[LACNIC/Politicas] Nueva propuesta LAC-2019-12 / Nova proposta LAC-2019-12 / New proposal LAC-2019-12

Ricardo Patara patara at registro.br
Mon Nov 18 09:52:13 -02 2019 

Hola Hugo.

> Es cierto, además que supongo que hay que elegir una validez de estos
> ROA que permita, por un lado, su revocación efectiva cuando alguno de los
> prefijos sea asignado y pase a un ASN válido, pero que al mismo tiempo
> no sea una carga excesiva en largo de CRLs.

también muy interesante comentario.
pienso que es algo operacional que se puede ajustar de diversas maneras.

como por ejemplo, EE certificate con periodos cortos de validez.
o EE certificate para firmar ROAs con prefijos ipv4 libres con un período, y 
otro para firmar ROAs de prefijos ipv6 con períodos más cortos, etc.

> Porque pudiera darse el caso que el usuario que reciba un prefijo
> cubierto anteriormente por el ASN 0, no pudiera utilizarlo debido a que
> no se propaga correctamente la revocación anterior?

si bien es algo que no debería pasar y el rir podría implementar mecanismos para 
validar todo eso, aún así, la RFC indica que ese tipo de ROA (con ASN 0) tiene 
baja prioridad y seria ignorado caso haya un otro con ASN "valido":

RFC6483:

"... an AS 0 ROA has a lower relative preference than any other ROA that has a 
routable AS as its subject."

saludos

> Hugo
> 
> 
>>
>> Saludos
>> Fernando
>>
>> On 13/11/2019 10:00, info-politicas at lacnic.net wrote:
>>> [Português abaixo]
>>> [English below]
>>>
>>> Estimados suscriptores de la Lista de Políticas de LACNIC,
>>>
>>> Se recibió una nueva propuesta de Política, se le asignó el id LAC-2019-12.
>>>
>>> Título: RPKI ASN 0 ROA
>>>
>>> Resumen: When using RPKI an organization can issue a Routing Origin Authorization, ROA, that indicate a set of address block that can be announced with origin an a specific ASN also indicated in it.
>>> Other organizations also using RPKI can use that information to make decisions about withe route announcements are legit and with are not.
>>>
>>> It is also possible to issue a ROA with ASN 0 (zero) in its ASid field to sign that address blocks in it should be be accepted.
>>>
>>> This policy proposal recommend LACNIC to issue ASN 0 ROAs, with unallocated and unassigned addresses block in it, as a method to indicate that route announcements with those addresses should be not accepted by networks using RPKI Routing Origin Validation (ROV),
>>>
>>> Para ver el detalle ingrese en:
>>> https://politicas.lacnic.net/politicas/detail/id/LAC-2019-12
>>>
>>> Los comentarios y los puntos de vista aportados por la comunidad son vitales para el correcto desarrollo del proceso de la propuestas
>>> - ¿Apoya usted o se opone a esta propuesta?
>>> - ¿Esta propuesta resolvería un problema que usted está experimentando?- ¿Ve alguna desventaja en esta propuesta?
>>> - ¿Qué cambios podrían hacerse a esta propuesta para que sea más eficaz?
>>>
>>> Por más información contacte a info-politicas at lacnic.net
>>> Saludos cordiales,
>>>
>>> ______________________________________________________________________________________________________
>>>
>>> Prezados assinantes da lista de políticas de LACNIC,
>>>
>>> Foi recebida uma nova proposta de Política, foi atribuído o id LAC-2019-12.
>>>
>>> Título: RPKI ASN 0 ROA
>>>
>>> Resumo: When using RPKI an organization can issue a Routing Origin Authorization, ROA, that indicate a set of address block that can be announced with origin an a specific ASN also indicated in it.
>>> Other organizations also using RPKI can use that information to make decisions about withe route announcements are legit and with are not.
>>>
>>> It is also possible to issue a ROA with ASN 0 (zero) in its ASid field to sign that address blocks in it should be be accepted.
>>>
>>> This policy proposal recommend LACNIC to issue ASN 0 ROAs, with unallocated and unassigned addresses block in it, as a method to indicate that route announcements with those addresses should be not accepted by networks using RPKI Routing Origin Validation (ROV),
>>>
>>> Para ver o detalhe acesse:
>>> https://politicas.lacnic.net/politicas/detail/id/LAC-2019-12
>>>
>>>    Os comentários e os pontos de vista aportados pela comunidade são vitais para o bom desenvolvimento do processo das propostas
>>> - ¿Você é a favor ou contra desta proposta?
>>> - ¿Esta proposta iria resolver um problema que você está experimentando?- ¿Vê alguma alguma desvantagem nesta proposta?
>>> - ¿Que mudanças poderiam ser feitas à proposta para que seja mais eficaz?
>>>
>>>    Por mais informações entre em contato conosco através do seguinte e-mail: info-politicas at lacnic.net
>>> Atenciosamente,
>>> ______________________________________________________________________________________________________
>>>
>>> Dear LACNIC Policy List subscribers,
>>>
>>> A new Policy Proposal has been received and assigned the following ID: LAC-2019-12.
>>>
>>> Title: RPKI ASN 0 ROA
>>>
>>> Summary: When using RPKI an organization can issue a Routing Origin Authorization, ROA, that indicate a set of address block that can be announced with origin an a specific ASN also indicated in it.
>>> Other organizations also using RPKI can use that information to make decisions about withe route announcements are legit and with are not.
>>>
>>> It is also possible to issue a ROA with ASN 0 (zero) in its ASid field to sign that address blocks in it should be be accepted.
>>>
>>> This policy proposal recommend LACNIC to issue ASN 0 ROAs, with unallocated and unassigned addresses block in it, as a method to indicate that route announcements with those addresses should be not accepted by networks using RPKI Routing Origin Validation (ROV),
>>>
>>> To read the proposal, please go to
>>> https://politicas.lacnic.net/politicas/detail/id/LAC-2019-12
>>>
>>> The community's comments and opinions are essential to the proper functioning of the policy development process.
>>> - Do you support this policy or are you against it?
>>> - Would this proposal solve a problem you are experiencing?- Do you think this proposal has any drawbacks?
>>> - What changes could be made to this proposal to make it more effective?
>>>
>>> For further information, please contact info-politicas at lacnic.net
>>> Kind regards,
>>>
>>> 
>>> --LACNIC - Latin American and Caribbean Internet Addresses Registry
>>> Rambla Rep. de México 6125, CP 11400
>>> Montevideo-Uruguay
>>> Phone number: +598 2604 22 22
>>> www.lacnic.net
>>>
>>>
>>> _______________________________________________
>>> Politicas mailing list
>>> Politicas at lacnic.net
>>> https://mail.lacnic.net/mailman/listinfo/politicas
>> _______________________________________________
>> Politicas mailing list
>> Politicas at lacnic.net
>> https://mail.lacnic.net/mailman/listinfo/politicas
>>
>> _______________________________________________
>> Politicas mailing list
>> Politicas at lacnic.net
>> https://mail.lacnic.net/mailman/listinfo/politicas

More information about the Politicas mailing list