Re: [sidr] Last Call: <draft-ietf-sidr-algorithm-agility-08.txt> (Algorithm Agility Procedure for RPKI.) to Proposed Standard
Eric Osterweil <eosterweil@verisign.com> Mon, 17 December 2012 21:42 UTC
Return-Path: <eosterweil@verisign.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2828C21F8949 for <ietf@ietfa.amsl.com>; Mon, 17 Dec 2012 13:42:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.392
X-Spam-Level:
X-Spam-Status: No, score=-4.392 tagged_above=-999 required=5 tests=[AWL=-0.793, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EkqieOi7cI57 for <ietf@ietfa.amsl.com>; Mon, 17 Dec 2012 13:42:16 -0800 (PST)
Received: from exprod6og120.obsmtp.com (exprod6og120.obsmtp.com [64.18.1.236]) by ietfa.amsl.com (Postfix) with ESMTP id 0611C21F8973 for <ietf@ietf.org>; Mon, 17 Dec 2012 13:42:16 -0800 (PST)
Received: from osprey.verisign.com ([216.168.239.75]) (using TLSv1) by exprod6ob120.postini.com ([64.18.5.12]) with SMTP ID DSNKUM+Rt09CC8NRY+lHwitUt5o7rqEVMkmY@postini.com; Mon, 17 Dec 2012 13:42:16 PST
Received: from dul1wnexcn01.vcorp.ad.vrsn.com (dul1wnexcn01.vcorp.ad.vrsn.com [10.170.12.138]) by osprey.verisign.com (8.13.6/8.13.4) with ESMTP id qBHLgFh4005477 for <ietf@ietf.org>; Mon, 17 Dec 2012 16:42:15 -0500
Received: from dul1eosterwe-m1.vcorp.ad.vrsn.com ([10.100.0.11]) by dul1wnexcn01.vcorp.ad.vrsn.com with Microsoft SMTPSVC(6.0.3790.4675); Mon, 17 Dec 2012 16:42:14 -0500
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Apple Message framework v1084)
Subject: Re: [sidr] Last Call: <draft-ietf-sidr-algorithm-agility-08.txt> (Algorithm Agility Procedure for RPKI.) to Proposed Standard
From: Eric Osterweil <eosterweil@verisign.com>
In-Reply-To: <20121130153835.30764.59524.idtracker@ietfa.amsl.com>
Date: Mon, 17 Dec 2012 16:42:16 -0500
Content-Transfer-Encoding: quoted-printable
Message-Id: <37ADFDF9-912A-470E-BE5E-DC561659E2D9@verisign.com>
References: <20121130153835.30764.59524.idtracker@ietfa.amsl.com>
To: IETF Disgust <ietf@ietf.org>
X-Mailer: Apple Mail (2.1084)
X-OriginalArrivalTime: 17 Dec 2012 21:42:14.0799 (UTC) FILETIME=[60F1E9F0:01CDDC9F]
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Dec 2012 21:42:20 -0000
All, Sorry for the late reply. I realize these comments come after the 12/14 deadline, but it is my hope that they can still inform any active decision processes. I'd like to mention that some of us have calculated that the global RPKI will take a significant amount of time to crawl [1], and the algorithm agility draft (as it is currently proposed) will almost double that time, because it will necessarily almost double the number of objects in the global RPKI. I personally worry a lot about this approach, as I feel it will likely lead to an operationally unviable standard, in which routing will be unable to adapt to changes in configuration for days, weeks, or even months, because of this design (described in [1]). The lateness of this message is simply a consequence of the fact that our analyses have taken longer than we planned, and I do apologize for that. Thanks, Eric [ 1 ] http://techreports.verisignlabs.com/tr-lookup.cgi?trid=1120005&rev=2 On Nov 30, 2012, at 10:38 AM, The IESG wrote: > > The IESG has received a request from the Secure Inter-Domain Routing WG > (sidr) to consider the following document: > - 'Algorithm Agility Procedure for RPKI.' > <draft-ietf-sidr-algorithm-agility-08.txt> as Proposed Standard > > The IESG plans to make a decision in the next few weeks, and solicits > final comments on this action. Please send substantive comments to the > ietf@ietf.org mailing lists by 2012-12-14. Exceptionally, comments may be > sent to iesg@ietf.org instead. In either case, please retain the > beginning of the Subject line to allow automated sorting. > > Abstract > > > This document specifies the process that Certification Authorities > (CAs) and Relying Parties (RPs) participating in the Resource Public > Key Infrastructure (RPKI) will need to follow to transition to a new > (and probably cryptographically stronger) algorithm set. The process > is expected to be completed in a time scale of months or years. > Consequently, no emergency transition is specified. The transition > procedure defined in this document supports only a top-down migration > (parent migrates before children). > > > > > The file can be obtained via > http://datatracker.ietf.org/doc/draft-ietf-sidr-algorithm-agility/ > > IESG discussion can be tracked via > http://datatracker.ietf.org/doc/draft-ietf-sidr-algorithm-agility/ballot/ > > > No IPR declarations have been submitted directly on this I-D. > > > _______________________________________________ > sidr mailing list > sidr@ietf.org > https://www.ietf.org/mailman/listinfo/sidr
- Re: [sidr] Last Call: <draft-ietf-sidr-algorithm-… Eric Osterweil
- [sidr] Last Call: <draft-ietf-sidr-algorithm-agil… Stephen Kent