Skip to main content

Minutes IETF108: sidrops

Meeting Minutes SIDR Operations (sidrops) WG
Title Minutes IETF108: sidrops
State Active
Other versions plain text
Last updated 2020-08-04

** SIDROPS Agenda For IETF-108 (version 1)

Session: July 27th 2020, 13:00 - 13:50 UTC
Bluesheets are automatically generated from the Meetecho datatracker login

Agenda bashing and Chair’s slides - [5 minutes]
If you want to find Chris’s slides, they are at:
Di Ma - [10 minutes] RPKI validated cache Update in SLURM over HTTPs (RUSH)
DI Ma is talking about
(slides not available at this time on the IETF web)
Q: Randy Bush. Find the security considerations “disturbing” we have a trust
model, its object trust, dont trust getting stuff from random servers. Liked
this proposal more when it was ‘more data dangling off the existing trust

Q: Job Snijders. I would like to echo Randy’s comments to security
considerations. It seems to dance around the needs of the issue. specifically,
RIR, to RIR member trust boundaries, should not be done without object
security. AS0 is a red herring, not a great use-case.

Chris: Out of time. take to list, or interim in 3-4 weeks if need be.

John Kristoff - [10 minutes] Relying Party Measurements
(skipped pending issues with AV/Slides by John)
Chris: presentation ‘tabled’ pending discussion, due to AV failure

Oliver Borchert - [10 minutes] BGPsec validation signaling
Q: Job Snijders. Of two minds if “things should be enabled by default” on
sessions. Some implementations made assumptions about communities being present
or not. (Ben Maddison can confirm).

A: Oliver: can discuss, enable by operator. important thing is operator having
capability to enable/disable per-peer.

(missed Sriram’s comment. came back during Ben Maddison’s clarification on
default enable/disable)

A: Oliver: do not make assumptions about absence of community string. Ben:
issue should be obvious. Normative MUST would be useful (avoid mistakes of
origin-validation spec) Oliver: thinking about it, point out issue, discuss
offline with co-authors if goes to unverified.

Sriram Kotikalapudi - [10 minutes] AS Hijack Detection and Mitigation
Q: Rudiger Volk: a remark to ‘resilience’ =some people are making a major
argument about if a CA fails, everything will be fine because ROV goes into
unknown state. Not convinced, but people are concerned/making a fuss about it.
we have to be concerned about the CA for the AS and addresses being different,
failure of the address CA and not the AS CA, then REAP will essentially
invalidate all the AS announcements. Has to at least go into security

A: Sriram. understood. thank you will put words into security considerations.
Thinking was REAP would also not be available, but modelled as one CA< not
multiple CA. Rudiger: not a lot of discussions about CA of AS and IP address
should be related. Expect CAs for both spaces, will be different, separate.
Randy with the biggest ISPs only

Q: Randy: points out serious problem, but can happen from RP failure too, RP
does not fetch from ROA publisher but fetches from REAP object. Disaster
happens. Significantly common (John Kristoff’s presentation) sufficiently real
cannot support Chris: clarifying consideration RP problems and CA problems. if
the RP sec can be cleaned up, deal with failure mode, doesn’t seem ‘horrible’
as an option. Randy: John’s presentation. RP universe is ‘scary’

Chris: if John can make a pre-recorded thing to present, will be better Randy:
RPs are not overly reliable. Don’t think going down this path is a success
path. Goes to years of work.

Q: Job: is AS hijacking a concern for AS operators. Never articulated what are
the exact issues between the ASN. Maybe this is reputational damage, monitoring
(false positives) AS spoofing does exist, not clear how big a proble it is. A:
Sriram Designed to prevent hijacks

Chris need to hear on list this, and other topics. Meeting closed.