APNIC's George Michaelson presented on the deployment of reconsidered validation in RPKI at the Sidrops meeting at IETF 104 in Prague, Czech Republic from 23 to 29 March 2019.
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
IETF 104: Deployment of validation reconsidered
1. 25/03/2019 Deployment of Reconsidered Validation in the Resource Public Key Infrastructure (RPKI) draft-va-sidrops-deploy-reconsidered-01
http://localhost:8000/?print-pdf#/title-slide 1/7
DEPLOYMENT OF RECONSIDERED VALIDATION IN THEDEPLOYMENT OF RECONSIDERED VALIDATION IN THE
RESOURCE PUBLIC KEY INFRASTRUCTURE (RPKI)RESOURCE PUBLIC KEY INFRASTRUCTURE (RPKI)
draft-va-sidrops-deploy-reconsidered-01draft-va-sidrops-deploy-reconsidered-01
ggm@apnic.net
March 19 2018
1
2. 25/03/2019 Deployment of Reconsidered Validation in the Resource Public Key Infrastructure (RPKI) draft-va-sidrops-deploy-reconsidered-01
http://localhost:8000/?print-pdf#/title-slide 2/7
OVERVIEWOVERVIEW
You said “where is code”
“without code, no adoption”
We solicited code
We now have code
It wasn’t clear if this is a flag day move
We think its mixed-mode
Dra has minor clarification words
Where to next?
2
3. 25/03/2019 Deployment of Reconsidered Validation in the Resource Public Key Infrastructure (RPKI) draft-va-sidrops-deploy-reconsidered-01
http://localhost:8000/?print-pdf#/title-slide 3/7
CODECODE
3 . 1
4. 25/03/2019 Deployment of Reconsidered Validation in the Resource Public Key Infrastructure (RPKI) draft-va-sidrops-deploy-reconsidered-01
http://localhost:8000/?print-pdf#/title-slide 4/7
WITHOUT CODE NO ADOPTIONWITHOUT CODE NO ADOPTION
Routinator has implemented this mode of validation
RIPE NCC Validator has this mode of validation on backlog
“another Validator under development” has this validation mode on backlog
We have discussed this mode of validation with RPStir authors
We have discussed this mode of validation with Dragon authors
3 . 2
5. 25/03/2019 Deployment of Reconsidered Validation in the Resource Public Key Infrastructure (RPKI) draft-va-sidrops-deploy-reconsidered-01
http://localhost:8000/?print-pdf#/title-slide 5/7
IS THIS A FLAG DAY?IS THIS A FLAG DAY?
A flag day appears untenable
Nobody wants to move to another mode entirely
Instead, we should flag-day mixed-mode operation
The OID determines the mode of validation in descent
Its top down: Parent sets what child says
Grandchild setting in the hand of child, not (this) parent
At each point of 3779 validation, about this certificate
Doesn’t say what child uses, thats in child certificate
3 . 3
6. 25/03/2019 Deployment of Reconsidered Validation in the Resource Public Key Infrastructure (RPKI) draft-va-sidrops-deploy-reconsidered-01
http://localhost:8000/?print-pdf#/title-slide 6/7
WHERE TO NEXT?WHERE TO NEXT?
4 . 1
7. 25/03/2019 Deployment of Reconsidered Validation in the Resource Public Key Infrastructure (RPKI) draft-va-sidrops-deploy-reconsidered-01
http://localhost:8000/?print-pdf#/title-slide 7/7
WHERE TO NEXT?WHERE TO NEXT?
We want to call for adoption
We want to discuss this with a view to date-setting
wider code availability
test in use (parallel trees?)
Let the community decide when to move
The fundamental issue (risk to parent in over/underclaim) hasn’t gone away
It isn’t just our risk: its a community wide risk
4 . 2