Re: [Gen-art] Gen-art LC/Telechat review of draft-ietf-sidr-usecases-05.txt
"Sriram, Kotikalapudi" <kotikalapudi.sriram@nist.gov> Wed, 26 December 2012 05:17 UTC
Return-Path: <kotikalapudi.sriram@nist.gov>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BA00F21F8C56 for <gen-art@ietfa.amsl.com>; Tue, 25 Dec 2012 21:17:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.219
X-Spam-Level:
X-Spam-Status: No, score=-6.219 tagged_above=-999 required=5 tests=[AWL=-0.220, BAYES_00=-2.599, J_CHICKENPOX_43=0.6, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ijBsDBo5rAIy for <gen-art@ietfa.amsl.com>; Tue, 25 Dec 2012 21:17:39 -0800 (PST)
Received: from wsget2.nist.gov (wsget2.nist.gov [129.6.13.151]) by ietfa.amsl.com (Postfix) with ESMTP id C2D3F21F8C55 for <gen-art@ietf.org>; Tue, 25 Dec 2012 21:17:38 -0800 (PST)
Received: from WSXGHUB2.xchange.nist.gov (129.6.18.19) by wsget2.nist.gov (129.6.13.151) with Microsoft SMTP Server (TLS) id 14.2.328.9; Wed, 26 Dec 2012 00:17:21 -0500
Received: from MBCLUSTER.xchange.nist.gov ([fe80::d479:3188:aec0:cb66]) by WSXGHUB2.xchange.nist.gov ([129.6.18.19]) with mapi; Wed, 26 Dec 2012 00:17:36 -0500
From: "Sriram, Kotikalapudi" <kotikalapudi.sriram@nist.gov>
To: Elwyn Davies <elwynd@dial.pipex.com>, Terry Manderson <terry.manderson@icann.org>
Date: Wed, 26 Dec 2012 00:17:36 -0500
Thread-Topic: Gen-art LC/Telechat review of draft-ietf-sidr-usecases-05.txt
Thread-Index: Ac3fc8x1YYe+e8wQQ1Wn35I8JNvHogDsy39x
Message-ID: <D7A0423E5E193F40BE6E94126930C4930BB91F89E7@MBCLUSTER.xchange.nist.gov>
References: <CCF9F24F.2E422%terry.manderson@icann.org>, <1356091602.11916.15388.camel@mightyatom>
In-Reply-To: <1356091602.11916.15388.camel@mightyatom>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
X-Mailman-Approved-At: Tue, 25 Dec 2012 23:59:01 -0800
Cc: "draft-ietf-sidr-usecases.all@tools.ietf.org" <draft-ietf-sidr-usecases.all@tools.ietf.org>, General Area Review Team <gen-art@ietf.org>
Subject: Re: [Gen-art] Gen-art LC/Telechat review of draft-ietf-sidr-usecases-05.txt
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/gen-art>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Dec 2012 05:17:39 -0000
Hi Elwyn, I have carefully read all the comments in this thread. Thank you for your review and comments -- very helpful. I have a good understanding of all the changes I need to make. I will spin a new version by Wednesday (12/26) evening or Thursday a.m. Will run it by Terry and Russ first and then post it here in this thread as an attachment. Happy Holidays. Sriram ________________________________________ From: Elwyn Davies [elwynd@dial.pipex.com] Sent: Friday, December 21, 2012 7:06 AM To: Terry Manderson Cc: General Area Review Team; draft-ietf-sidr-usecases.all@tools.ietf.org Subject: Re: Gen-art LC/Telechat review of draft-ietf-sidr-usecases-05.txt Hi, Terry. That's all fine by me. Have a great Christmas! Elwyn On Thu, 2012-12-20 at 17:02 -0800, Terry Manderson wrote: > On 20/12/12 11:23 AM, "Elwyn Davies" <elwynd@dial.pipex.com> wrote: > > > Hi, Terry. > > > > Thanks for the swift reply. > > > > Looks like all is well with most of he comments. > > > > I guess the main consclusion would be that you maybe need to put in a > > bit more explanation of the context to which make-before-break applies > > as per your explanation to me below. > > I hear you, I will come back to you after Xmas with some expanded draft text > for s2.1. > > > > > >>> It is possible that I don't understand the problem, but this appears to > >>> be trying to prove a negative by the existence of something. What RPKI > >>> object would have to exist to make the route suspicious? > >> > >> Essentially a valid RPKI ROA object would need to exist that proves a route > >> is suspicious. Because the RPKI+ROA is a "bolt on after the fact" security > >> effort, you can do no more. Simply routing exists now, the RPKI would be > >> deployed in the future. So any route that is seen must be considered > >> intended unless proven otherwise. > > I see now.. perhaps you could add something like: > > ... valid RPKI object that explicitly invalidates the route (see Section > > 7 for examples). > > That works for me. > > >> > >>> > >>> s6.2: Can the make-before-break principle be applied to the resource > >>> certificate for Org B? Presumably this would mean overlapping existence > >>> of resource certs for Org A and Org B so that the ROA add can occur > >>> before the revoke. Is this a problem? > >>> > >> > >> The preference, I believe (and my co-authors can correct me) is that two > >> different resource certificates (unless one in subordinate to the other) > >> should never exist. > >> > >> This problem is an open issue in SIDR related to the grandfathering topic. > >> So for now the usecase should be that overlap cannot occur. > > Do you think this needs explicit mention? > > No. I feel it is better to remain silent in the usecases. A requirements > document (should one ever be set as a charter deliverable) would define that > behaviour, which would then be reinforced by the RPKI architecture. > > I personally feel it is better to bis this document should change be needed. > > > >> work for you? > > > > Maybe 'through two or more' but basically 'yes, thanks'. > > Works for me. > > >> > > >>> describe the add before the revoke in each case? > >> > >> ahh.. I think we have a disconnect. make before break is considered in the > >> routing sense that a route is considered o.k. (UNKNOWN) unless proven > >> otherwise, this means you can remove ALL RPKI object for a route, and it > >> will still exist happily until a new and conflicting RPKI ROA is created.. > >> And we are working to that. Not necessarily making a new valid object before > >> breaking the old valid object. That would then imply ownership of a prefix > >> can then be in two places at the same time. And like the transfer of title > >> for a house, overlap tends to be considered a bad thing. (co-authors, chime > >> in here!) > >> > > See initial comment.. this is a useful explanation and some words to > > this effect would avoid others with equally bad understanding of the > > RPKI scenario making the same mistake. > > > > Ack. Will run draft text past co-authors and bring back post xmas. > > Terry
- [Gen-art] Gen-art LC/Telechat review of draft-iet… Elwyn Davies
- Re: [Gen-art] Gen-art LC/Telechat review of draft… Terry Manderson
- Re: [Gen-art] Gen-art LC/Telechat review of draft… Elwyn Davies
- Re: [Gen-art] Gen-art LC/Telechat review of draft… Terry Manderson
- Re: [Gen-art] Gen-art LC/Telechat review of draft… Elwyn Davies
- Re: [Gen-art] Gen-art LC/Telechat review of draft… Sriram, Kotikalapudi
- Re: [Gen-art] Gen-art LC/Telechat review of draft… Elwyn Davies
- Re: [Gen-art] Gen-art LC/Telechat review of draft… Sriram, Kotikalapudi