IETF Logo Mail Archive

Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> (TheRPKI/Router Protocol) to Proposed Standard

"t.petch" <daedulus@btconnect.com> Wed, 28 December 2011 11:51 UTC

Return-Path: <daedulus@btconnect.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BD67E21F87FA for <ietf@ietfa.amsl.com>; Wed, 28 Dec 2011 03:51:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.355
X-Spam-Level:
X-Spam-Status: No, score=-1.355 tagged_above=-999 required=5 tests=[AWL=-0.048, BAYES_00=-2.599, MISSING_HEADERS=1.292]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mOc4+25OZ+3Z for <ietf@ietfa.amsl.com>; Wed, 28 Dec 2011 03:51:06 -0800 (PST)
Received: from mail.btconnect.com (c2beaomr07.btconnect.com [213.123.26.185]) by ietfa.amsl.com (Postfix) with ESMTP id AC4D221F87D3 for <ietf@ietf.org>; Wed, 28 Dec 2011 03:51:05 -0800 (PST)
Received: from host86-177-208-97.range86-177.btcentralplus.com (HELO pc6) ([86.177.208.97]) by c2beaomr07.btconnect.com with SMTP id FRH62107; Wed, 28 Dec 2011 11:51:03 +0000 (GMT)
Message-ID: <00e001ccc54e$c20c2ac0$4001a8c0@gateway.2wire.net>
From: "t.petch" <daedulus@btconnect.com>
Cc: IETF-Discussion list <ietf@ietf.org>
References: <CB179C36.11F43%keyupate@cisco.com><6D23B8E3-EFF0-442C-AAD3-FF42F42FA27C@cs.ucla.edu><6.2.5.6.2.20111221231403.0614fd40@resistor.net><20111222124801.GA52311@verdi> <6.2.5.6.2.20111222105251.095a15e8@resistor.net>
Subject: Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> (TheRPKI/Router Protocol) to Proposed Standard
Date: Wed, 28 Dec 2011 11:52:10 +0100
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-Mirapoint-IP-Reputation: reputation=Good-1, source=Queried, refid=tid=0001.0A0B0302.4EFB02A7.00B2, actions=tag
X-Junkmail-Premium-Raw: score=7/50, refid=2.7.2:2011.12.28.111514:17:7.586, ip=86.177.208.97, rules=__HAS_MSGID, __OUTLOOK_MSGID_1, __SANE_MSGID, __BOUNCE_CHALLENGE_SUBJ, __BOUNCE_NDR_SUBJ_EXEMPT, __MIME_VERSION, __CT, CT_TP_8859_1, __CT_TEXT_PLAIN, __CTE, __HAS_X_PRIORITY, __HAS_MSMAIL_PRI, __HAS_X_MAILER, USER_AGENT_OE, __OUTLOOK_MUA_1, __USER_AGENT_MS_GENERIC, MISSING_HEADERS, __ANY_URI, __URI_NO_PATH, __STOCK_PHRASE_24, BODY_SIZE_4000_4999, __MIME_TEXT_ONLY, RDNS_GENERIC_POOLED, BODY_SIZE_5000_LESS, RDNS_SUSP_GENERIC, __OUTLOOK_MUA, __PHISH_SPEAR_STRUCTURE_1, RDNS_SUSP, __PHISH_SPEAR_STRUCTURE_2, BODY_SIZE_7000_LESS, TO_MALFORMED
X-Junkmail-Status: score=10/50, host=c2beaomr07.btconnect.com
X-Junkmail-Signature-Raw: score=unknown, refid=str=0001.0A0B0201.4EFB02A8.0008, ss=1, re=0.000, fgs=0, ip=0.0.0.0, so=2011-07-25 19:15:43, dmn=2011-05-27 18:58:46, mode=multiengine
X-Junkmail-IWF: false
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Dec 2011 11:51:06 -0000

----- Original Message ----- 
From: "SM" <sm@resistor.net>
To: "John Leslie" <john@jlc.net>
Cc: "IETF-Discussion list" <ietf@ietf.org>
Sent: Thursday, December 22, 2011 10:10 PM

> Hi John,
> At 04:48 22-12-2011, John Leslie wrote:
> >    Surprisingly, a Google search on "ISBN 9780876094815" actually turns
> >up something arguably appropriate:
> 
> Which obviously is not about an IETF last call soliciting *company* 
> support. :-)
> 
> >    Brief skimming shows it to be much what I would expect from CFR
> >(not worth my time to read carefully), and not attempting to change
> >actual IETF process, though perhaps I missed something...
> 
> Well, why bother changing a process when would be is easier to select 
> the decision-makers.   Anyway, the current revision of the draft is 
> draft-ietf-sidr-rpki-rtr-22.
> 
> In the Abstract Section:
> 
>    "In order to formally validate the origin ASs of BGP announcements,
>     routers need a simple but reliable mechanism to receive RPKI
>     [I-D.ietf-sidr-arch]"
> 
> It would be better to remove that reference.
> 
> draft-ietf-sidr-arch-13 could be a normative reference instead of an 
> informative one if the protocol described in this draft is part of 
> the infrastructure to support secure Internet Routing.
> 
> In Section 2:
> 
>    "Global RPKI:  The authoritative data of the RPKI are published in a
>        distributed set of servers at the IANA, RIRs, NIRs, and ISPs, see
>        [I-D.ietf-sidr-repos-struct]."
> 
> There isn't any mention of IANA, the RIRs or NIRs in 
> draft-ietf-sidr-repos-struct-09 or draft-ietf-sidr-arch-13.

Odd; when I look at draft-sidr-arch-13 s1.1, I see IANA, RIR,
NIR along with LIR etc.  Granted I do not see RIRs or NIRs but
I would allow the singular to stand for the plural.

Tom Petch

> 
>    "Session ID:  When a cache server is started, it generates a session
>        identifier to uniquely identify the instance of the cache and to
>        bind it to the sequence of Serial Numbers that cache instance will
>        generate.  This allows the router to restart a failed session
>        knowing that the Serial Number it is using is commensurate with
>        that of the cache."
> 
> The change was probably in response to the following comment in the 
> Secdir review:
> 
>    "The cache identifies its boot instance via a nonce, and the client
>     routers are supposed to record the nonce and discard all records if
>     the nonce changes.  The nonce is only 16 bits, though, and the
>     probability of two boot instances choosing the same nonce is too high,
>     in my opinion."
> 
> Section 3 mentions a deployment structure for RPKI and repeats some 
> definitions from the Glossary Section.
> 
> In Section 5.9:
> 
>    "If error text is present, it SHOULD be a  string in US-ASCII,
>     for maximum portability; if non-US-ASCII characters are
>     absolutely required, the error text MUST use UTF-8 encoding."
> 
> A reference for the encoding could be added.
> 
> Is the Integrity protection for payloads also desirable to protect against
> man-in-the-middle attacks (RFC 4949)?
> 
> Section 7 has a MUST implement for an unprotected transport.  Lower 
> requirement levels are used for more protected protocols.  Section 9 
> mentions that:
> 
>    "Small End Site:  The small multi-homed end site may wish to outsource
>        the RPKI cache to one or more of their upstream ISPs."
> 
> The Secdir review mentions that:
> 
>    "The answer is a simple protocol that concentrates assuring record
>     freshness and punts security to some preconfigured point-to-point
>     communication with some kind of transport security."
> 
>  From Section 11:
> 
>    "As this document describes a security protocol, many aspects of
>     security interest are described in the relevant sections."
> 
> Quoting a comment from an IETF participant:
> 
>    "The operator's server to the operator's routers only involves the
>     operator's internal network.  While I would personally prefer a
>     mandatory-to-implement mechanism, I can see that operators do not
>     necessarily want prescriptive statements on this part of the
>     specification."
> 
> The upstream ISP isn't part of the operator's internal network.
> 
> Regards,
> -sm 
> 
> _______________________________________________
> Ietf mailing list
> Ietf@ietf.org
> https://www.ietf.org/mailman/listinfo/ietf
> 
>

v2.23.0 | Report a Bug | By Email