Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> (TheRPKI/Router Protocol) to Proposed Standard
"t.petch" <daedulus@btconnect.com> Wed, 28 December 2011 11:51 UTC
Return-Path: <daedulus@btconnect.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BD67E21F87FA for <ietf@ietfa.amsl.com>; Wed, 28 Dec 2011 03:51:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.355
X-Spam-Level:
X-Spam-Status: No, score=-1.355 tagged_above=-999 required=5 tests=[AWL=-0.048, BAYES_00=-2.599, MISSING_HEADERS=1.292]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mOc4+25OZ+3Z for <ietf@ietfa.amsl.com>; Wed, 28 Dec 2011 03:51:06 -0800 (PST)
Received: from mail.btconnect.com (c2beaomr07.btconnect.com [213.123.26.185]) by ietfa.amsl.com (Postfix) with ESMTP id AC4D221F87D3 for <ietf@ietf.org>; Wed, 28 Dec 2011 03:51:05 -0800 (PST)
Received: from host86-177-208-97.range86-177.btcentralplus.com (HELO pc6) ([86.177.208.97]) by c2beaomr07.btconnect.com with SMTP id FRH62107; Wed, 28 Dec 2011 11:51:03 +0000 (GMT)
Message-ID: <00e001ccc54e$c20c2ac0$4001a8c0@gateway.2wire.net>
From: "t.petch" <daedulus@btconnect.com>
Cc: IETF-Discussion list <ietf@ietf.org>
References: <CB179C36.11F43%keyupate@cisco.com><6D23B8E3-EFF0-442C-AAD3-FF42F42FA27C@cs.ucla.edu><6.2.5.6.2.20111221231403.0614fd40@resistor.net><20111222124801.GA52311@verdi> <6.2.5.6.2.20111222105251.095a15e8@resistor.net>
Subject: Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> (TheRPKI/Router Protocol) to Proposed Standard
Date: Wed, 28 Dec 2011 11:52:10 +0100
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-Mirapoint-IP-Reputation: reputation=Good-1, source=Queried, refid=tid=0001.0A0B0302.4EFB02A7.00B2, actions=tag
X-Junkmail-Premium-Raw: score=7/50, refid=2.7.2:2011.12.28.111514:17:7.586, ip=86.177.208.97, rules=__HAS_MSGID, __OUTLOOK_MSGID_1, __SANE_MSGID, __BOUNCE_CHALLENGE_SUBJ, __BOUNCE_NDR_SUBJ_EXEMPT, __MIME_VERSION, __CT, CT_TP_8859_1, __CT_TEXT_PLAIN, __CTE, __HAS_X_PRIORITY, __HAS_MSMAIL_PRI, __HAS_X_MAILER, USER_AGENT_OE, __OUTLOOK_MUA_1, __USER_AGENT_MS_GENERIC, MISSING_HEADERS, __ANY_URI, __URI_NO_PATH, __STOCK_PHRASE_24, BODY_SIZE_4000_4999, __MIME_TEXT_ONLY, RDNS_GENERIC_POOLED, BODY_SIZE_5000_LESS, RDNS_SUSP_GENERIC, __OUTLOOK_MUA, __PHISH_SPEAR_STRUCTURE_1, RDNS_SUSP, __PHISH_SPEAR_STRUCTURE_2, BODY_SIZE_7000_LESS, TO_MALFORMED
X-Junkmail-Status: score=10/50, host=c2beaomr07.btconnect.com
X-Junkmail-Signature-Raw: score=unknown, refid=str=0001.0A0B0201.4EFB02A8.0008, ss=1, re=0.000, fgs=0, ip=0.0.0.0, so=2011-07-25 19:15:43, dmn=2011-05-27 18:58:46, mode=multiengine
X-Junkmail-IWF: false
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Dec 2011 11:51:06 -0000
----- Original Message ----- From: "SM" <sm@resistor.net> To: "John Leslie" <john@jlc.net> Cc: "IETF-Discussion list" <ietf@ietf.org> Sent: Thursday, December 22, 2011 10:10 PM > Hi John, > At 04:48 22-12-2011, John Leslie wrote: > > Surprisingly, a Google search on "ISBN 9780876094815" actually turns > >up something arguably appropriate: > > Which obviously is not about an IETF last call soliciting *company* > support. :-) > > > Brief skimming shows it to be much what I would expect from CFR > >(not worth my time to read carefully), and not attempting to change > >actual IETF process, though perhaps I missed something... > > Well, why bother changing a process when would be is easier to select > the decision-makers. Anyway, the current revision of the draft is > draft-ietf-sidr-rpki-rtr-22. > > In the Abstract Section: > > "In order to formally validate the origin ASs of BGP announcements, > routers need a simple but reliable mechanism to receive RPKI > [I-D.ietf-sidr-arch]" > > It would be better to remove that reference. > > draft-ietf-sidr-arch-13 could be a normative reference instead of an > informative one if the protocol described in this draft is part of > the infrastructure to support secure Internet Routing. > > In Section 2: > > "Global RPKI: The authoritative data of the RPKI are published in a > distributed set of servers at the IANA, RIRs, NIRs, and ISPs, see > [I-D.ietf-sidr-repos-struct]." > > There isn't any mention of IANA, the RIRs or NIRs in > draft-ietf-sidr-repos-struct-09 or draft-ietf-sidr-arch-13. Odd; when I look at draft-sidr-arch-13 s1.1, I see IANA, RIR, NIR along with LIR etc. Granted I do not see RIRs or NIRs but I would allow the singular to stand for the plural. Tom Petch > > "Session ID: When a cache server is started, it generates a session > identifier to uniquely identify the instance of the cache and to > bind it to the sequence of Serial Numbers that cache instance will > generate. This allows the router to restart a failed session > knowing that the Serial Number it is using is commensurate with > that of the cache." > > The change was probably in response to the following comment in the > Secdir review: > > "The cache identifies its boot instance via a nonce, and the client > routers are supposed to record the nonce and discard all records if > the nonce changes. The nonce is only 16 bits, though, and the > probability of two boot instances choosing the same nonce is too high, > in my opinion." > > Section 