Re: [sidr] draft-ietf-sidr-repos-struct to Standards Track

Randy Bush <randy@psg.com> Tue, 19 July 2011 15:48 UTC

Return-Path: <randy@psg.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D804011E808C for <sidr@ietfa.amsl.com>; Tue, 19 Jul 2011 08:48:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.537
X-Spam-Level:
X-Spam-Status: No, score=-2.537 tagged_above=-999 required=5 tests=[AWL=0.062, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nISY+U5Pjgcx for <sidr@ietfa.amsl.com>; Tue, 19 Jul 2011 08:48:22 -0700 (PDT)
Received: from ran.psg.com (ran.psg.com [IPv6:2001:418:1::36]) by ietfa.amsl.com (Postfix) with ESMTP id 429F011E808A for <sidr@ietf.org>; Tue, 19 Jul 2011 08:48:22 -0700 (PDT)
Received: from localhost ([127.0.0.1] helo=rair.psg.com.psg.com) by ran.psg.com with esmtp (Exim 4.76 (FreeBSD)) (envelope-from <randy@psg.com>) id 1QjCWm-000GNU-2p; Tue, 19 Jul 2011 15:48:08 +0000
Date: Tue, 19 Jul 2011 08:48:07 -0700
Message-ID: <m2vcuynufc.wl%randy@psg.com>
From: Randy Bush <randy@psg.com>
To: Terry Manderson <terry.manderson@icann.org>
In-Reply-To: <CA4BBB06.17F28%terry.manderson@icann.org>
References: <m239i2pllp.wl%randy@psg.com> <CA4BBB06.17F28%terry.manderson@icann.org>
User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/22.3 Mule/5.0 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka")
Content-Type: text/plain; charset="US-ASCII"
Cc: "draft-ietf-sidr-repos-struct@tools.ietf.org" <draft-ietf-sidr-repos-struct@tools.ietf.org>, sidr wg list <sidr@ietf.org>
Subject: Re: [sidr] draft-ietf-sidr-repos-struct to Standards Track
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Jul 2011 15:48:23 -0000

>>> I think there is an easier way, as already suggested. Add the object
>>> type to the manifest in FileandHash.
>>> 
>>> 1) the rescert points to the publication point and manifest
>>> 2) the manifest is mandatory
>>> 3) the manifest is signed
>>> 4) the manifest is nicely(?) readable ASN.1
>> 
>> so move the deck chairs from coding the type in a directory maintained
>> by the operating system to one the spec and the programmers write and
>> maintain?  big win there, eh?
> 
> The win is to eliminate a threat that has already been identified on the
> list.

and is based on a weak premise.  rpki security is based on object, not
transport, security.  stuff might be garbled in transport.

and please remember that the manifest may be a proper subset of the
directory.

randy