Re: [Last-Call] [Sidrops] Artart last call review of draft-ietf-sidrops-rpki-has-no-identity-04
Geoff Huston <gih@apnic.net> Wed, 09 March 2022 23:50 UTC
Return-Path: <gih@apnic.net>
X-Original-To: last-call@ietfa.amsl.com
Delivered-To: last-call@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 0DC693A12A3;
Wed, 9 Mar 2022 15:50:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.11
X-Spam-Level:
X-Spam-Status: No, score=-7.11 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5,
SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001]
autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key)
header.d=apnic.net
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id khGwVVSLRXIZ; Wed, 9 Mar 2022 15:50:47 -0800 (PST)
Received: from AUS01-SY4-obe.outbound.protection.outlook.com
(mail-sy4aus01on2060a.outbound.protection.outlook.com
[IPv6:2a01:111:f403:7005::60a])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id 8AA1E3A12A7;
Wed, 9 Mar 2022 15:50:43 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=lSiV014Gmn9lnOUCzj1C9AqHtdk7C/jOuZrFWqqRVTo4ilMJ/Mk1/y6Se6RqbulCWhqY1Yu3OVsgk1OCHtpIbZvQC6KnibHRndhyexu4McLCwsLJ2cKCLAIOJLRk+hRK3ytjhK9TRGs6NoyuKY4mMMiGh7lf+rSOw8uOXXD71hRpyNCqNTZgIYor8xaJIX0Yx2URB9OGyMNEQhztRSbMlVJDJGEgNYoRH9icF7Lo/yi/h2RlUHPbEmaZsX+I1UVtEKuvk1Rlts/xTH7R7dlZKCJ/1UzFl+46A3Nyc/NgefyBFuBBRs5veyEsgRtzeeVV/1KVeQkZdizmMo7K4lH7Ag==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=hRvRIywu8Smu4izNHjgdUatYfhnyf7bxhSuXZ5mt9DY=;
b=D4BAC8SjLR8i1bceiyNNNRePIcvADh0kSAU5SMyiegztuhcDyhQw+MqkeCXABtNFbLbGGyPmG8/nIYy9CQBJopZKaE5mUeRGrtohRNyuIIXS7W5ng6EIxMg4C5VIbZUy0jl7OPjzf6dU1vUk6x5hx52XWZuvBm5ShVsWwvJKM2lGncfBmGSbNdAq2Rwn/jj9ZIHhdYRNS0wer46iIPwVrK1GIieuEIwfRDYT1XKuop2QGJTfmt4HFywFyun4S8ij6Q4+GLfZIEdzFcapPuDCaegwMbPUvK4/0/YxxVIqO41gRNjaAFqcikoabb6LZyYIp4KY/3nBsv8CN/kXdIF9Gg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
smtp.mailfrom=apnic.net; dmarc=pass action=none header.from=apnic.net;
dkim=pass header.d=apnic.net; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=apnic.net; s=selector1;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=hRvRIywu8Smu4izNHjgdUatYfhnyf7bxhSuXZ5mt9DY=;
b=YG1gHr1Fwrd5UXwjFILNGn+8K3aG3pQf8mCFOeoJi2uyOvDQHClrTlh20dYS3PawetzLV6dEHh+6P4Z7AGnNyr4QUohOR8+tOhuZ9VOmU3Hd/wpfEInEx3kvr4sK5h7/nu0IJh/W3AU/dWwFJiyapeHLduFY/6zHgSB8hiKwHCE=
Received: from SYZP282MB3169.AUSP282.PROD.OUTLOOK.COM (2603:10c6:10:176::18)
by MEAP282MB0103.AUSP282.PROD.OUTLOOK.COM (2603:10c6:220:66::20) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5038.18; Wed, 9 Mar
2022 23:50:33 +0000
Received: from SYZP282MB3169.AUSP282.PROD.OUTLOOK.COM
([fe80::2d75:2788:316:de9]) by SYZP282MB3169.AUSP282.PROD.OUTLOOK.COM
([fe80::2d75:2788:316:de9%4]) with mapi id 15.20.5061.022; Wed, 9 Mar 2022
23:50:33 +0000
From: Geoff Huston <gih@apnic.net>
To: Tim Bray <tbray@textuality.com>
CC: "art@ietf.org" <art@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>,
"sidrops@ietf.org" <sidrops@ietf.org>,
"draft-ietf-sidrops-rpki-has-no-identity.all@ietf.org"
<draft-ietf-sidrops-rpki-has-no-identity.all@ietf.org>
Thread-Topic: [Sidrops] Artart last call review of
draft-ietf-sidrops-rpki-has-no-identity-04
Thread-Index: AQHYNAwocOrt8SbVskSPnUl5qJ9ODKy3uNQA
Date: Wed, 9 Mar 2022 23:50:33 +0000
Message-ID: <8C8BA519-74D9-4BD4-952C-28002C07C329@apnic.net>
References: <164686787641.27464.13731142773840437850@ietfa.amsl.com>
In-Reply-To: <164686787641.27464.13731142773840437850@ietfa.amsl.com>
Accept-Language: en-AU, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3693.60.0.1.1)
authentication-results: dkim=none (message not signed)
header.d=none;dmarc=none action=none header.from=apnic.net;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: a085f131-4fb3-4052-f491-08da022799c8
x-ms-traffictypediagnostic: MEAP282MB0103:EE_
x-microsoft-antispam-prvs: <MEAP282MB0103B3C82BAF84A5B48F71FCB80A9@MEAP282MB0103.AUSP282.PROD.OUTLOOK.COM>
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: V7rzkbb44ZmvfnDSLjjtuMbhRdqOdJ8KmGYS+IviwPzLCx6MZDb2r/rIXE95VRDzij4JWyquu55jz6qkro7rxAeK03Gh6zf6Pzan4fNrNmPiVePUFqCFJjSPtEifDmUIQDPbhSw33B73hIvgVok9ShycMqth2ncRoGiMq2GSThcT40NKWom5cyG54949nkNZM6oZd5FaQtYMN1nzQ7x1aHFAe/xRLmjlaDN6f7rq0K8uDvPqEtcOFD1RDFUvzhZnts81bKxChIDXdtrNvy1UxJunhQgAT9zmjGfdM1CZUuUfdMIH+mVC2P8mtisRa33dEyXL8MGHmSlHGbM1jLrPhRcFoWS44JrY++GIpr2LluLINHTCOkH0Ok4D7WDAxQq0ylUroPIXLLHlOIWdllSCiZWVkfafTETQPOrZfzu+uPVKjZ375WsbiUXl/6Ny5p2jZfQE2SFUn9OMQ9GzLxVl0L60ifrs/pHtDSQqL5Olsir3k7QV1oY8njpJJ8lVO8cJamtA5uJG1GOs3iPov7czbJVnmi3bHwY9z5Os4Bqd3Ozpd+azA4BQ/CD2j85mRAw6fA6OMDJPu363tHIXLvfXbDwyYSxOSob9uT4eXYGwWI/296tYf5FW7bsLZ8ubU5B5mVn6KflKVv0C60GuJ7g/5QWnIVg1yqWYXe4Hs3YREiyL6tUXLGKeE82+GbDaQO9h7L3SZauDSs0owL316Sq+rGUOLGt32Wg0hUnBER5B5fiQ9WHF79osPM8OzMArO/oy
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:;
IPV:NLI; SFV:NSPM;
H:SYZP282MB3169.AUSP282.PROD.OUTLOOK.COM; PTR:; CAT:NONE;
SFS:(13230001)(4636009)(396003)(39840400004)(376002)(136003)(366004)(346002)(66476007)(8676002)(66556008)(4326008)(122000001)(64756008)(66446008)(66946007)(53546011)(38070700005)(8936002)(38100700002)(54906003)(6916009)(316002)(508600001)(2616005)(6512007)(6506007)(6486002)(186003)(5660300002)(86362001)(71200400001)(2906002)(33656002)(36756003)(76116006)(45980500001);
DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?utf-8?B?dFhvdnZuKzc5MVNXTjBCWnM2N2FxdFZNMnU0MXl0SkppaVlOWDBEemFaaGVY?=
=?utf-8?B?V1JSOXdwNjZsVmNNK09zeHZ6TnArUGUrK3dmek1kbFBlZFZiRDczRjluREo5?=
=?utf-8?B?bVFVd2h1WGFybE8rei9DSEdMVmNHT2tnWHBZeUdsRXpaaEhTdkEwaTNkV0dI?=
=?utf-8?B?ekVFNzREVVVhRW0wdGF3Z3N2MDQwNE54bEErRU9GNlRURXFySWdJUkt1VjE2?=
=?utf-8?B?M1Byb3NJTGpYSVlTR3l4N1NVMUhkRW1yaFAzV040Ris4TElDTHhWQldvVXVv?=
=?utf-8?B?NDE3Q2dGb3Q0Wi96bzJpWmFRRkJsakFkcVRrdHVVUzlScUdiRVlHR1NIS0hT?=
=?utf-8?B?UldCL0l4K05QTG44alBBU0lXN2xkMlQzbHk0aTFEUWlrSmdaeVhEcHdwZ0Fw?=
=?utf-8?B?SmtrbE9zOTRFRjc2NnVHbTVwcHNmcHZkMDQ1b1lpQjlJVmlFZzJiUDVPajBR?=
