Re: [GROW] draft-ss-grow-rpki-as-cones-00
Job Snijders <job@ntt.net> Wed, 23 May 2018 13:48 UTC
Return-Path: <job@instituut.net>
X-Original-To: grow@ietfa.amsl.com
Delivered-To: grow@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 713F012DB6C for <grow@ietfa.amsl.com>; Wed, 23 May 2018 06:48:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.672
X-Spam-Level:
X-Spam-Status: No, score=-1.672 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.248, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZlnChIjMCLds for <grow@ietfa.amsl.com>; Wed, 23 May 2018 06:48:53 -0700 (PDT)
Received: from mail-wm0-f42.google.com (mail-wm0-f42.google.com [74.125.82.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 174DC126D85 for <grow@ietf.org>; Wed, 23 May 2018 06:48:52 -0700 (PDT)
Received: by mail-wm0-f42.google.com with SMTP id f8-v6so9422419wmc.4 for <grow@ietf.org>; Wed, 23 May 2018 06:48:52 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=wo+/z0tltcXDzErfYjbWRb7S2nbtsPQFwljYoC7hPvE=; b=tBZ6Tk50D55EN0/KYX+IYgd3Y6eDrufnB2yY5X3XOMbzIj1tgscmYU1psEOQJQQgk4 kgl4YnguIimEKUE31fzaOPLAa4oqik6RVMJlTa8r/+v72GTsWuhKw5FJMmcPxlb6U/xz CNI8kmV4s3JekxrlqMG5l1260we3OaTFMek445alLdnqh1+EvN8D+2ysINEMAc+FCzfp o2U8uo6cmHtEBvvD0DFQXjxSzn2STxFtxqRCYhGAaVjhjvSdTJxEKdmTDWIhpRMR7tmR I4CxIwLvo2j4ekkG74kKL1gmwJJo2HgsB5zohioniCHqac2efZrzntEpGyFjKY5G159t LXKg==
X-Gm-Message-State: ALKqPwdvq1wDlGKrXJWU7VkbFnzjznBuhF6ZWAISivkB+fq+YGW/J1pq EBUAeGlYPSta8jFv0ypkI6rDgg==
X-Google-Smtp-Source: AB8JxZqJmentVT75Yhwm+yXUWumdNkaltQJhOWp34Rj1CDxmYz7IRXpAGN/MuEZ1zBP3OwPLTlzxdw==
X-Received: by 2002:a50:8a61:: with SMTP id i88-v6mr7246119edi.297.1527083331229; Wed, 23 May 2018 06:48:51 -0700 (PDT)
Received: from localhost ([2001:67c:208c:10:7dd5:9e8b:249b:1341]) by smtp.gmail.com with ESMTPSA id c10-v6sm10105390edq.13.2018.05.23.06.48.49 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 23 May 2018 06:48:50 -0700 (PDT)
Date: Wed, 23 May 2018 15:48:49 +0200
From: Job Snijders <job@ntt.net>
To: Randy Bush <randy@psg.com>
Cc: Massimiliano Stucchi <max@stucchi.ch>, "grow@ietf.org" <grow@ietf.org>
Message-ID: <20180523134849.GV56139@hanna.meerval.net>
References: <8c2da168-af67-9463-adbc-d6a0b778f24d@stucchi.ch> <m2tvr0eq0f.wl-randy@psg.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <m2tvr0eq0f.wl-randy@psg.com>
X-Clacks-Overhead: GNU Terry Pratchett
User-Agent: Mutt/1.9.5 (2018-04-13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/grow/gF4F7iq8II_5PDd3F236-DUmU7E>
Subject: Re: [GROW] draft-ss-grow-rpki-as-cones-00
X-BeenThere: grow@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Grow Working Group Mailing List <grow.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/grow>, <mailto:grow-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/grow/>
List-Post: <mailto:grow@ietf.org>
List-Help: <mailto:grow-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/grow>, <mailto:grow-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 May 2018 13:48:55 -0000
Dear Randy, On Mon, May 21, 2018 at 01:02:24PM -0700, Randy Bush wrote: > > me and Job Snijders have recently submitted > > draft-ss-grow-rpki-as-cones-00, which discusses AS-Cones, an attempt > > to bring as-sets into RPKI to facilitate route filtering. > > in irr, an as-set may reference an as-set. could you explain the > authority model you have for this when as-sets are signed? My initial thinking for RPKI AS Cones, is that a given Cone in an ASN's namespace can only be defined by the owner of the ASN in who's namespace the Cone is defined. If a reference is included to another Cone residing in someone elses namespace, a provisioning system can follow the reference and verify that the referenced Cone is defined by the ASN who's namespace that cone resides in. AS Cone Certificates are EE Certificates. The draft needs a ton of work to properly communicate to implementers what goes where. I am a novice when it comes to the X.509 / PKIX / ASN.1. Kind regards, Job
- Re: [GROW] draft-ss-grow-rpki-as-cones-00 Andrei Robachevsky
- [GROW] draft-ss-grow-rpki-as-cones-00 Massimiliano Stucchi
- Re: [GROW] draft-ss-grow-rpki-as-cones-00 Job Snijders
- Re: [GROW] draft-ss-grow-rpki-as-cones-00 Job Snijders
- Re: [GROW] draft-ss-grow-rpki-as-cones-00 Gert Doering
- Re: [GROW] draft-ss-grow-rpki-as-cones-00 Christopher Morrow
- Re: [GROW] draft-ss-grow-rpki-as-cones-00 Randy Bush
- Re: [GROW] draft-ss-grow-rpki-as-cones-00 Job Snijders
- Re: [GROW] draft-ss-grow-rpki-as-cones-00 Randy Bush
- Re: [GROW] draft-ss-grow-rpki-as-cones-00 Job Snijders
- Re: [GROW] draft-ss-grow-rpki-as-cones-00 Brian Dickson
- Re: [GROW] draft-ss-grow-rpki-as-cones-00 Job Snijders
- Re: [GROW] draft-ss-grow-rpki-as-cones-00 Jared Mauch
- Re: [GROW] draft-ss-grow-rpki-as-cones-00 Randy Bush
- Re: [GROW] draft-ss-grow-rpki-as-cones-00 Job Snijders
- Re: [GROW] draft-ss-grow-rpki-as-cones-00 Christopher Morrow
- Re: [GROW] draft-ss-grow-rpki-as-cones-00 Job Snijders
- Re: [GROW] draft-ss-grow-rpki-as-cones-00 Nick Hilliard
- Re: [GROW] draft-ss-grow-rpki-as-cones-00 Christopher Morrow
- Re: [GROW] draft-ss-grow-rpki-as-cones-00 Christopher Morrow
- Re: [GROW] draft-ss-grow-rpki-as-cones-00 Job Snijders
- Re: [GROW] draft-ss-grow-rpki-as-cones-00 Brian Dickson