Re: [Last-Call] [secdir] Secdir last call review of draft-ietf-opsawg-finding-geofeeds-06

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



[ excuse typos; minor hand surgery ]

> Aren't the valid ranges for an AS specified in the RPKI-protected
> routing data feed (where RPKI is available)?

not really, on a number of dimensions

first, have a look at draft-ietf-sidrops-rpki-has-no-identity

i suggest we not drag ASs into this; they are orthogonal to address
space ownership.  e.g. someone owns a /24, but creates a ROA to
authorize AS42, their upstream, to actually originate the prefix.

i.e. ASs do not 'own' address space, the RPKI enables, through ROAs, for
address space owners to authorize ASs to announce a (possibly improper)
subset of the owner's address space.

and inetnum:s are quite disjoint from ASs.  heck, i have loaned
198.133.206.0/24 to be used by a north macedonian exchange point (not
joking).

also, neither the RPSL nor the RPKI invert to enumerate the address
space announced by an AS.  operators and researchers use the current bgp
tables from routers, route views, or ripe/ris if we want today's map.

> How does a client know that an IP range specified in the geodata feed
> is valid under a given RPKI signature?

the rpki is formally authoritative for ip space ownership.  in a sense,
the rpki was created to rigorously fill the gap left by the lack of
authenticity of RPSL.

the signature in the geofeed file can be 3779 validated to the trust
anchor of the RIR (it should be to the IANA, but the RIRs are at war
with the IANA).  and the IANA is the ultimate authority for address
space, and through it the RIRs.

> I.e., that the given AS has authority over that IP range?

again, let's not drag ASs in here.  they are not ip space owners.

the complexity of this space is embarrassing.  sorry.  i hope this
helps.  willing to chat on zoom or whatever.

randy

-- 
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call



[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux