| rfc9697.original | rfc9697.txt | |||
|---|---|---|---|---|
| SIDROPS J. Snijders | Internet Engineering Task Force (IETF) J. Snijders | |||
| Internet-Draft Fastly | Request for Comments: 9697 Fastly | |||
| Updates: 8182 (if approved) T. de Kock | Updates: 8182 T. de Kock | |||
| Intended status: Standards Track RIPE NCC | Category: Standards Track RIPE NCC | |||
| Expires: 25 March 2025 21 September 2024 | ISSN: 2070-1721 December 2024 | |||
| Detecting RRDP Session Desynchronization | Detecting RPKI Repository Delta Protocol (RRDP) Session | |||
| draft-ietf-sidrops-rrdp-desynchronization-04 | Desynchronization | |||
| Abstract | Abstract | |||
| This document describes an approach for Resource Public Key | This document describes an approach for Resource Public Key | |||
| Infrastructure (RPKI) Relying Parties to detect a particular form of | Infrastructure (RPKI) Relying Parties to detect a particular form of | |||
| RPKI Repository Delta Protocol (RRDP) session desynchronization and | RPKI Repository Delta Protocol (RRDP) session desynchronization and | |||
| how to recover. This document updates RFC 8182. | how to recover. This document updates RFC 8182. | |||
| Status of This Memo | Status of This Memo | |||
| This Internet-Draft is submitted in full conformance with the | This is an Internet Standards Track document. | |||
| provisions of BCP 78 and BCP 79. | ||||
| Internet-Drafts are working documents of the Internet Engineering | ||||
| Task Force (IETF). Note that other groups may also distribute | ||||
| working documents as Internet-Drafts. The list of current Internet- | ||||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | ||||
| Internet-Drafts are draft documents valid for a maximum of six months | This document is a product of the Internet Engineering Task Force | |||
| and may be updated, replaced, or obsoleted by other documents at any | (IETF). It represents the consensus of the IETF community. It has | |||
| time. It is inappropriate to use Internet-Drafts as reference | received public review and has been approved for publication by the | |||
| material or to cite them other than as "work in progress." | Internet Engineering Steering Group (IESG). Further information on | |||
| Internet Standards is available in Section 2 of RFC 7841. | ||||
| This Internet-Draft will expire on 25 March 2025. | Information about the current status of this document, any errata, | |||
| and how to provide feedback on it may be obtained at | ||||
| https://www.rfc-editor.org/info/rfc9697. | ||||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2024 IETF Trust and the persons identified as the | Copyright (c) 2024 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents (https://trustee.ietf.org/ | Provisions Relating to IETF Documents | |||
| license-info) in effect on the date of publication of this document. | (https://trustee.ietf.org/license-info) in effect on the date of | |||
| Please review these documents carefully, as they describe your rights | publication of this document. Please review these documents | |||
| and restrictions with respect to this document. Code Components | carefully, as they describe your rights and restrictions with respect | |||
| extracted from this document must include Revised BSD License text as | to this document. Code Components extracted from this document must | |||
| described in Section 4.e of the Trust Legal Provisions and are | include Revised BSD License text as described in Section 4.e of the | |||
| provided without warranty as described in the Revised BSD License. | Trust Legal Provisions and are provided without warranty as described | |||
| in the Revised BSD License. | ||||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | 1. Introduction | |||
| 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 2 | 1.1. Requirements Language | |||
| 2. Immutability of RRDP files . . . . . . . . . . . . . . . . . 3 | 2. Immutability of RRDP Files | |||
| 3. Detection of Desynchronization . . . . . . . . . . . . . . . 3 | 3. Detection of Desynchronization | |||
| 3.1. Example . . . . . . . . . . . . . . . . . . . . . . . . . 3 | 3.1. Example | |||
| 4. Recovery after Desynchronization . . . . . . . . . . . . . . 5 | 4. Recovery After Desynchronization | |||
