Re: [apps-discuss] APPSDIR review of draft-ietf-sidr-rpki-rtr-25

Randy Bush <> Mon, 30 January 2012 23:27 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 04C0411E80D6; Mon, 30 Jan 2012 15:27:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.541
X-Spam-Status: No, score=-2.541 tagged_above=-999 required=5 tests=[AWL=0.058, BAYES_00=-2.599]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id OUu1yNrQtA5h; Mon, 30 Jan 2012 15:27:58 -0800 (PST)
Received: from ( [IPv6:2001:418:1::36]) by (Postfix) with ESMTP id 8E0C911E80C4; Mon, 30 Jan 2012 15:27:58 -0800 (PST)
Received: from localhost ([] by with esmtp (Exim 4.77 (FreeBSD)) (envelope-from <>) id 1Rs0dg-000Nry-7O; Mon, 30 Jan 2012 23:27:56 +0000
Date: Tue, 31 Jan 2012 08:27:54 +0900
Message-ID: <>
From: Randy Bush <>
To: Lisa Dusseault <>
In-Reply-To: <>
References: <>
User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/22.3 Mule/5.0 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka")
Content-Type: text/plain; charset=US-ASCII
Cc:,, IESG <>
Subject: Re: [apps-discuss] APPSDIR review of draft-ietf-sidr-rpki-rtr-25
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion of application-layer protocols <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 30 Jan 2012 23:27:59 -0000

< irrelevant soapbox >

hi lisa,

will respond in general when both i and rob can sync across ten time

but i am gonna put my foot in it here, because you pushed a religious
button of mine.  it is not particularly relevant to the document, but
i am not one to ignore an offered soapbox :)

>  - Only a human administrator can tell if a collection of routers and
> caches using RPKI are "on the same trusted and controlled network"
>  - A human administrator would configure the routers and caches to use TCP,
> based on their trust of the local network.
>  - A router would not attempt to use the RPKI-rtr port with unprotected TCP
> unless it was configured by the human administrator to do so
>  - Thus, there is not a downgrade attack unless a human is involved in the
> decision to downgrade the security configuration

there exist automated configuration generation systems where no human
configures the router at all.  this is a very good practice and has been
deployed in some large isps for a decade or more.  

the security folk have recently (the last three or four years or so)
taken an interest and are using this to build the theory and tool
framework to generate network (yes, network, not router!) configurations
with known security properties.  this is downright delicious.  i have
found the work of geoffrey xie and sanjai narain to be among the more
interesting.  but the field is becoming popular.