Re: [sidr] Last Call: <draft-ietf-sidr-rpki-oob-setup-04.txt> (An Out-Of-Band Setup Protocol For RPKI Production Services) to Proposed Standard

t.petch <ietfc@btconnect.com> Fri, 06 January 2017 17:20 UTC

Return-Path: <ietfc@btconnect.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D842D129D14; Fri, 6 Jan 2017 09:20:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.922
X-Spam-Level:
X-Spam-Status: No, score=-1.922 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=btconnect.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nIB871_YAZUf; Fri, 6 Jan 2017 09:20:03 -0800 (PST)
Received: from EUR03-AM5-obe.outbound.protection.outlook.com (mail-eopbgr30132.outbound.protection.outlook.com [40.107.3.132]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2A6D7129D18; Fri, 6 Jan 2017 09:20:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=btconnect.onmicrosoft.com; s=selector1-btconnect-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=I5Cm6kLp89MLtzkcCio139fFRI6UnhZowFQH5zO4gPo=; b=OO9m+ZFv56S8wapBtzU977j+UTUGCTdPZBaT+6YuvAumtfZFHSwjSWgWOuV+jyHt58ld98ZOthFY1As+gKHPU1oPDMNVXy4x+zDxVDJ6o3RpY1VWTHJfbBbaGR9geFZs/ja9sW1IF1Z3IBlGaVTaWkusGB6mrR7JQyTw+GPjjOA=
Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=ietfc@btconnect.com;
Received: from pc6 (81.135.210.62) by DB6PR0701MB2998.eurprd07.prod.outlook.com (10.168.84.136) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.829.4; Fri, 6 Jan 2017 17:20:00 +0000
Message-ID: <00a001d26840$e5194580$4001a8c0@gateway.2wire.net>
From: t.petch <ietfc@btconnect.com>
To: Rob Austein <sra@hactrn.net>
References: <148226796672.23778.11324483834700038816.idtracker@ietfa.amsl.com> <01f101d260f9$dee15c00$4001a8c0@gateway.2wire.net> <20161229231547.4552D456B7F2@minas-ithil.hactrn.net>
Date: Fri, 6 Jan 2017 17:15:04 +0000
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-Originating-IP: [81.135.210.62]
X-ClientProxiedBy: DB6P195CA0007.EURP195.PROD.OUTLOOK.COM (10.171.120.145) To DB6PR0701MB2998.eurprd07.prod.outlook.com (10.168.84.136)
X-MS-Office365-Filtering-Correlation-Id: 5daf1bc9-6b1e-4318-7b06-08d436583f04
X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001); SRVR:DB6PR0701MB2998;
X-Microsoft-Exchange-Diagnostics: 1; DB6PR0701MB2998; 3:w/n1/hA1NidDYO5nX5JgKjndzi73FdzyfWgTBkBwRrMnSTncclfRd0Kish+px0WvfqJ5L1TIQkDr1j1R4l7MtmHYVWcX966jQrOVdbCo+JpFTMQLhSC3pwMBGe1msSBHeQ6SaSapgrYgIq2m5FVOwtICdaKht+fhfETpbFNF18kMszboN+O18YjyuwdbChfKsJbONJKjWLz3afFNqKfuuYbUmhhtxL4a1cG/LYgSmU5KapQCOfip6W4+psvjeITEOBxrXQKllxWUgP21GOaqpw==
X-Microsoft-Exchange-Diagnostics: 1; DB6PR0701MB2998; 25:RIx/ITkFcW6XDfNT/BHfmdIJUDvoUbsyrT4nXqKbdVHM6ZPjY1rNG1dE/nqSAWh3YiaaKYS7XidRLk8fr+hDQoSCvF6+q8NPxrpsvEadwhfdk5nT9YDLFR0JxkY9W1PV1Zn5n62GAd8uXeRLwUcspKG2QM3P7lhxgg+2oznSc+BE4kMBiQsWKzIUp9zLi8oYlpb/UsCbh8BduXfOLdRZQwQohDg0gW2wD6uezhyvsv7gLyzxpgiQQkQ94KUybfHA4k5J1EOYl0J4/emJWj9DrPavDSoHRYYVrVkkgctECOnCCutMetm5Cxj0Uj3l0h6OjltUvvvWlhRzVxVA52BcrpVLVYlFPv9XnxNkqpF4G++uL9G6ypt/zOFjegy8P3ErrF4fnXnkYJzj8BpOXa+1GwF+xQ1QIIgrvBoWG9MDtjEHJDp/1X4R3sM9Y4584lnJ3Ux61zfzdmKkqImSv9ohdS0jnDu6iZXPg+O20v1sMr1vn5gWyFhL07rMOl2KKgJYb4yjwGkk4Dh33XI7W/21U2no6Kehn3gQtXI8rYmwCk8Z2RgMEiFg2wVHPghUPEJnBk6jShioGCRqrY+fuYVeuU+LOMZZgyQ/IbIijNkoT3vNTCm6l6b/17vB6AgiyZgENui1JlBvipbafgSx3JVPTQAk6a461Hl2Kg5NioyIhKk8IPhiisrN7WGM40Tm2ob1M+6/8Q7csYxuxLv2v4EXZxD/WfEGILKgvLylXkNRJHkN12AdreJcX3NCJ7NsObPzZmHJpxg9/gLE4KcAU9MSjmC3Mzvvezp8CsEe19IZqQpGn8AzzzXr3qwVU/q0BL9FxMBQS1sYCO8hD+SdNS1edLiQvJM5yMuqhMu9PH0Dgb4If7kONVS7uBFQwVtXHCAA
