Session Date/Time: 22 Jul 2025 09:30

sidrops

Summary

This sidrops session covered several important topics, including ordering of PDUs, ASPA verification issues and proposed solutions, publication server best current practices, a new digital sign object for IPv6/IPv4 address mapping, ASPA-based verification for BGP export, BGP load path verification based on RPKI, and a decentralized RPKI repository architecture. A straw poll was conducted on PDU ordering, resulting in a decision to include ordering in the draft.

Key Discussion Points

PDU Ordering: A significant discussion revolved around the need for fully specified PDU ordering versus specifying only enough ordering to avoid race conditions.
ASPA Verification Errors: The session addressed how to handle errors in ASPA creation, particularly regarding omission of provider AS numbers, and whether to drop updates or be tolerant and fix errors proactively.
Egress ASPA Verification: There was a debate about the necessity of egress ASPA verification in addition to ingress verification and OTC (Origin Validation based on the RPKI).
Publication Server Best Current Practices: An update was provided on the publication server best current practice document, highlighting open issues related to single points of failure and the level of actionable advice to include.
More Appropriate File Formating Arrangement Authorization (MAFFA): Presentation on verifying IPv4 sub-data in IPv6-only networks using a new digital sign object.
ASPA-based ASPA verification for BGP export: Discussion on preventing local AS misconfigurations, blocking local route leaks, and accelerating registration error detection.
BGP Load Path Verification (RPA): This involved discussion on verifying BGP load paths based on RPKI, addressing concerns about scalability, security, and the initial bootstrapping of RPA objects.
Decentralized RPKI Repository Architecture (DRR): Introduced a new architecture decoupling publication points from RPKI CAs to enhance reliability and scalability.

Decisions and Action Items

PDU Ordering: The working group decided to include PDU ordering in the document. The text will be updated to align with IETF tradition.
ASPA Verification: Further discussions between Sriram, Maria, and Jia regarding egress verification and its benefits and redundancy. The ASPA draft will include a mention of egress verification.
Publication Server BCP: Comment on the draft if operating a publication server or as a researcher before another last call. Chris Morrow was encouraged to provide text regarding single points of failure.

Next Steps

PDU Ordering: Update the document text regarding PDU ordering.
ASPA Verification: Continue discussions regarding egress verification and its inclusion in the ASPA draft.
Publication Server BCP: Incorporate feedback and address open issues before a second last call.
MAFFA: Continued implementation of the certificate parsing and verification on the RP side.
RPA: Address concerns raised and continue discussion on the mailing list. An interim session was suggested.
DRR: Continue discussion on the mailing list.