| 5. Changes to RFC 8182 . . . . . . . . . . . . . . . . . . . . . 5 | 5. Changes to RFC 8182 | |||
| 6. Security Considerations . . . . . . . . . . . . . . . . . . . 5 | 6. Security Considerations | |||
| 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 | 7. IANA Considerations | |||
| 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 6 | 8. References | |||
| 8.1. Normative References . . . . . . . . . . . . . . . . . . 6 | 8.1. Normative References | |||
| 8.2. Informative References . . . . . . . . . . . . . . . . . 6 | 8.2. Informative References | |||
| Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 8 | Acknowledgements | |||
| Appendix B. Implementation status . . . . . . . . . . . . . . . 8 | Authors' Addresses | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 9 | ||||
| 1. Introduction | 1. Introduction | |||
| The Resource Public Key Infrastructure (RPKI) Repository Delta | The Resource Public Key Infrastructure (RPKI) Repository Delta | |||
| Protocol (RRDP) [RFC8182] is a one-way synchronization protocol for | Protocol (RRDP) [RFC8182] is a one-way synchronization protocol for | |||
| distributing RPKI data in the form of _differences_ (deltas) between | distributing RPKI data in the form of _differences_ (deltas) between | |||
| sequential repository states. Relying Parties apply a contiguous | sequential repository states. Relying Parties (RPs) apply a | |||
| chain of deltas to synchronize their local copy of the repository | contiguous chain of deltas to synchronize their local copy of the | |||
| with the current state of the remote Repository Server. Delta files | repository with the current state of the remote Repository Server. | |||
| for any given session_id and serial number are expected to contain an | Delta files for any given session_id and serial number are expected | |||
| immutable record of the state of the Repository Server at that given | to contain an immutable record of the state of the Repository Server | |||
| point in time, but this is not always the case. | at that given point in time, but this is not always the case. | |||
| This document describes an approach for Relying Parties (RPs) to | This document describes an approach for RPs to detect a form of RRDP | |||
| detect a form of RRDP session desynchronization where the hash of a | session desynchronization where the hash of a delta for a given | |||
| delta for a given serial number and session_id have mutated from the | serial number and session_id have mutated from the previous Update | |||
| previous Update Notification File and how to recover. | Notification File and how to recover. | |||
| 1.1. Requirements Language | 1.1. Requirements Language | |||
| The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
| "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and | "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and | |||
| "OPTIONAL" in this document are to be interpreted as described in | "OPTIONAL" in this document are to be interpreted as described in | |||
| BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all | BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all | |||
| capitals, as shown here. | capitals, as shown here. | |||
| 2. Immutability of RRDP files | 2. Immutability of RRDP Files | |||
| Section 3.1 of [RFC8182] describes how discrete publication events | Section 3.1 of [RFC8182] describes how discrete publication events | |||
| such as the addition, modification, or deletion of one or more | such as the addition, modification, or deletion of one or more | |||
| repository objects _can_ be communicated as immutable files, | repository objects _can_ be communicated as immutable files, | |||
| highlighting advantages for publishers, such as the ability to pre- | highlighting advantages for publishers, such as the ability to | |||
| calculate files and make use of caching infrastructure. | precalculate files and make use of caching infrastructure. | |||
| While the global RPKI is understood to present a loosely consistent | Even though the global RPKI is understood to present a loosely | |||
| view, depending on timing, updating, fetching (see Section 6 of | consistent view that depends on the cache's timing of updates (see | |||
