<html><head><meta http-equiv="Content-Type" content="text/html; charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><meta http-equiv="Content-Type" content="text/html; charset=us-ascii" class=""><div style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div class="">Dear secure interdomain routing operators,</div><div class=""><br class=""></div><div class="">I've been away from the IETF for a while, and I'm new to this mailing list, so I'm not up to date with what's been happening here. I'm not going to let that stop me :-) but apologies if I retread worn out paths.</div><div class=""><br class=""></div><div class="">Also, I'm not sure if this work ultimately fits this wg, but I think this is the right place for an initial discussion. I'm also starting this discussion on the RIPE routing-wg list.</div><div class=""><br class=""></div>A few weeks ago there was a significant route leak through Safe Host and China Telecom. This keeps happening. I think we can stop these route leaks with a relatively modest change to RPKI: by combining the ASes the origin trusts and the ASes the operator of an RPKI relying party server trusts, we have a list of all the ASes that may legitimately appear in the AS path as seen from this particular vantage point.<div class=""><br class=""></div><div class="">I believe deployment will be relatively easy, as it works for the two ASes at both ends even if ASes in the middle don't participate.</div><div class=""><br class=""></div><div class="">So this means a change to the ROA format, a change to the RPKI-router protocol, and of course changes to the software involved.</div><div class=""><br class=""></div><div class="">Here is the draft:</div><div class=""><br class=""></div><div class=""><a href="https://datatracker.ietf.org/doc/draft-van-beijnum-sidrops-pathrpki/" class="">https://datatracker.ietf.org/doc/draft-van-beijnum-sidrops-pathrpki/</a></div><div class=""><br class=""></div><div class="">There is path filter example code in the appendix to show that this part is easy. :-)</div><div class=""><br class=""></div><div class="">In case you want to try this out but don't want to compile it yourself, (mostly) the same code is also running here:</div><div class=""><br class=""></div><div class=""><a href="http://bgpexpert.com/pathrpki/" class="">http://bgpexpert.com/pathrpki/</a></div><div class=""><br class=""></div><div class="">Probably not too much new information for this group, but some background:</div><div class=""><br class=""></div><div class=""><a href="http://www.muada.com/2019/06-13-lets-fix-those-bgp-route-leaks.html" class="">http://www.muada.com/2019/06-13-lets-fix-those-bgp-route-leaks.html</a></div><div class=""><br class=""></div><div class="">Note that this is significantly different from the AS-Cones proposal. AS-Cones is a way for transit ASes to filter their peers (and maybe their customers). RPKI path validation is everyone filtering all prefixes they see, regardless of whether these prefixes come in through peering or transit. However, there is no reason the two can't be deployed side by side.</div><div class=""><br class=""></div><div class="">I've also read the ASPA draft, and although there are some overlap between ASPA and RPKI path validation, I'm not entirely clear on the details but they seem to be very different.</div><div class=""><br class=""></div><div class="">Iljitsch</div></div></body></html>