -- Doug Montgomery Mgr. Internet & Scalable Systems Research / ITL / NIST > _______________________________________________ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr
