Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> (The RPKI/Router Protocol) to Proposed Standard
SM <sm@resistor.net> Thu, 22 December 2011 21:29 UTC
Return-Path: <sm@resistor.net>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E78A521F853B for <ietf@ietfa.amsl.com>; Thu, 22 Dec 2011 13:29:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.539
X-Spam-Level:
X-Spam-Status: No, score=-102.539 tagged_above=-999 required=5 tests=[AWL=0.060, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UTE6T431M1nm for <ietf@ietfa.amsl.com>; Thu, 22 Dec 2011 13:29:11 -0800 (PST)
Received: from mx.ipv6.elandsys.com (mx.ipv6.elandsys.com [IPv6:2001:470:f329:1::1]) by ietfa.amsl.com (Postfix) with ESMTP id C2F8621F8531 for <ietf@ietf.org>; Thu, 22 Dec 2011 13:29:11 -0800 (PST)
Received: from SUBMAN.resistor.net (IDENT:sm@localhost [127.0.0.1]) by mx.elandsys.com (8.14.5/8.14.5) with ESMTP id pBMLT5el002753; Thu, 22 Dec 2011 13:29:07 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=opendkim.org; s=mail2010; t=1324589350; bh=cgNrT72BWQJVyjcEqiCsewZCrw9253un62vTIwfoZVI=; h=Message-Id:Date:To:From:Subject:Cc:In-Reply-To:References: Mime-Version:Content-Type; b=iD8PM1tDiHGGh25w2kexQQZS7+3PLFssgV5FAfTeEL5J2nSRcT0Z+GNLYvbrAvinJ FFpGZJiPAMZsC5tX5rjuaMxOIF/2RrbeOcm98Kizx+LX54eSdlYGGBCBz4SDfEwTlZ 78OBagbYQPNtHlNoZepU83cN00Pi8JBKZ+dKUHh8=
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=resistor.net; s=mail; t=1324589350; bh=cgNrT72BWQJVyjcEqiCsewZCrw9253un62vTIwfoZVI=; h=Message-Id:Date:To:From:Subject:Cc:In-Reply-To:References: Mime-Version:Content-Type; b=1FtCZrABAgVx6UCtPgdDTkrS7MLgHNSwUbQELkFSPKldNx6dJyaRPSwi+chnuGRoE a4Onc1WHgocCvr0eUvo+26V0OclbhTBIx7YDH3PPjrWk4ahVupJvMID/8lNZHNqT+a 09KP3SXNNN8VF70qRTghcG+GFnZJBbzXg4cweFr0=
Message-Id: <6.2.5.6.2.20111222105251.095a15e8@resistor.net>
X-Mailer: QUALCOMM Windows Eudora Version 6.2.5.6
Date: Thu, 22 Dec 2011 13:10:11 -0800
To: John Leslie <john@jlc.net>
From: SM <sm@resistor.net>
Subject: Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> (The RPKI/Router Protocol) to Proposed Standard
In-Reply-To: <20111222124801.GA52311@verdi>
References: <CB179C36.11F43%keyupate@cisco.com> <6D23B8E3-EFF0-442C-AAD3-FF42F42FA27C@cs.ucla.edu> <6.2.5.6.2.20111221231403.0614fd40@resistor.net> <20111222124801.GA52311@verdi>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Cc: IETF-Discussion list <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Dec 2011 21:29:14 -0000
Hi John, At 04:48 22-12-2011, John Leslie wrote: > Surprisingly, a Google search on "ISBN 9780876094815" actually turns >up something arguably appropriate: Which obviously is not about an IETF last call soliciting *company* support. :-) > Brief skimming shows it to be much what I would expect from CFR >(not worth my time to read carefully), and not attempting to change >actual IETF process, though perhaps I missed something... Well, why bother changing a process when would be is easier to select the decision-makers. Anyway, the current revision of the draft is draft-ietf-sidr-rpki-rtr-22. In the Abstract Section: "In order to formally validate the origin ASs of BGP announcements, routers need a simple but reliable mechanism to receive RPKI [I-D.ietf-sidr-arch]" It would be better to remove that reference. draft-ietf-sidr-arch-13 could be a normative reference instead of an informative one if the protocol described in this draft is part of the infrastructure to support secure Internet Routing. In Section 2: "Global RPKI: The authoritative data of the RPKI are published in a distributed set of servers at the IANA, RIRs, NIRs, and ISPs, see [I-D.ietf-sidr-repos-struct]." There isn't any mention of IANA, the RIRs or NIRs in draft-ietf-sidr-repos-struct-09 or draft-ietf-sidr-arch-13. "Session ID: When a cache server is started, it generates a session identifier to uniquely identify the instance of the cache and to bind it to the sequence of Serial Numbers that cache instance will generate. This allows the router to restart a failed session knowing that the Serial Number it is using is commensurate with that of the cache." The change was probably in response to the following comment in the Secdir review: "The cache identifies its boot instance via a nonce, and the client routers are supposed to record the nonce and discard all records if the nonce changes. The nonce is only 16 bits, though, and the probability of two boot instances choosing the same nonce is too high, in my opinion." Section 3 mentions a deployment structure for RPKI and repeats some definitions from the Glossary Section. In Section 5.9: "If error text is present, it SHOULD be a string in US-ASCII, for maximum portability; if non-US-ASCII characters are absolutely required, the error text MUST use UTF-8 encoding." A reference for the encoding could be added. Is the Integrity protection for payloads also desirable to protect against man-in-the-middle attacks (RFC 4949)? Section 7 has a MUST implement for an unprotected transport. Lower requirement levels are used for more protected protocols. Section 9 mentions that: "Small End Site: The small multi-homed end site may wish to outsource the RPKI cache to one or more of their upstream ISPs." The Secdir review mentions that: "The answer is a simple protocol that concentrates assuring record freshness and punts security to some preconfigured point-to-point communication with some kind of transport security." From Section 11: "As this document describes a security protocol, many aspects of security interest are described in the relevant sections." Quoting a comment from an IETF participant: "The operator's server to the operator's routers only involves the operator's internal network. While I would personally prefer a mandatory-to-implement mechanism, I can see that operators do not necessarily want prescriptive statements on this part of the specification." The upstream ISP isn't part of the operator's internal network. Regards, -sm
- Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> … Shane Amante
- Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> … Randy Bush
- Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> … Robert Raszuk
- Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> … Shane Amante
- Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> … Warren Kumari
- Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> … Stephen Kent
- Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> … Eric Osterweil
- Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> … Danny McPherson
- Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> … Danny McPherson
- Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> … Stephen Farrell
- Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> … Danny McPherson
- Re: [IETF] Re: Last Call: <draft-ietf-sidr-rpki-r… Warren Kumari
- Re: [IETF] Re: Last Call: <draft-ietf-sidr-rpki-r… Danny McPherson
- Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> … Randy Bush
- Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> … Randy Bush
- Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> … Russ Housley
- Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> … Stephane Bortzmeyer
- Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> … Danny McPherson
- Re: [sidr] Last Call: <draft-ietf-sidr-rpki-rtr-1… Matthias Waehlisch
- Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> … Eric Osterweil
- Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> (The… Hannes Gredler
- Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> … Russ Housley
- Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> … Danny McPherson
- Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> … Russ Housley
- Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> … Danny McPherson
- Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> … Keyur Patel
- Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> … Robert Raszuk
- Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> … Terry Manderson
- Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> … Lixia Zhang
- Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> … SM
- Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> … John Leslie
- Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> … Andrew Chi
- Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> … t.petch
- Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> … SM
- Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> … Russ Housley
- Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> … Robert Raszuk
- Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> … Randy Bush
- Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> … Steven Bellovin
- Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> … Robert Raszuk
- Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> … Steven Bellovin
- Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> … Robert Raszuk
- Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> … t.petch
- Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> … t.petch
- Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> … t.petch
- Re: [sidr] Last Call: <draft-ietf-sidr-rpki-rtr-1… Borchert, Oliver
- Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> … Rob Austein
- Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> … SM
- Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> … SM
- Re: Last Call: <draft-ietf-sidr-rpki-rtr-19.txt> … Terry Manderson