| [RFC7115]), different caches having different data for the same RRDP | Section 6 of [RFC7115]), different caches having different data for | |||
| session at the same serial violates the principle of least | the same RRDP session at the same serial violates the principle of | |||
| astonishment. | least astonishment. | |||
| If an RRDP server over time serves differing data for a given | If an RRDP server over time serves differing data for a given | |||
| session_id and serial number, distinct RP instances (depending on the | session_id and serial number, distinct RP instances (depending on the | |||
| moment they connected to the RRDP server) would end up with divergent | moment they connected to the RRDP server) would end up with divergent | |||
| local repositories. Comparing only the server-provided session_id | local repositories. Comparing only the server-provided session_id | |||
| and latest serial number across distinct RP instances would not bring | and latest serial number across distinct RP instances would not bring | |||
| such divergence to light. | such divergence to light. | |||
| The [RFC8182] specification does allude to immutability being a | The RRDP specification [RFC8182] alludes to immutability being a | |||
| property of RRDP files, but doesn't make it clear that immutability | property of RRDP files, but it doesn't make it clear that | |||
| is an absolute requirement for the RRDP protocol to work well. | immutability is an absolute requirement for the RRDP to work well. | |||
| 3. Detection of Desynchronization | 3. Detection of Desynchronization | |||
| Relying Parties can implement a mechanism to keep a record of the | Relying Parties can implement a mechanism to keep a record of the | |||
| serial and hash attribute values in delta elements of the previous | serial and hash attribute values in delta elements of the previous | |||
| successful fetch of an Update Notification File. Then, after | successful fetch of an Update Notification File. Then, after | |||
| fetching a new Update Notification File, the Relying Party should | fetching a new Update Notification File, the Relying Party should | |||
| compare if the serial and hash values of previously seen serials | compare if the serial and hash values of previously seen serials | |||
| match those in the newly fetched file. If any differences are | match those in the newly fetched file. If any differences are | |||
| detected, this means that the Delta files were unexpectedly mutated, | detected, this means that the Delta files were unexpectedly mutated, | |||
| and the RP should proceed to Section 4. | and the RP should proceed to Section 4. | |||
| 3.1. Example | 3.1. Example | |||
| This section contains two versions of an Update Notification File to | This section contains two versions of an Update Notification File to | |||
| demonstrate an unexpected mutation. The initial Update Notification | demonstrate an unexpected mutation. The initial Update Notification | |||
| File is as follows: | File is as follows: | |||
| <notification xmlns="http://www.ripe.net/rpki/rrdp" version="1" | <notification xmlns="http://www.ripe.net/rpki/rrdp" version="1" | |||
| session_id="fe528335-db5f-48b2-be7e-bf0992d0b5ec" | session_id="fe528335-db5f-48b2-be7e-bf0992d0b5ec" serial="1774"> | |||
| serial="1774"> | <snapshot uri="https://rrdp.example.net/1774/snapshot.xml" | |||
| <snapshot uri="https://rrdp.example.net/1774/snapshot.xml" | hash= | |||
| hash="4b5f27b099737b8bf288a33796bfe825fb2014a69fd6aa99080380299952f2e2"/> | "4b5f27b099737b8bf288a33796bfe825fb2014a69fd6aa99080380299952f2e2" | |||
| <delta serial="1774" | /> | |||
| hash="effac94afd30bbf1cd6e180e7f445a4d4653cb4c91068fa9e7b669d49b5aaa00" | <delta serial="1774" uri="https://rrdp.example.net/1774/delta.xml" | |||
| uri="https://rrdp.example.net/1774/delta.xml" /> | hash= | |||
| <delta serial="1773" | "effac94afd30bbf1cd6e180e7f445a4d4653cb4c91068fa9e7b669d49b5aaa00" | |||
| hash="731169254dd5de0ede94ba6999bda63b0fae9880873a3710e87a71bafb64761a" | /> | |||
| uri="https://rrdp.example.net/1773/delta.xml" /> | <delta serial="1773" uri="https://rrdp.example.net/1773/delta.xml" | |||
| <delta serial="1772" | hash= | |||
| hash="d4087585323fd6b7fd899ebf662ef213c469d39f53839fa6241847f4f6ceb939" | "731169254dd5de0ede94ba6999bda63b0fae9880873a3710e87a71bafb64761a" | |||
