**Session Date/Time:** 22 Jul 2025 09:30 # sidrops ## Summary This sidrops session covered several important topics, including ordering of PDUs, ASPA verification issues and proposed solutions, publication server best current practices, a new digital sign object for IPv6/IPv4 address mapping, ASPA-based verification for BGP export, BGP load path verification based on RPKI, and a decentralized RPKI repository architecture. A straw poll was conducted on PDU ordering, resulting in a decision to include ordering in the draft. ## Key Discussion Points * **PDU Ordering:** A significant discussion revolved around the need for fully specified PDU ordering versus specifying only enough ordering to avoid race conditions. * **ASPA Verification Errors:** The session addressed how to handle errors in ASPA creation, particularly regarding omission of provider AS numbers, and whether to drop updates or be tolerant and fix errors proactively. * **Egress ASPA Verification:** There was a debate about the necessity of egress ASPA verification in addition to ingress verification and OTC (Origin Validation based on the RPKI). * **Publication Server Best Current Practices:** An update was provided on the publication server best current practice document, highlighting open issues related to single points of failure and the level of actionable advice to include. * **More Appropriate File Formating Arrangement Authorization (MAFFA):** Presentation on verifying IPv4 sub-data in IPv6-only networks using a new digital sign object. * **ASPA-based ASPA verification for BGP export:** Discussion on preventing local AS misconfigurations, blocking local route leaks, and accelerating registration error detection. * **BGP Load Path Verification (RPA):** This involved discussion on verifying BGP load paths based on RPKI, addressing concerns about scalability, security, and the initial bootstrapping of RPA objects. * **Decentralized RPKI Repository Architecture (DRR):** Introduced a new architecture decoupling publication points from RPKI CAs to enhance reliability and scalability. ## Decisions and Action Items * **PDU Ordering:** The working group decided to include PDU ordering in the document. The text will be updated to align with IETF tradition. * **ASPA Verification:** Further discussions between Sriram, Maria, and Jia regarding egress verification and its benefits and redundancy. The ASPA draft will include a mention of egress verification. * **Publication Server BCP:** Comment on the draft if operating a publication server or as a researcher before another last call. Chris Morrow was encouraged to provide text regarding single points of failure. ## Next Steps * **PDU Ordering:** Update the document text regarding PDU ordering. * **ASPA Verification:** Continue discussions regarding egress verification and its inclusion in the ASPA draft. * **Publication Server BCP:** Incorporate feedback and address open issues before a second last call. * **MAFFA:** Continued implementation of the certificate parsing and verification on the RP side. * **RPA:** Address concerns raised and continue discussion on the mailing list. An interim session was suggested. * **DRR:** Continue discussion on the mailing list.