Re: [OPSAWG] Paul Wouters' Discuss on draft-ietf-opsawg-9092-update-10: (with DISCUSS and COMMENT)
Randy Bush <randy@psg.com> Wed, 14 February 2024 22:23 UTC
Return-Path: <randy@psg.com>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7E1BDC14CE42; Wed, 14 Feb 2024 14:23:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.106
X-Spam-Level:
X-Spam-Status: No, score=-7.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=psg.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GTvhI2w1mCga; Wed, 14 Feb 2024 14:23:23 -0800 (PST)
Received: from ran.psg.com (ran.psg.com [IPv6:2001:418:8006::18]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4D17BC14CF15; Wed, 14 Feb 2024 14:23:23 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=psg.com; s=rgnet-mail; h=Content-Type:MIME-Version:References:In-Reply-To:Subject:Cc: To:From:Message-ID:Date:Sender:Reply-To:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=kFM3UlEQy83OjBmCs2Jx06jI6oV4fwYUC1i76aTFLAI=; b=vlIY2I5nC+XSnVtpxLvmnROpD0 fYSlr5MIkFruNpxdNDi3JVEFeL/NXd3NGOu8aD3bVRHINBt6BMC5XMR/gGg4wo2FLmXJzi1w9tNxm +nC2RKBJpyzhAc8orECaeOMJTPL4C6TeU98KxfikDEu0ruJcWXASHZGPUJLlra90xaEmLOQmIJisX gJMvIHYFQDoMYBRrQsjKUcOPbAkacdQJYwF/FzZl2j4KpKgFn5CPPnCKgwqazFqqL5dhxz06tsqOY 8TDYbNi2YDyz9IysUj77zQJjm6s1WfgIP4S0+AW8Iq7zlfiX7RNdrKTJBANfdDT7npjvaKNbmKFqf 8Sik+h3w==;
Received: from localhost ([127.0.0.1] helo=ryuu.rg.net) by ran.psg.com with esmtp (Exim 4.95) (envelope-from <randy@psg.com>) id 1raNex-000Mdq-4y; Wed, 14 Feb 2024 22:23:19 +0000
Date: Wed, 14 Feb 2024 14:23:17 -0800
Message-ID: <m2r0helm7e.wl-randy@psg.com>
From: Randy Bush <randy@psg.com>
To: Russ Housley <housley@vigilsec.com>
Cc: Paul Wouters <paul.wouters@aiven.io>, IESG <iesg@ietf.org>, draft-ietf-opsawg-9092-update@ietf.org, opsawg-chairs@ietf.org, Ops Area WG <opsawg@ietf.org>, mcr+ietf@sandelman.ca
In-Reply-To: <D3E92E84-D5A0-451E-83E4-305F929CEA14@vigilsec.com>
References: <170784829052.7939.16825522646369028165@ietfa.amsl.com> <E75F2235-A91D-40D3-A1E5-AA6EB30FCA4F@vigilsec.com> <m2sf1ulpc1.wl-randy@psg.com> <D3E92E84-D5A0-451E-83E4-305F929CEA14@vigilsec.com>
User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/27.2 Mule/6.0
MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue")
Content-Type: text/plain; charset="US-ASCII"
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/2K50Vr0lTFp_YEIT83VmphKqI38>
Subject: Re: [OPSAWG] Paul Wouters' Discuss on draft-ietf-opsawg-9092-update-10: (with DISCUSS and COMMENT)
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Feb 2024 22:23:27 -0000
>>> The consumer of geofeed data SHOULD fetch and process the data >>> themselves. Importing datasets produced and/or processed by a third- >>> party places significant trust in the third-party. >> >> this is in sec cons already. you want it moved up or duplicated? i >> kinda like it where it is, but am flexible. > > I was not suggesting a new placement, just the edit to the last line. sorry. sure. > I propose adding that to the bottom of the paragraph that starts: > > If and only if the geofeed file is not signed per Section 5, ... > > By doing that, it does not conflict with the requirement in Section 5 > that the address range of the signing certificate cover all prefixes > in the signed geofeed file. When reading data from an unsigned geofeed file, one MUST ignore data outside the referring inetnum: object's address range. This is to avoid importing data about ranges not under the control of the operator. Note that signed files MUST only contain prefixes within the referring inetnum:'s range as mandated in Section 5. randy
- Re: [OPSAWG] Paul Wouters' Discuss on draft-ietf-… Randy Bush
- [OPSAWG] Paul Wouters' Discuss on draft-ietf-opsa… Paul Wouters via Datatracker
- Re: [OPSAWG] Paul Wouters' Discuss on draft-ietf-… Job Snijders
- Re: [OPSAWG] Paul Wouters' Discuss on draft-ietf-… Randy Bush
- Re: [OPSAWG] Paul Wouters' Discuss on draft-ietf-… Russ Housley
- Re: [OPSAWG] Paul Wouters' Discuss on draft-ietf-… Randy Bush
- Re: [OPSAWG] Paul Wouters' Discuss on draft-ietf-… Russ Housley
- Re: [OPSAWG] Paul Wouters' Discuss on draft-ietf-… Russ Housley