Minutes IETF108: sidrops
|Meeting Minutes||SIDR Operations (sidrops) WG|
|Title||Minutes IETF108: sidrops|
|Other versions||plain text|
SIDROPS ** SIDROPS Agenda For IETF-108 (version 1) Session: July 27th 2020, 13:00 - 13:50 UTC Bluesheets are automatically generated from the Meetecho datatracker login thingy Agenda bashing and Chair’s slides - [5 minutes] If you want to find Chris’s slides, they are at: https://datatracker.ietf.org/meeting/108/materials/slides-108-sidrops-chair-slides Di Ma - [10 minutes] RPKI validated cache Update in SLURM over HTTPs (RUSH) DI Ma is talking about https://tools.ietf.org/html/draft-madi-sidrops-rush-00/ (slides not available at this time on the IETF web) Q: Randy Bush. Find the security considerations “disturbing” we have a trust model, its object trust, dont trust getting stuff from random servers. Liked this proposal more when it was ‘more data dangling off the existing trust anchor’ Q: Job Snijders. I would like to echo Randy’s comments to security considerations. It seems to dance around the needs of the issue. specifically, RIR, to RIR member trust boundaries, should not be done without object security. AS0 is a red herring, not a great use-case. Chris: Out of time. take to list, or interim in 3-4 weeks if need be. John Kristoff - [10 minutes] Relying Party Measurements https://datatracker.ietf.org/meeting/108/materials/slides-108-sidrops-measuring-relying-parties (skipped pending issues with AV/Slides by John) Chris: presentation ‘tabled’ pending discussion, due to AV failure Oliver Borchert - [10 minutes] BGPsec validation signaling https://tools.ietf.org/html/draft-borchert-sidrops-bgpsec-validation-signaling-00 https://datatracker.ietf.org/meeting/108/materials/slides-108-sidrops-draft-sidrops-bgpsec-validation-signaling Q: Job Snijders. Of two minds if “things should be enabled by default” on sessions. Some implementations made assumptions about communities being present or not. (Ben Maddison can confirm). A: Oliver: can discuss, enable by operator. important thing is operator having capability to enable/disable per-peer. (missed Sriram’s comment. came back during Ben Maddison’s clarification on default enable/disable) A: Oliver: do not make assumptions about absence of community string. Ben: issue should be obvious. Normative MUST would be useful (avoid mistakes of origin-validation spec) Oliver: thinking about it, point out issue, discuss offline with co-authors if goes to unverified. Sriram Kotikalapudi - [10 minutes] AS Hijack Detection and Mitigation https://datatracker.ietf.org/meeting/108/materials/slides-108-sidrops-draft-sriram-sidrops-as-hijack-detection-00 Q: Rudiger Volk: a remark to ‘resilience’ =some people are making a major argument about if a CA fails, everything will be fine because ROV goes into unknown state. Not convinced, but people are concerned/making a fuss about it. we have to be concerned about the CA for the AS and addresses being different, failure of the address CA and not the AS CA, then REAP will essentially invalidate all the AS announcements. Has to at least go into security considerations. A: Sriram. understood. thank you will put words into security considerations. Thinking was REAP would also not be available, but modelled as one CA< not multiple CA. Rudiger: not a lot of discussions about CA of AS and IP address should be related. Expect CAs for both spaces, will be different, separate. Randy with the biggest ISPs only Q: Randy: points out serious problem, but can happen from RP failure too, RP does not fetch from ROA publisher but fetches from REAP object. Disaster happens. Significantly common (John Kristoff’s presentation) sufficiently real cannot support Chris: clarifying consideration RP problems and CA problems. if the RP sec can be cleaned up, deal with failure mode, doesn’t seem ‘horrible’ as an option. Randy: John’s presentation. RP universe is ‘scary’ Chris: if John can make a pre-recorded thing to present, will be better Randy: RPs are not overly reliable. Don’t think going down this path is a success path. Goes to years of work. Q: Job: is AS hijacking a concern for AS operators. Never articulated what are the exact issues between the ASN. Maybe this is reputational damage, monitoring (false positives) AS spoofing does exist, not clear how big a proble it is. A: Sriram Designed to prevent hijacks Chris need to hear on list this, and other topics. Meeting closed.