| uri="https://rrdp.example.net/1772/delta.xml /> | /> | |||
| <delta serial="1772" uri="https://rrdp.example.net/1772/delta.xml" | ||||
| hash= | ||||
| "d4087585323fd6b7fd899ebf662ef213c469d39f53839fa6241847f4f6ceb939" | ||||
| /> | ||||
| </notification> | </notification> | |||
| Figure 1 | ||||
| Based on the above Update Notification File, an RP implementation | Based on the above Update Notification File, an RP implementation | |||
| could record the following state: | could record the following state: | |||
| fe528335-db5f-48b2-be7e-bf0992d0b5ec | fe528335-db5f-48b2-be7e-bf0992d0b5ec | |||
| 1774 effac94afd30bbf1cd6e180e7f445a4d4653cb4c91068fa9e7b669d49b5aaa00 | 1774 effac94afd30bbf1cd6e180e7f445a4d4653cb4c91068fa9e7b669d49b5aaa00 | |||
| 1773 731169254dd5de0ede94ba6999bda63b0fae9880873a3710e87a71bafb64761a | 1773 731169254dd5de0ede94ba6999bda63b0fae9880873a3710e87a71bafb64761a | |||
| 1772 d4087585323fd6b7fd899ebf662ef213c469d39f53839fa6241847f4f6ceb939 | 1772 d4087585323fd6b7fd899ebf662ef213c469d39f53839fa6241847f4f6ceb939 | |||
| Figure 1 | Figure 2 | |||
| A new version of the Update Notification File is published, as | A new version of the Update Notification File is published as | |||
| following: | follows: | |||
| <notification xmlns="http://www.ripe.net/rpki/rrdp" version="1" | <notification xmlns="http://www.ripe.net/rpki/rrdp" version="1" | |||
| session_id="fe528335-db5f-48b2-be7e-bf0992d0b5ec" | session_id="fe528335-db5f-48b2-be7e-bf0992d0b5ec" serial="1775"> | |||
| serial="1775"> | <snapshot uri="https://rrdp.example.net/1775/snapshot.xml" | |||
| <snapshot uri="https://rrdp.example.net/1775/snapshot.xml" | hash= | |||
| hash="cd430c386deacb04bda55301c2aa49f192b529989b739f412aea01c9a77e5389"/> | "cd430c386deacb04bda55301c2aa49f192b529989b739f412aea01c9a77e5389" | |||
| <delta serial="1775" | /> | |||
| hash="d199376e98a9095dbcf14ccd49208b4223a28a1327669f89566475d94b2b08cc" | <delta serial="1775" uri="https://rrdp.example.net/1775/delta.xml" | |||
| uri="https://rrdp.example.net/1775/delta.xml /> | hash= | |||
| <delta serial="1774" | "d199376e98a9095dbcf14ccd49208b4223a28a1327669f89566475d94b2b08cc" | |||
| hash="10ca28480a584105a059f95df5ca8369142fd7c8069380f84ebe613b8b89f0d3" | /> | |||
| uri="https://rrdp.example.net/1774/delta.xml" /> | <delta serial="1774" uri="https://rrdp.example.net/1774/delta.xml" | |||
| <delta serial="1773" | hash= | |||
| hash="731169254dd5de0ede94ba6999bda63b0fae9880873a3710e87a71bafb64761a" | "10ca28480a584105a059f95df5ca8369142fd7c8069380f84ebe613b8b89f0d3" | |||
| uri="https://rrdp.example.net/1773/delta.xml" /> | /> | |||
| <delta serial="1773" uri="https://rrdp.example.net/1773/delta.xml" | ||||
| hash= | ||||
| "731169254dd5de0ede94ba6999bda63b0fae9880873a3710e87a71bafb64761a" | ||||
| /> | ||||
| </notification> | </notification> | |||
| Using its previously recorded state (Figure 1), the RP can compare | ||||
| the hash values for serials 1773 and 1774. For serial 1774, compared | ||||
| to the earlier version of the Update Notification File, a different | ||||
| hash value is now listed, meaning an unexpected delta mutation | ||||
| occurred. | ||||
| 4. Recovery after Desynchronization | Figure 3 | |||
| Using its previously recorded state (see Figure 2), the RP can | ||||
| compare the hash values for serials 1773 and 1774. For serial 1774, | ||||
| compared to the earlier version of the Update Notification File, a | ||||
| different hash value is now listed, meaning an unexpected delta | ||||
| mutation occurred. | ||||
| 4. Recovery After Desynchronization | ||||
| Following the detection of RRDP session desynchronization, in order | Following the detection of RRDP session desynchronization, in order | |||
| to return to a synchronized state, RP implementations SHOULD issue a | to return to a synchronized state, RP implementations SHOULD issue a | |||
| warning and SHOULD download the latest Snapshot File and process it | warning and SHOULD download the latest Snapshot File and process it | |||
| as described in Section 3.4.3 of [RFC8182]. | as described in Section 3.4.3 of [RFC8182]. | |||
| See the Section 6 for an overview of risks associated with | See Section 6 for an overview of risks associated with | |||
| desynchronization. | desynchronization. | |||
| 5. Changes to RFC 8182 | 5. Changes to RFC 8182 | |||
| The following paragraph is added to Section 3.4.1 of [RFC8182] | The following paragraph is added to Section 3.4.1 of [RFC8182], | |||
| "Processing the Update Notification File", after the paragraph which | "Processing the Update Notification File", after the paragraph that | |||
| ends "The Relying Party MUST then download and process the Snapshot | ends "The Relying Party MUST then download and process the Snapshot | |||
| File specified in the downloaded Update Notification File as | File specified in the downloaded Update Notification File as | |||
| described in Section 3.4.3." | described in Section 3.4.3." | |||
| NEW | NEW | |||
| | If the session_id matches the last known session_id, the Relying | | If the session_id matches the last known session_id, the Relying | |||
| | Party SHOULD compare whether hash values associated with | | Party SHOULD compare whether hash values associated with | |||
| | previously seen files for serials match the hash values of the | | previously seen files for serials match the hash values of the | |||
| | corresponding serials in the newly fetched Update Notification | | corresponding serials in the newly fetched Update Notification | |||
| | File. If any differences are detected, this means that files were | | File. If any differences are detected, this means that files were | |||
| | unexpectedly mutated (See | | unexpectedly mutated (see [RFC9697]). The Relying Party SHOULD | |||
| | [I-D.ietf-sidrops-rrdp-desynchronization]). The Relying Party | | then download and process the Snapshot File specified in the | |||
| | SHOULD then download and process the Snapshot File specified in | | downloaded Update Notification File as described in Section 3.4.3. | |||
| | the downloaded Update Notification File as described in | ||||
| | Section 3.4.3 of [RFC8182] | ||||
| 6. Security Considerations | 6. Security Considerations | |||
| Due to the lifetime of RRDP sessions (often measured in months), | Due to the lifetime of RRDP sessions (often measured in months), | |||
| desynchronization can persist for an extended period if undetected. | desynchronization can persist for an extended period if undetected. | |||
| Caches in a desynchronized state pose a risk by emitting a different | Caches in a desynchronized state pose a risk by emitting a different | |||
| set of Validated Payloads than they would otherwise emit with a | set of Validated Payloads than they would otherwise emit with a | |||
| consistent repository copy. Through the interaction of the | consistent repository copy. Through the interaction of the | |||
| desynchronization and the _failed fetch_ mechanism described in | desynchronization and the _failed fetch_ mechanism described in | |||
| Section 6.6 of [RFC9286], Relying Parties could spuriously omit | Section 6.6 of [RFC9286], Relying Parties could spuriously omit | |||
| Validated Payloads or emit Validated Payloads that the Certification | Validated Payloads or emit Validated Payloads that the Certification | |||
| Authority intended to withdraw. As a result, due to the | Authority intended to withdraw. As a result, due to the | |||
| desynchronized state, route decision making processes might consider | desynchronized state, route decision making processes might consider | |||
| route announcements intended to be marked valid as "unknown" or | route announcements intended to be marked valid as "unknown" or | |||
| "invalid" for an indeterminate period. | "invalid" for an indeterminate period. | |||
| Missing Validated Payloads negatively impact the ability to validate | Missing Validated Payloads negatively impact the ability to validate | |||
| BGP announcements using mechanisms such as those described in | BGP announcements using mechanisms such as those described in | |||
| [RFC6811] and [I-D.ietf-sidrops-aspa-verification]. | [RFC6811] and [ASPA]. | |||
| Section 6.6 of [RFC9286] advises RP implementations to continue to | Section 6.6 of [RFC9286] advises RP implementations to continue to | |||
| use cached versions of objects, but only until such time as they | use cached versions of objects, but only until such time as they | |||
