IETF Logo Mail Archive

Re: [Gen-art] Gen-art LC/Telechat review of draft-ietf-sidr-usecases-05.txt

Elwyn Davies <elwynd@dial.pipex.com> Fri, 21 December 2012 12:07 UTC

Return-Path: <elwynd@dial.pipex.com>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B2BCE21F8953 for <gen-art@ietfa.amsl.com>; Fri, 21 Dec 2012 04:07:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.249
X-Spam-Level:
X-Spam-Status: No, score=-102.249 tagged_above=-999 required=5 tests=[AWL=-0.250, BAYES_00=-2.599, J_CHICKENPOX_43=0.6, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Kjc7SMHgZXN2 for <gen-art@ietfa.amsl.com>; Fri, 21 Dec 2012 04:07:24 -0800 (PST)
Received: from auth.a.painless.aa.net.uk (a.painless.aa.net.uk [IPv6:2001:8b0:0:30::51bb:1e33]) by ietfa.amsl.com (Postfix) with ESMTP id E506321F885C for <gen-art@ietf.org>; Fri, 21 Dec 2012 04:07:23 -0800 (PST)
Received: from mightyatom.folly.org.uk ([81.187.254.250]) by a.painless.aa.net.uk with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.77) (envelope-from <elwynd@dial.pipex.com>) id 1Tm1Ni-0005Ox-Eg; Fri, 21 Dec 2012 12:07:17 +0000
From: Elwyn Davies <elwynd@dial.pipex.com>
To: Terry Manderson <terry.manderson@icann.org>
In-Reply-To: <CCF9F24F.2E422%terry.manderson@icann.org>
References: <CCF9F24F.2E422%terry.manderson@icann.org>
Content-Type: text/plain
Date: Fri, 21 Dec 2012 12:06:42 +0000
Message-Id: <1356091602.11916.15388.camel@mightyatom>
Mime-Version: 1.0
X-Mailer: Evolution 2.26.3
Content-Transfer-Encoding: 7bit
X-Spam-Score-a.painless.aa.net.uk: -4.0
Cc: "draft-ietf-sidr-usecases.all@tools.ietf.org" <draft-ietf-sidr-usecases.all@tools.ietf.org>, General Area Review Team <gen-art@ietf.org>
Subject: Re: [Gen-art] Gen-art LC/Telechat review of draft-ietf-sidr-usecases-05.txt
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/gen-art>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Dec 2012 12:07:24 -0000

Hi, Terry.

That's all fine by me.

Have a great Christmas!

Elwyn 

On Thu, 2012-12-20 at 17:02 -0800, Terry Manderson wrote:
> On 20/12/12 11:23 AM, "Elwyn Davies" <elwynd@dial.pipex.com> wrote:
> 
> > Hi, Terry.
> > 
> > Thanks for the swift reply.
> > 
> > Looks like all is well with most of he comments.
> > 
> > I guess the main consclusion would be that you maybe need to put in a
> > bit more explanation of the context to which make-before-break applies
> > as per your explanation to me below.
> 
> I hear you, I will come back to you after Xmas with some expanded draft text
> for s2.1.
> 
> > 
> 
> >>> It is possible that I don't understand the problem, but this appears to
> >>> be trying to prove a negative by the existence of something.  What RPKI
> >>> object would have to exist to make the route suspicious?
> >> 
> >> Essentially a valid RPKI ROA object would need to exist that proves a route
> >> is suspicious. Because the RPKI+ROA is a "bolt on after the fact" security
> >> effort, you can do no more. Simply routing exists now, the RPKI would be
> >> deployed in the future. So any route that is seen must be considered
> >> intended unless proven otherwise.
> > I see now.. perhaps you could add something like:
> > ... valid RPKI object that explicitly invalidates the route (see Section
> > 7 for examples).
> 
> That works for me.
> 
> >> 
> >>> 
> >>> s6.2: Can the make-before-break principle be applied to the resource
> >>> certificate for Org B?  Presumably this would mean overlapping existence
> >>> of resource certs for Org A and Org B so that the ROA add can occur
> >>> before the revoke.  Is this a problem?
> >>> 
> >> 
> >> The preference, I believe (and my co-authors can correct me) is that two
> >> different resource certificates (unless one in subordinate to the other)
> >> should never exist.
> >> 
> >> This problem is an open issue in SIDR related to the grandfathering topic.
> >> So for now the usecase should be that overlap cannot occur.
> > Do you think this needs explicit  mention?
> 
> No. I feel it is better to remain silent in the usecases. A requirements
> document (should one ever be set as a charter deliverable) would define that
> behaviour, which would then be reinforced by the RPKI architecture.
> 
> I personally feel it is better to bis this document should change be needed.
> 
> 
> >> work for you?
> > 
> > Maybe 'through two or more' but basically 'yes, thanks'.
> 
> Works for me.
> 
> >> 
> 
> >>> describe the add before the revoke in each case?
> >> 
> >> ahh.. I think we have a disconnect. make before break is considered in the
> >> routing sense that a route is considered o.k. (UNKNOWN) unless proven
> >> otherwise, this means you can remove ALL RPKI object for a route, and it
> >> will still exist happily until a new and conflicting RPKI ROA is created..
> >> And we are working to that. Not necessarily making a new valid object before
> >> breaking the old valid object. That would then imply ownership of a prefix
> >> can then be in two places at the same time. And like the transfer of title
> >> for a house, overlap tends to be considered a bad thing. (co-authors, chime
> >> in here!)
> >> 
> > See initial comment.. this is a useful explanation and some words to
> > this effect would avoid others with equally bad understanding of the
> > RPKI scenario making the same mistake.
> > 
> 
> Ack. Will run draft text past co-authors and bring back post xmas.
> 
> Terry

v2.23.0 | Report a Bug | By Email