IETF Logo Mail Archive

Re: [secdir] [OPSAWG] [Last-Call] Secdir last call review of draft-ietf-opsawg-finding-geofeeds-06

Robert Kisteleki <robert@ripe.net> Thu, 06 May 2021 07:33 UTC

Return-Path: <robert@ripe.net>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5830D3A15CC; Thu, 6 May 2021 00:33:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ripe.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QseIQz2G8UhQ; Thu, 6 May 2021 00:33:38 -0700 (PDT)
Received: from mahimahi.ripe.net (mahimahi.ripe.net [IPv6:2001:67c:2e8:11::c100:1372]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5E1BC3A15C7; Thu, 6 May 2021 00:33:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ripe.net; s=s1-ripe-net; h=Content-Type:MIME-Version:Date:Message-ID:From:Cc:To: Subject; bh=8YhuoSdwWukVTBbvmff/NI1p2YTcgEDWQG5FnYBXE1Y=; b=dpL55NVDp89I6+UAR RT8ZheNTIApKs3BXH+DzeHvfTXYQOS2oYeLWzx0SlQppKpAYDvTJc1ipMrUJm77R8ukkvHjY61gck MAWPEt67nfYaZSw4S1CoiQlZ6T6zysPpNZeJ5MMydOgpbSu28X0afN64TjPW9m697P/5PWZzygVzD tlE7KlgkbeOz6AVrUoFp/fT+olYyK6ZG0QkF6KQ5ilpBBXwNuSElheLFkwQSNwOegv8CYqKKv/fqM x14HNx4rBri8NolLdLy6n2MO0CKuy3w2GU0LU5yYmY2UOXx/fUWo23H0NoYlgyJfhuKbJambfiaZg HeR+FkUM1W0vJd4qw==;
Received: from allealle.ripe.net ([193.0.23.12]:38718) by mahimahi.ripe.net with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94) (envelope-from <robert@ripe.net>) id 1leYVm-0001Ey-TG; Thu, 06 May 2021 09:33:30 +0200
Received: from sslvpn.ipv6.ripe.net ([2001:67c:2e8:9::c100:14e6] helo=[IPv6:2001:67c:2e8:1200::299]) by allealle.ripe.net with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94) (envelope-from <robert@ripe.net>) id 1leYVm-0004xa-Q3; Thu, 06 May 2021 09:33:30 +0200
To: Randy Bush <randy@psg.com>, Kyle Rose <krose@krose.org>
Cc: Last Call <last-call@ietf.org>, Ops Area WG <opsawg@ietf.org>, draft-ietf-opsawg-finding-geofeeds.all@ietf.org, Russ Housley <housley@vigilsec.com>, IETF SecDir <secdir@ietf.org>
References: <161969840202.30267.8231145700644479792@ietfa.amsl.com> <m21rasx3tc.wl-randy@psg.com> <CAJU8_nW2aA1SFjeAwzK+CYHPyQqJHLKYu3J9H91NpYfqhTYBWA@mail.gmail.com> <809A05C9-8ABD-4D63-970D-D3F8A2277F28@vigilsec.com> <CAJU8_nX-Timmuvv=vBpgXHYnbCLAd2ug-=BLy_Xp08ehLkGv9w@mail.gmail.com> <F6F67CB5-C824-4DA7-A85E-06EB4EBAD101@vigilsec.com> <CAJU8_nXr9MVefjgNxatfuAEWrvp+TzwLN3zGO8TVRmDJxTEoSQ@mail.gmail.com> <BF277402-4404-4D0D-9027-826C169E1A6F@vigilsec.com> <CAJU8_nUE3qTmRmyE3=88DzzyXbYdvq7-aceNV=bgrMUSv4W1kw@mail.gmail.com> <m24kfhnt3g.wl-randy@psg.com> <m235v1nsm0.wl-randy@psg.com>
From: Robert Kisteleki <robert@ripe.net>
Organization: RIPE NCC
Message-ID: <74e0fe76-19a6-72ba-1352-106e1b8559ca@ripe.net>
Date: Thu, 06 May 2021 09:33:30 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.10.0
MIME-Version: 1.0
In-Reply-To: <m235v1nsm0.wl-randy@psg.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-GB
Content-Transfer-Encoding: 7bit
X-ACL-Warn: Delaying message
X-RIPE-Signature: 72e00e6d7601fa19264e98abc238a2743cf5f2e142defc052f96900d7aeadc4e
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/WAlc0XVU81Y19BIfUUQVl27VPok>
Subject: Re: [secdir] [OPSAWG] [Last-Call] Secdir last call review of draft-ietf-opsawg-finding-geofeeds-06
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 May 2021 07:33:44 -0000

On 2021-05-05 16:49, Randy Bush wrote:
>> the web pki is not associated with ip address space control/ownership.
>> web pki is based on control of domain name space.  the two are quite
>> unrelated.
> 
> note that the rpsl, the inetnum: objects, are not well secured and
> authenticated.  this is a bit embarrassing.  and, in some regions,
> the lack of authentication is notorious.
> 
> hence the hack to use the well-authenticated rpki to sign those data
> covered by it for those concerned with real authenticity.
> 
> randy

(somewhat shameless plug) there is https://tools.ietf.org/html/rfc7909 
that could be of assistance here.

Robert

v2.23.0 | Report a Bug | By Email