IETF Logo Mail Archive

Re: [GROW] draft-ss-grow-rpki-as-cones-00

Job Snijders <job@ntt.net> Wed, 23 May 2018 20:26 UTC

Return-Path: <job@instituut.net>
X-Original-To: grow@ietfa.amsl.com
Delivered-To: grow@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 48891127978 for <grow@ietfa.amsl.com>; Wed, 23 May 2018 13:26:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.671
X-Spam-Level:
X-Spam-Status: No, score=-1.671 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.248, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, UNPARSEABLE_RELAY=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9w0SV4Ide1uD for <grow@ietfa.amsl.com>; Wed, 23 May 2018 13:26:32 -0700 (PDT)
Received: from mail-wm0-f41.google.com (mail-wm0-f41.google.com [74.125.82.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 38D7512D7E6 for <grow@ietf.org>; Wed, 23 May 2018 13:26:32 -0700 (PDT)
Received: by mail-wm0-f41.google.com with SMTP id w194-v6so12271584wmf.2 for <grow@ietf.org>; Wed, 23 May 2018 13:26:32 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=W0sXt/X3duBKMP1Ry6ezcm1BTEpFvMFjinnZf4rsAqE=; b=Yg1Wg7tbb1V1CcVInQs+EEM9h+9j6B5I/a5ZBe50mHJn+hP0YVzyyti0q21PzMkNIF AFxPx+yH8HLw0z30VorRyST6/Ro4J4O2kGCXV2OP7r+ku5FzJq6nQXxCpqB/dF64/46T 1puPbUpMFhxsKgW0tzbNm9xXid7q2HBs4s1tA08mUzioG2jAp/ykpS3BArgWAPVrQLfo IjCfDi95QIgsFS2zjhBLiwQDkLwWVwu8VfPViXTx1qLbfqSK5vYJj92KGw46xNmPE7C7 ikeMcv5aPRAFkoscmqpzSC0i8CJvlNZ8h5W1Otl33VvxKC1LqAFvF5sUB+B+OGX1nBCr QLyw==
X-Gm-Message-State: ALKqPwcrghyokk1w/y/8k8fR7+f9D+hUwUKh5E3xcVNns9jDQzxAHMAG FrlQyQ4GJHCeofbOUO6JqtgNlQ==
X-Google-Smtp-Source: AB8JxZrpnHUhYm8e1qdlSod92NWAUDM+YKYfGoSsPbs6KvyEnenK69+G0EJ/+etPtFPMiD1d4UodLg==
X-Received: by 2002:a50:e044:: with SMTP id g4-v6mr8761270edl.123.1527107190492; Wed, 23 May 2018 13:26:30 -0700 (PDT)
Received: from vurt.meerval.net (vurt.meerval.net. [192.147.168.22]) by smtp.gmail.com with ESMTPSA id g13-v6sm10316723edq.57.2018.05.23.13.26.26 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Wed, 23 May 2018 13:26:26 -0700 (PDT)
Received: from localhost (vurt.meerval.net [local]) by vurt.meerval.net (OpenSMTPD) with ESMTPA id f7d3ffd7; Wed, 23 May 2018 20:26:26 +0000 (UTC)
Date: Wed, 23 May 2018 20:26:25 +0000
From: Job Snijders <job@ntt.net>
To: Christopher Morrow <christopher.morrow@gmail.com>
Cc: Randy Bush <randy@psg.com>, "grow@ietf.org grow@ietf.org" <grow@ietf.org>
Message-ID: <20180523202625.GB73966@vurt.meerval.net>
References: <8c2da168-af67-9463-adbc-d6a0b778f24d@stucchi.ch> <m2tvr0eq0f.wl-randy@psg.com> <20180523134849.GV56139@hanna.meerval.net> <m2h8mybei6.wl-randy@psg.com> <20180523170728.GW73966@vurt.meerval.net> <CAH1iCir7_oddkaeJGJ-qNyUgwumd55R-0AC8CMPrKmNKGiaxqQ@mail.gmail.com> <CACWOCC8NvWZQYN9b1y65C_s4J8VATRWmUkKDR-n8CL9J1QY-_g@mail.gmail.com> <57356A8C-B82D-4084-9BC0-B6F1A23CCCF5@psg.com> <20180523193307.GA73966@vurt.meerval.net> <CAL9jLaZ26ndwX03dnWaYfN5Wr+k6THgEdw-YhGGz3=7zT30i-w@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CAL9jLaZ26ndwX03dnWaYfN5Wr+k6THgEdw-YhGGz3=7zT30i-w@mail.gmail.com>
X-Clacks-Overhead: GNU Terry Pratchett
User-Agent: Mutt/1.9.5 (2018-04-13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/grow/KFYDdcx1P0eLDqlLc1H9DAmIu60>
Subject: Re: [GROW] draft-ss-grow-rpki-as-cones-00
X-BeenThere: grow@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Grow Working Group Mailing List <grow.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/grow>, <mailto:grow-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/grow/>
List-Post: <mailto:grow@ietf.org>
List-Help: <mailto:grow-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/grow>, <mailto:grow-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 May 2018 20:26:33 -0000

On Wed, May 23, 2018 at 04:22:06PM -0400, Christopher Morrow wrote:
> <lurk mode=off>
> 
> On Wed, May 23, 2018 at 3:33 PM Job Snijders <job@ntt.net> wrote:
> 
> > The signing AS is saying they created (and named) the list. This
> > helps resolve various issues, such as "does AS-STEALTH belong to
> > AS41847 or to AS8002"?
>
> wait, they signed this data and put it in their RPKI publication point
> (for instance - forget that there is no RPKI object type for this), so
> they 'claimed':
>   as-set:     AS-STEALTH
> 
> from which IRR? Or did you mean that they may sign something like:
>   as-set:     AS-STEALTH@radb
> 
> but did not sign:
>   as-set:         AS-STEALTH@RIPE
> 
> Else we still have confusion, because the MAINT-AS8002 may be upset when I
> only accept AS-SET content from STEALTH-NET-MNT :(
> 
> -chris
> (who hopes to one day have better answers for this than: "err, ask the
> customer / peer which irr they use?"

You are now describing issues of the IRR, I merely used this example to
illustrate the problem. With AS Cones we can do better. We can structure
the naming convention for this type of objects.

For instance, for an AS Cone named "AS15562:AS-SNIJDERS" - we can
structure it in such a way that only the CA Holder of the cert related
to AS 15562 can sign "AS15562:AS-SNIJDERS". Earlier in the thread I used
the term 'namespace'.

Kind regards,

Job

v2.23.0 | Report a Bug | By Email