X-Microsoft-Exchange-Diagnostics: 1; DB6PR0701MB2998; 31:jaJbI86InA1UmRB091GtTl72B4sL+RBtIvcjzfaEy9k+LaY132A32jx3bfeX6IsyXmavtXWM01+EIZpHN4fOwj+eyCiwL5iqJtKIo3aKKynF5Rw4N1foUhCpH0vkSbg6iBKjpW3R1xqQOkeYDFubn8xXpYqkacklewUo8lv1v14OrWvoEn9Tiy/Sf6qibyXzH7p72L4hseZgFilVtBiKfdaWJqtni5w0EGugKjLX42vpAmVrTjyPG/4OqdYVDiuzzSGmZubHeRQbgvigHrI94g==; 4:jV3S6nU0/lyFypnbNzeOL1cAynFE4ps5+xSk0rs7WoptheJJOESjjWQwUHyi+OxcJLAGJkoJbYFdLCuH6BN+JX+zJCo98ucJtFv0dit+i8jUipCJWRcIBEn98jpRtgzJ7rK/7aAg5ji9/P5S1ftjz1FCH1gg45XxrmZvG4UsZkICfu/Flk3ZUs3gzuLs9v+nE7Uv2YU05GPPH4hxsi39W7dXAvrMEIgsf6e8pwsOzYdOYr7DKatv51Dko1C+ign2Bwrt1/ypdK0FVkq32SkDkKJm2gyMe2Zo3bU0TjKC+AU1H24EUfJNLXqSp8MBnUCwzqckH/aOhl40YBOL3CJkALVvNYQnx+SSNhWvJm6c94d3JVbOEJzgNsLTFrpWVagL/rhOYkhsqBPaatT3VXf8Q6lpNgDVtRZxRG9a/bvu6vFLgaZu319wEI19Dgg/FFh2k3kQsINgFnhJsu8eU5ap6+9cDiQWNlmFsPmIKYt9h3sI7jjnZghV72x98/SEBqhWyTsZzalNXiyDcIYbjESv9cIM4ULAtWhEIgNMnN3yOOPGmlxa2YY5Jt369GtM3Ncs8HjtV49zIb2e4GvQjB+Hzf+9g5sUroSEBvsx9L8wRJOCG3RmpFzSDV6YW3yo61MW
X-Microsoft-Antispam-PRVS: <DB6PR0701MB2998AF1129EBD934F8BCD8C5A0630@DB6PR0701MB2998.eurprd07.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:(178726229863574);
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040375)(601004)(2401047)(5005006)(8121501046)(3002001)(10201501046)(6041248)(20161123562025)(20161123555025)(20161123564025)(20161123560025)(6072148); SRVR:DB6PR0701MB2998; BCL:0; PCL:0; RULEID:; SRVR:DB6PR0701MB2998;
X-Forefront-PRVS: 01792087B6
X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10019020)(4630300001)(6009001)(7916002)(39450400003)(24454002)(51914003)(13464003)(189002)(377454003)(199003)(4720700003)(110136003)(68736007)(106356001)(33646002)(23756003)(230783001)(116806002)(6486002)(38730400001)(81686999)(81156014)(81816999)(6916009)(81166006)(1556002)(50986999)(230700001)(6496003)(50226002)(76176999)(5660300001)(14496001)(189998001)(9686003)(25786008)(229853002)(8676002)(84392002)(44736005)(86362001)(54906002)(97736004)(305945005)(4326007)(2906002)(61296003)(92566002)(7736002)(42186005)(105586002)(6306002)(44716002)(62236002)(3846002)(47776003)(50466002)(1456003)(6116002)(101416001)(66066001)(74416001)(7726001); DIR:OUT; SFP:1102; SCL:1; SRVR:DB6PR0701MB2998; H:pc6; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:0; LANG:en;
Received-SPF: None (protection.outlook.com: btconnect.com does not designate permitted sender hosts)
X-Microsoft-Exchange-Diagnostics: =?iso-8859-1?Q?1; DB6PR0701MB2998; 23:AcRK1nT3Bj6FniKQBoc+Xn7pFv+UOjtZQMqbK?= =?iso-8859-1?Q?+AVyIA9mnHb2Rbwz+o0HTmO/rP1lpzivJl3krt+xHcWVFFxn3W2uDSsLhZ?= =?iso-8859-1?Q?i5EQ48bP99wWEi5VQtsRyiLFO5DrjMVR+9BEC350wd/5d/Jelnbju/Nyih?= =?iso-8859-1?Q?+yY+HbFMmKynScd6bBwwv1FziEHmbmwVQ/ZI33DW2a0LokOONE4l+fN2tX?= =?iso-8859-1?Q?aaUB+WvfnEUGAdAjO0I/zwZGVBQmpB9RKjWPXmlkYQdXN26opw+p0ADu2B?= =?iso-8859-1?Q?ezCVBErqmiSbRQ64I+HFAXT6P/k7pjIznBVR0ZRLoE/cTNSvYaAnDMAiir?= =?iso-8859-1?Q?WeEukxO2JNyIXnUDyo2PxS+BYVtwEcOggyzNNljSF+U9gFDZjvTgn008fu?= =?iso-8859-1?Q?QKDhL0sjTejrSnRVrbLI3eN95aoDtvvI/3bG9NlVhiwgzZN8z4G7LOjiQx?= =?iso-8859-1?Q?IvbRUBxtgDLZ3TlkrKZcSIAUi8+1FBAdp9eaAdCPcJczv4L9lqcpwOZWAe?= =?iso-8859-1?Q?jelEPC7RPavjEp4m12KZPyvlR3WmmZp4LtVwKxRQcMLpR3bAyWFlnUzv0g?= =?iso-8859-1?Q?jL+ar39OIP4PKlZY7QpaWQg/RjapRirevmnzF/I81c7wsNr2CX5XxdFmMh?= =?iso-8859-1?Q?OaXa0VW3j+scCixy+C8fiRWZCZIrtLbKPEVEkUbz60z5Zz89AsEw1iXGk9?= =?iso-8859-1?Q?r8XJXhByFva6y7OpGiqrOa4N3aXzylwyb8dfI78QqDtSQ9I1O0q2EuxLmf?= =?iso-8859-1?Q?h5e5q/kS80ucCUPkDPh8TmDOGUVTjWU5ri3irc9NmwcrteccPQBfkjB7Na?= =?iso-8859-1?Q?xIOvqA+LefJ62HmYY5IeLHqFm7WG2f6Ts0N9lToCZk34wOFtdYp6QOPRMO?= =?iso-8859-1?Q?Wpid63EdapmQk2tE3hir2puWST21YvGfJ6BsTB7TBlZzZrlY+ZPPXKy8P/?= =?iso-8859-1?Q?cFwcPJ+NOsx+qnYeJZd1CZwloK4IBRB2lSRGlpLewse6ZlacRT2EIaw9dp?= =?iso-8859-1?Q?+E3GNj4gvr3LjATozALnG1wyirlptKXmIxHp0PzN4pajEHenR2tA0Wa0LG?= =?iso-8859-1?Q?CCVKWntks/RIutwR1ObjkiLqib22bAp/3UmWF8PJxO3IaIvUjm9nGE27Wt?= =?iso-8859-1?Q?HtR6aRqTgkf0qOPvfQ9X/17V2C60eKwCNExJo2xnp8PWD3TpfzQyf+vqdX?= =?iso-8859-1?Q?O/zoK/C4j5CJTsJUxh1vGpQrCRX+vZM/Fdl64UmoT/FJE3IxIZ6LhHoISb?= =?iso-8859-1?Q?x66W4p5W1AkzGwurnsuSCcgbLfqHxxxXNFb+I+YWo5XoZ4U9h7ZfYA6Jac?= =?iso-8859-1?Q?1Q7v751+TQvMyuGFoSIoSgEmzK4m6R6Y/Ey1/2ySHkU8Kq76jyjfoUL2A6?= =?iso-8859-1?Q?1cVL+Dtth/yi41pkJ39d1WPATBw73X5FZzBBs1qUKCLqJo38PazDeNnj25?= =?iso-8859-1?Q?MTw8HirRnYE+J9KHKqCqFyPQyMGdR8kCcGBffXyR9lDtleiADaESKEc0Vh?= =?iso-8859-1?Q?KsfcBxPeFYQGf7O2vF5HL2mR89wBeaoum8blbwtuNlV?=
X-Microsoft-Exchange-Diagnostics: 1; DB6PR0701MB2998; 6:XbWZHSRRc1kGh4iBfKEQr7tGzHWPu7qcYvGz177INCy1uRC9DuR71pof1bDHq7ns3GRnoU+5LYKfKnCD+L41lK+Ec1bQoX3wMO1yYYFSL5Y+rlp8jpyIth1hRx6uQ7EK/TEgUlsn1vjU/svwuUwderg1q9lE9bCv0yPvxE1kuhCRr3t6QV6jyBN72Owlf94/3dj60cJQHzb2aNwvu5N271OpFzF9UqNuSOg4ptwdSkrghdfjufGLQtVurrpjDAPRS2bJo01AeubbDcfsGfgS81a2L4BFSqwXgeEL/Kt/11p2gHgiq1H1608B5ssyj5zfcqUVagszvIhTWTt2tFrWFMTdjnjxF0eelVNJDv9YOkolKHCnVPY/RvMyVz35ek+QOUEiURAaq67+fh7sqs6p7cZPk/iiLEb3NJ2r0ozn6KI=; 5:27d+8Ia8FWIneZY9AHdUjDmfb5OhAEq3wY0zL3ZyKyTeUT+Si1/y4sw99suH/N1RnjwcqKjPy9z2stX3Qusphe4mEqJtRMdUAbblOXtjOvdOgeDrIxnJJQi0L52wHV0YOjvo7hUSLtW2LqJrQs+H5g==; 24:R8tN4+qzt5FmpKu+Wujki/wo0uINhqDGjQ4pRkvhDjzklMREJHl4/67awJPZ3MMUY3h7WdE/W8CizpUx7AZ8Ne9Q1ZJgq0qGLG6b4WtEasg=
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-Microsoft-Exchange-Diagnostics: 1; DB6PR0701MB2998; 7:RGnANoaY2/5YeF9S0L5CZE6mpCWqGdnA4+RGVi6hYI7VpAyRIVQ3v+Zrqi3D9ZaVIbP7VvruJ2YG41tNMbEXHXpAgcjtqTvW2lfUGwwpWnzdcDzYrvTw/B2fAGtSlyxZeGQnqLA0x3/syZkJrfDFPusRdaDJWLDp0Z1Glr6nLBFtf5jnEmNw7YKnQono2YpFvMwTnemUK2w7P/GMTk1ZnU74DR3J7gsSz/CEZHYOjYgMiFdjN9vyNgDQBVmuWYORY6uRYb5LTbhmm1TuvAiUwFLilU9Ezu99IRC+ZVcpgxtznm3Eh0erOuLPic/rrVJt9wHi8g+2mXqaAOXlv/oQcPN/aN2EGUfgB1AfqQUCl5i5jl2WZpXir/r23mgRK0Qx4Sq+QERAhcbGifL+6sqLK8zwWVQnW4B2YMKq3OHzl/RtmlShlJcLa7+0ERrZKavBFvGxm7lyBc6uAV1fQWbY+g==
X-OriginatorOrg: btconnect.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Jan 2017 17:20:00.4029 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6PR0701MB2998
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidr/-xxduXVApPWVhtMNB03kcvAhmTs>
Cc: Chris Morrow <morrowc@ops-netman.net>, sidr-chairs@ietf.org, ietf <ietf@ietf.org>, draft-ietf-sidr-rpki-oob-setup@ietf.org, sidr@ietf.org
Subject: Re: [sidr] Last Call: <draft-ietf-sidr-rpki-oob-setup-04.txt> (An Out-Of-Band Setup Protocol For RPKI Production Services) to Proposed Standard
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Jan 2017 17:20:06 -0000