=?utf-8?B?NVcyNzdONTVwSDdOcm54d2JOekVRVWFheUMzOUY2SnJvNU5iMXVISVVVaDJk?=
=?utf-8?B?Tmllb2VjVkNxRFBrazlkMG1lQXZ0Mlg0amdkKzR5VjVwREtNM2NLeVFidVRF?=
=?utf-8?B?bmRWb2g2VGtDZ3RxVTNQcnRmZnp5TGx6SUNYbXQwWVd2UkU0L3FYUnNzL1dJ?=
=?utf-8?B?RWY2b3ZrbHZwaFZFVkJMVUVlVVlIQ1kyUzE3YmJlcjVQNXJzQVp2OFBNL244?=
=?utf-8?B?RTJCRm5rT0pXWTNOd2ViaGNpUU9nbXQyNUREY0VTREU1M0E3QmdOdHFNK1RR?=
=?utf-8?B?eHVLNzdsMWFBUi9hUDFvV3F2R25LV05JTnlkby9DMFgxTk9waDJnYmtSVElR?=
=?utf-8?B?NFNlbC8xbC94Y2xmaE9pVEpYYmg4RWlKbU9mbXhGSVdlODFLMlQzTTl0aG8r?=
=?utf-8?B?VWkvS1RGMUZ5YWdGeGswdy8vTlVtQllRR1hRNmM3QjRxUTlxaFVWdlJRYUY2?=
=?utf-8?B?MDlVVVc4YUNQUXpISkFxRjNQeER4SUtDNEZKMWJEbGtIN08ydXRGSWlWYmhI?=
=?utf-8?B?RE1WNGtuSkM2elF6SkJYMnlPdy9kV1MyMlBGTkJpeUR2ekFsZGhzSU5FdW9N?=
=?utf-8?B?S1pZSE1nblI3eW9SY0ZTS3NBM3hGQ1lORCtNcFJraCtQNUthVTU0blRncDU5?=
=?utf-8?B?Y2ZsVW9KUmNWU2d5dnJaOVVVTmo2UGN2dW5VanpmSEtOTE9KSXpaUzAvb0tW?=
=?utf-8?B?TThVOWp1NVdpWXNlRUpXRjlQcTZaNzN3em0zU0dUQm14MzNVa21PaCthb0xr?=
=?utf-8?B?bnQyNmRqZGIvVFhzc0plNXJUdmI2ZzZOdjJlMG9NSUltcW5tSkp5SVlxbkhI?=
=?utf-8?B?RmowVUliSFRuNHFIZTRnR004TklWbjNOaWNCNDRSNVJLTFFwb2YxWHZiMDlD?=
=?utf-8?B?bE0yeHJSYVh1MkZ3VGJ3alJtM002WFFZYyt1VnFIZE8wRFlKRll4aEJObG5X?=
=?utf-8?B?dm90Y3Yxck9yMmZ1Q2c3aUxDbE9tKzhBc0VyTXhrNncyTWlRUlBhMjVsMzNQ?=
=?utf-8?B?VW1HYUNheGd1QXpKdTVKTEdwako0UWtVSWhUYWJiK3hzOWJhQjF5ejF6WDJj?=
=?utf-8?B?U1FDa0RNakgvYjhNclVaR2diMTFvTzdyazBXdnZtM1dPc0k4OG13Y3BBSWhF?=
=?utf-8?B?OUJNcU03ZE1ldjBaV0JhTnpNYytZcUh6ZXhDN2Y5WGxyektnc3pObG5HVDNV?=
=?utf-8?B?MUoxZTNiMTE0WWhLZk45YnF2ZiswL01ONkZIQ2RQRFplT0trcDVuWHBQTytk?=
=?utf-8?B?UUo4Vjh5WFIwZ3k5b1VMMUtOYUkyUlZjWU9LSDdBMHI1clcwZlF6S2x3cEtX?=
=?utf-8?B?Y2VNSGl2YUMvUUtDSE9hRFo0NjRSVjdHYUYrWWFxeEk4c0hCLzEwMTZEY1Zv?=
=?utf-8?B?UWNWVTB1eWg2ZnRjLzF1KzVpcmM5Ukg3M1JYSzZHZVk2SFhyVzRxU25OSXEz?=
=?utf-8?B?OWVONVBVNlFrT1U0ZGFFMmFTV1N4cUZlMzM4b2JlcHV4SjBvcGEvU04xNWhE?=
=?utf-8?B?QndwbkFDWUFUMjRJdkllNnlGSmIrUURaSS9ZTUorNGVyR3UxZVJ3Y25UZlFT?=
=?utf-8?B?TE14YzR1aWVxUDkwbEtBVlFQOVowcTVLRDgxeEE4VHVlTmZIQk9CNnJEQ29k?=
=?utf-8?B?dkxQYzVvVU9HbE9BSVJiYThHaUo3K2VTODVoelAvWjMyZ0ZZTTJNOTdLdisw?=
=?utf-8?Q?NEk5ib6MuJEIU4d7kdjhvkDJA5+8ZDjoYAzn5O5PZDDQ?=
Content-Type: text/plain; charset="utf-8"
Content-ID: <4606A709358F484689F0281E719A2F7F@AUSP282.PROD.OUTLOOK.COM>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: apnic.net
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SYZP282MB3169.AUSP282.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: a085f131-4fb3-4052-f491-08da022799c8
X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Mar 2022 23:50:33.2629 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 127d8d0d-7ccf-473d-ab09-6e44ad752ded
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: IdSOIXcBiNq2KE5/mrVauJph1NaegDfZ37zfjoTpmTejFLmuRfO3ITqyqBcPKDDC
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MEAP282MB0103
Archived-At: <https://mailarchive.ietf.org/arch/msg/last-call/1lLED_Y87_INZdzA9omds0ZBwpM>