| become stale. By detecting whether the remote Repository Server is | become stale. By detecting whether the remote Repository Server is | |||
| in an inconsistent state and then immediately switching to using the | in an inconsistent state and then immediately switching to using the | |||
| latest Snapshot File, RPs increase the probability to successfully | latest Snapshot File, RPs increase the probability to successfully | |||
| replace objects before they become stale. | replace objects before they become stale. | |||
| 7. IANA Considerations | 7. IANA Considerations | |||
| No IANA actions required. | This document has no IANA actions. | |||
| 8. References | 8. References | |||
| 8.1. Normative References | 8.1. Normative References | |||
| [I-D.ietf-sidrops-rrdp-desynchronization] | ||||
| Snijders, J. and T. de Kock, "Detecting RRDP Session | ||||
| Desynchronization", Work in Progress, Internet-Draft, | ||||
| draft-ietf-sidrops-rrdp-desynchronization, | ||||
| <https://datatracker.ietf.org/doc/html/draft-ietf-sidrops- | ||||
| rrdp-desynchronization>. | ||||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, | Requirement Levels", BCP 14, RFC 2119, | |||
| DOI 10.17487/RFC2119, March 1997, | DOI 10.17487/RFC2119, March 1997, | |||
| <https://www.rfc-editor.org/info/rfc2119>. | <https://www.rfc-editor.org/info/rfc2119>. | |||
| [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC | [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC | |||
| 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, | 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, | |||
| May 2017, <https://www.rfc-editor.org/info/rfc8174>. | May 2017, <https://www.rfc-editor.org/info/rfc8174>. | |||
| [RFC8182] Bruijnzeels, T., Muravskiy, O., Weber, B., and R. Austein, | [RFC8182] Bruijnzeels, T., Muravskiy, O., Weber, B., and R. Austein, | |||
| "The RPKI Repository Delta Protocol (RRDP)", RFC 8182, | "The RPKI Repository Delta Protocol (RRDP)", RFC 8182, | |||
| DOI 10.17487/RFC8182, July 2017, | DOI 10.17487/RFC8182, July 2017, | |||
| <https://www.rfc-editor.org/info/rfc8182>. | <https://www.rfc-editor.org/info/rfc8182>. | |||
| 8.2. Informative References | 8.2. Informative References | |||
| [FORT-validator] | [ASPA] Azimov, A., Bogomazov, E., Bush, R., Patel, K., Snijders, | |||
| Leiva, A., "FORT validator 1.7.0", March 2024, | ||||
| <https://github.com/NICMx/FORT-validator/compare/ | ||||
| main...draft-spaghetti-sidrops-rrdp-desynchronization>. | ||||
| [I-D.ietf-sidrops-aspa-verification] | ||||
| Azimov, A., Bogomazov, E., Bush, R., Patel, K., Snijders, | ||||
| J., and K. Sriram, "BGP AS_PATH Verification Based on | J., and K. Sriram, "BGP AS_PATH Verification Based on | |||
| Autonomous System Provider Authorization (ASPA) Objects", | Autonomous System Provider Authorization (ASPA) Objects", | |||
| Work in Progress, Internet-Draft, draft-ietf-sidrops-aspa- | Work in Progress, Internet-Draft, draft-ietf-sidrops-aspa- | |||
| verification-18, 8 July 2024, | verification-19, 27 September 2024, | |||
| <https://datatracker.ietf.org/doc/html/draft-ietf-sidrops- | <https://datatracker.ietf.org/doc/html/draft-ietf-sidrops- | |||
| aspa-verification-18>. | aspa-verification-19>. | |||
| [RFC6811] Mohapatra, P., Scudder, J., Ward, D., Bush, R., and R. | [RFC6811] Mohapatra, P., Scudder, J., Ward, D., Bush, R., and R. | |||
| Austein, "BGP Prefix Origin Validation", RFC 6811, | Austein, "BGP Prefix Origin Validation", RFC 6811, | |||
| DOI 10.17487/RFC6811, January 2013, | DOI 10.17487/RFC6811, January 2013, | |||
| <https://www.rfc-editor.org/info/rfc6811>. | <https://www.rfc-editor.org/info/rfc6811>. | |||
| [RFC7115] Bush, R., "Origin Validation Operation Based on the | [RFC7115] Bush, R., "Origin Validation Operation Based on the | |||
| Resource Public Key Infrastructure (RPKI)", BCP 185, | Resource Public Key Infrastructure (RPKI)", BCP 185, | |||
| RFC 7115, DOI 10.17487/RFC7115, January 2014, | RFC 7115, DOI 10.17487/RFC7115, January 2014, | |||
| <https://www.rfc-editor.org/info/rfc7115>. | <https://www.rfc-editor.org/info/rfc7115>. | |||
| [RFC9286] Austein, R., Huston, G., Kent, S., and M. Lepinski, | [RFC9286] Austein, R., Huston, G., Kent, S., and M. Lepinski, | |||