3 mentions a deployment structure for RPKI and repeats some > definitions from the Glossary Section. > > In Section 5.9: > > "If error text is present, it SHOULD be a string in US-ASCII, > for maximum portability; if non-US-ASCII characters are > absolutely required, the error text MUST use UTF-8 encoding." > > A reference for the encoding could be added. > > Is the Integrity protection for payloads also desirable to protect against > man-in-the-middle attacks (RFC 4949)? > > Section 7 has a MUST implement for an unprotected transport. Lower > requirement levels are used for more protected protocols. Section 9 > mentions that: > > "Small End Site: The small multi-homed end site may wish to outsource > the RPKI cache to one or more of their upstream ISPs." > > The Secdir review mentions that: > > "The answer is a simple protocol that concentrates assuring record > freshness and punts security to some preconfigured point-to-point > communication with some kind of transport security." > > From Section 11: > > "As this document describes a security protocol, many aspects of > security interest are described in the relevant sections." > > Quoting a comment from an IETF participant: > > "The operator's server to the operator's routers only involves the > operator's internal network. While I would personally prefer a > mandatory-to-implement mechanism, I can see that operators do not > necessarily want prescriptive statements on this part of the > specification." > > The upstream ISP isn't part of the operator's internal network. > > Regards, > -sm > > _______________________________________________ > Ietf mailing list > Ietf@ietf.org > https://www.ietf.org/mailman/listinfo/ietf > >
- Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> … Shane Amante
- Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> … Randy Bush
- Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> … Robert Raszuk
- Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> … Shane Amante
- Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> … Warren Kumari
- Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> … Stephen Kent
- Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> … Eric Osterweil
- Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> … Danny McPherson
- Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> … Danny McPherson
- Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> … Stephen Farrell
- Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> … Danny McPherson
- Re: [IETF] Re: Last Call: <draft-ietf-sidr-rpki-r… Warren Kumari
- Re: [IETF] Re: Last Call: <draft-ietf-sidr-rpki-r… Danny McPherson
- Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> … Randy Bush
- Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> … Randy Bush
- Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> … Russ Housley
- Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> … Stephane Bortzmeyer
- Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> … Danny McPherson
- Re: [sidr] Last Call: <draft-ietf-sidr-rpki-rtr-1… Matthias Waehlisch
- Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> … Eric Osterweil
- Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> (The… Hannes Gredler
- Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> … Russ Housley
- Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> … Danny McPherson
- Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> … Russ Housley
- Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> … Danny McPherson
- Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> … Keyur Patel
- Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> … Robert Raszuk
- Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> … Terry Manderson
- Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> … Lixia Zhang
- Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> … SM
- Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> … John Leslie
- Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> … Andrew Chi
- Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> … t.petch
- Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> … SM
- Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> … Russ Housley
- Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> … Robert Raszuk
- Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> … Randy Bush
- Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> … Steven Bellovin
- Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> … Robert Raszuk
- Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> … Steven Bellovin
- Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> … Robert Raszuk
- Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> … t.petch
- Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> … t.petch
- Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> … t.petch
- Re: [sidr] Last Call: <draft-ietf-sidr-rpki-rtr-1… Borchert, Oliver
- Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> … Rob Austein
- Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> … SM
- Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> … SM
- Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> … Terry Manderson