Re: [secdir] secdir review of draft-ietf-sidr-delta-protocol-05

David Mandelberg <david@mandelberg.org> Sat, 11 February 2017 18:42 UTC

Return-Path: <david@mandelberg.org>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9059E129526 for <secdir@ietfa.amsl.com>; Sat, 11 Feb 2017 10:42:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=yahoo.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5ypYBlyNyP1L for <secdir@ietfa.amsl.com>; Sat, 11 Feb 2017 10:42:47 -0800 (PST)
Received: from nm13-vm4.access.bullet.mail.bf1.yahoo.com (nm13-vm4.access.bullet.mail.bf1.yahoo.com [216.109.115.4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B1782129A40 for <secdir@ietf.org>; Sat, 11 Feb 2017 10:42:46 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1486838565; bh=DudY4KEy7iMuRt/m8xXhHpzx4yVwz36asQww1kThfAo=; h=Subject:To:References:Cc:From:Date:In-Reply-To:From:Subject; b=sJGIFPJGU0XgYSJZO9dEVGANBf5iGEKHhRYfvyhYhZPRn9q3k5jClkH49+dgLq6HsMJBgTwXP64wR9EbxXsBfRa7OA8oee3rpr898mdI91ampjeJU6Cm3i2fj1YmKu1yx/bruEHB29U5kskvjEzVTHW/qfn4123xrB4Mfr9DTF/MjARtUC+5Aj4rKBuWpzz1I/VxfamtUCgyoDl++a3dU1fLvYUrnPJSaQijkM/b7sy9RJcUwDnUzBq94aZohYE7i+es8Ijl1R0s16bmpJ7yvBXbtIwTXpLMwDiOCZHB9iXXN1dtLgPvq6LSK03dwI8syz91Mrd9/vv6StuE4CzfzQ==
Received: from [66.196.81.158] by nm13.access.bullet.mail.bf1.yahoo.com with NNFMP; 11 Feb 2017 18:42:45 -0000
Received: from [98.138.104.100] by tm4.access.bullet.mail.bf1.yahoo.com with NNFMP; 11 Feb 2017 18:42:45 -0000
Received: from [127.0.0.1] by smtp120.sbc.mail.ne1.yahoo.com with NNFMP; 11 Feb 2017 18:42:45 -0000
X-Yahoo-Newman-Id: 109776.31329.bm@smtp120.sbc.mail.ne1.yahoo.com
X-Yahoo-Newman-Property: ymail-3
X-YMail-OSG: euMjvCcVM1ndlXrD.ETwVP7YDEKvxqkLJW_AqtqzM0RnrDM kwNsSrT0ehOs_P4oRhfVbF2BIltf6qpr4tJjHVBfN42nWR5oYF4_gtSuZ4N4 Ipy2IjM1QRYPETDHIQenJelimBwK258b4eSq_UMnPE8mB5NqzfgXi1tukjbA gp3JtvWZyvAjP7V8dTVmNFKelCxnm1Hn5RKbMf6eNacX8PLTtx2kgab_YBMz Pll4dVIXjBw1Mn0ycaaqsTe_gbTXEsbFEiSlkp1GO60H1BLQOmY4XiZN2xQH buh_K0Ipvj61AahJ6.qePxS3nbxNaOS3wR.WuADVdDo77hV2vygN1aeAaCDY y417yCx0FUiQM3FGYZqacv9njR618HsOT6rlgTAZ13gUo2VXhfLAgcgiAEdm O4utmc4Nl2gpQ5m55rrus7O1tb28OjhGz0pzlM2.SlDBxjWzdbRJmuzO5ltR GY9JW1mc.aoYybHxIh78M9rs2dGt8PSkOpg5rzlY5Cjn9UWANvfmb_m6kLzn OoxCOoal3B4zMPxgOclB90ZJiS6N4DhpeVTB3bhEocw--
X-Yahoo-SMTP: 4kJJK.qswBDPuwyc5wW.BPAQqNXdy5j09UNyeAS0pyOQ708-
Received: from [192.168.1.152] (DD-WRT [192.168.1.1]) by uriel.mandelberg.org (Postfix) with ESMTPSA id 1DE9F1C6034; Sat, 11 Feb 2017 13:42:44 -0500 (EST)
To: Oleg Muravskiy <oleg@ripe.net>
References: <8bee5b64-8b54-99f4-3e86-f6450f664fd6@mandelberg.org> <D43B1FF6-8A8A-42B5-BDF5-0DBA7E39344F@ripe.net> <7f56ecd6-1753-ad26-0ff3-1cde6e3fe63d@mandelberg.org> <8048CCD5-0D86-4C33-8F8A-C74728FE8B67@ripe.net>
From: David Mandelberg <david@mandelberg.org>
Message-ID: <87e899b3-a922-bc0d-be2e-8150219774c1@mandelberg.org>
Date: Sat, 11 Feb 2017 13:42:39 -0500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.5.1
MIME-Version: 1.0
In-Reply-To: <8048CCD5-0D86-4C33-8F8A-C74728FE8B67@ripe.net>
Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="il0WiHS3kq0XFsN8mWfSmXWFLLHw3C302"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/ghOttCrG-y0SrE_04U-VEqOV2yQ>
Cc: draft-ietf-sidr-delta-protocol.all@ietf.org, iesg@ietf.org, secdir@ietf.org
Subject: Re: [secdir] secdir review of draft-ietf-sidr-delta-protocol-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 11 Feb 2017 18:42:48 -0000

On 02/08/2017 06:04 AM, Oleg Muravskiy wrote:
> Reading the paragraph in question again:
> 
>    Relying Parties SHOULD NOT cache the notification file for longer
>    than 1 minute, regardless of the headers set by the repository server
>    or CDN.
> 
> I think it could be misinterpreted in a way that RP should re-fetch notification file even if being in a middle of a validation run, which is wrong. So I propose a new text:
> 
>   In case of a high load on a repository server or its distribution
>   network, the Cache-Control HTTP header, or a similar mechanism, MAY
>   be used to suggest an optimal (for the repository server) poll
>   interval for Relying Parties. However, setting it to an interval
>   longer than 1 hour is NOT RECOMMENDED. Relying parties SHOULD align
>   the suggested interval with their operational practices and the
>   expected update frequency of RPKI repository data, and MAY discard
>   suggested value.
> 
> What do you think?

I'm ok with the new text.


-- 
David Eric Mandelberg / dseomn
http://david.mandelberg.org/