Re: [Gen-art] Gen-art LC/Telechat review of draft-ietf-sidr-usecases-05.txt
Elwyn Davies <elwynd@dial.pipex.com> Fri, 21 December 2012 12:07 UTC
Return-Path: <elwynd@dial.pipex.com>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B2BCE21F8953 for <gen-art@ietfa.amsl.com>; Fri, 21 Dec 2012 04:07:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.249
X-Spam-Level:
X-Spam-Status: No, score=-102.249 tagged_above=-999 required=5 tests=[AWL=-0.250, BAYES_00=-2.599, J_CHICKENPOX_43=0.6, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Kjc7SMHgZXN2 for <gen-art@ietfa.amsl.com>; Fri, 21 Dec 2012 04:07:24 -0800 (PST)
Received: from auth.a.painless.aa.net.uk (a.painless.aa.net.uk [IPv6:2001:8b0:0:30::51bb:1e33]) by ietfa.amsl.com (Postfix) with ESMTP id E506321F885C for <gen-art@ietf.org>; Fri, 21 Dec 2012 04:07:23 -0800 (PST)
Received: from mightyatom.folly.org.uk ([81.187.254.250]) by a.painless.aa.net.uk with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.77) (envelope-from <elwynd@dial.pipex.com>) id 1Tm1Ni-0005Ox-Eg; Fri, 21 Dec 2012 12:07:17 +0000
From: Elwyn Davies <elwynd@dial.pipex.com>
To: Terry Manderson <terry.manderson@icann.org>
In-Reply-To: <CCF9F24F.2E422%terry.manderson@icann.org>
References: <CCF9F24F.2E422%terry.manderson@icann.org>
Content-Type: text/plain
Date: Fri, 21 Dec 2012 12:06:42 +0000
Message-Id: <1356091602.11916.15388.camel@mightyatom>
Mime-Version: 1.0
X-Mailer: Evolution 2.26.3
Content-Transfer-Encoding: 7bit
X-Spam-Score-a.painless.aa.net.uk: -4.0
Cc: "draft-ietf-sidr-usecases.all@tools.ietf.org" <draft-ietf-sidr-usecases.all@tools.ietf.org>, General Area Review Team <gen-art@ietf.org>
Subject: Re: [Gen-art] Gen-art LC/Telechat review of draft-ietf-sidr-usecases-05.txt
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/gen-art>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Dec 2012 12:07:24 -0000
Hi, Terry. That's all fine by me. Have a great Christmas! Elwyn On Thu, 2012-12-20 at 17:02 -0800, Terry Manderson wrote: > On 20/12/12 11:23 AM, "Elwyn Davies" <elwynd@dial.pipex.com> wrote: > > > Hi, Terry. > > > > Thanks for the swift reply. > > > > Looks like all is well with most of he comments. > > > > I guess the main consclusion would be that you maybe need to put in a > > bit more explanation of the context to which make-before-break applies > > as per your explanation to me below. > > I hear you, I will come back to you after Xmas with some expanded draft text > for s2.1. > > > > > >>> It is possible that I don't understand the problem, but this appears to > >>> be trying to prove a negative by the existence of something. What RPKI > >>> object would have to exist to make the route suspicious? > >> > >> Essentially a valid RPKI ROA object would need to exist that proves a route > >> is suspicious. Because the RPKI+ROA is a "bolt on after the fact" security > >> effort, you can do no more. Simply routing exists now, the RPKI would be > >> deployed in the future. So any route that is seen must be considered > >> intended unless proven otherwise. > > I see now.. perhaps you could add something like: > > ... valid RPKI object that explicitly invalidates the route (see Section > > 7 for examples). > > That works for me. > > >> > >>> > >>> s6.2: Can the make-before-break principle be applied to the resource > >>> certificate for Org B? Presumably this would mean overlapping existence > >>> of resource certs for Org A and Org B so that the ROA add can occur > >>> before the revoke. Is this a problem? > >>> > >> > >> The preference, I believe (and my co-authors can correct me) is that two > >> different resource certificates (unless one in subordinate to the other) > >> should never exist. > >> > >> This problem is an open issue in SIDR related to the grandfathering topic. > >> So for now the usecase should be that overlap cannot occur. > > Do you think this needs explicit mention? > > No. I feel it is better to remain silent in the usecases. A requirements > document (should one ever be set as a charter deliverable) would define that > behaviour, which would then be reinforced by the RPKI architecture. > > I personally feel it is better to bis this document should change be needed. > > > >> work for you? > > > > Maybe 'through two or more' but basically 'yes, thanks'. > > Works for me. > > >> > > >>> describe the add before the revoke in each case? > >> > >> ahh.. I think we have a disconnect. make before break is considered in the > >> routing sense that a route is considered o.k. (UNKNOWN) unless proven > >> otherwise, this means you can remove ALL RPKI object for a route, and it > >> will still exist happily until a new and conflicting RPKI ROA is created.. > >> And we are working to that. Not necessarily making a new valid object before > >> breaking the old valid object. That would then imply ownership of a prefix > >> can then be in two places at the same time. And like the transfer of title > >> for a house, overlap tends to be considered a bad thing. (co-authors, chime > >> in here!) > >> > > See initial comment.. this is a useful explanation and some words to > > this effect would avoid others with equally bad understanding of the > > RPKI scenario making the same mistake. > > > > Ack. Will run draft text past co-authors and bring back post xmas. > > Terry
- [Gen-art] Gen-art LC/Telechat review of draft-iet… Elwyn Davies
- Re: [Gen-art] Gen-art LC/Telechat review of draft… Terry Manderson
- Re: [Gen-art] Gen-art LC/Telechat review of draft… Elwyn Davies
- Re: [Gen-art] Gen-art LC/Telechat review of draft… Terry Manderson
- Re: [Gen-art] Gen-art LC/Telechat review of draft… Elwyn Davies
- Re: [Gen-art] Gen-art LC/Telechat review of draft… Sriram, Kotikalapudi
- Re: [Gen-art] Gen-art LC/Telechat review of draft… Elwyn Davies
- Re: [Gen-art] Gen-art LC/Telechat review of draft… Sriram, Kotikalapudi