| "Manifests for the Resource Public Key Infrastructure | "Manifests for the Resource Public Key Infrastructure | |||
| (RPKI)", RFC 9286, DOI 10.17487/RFC9286, June 2022, | (RPKI)", RFC 9286, DOI 10.17487/RFC9286, June 2022, | |||
| <https://www.rfc-editor.org/info/rfc9286>. | <https://www.rfc-editor.org/info/rfc9286>. | |||
| [Routinator] | Acknowledgements | |||
| NLNet Labs, "Routinator", | ||||
| <https://github.com/NLnetLabs/routinator/pull/951>. | ||||
| [rpki-client] | ||||
| Jeker, C., Snijders, J., Dzonsons, K., and T. Buehler, | ||||
| "rpki-client 8.5", July 2023, | ||||
| <https://www.rpki-client.org/>. | ||||
| [rpki-prover] | ||||
| Puzanov, M., "rpki-prover 0.9.0", February 2024, | ||||
| <https://github.com/lolepezy/rpki-prover>. | ||||
| Appendix A. Acknowledgements | ||||
| During the hallway track at RIPE 86, Ties de Kock shared the idea for | During the hallway track at RIPE 86, Ties de Kock shared the idea for | |||
| detecting this particular form of RRDP desynchronization, after which | detecting this particular form of RRDP desynchronization, after which | |||
| Claudio Jeker, Job Snijders, and Theo Buehler produced an | Claudio Jeker, Job Snijders, and Theo Buehler produced an | |||
| implementation based on rpki-client. Equipped with tooling to detect | implementation based on rpki-client. Equipped with tooling to detect | |||
| this particular error condition, in subsequent months it became | this particular error condition, in subsequent months it became | |||
| apparent that unexpected delta mutations in the global RPKI | apparent that unexpected delta mutations in the global RPKI | |||
| repositories do happen from time to time. | repositories do happen from time to time. | |||
| The authors wish to thank Theo Buehler, Mikhail Puzanov, Alberto | The authors wish to thank Theo Buehler, Mikhail Puzanov, Alberto | |||
| Leiva, Tom Harrison, Warren Kumari, Behcet Sarikaya, Murray | Leiva, Tom Harrison, Warren Kumari, Behcet Sarikaya, Murray | |||
| Kucherawy, Éric Vyncke, Roman Danyliw, Tim Bruijnzeels, and Michael | Kucherawy, Éric Vyncke, Roman Danyliw, Tim Bruijnzeels, and Michael | |||
| Hollyman for their careful review and feedback on this document. | Hollyman for their careful review and feedback on this document. | |||
| Appendix B. Implementation status | ||||
| This section is to be removed before publishing as an RFC. | ||||
| This section records the status of known implementations of the | ||||
| protocol defined by this specification at the time of posting of this | ||||
| Internet-Draft, and is based on a proposal described in RFC 7942. | ||||
| The description of implementations in this section is intended to | ||||
| assist the IETF in its decision processes in progressing drafts to | ||||
| RFCs. Please note that the listing of any individual implementation | ||||
| here does not imply endorsement by the IETF. Furthermore, no effort | ||||
| has been spent to verify the information presented here that was | ||||
| supplied by IETF contributors. This is not intended as, and must not | ||||
| be construed to be, a catalog of available implementations or their | ||||
| features. Readers are advised to note that other implementations may | ||||
| exist. | ||||
| According to RFC 7942, "this will allow reviewers and working groups | ||||
| to assign due consideration to documents that have the benefit of | ||||
| running code, which may serve as evidence of valuable experimentation | ||||
| and feedback that have made the implemented protocols more mature. | ||||
| It is up to the individual working groups to use this information as | ||||
| they see fit". | ||||
| * OpenBSD [rpki-client] 8.5 and higher | ||||
| * Mikhail Puzanov's [rpki-prover] 0.9.0 and higher | ||||
| * FORT project's [FORT-validator] 1.7.0 and higher | ||||
| * NLnet Labs' [Routinator] main branch | ||||
| Authors' Addresses | Authors' Addresses | |||
| Job Snijders | Job Snijders | |||
| Fastly | Fastly | |||
| Amsterdam | Amsterdam | |||
| Netherlands | Netherlands | |||
| Email: job@fastly.com | Email: job@fastly.com | |||
| Ties de Kock | Ties de Kock | |||
| RIPE NCC | RIPE NCC | |||
| End of changes. 31 change blocks. | ||||
| 169 lines changed or deleted | 119 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. | ||||