Subject: Re: [Last-Call] [Sidrops] Artart last call review of
draft-ietf-sidrops-rpki-has-no-identity-04
X-BeenThere: last-call@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF Last Calls <last-call.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/last-call>,
<mailto:last-call-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/last-call/>
List-Post: <mailto:last-call@ietf.org>
List-Help: <mailto:last-call-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/last-call>,
<mailto:last-call-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Mar 2022 23:50:52 -0000
On 10 Mar 2022, at 10:17 am, Tim Bray via Datatracker <noreply@ietf.org> wrote: > > Reviewer: Tim Bray > Review result: On the Right Track > > ... > [It is also possibly the case that those better acquainted with RPKI will > instantly understand what the problem is and why the language herein will help > deal with it, in which case feel free to ignore most of my comments. ] > These are interesting review comments Tim. I’m not an author of this draft, but the points you make resonate with me. The draft appears to be a verbose restatement of Section 2.1 RFC6480. That original text is short enough to reproduce here: "An important property of this PKI is that certificates do not attest to the identity of the subject. Therefore, the subject names used in certificates are not intended to be "descriptive". That is, the resource PKI is intended to provide authorization, but not authentication.” (There is also an even shorter exposition in RFC6487 (not references by this draft) which states in section 4.5: “Subject names are not intended to be descriptive of the identity of subject.” If the point of this draft is “go read RFC6480” then why do we need a meta-RFC to tell the reader to read another RFC? If the point of the draft is that “people are doing bad practices with this tech because they have not read the RFCs on this topic” then I find it difficult to comprehend why publishing yet another RFC would fix the underlying issue. If they didn't read the primary source RFCs then why should they read this one? Alternatively, if this draft is making a novel point that is not adequately covered in existing RFCs then the draft manages to hide that aspect so well that it is completely lost on me. So I clearly don't understand what track this draft is supposed to be on, right wrong. I clearly just don't understand the nature of the problem that publishing this draft as an RFC would solve. Geoff
- [Last-Call] Artart last call review of draft-ietf… Tim Bray via Datatracker
- Re: [Last-Call] [Sidrops] Artart last call review… Geoff Huston
- Re: [Last-Call] [Sidrops] Artart last call review… Michael Richardson
- Re: [Last-Call] [Sidrops] Artart last call review… Chris Morrow
- Re: [Last-Call] [Sidrops] Artart last call review… Benjamin Kaduk
- Re: [Last-Call] Artart last call review of draft-… Randy Bush