Looking some more at this, I would not want to try and troubleshoot this
protocol with such a limited range of error messages.

Not something I am likely to be doing but were I to, I would like to see
an indication of the nature of the error (eg in attribute, element,
certificate) and where the error was found (the relevant name) and for
authentication errors, well, look at the certificate related TLS Alerts
which suggest to me the level of detail that has found to be needed in
at least some quarters.  And bear in mind that you are making no
recommendation about most of the certificate options, just that you
expect them to be the usual ones:-)

As it is, I would not know where to place most errors into the three
possibilities provided.

Tom Petch


----- Original Message -----
From: "Rob Austein" <sra@hactrn.net>;
To: "tom p." <daedulus@btconnect.com>;
Cc: "Chris Morrow" <morrowc@ops-netman.net>;; <sidr-chairs@ietf.org>;;
<ietf@ietf.org>;; <draft-ietf-sidr-rpki-oob-setup@ietf.org>;;
<sidr@ietf.org>;
Sent: Thursday, December 29, 2016 11:15 PM
Subject: Re: [sidr] Last Call: <draft-ietf-sidr-rpki-oob-setup-04.txt>
(An Out-Of-Band Setup Protocol For RPKI Production Services) to Proposed
Standard


> At Wed, 28 Dec 2016 10:55:15 +0000, tom p. wrote:
> >
> > When I saw BPKI in the Abstract, I thought 'typo'!  Reading on, it
> > isn't; in which case, it needs expanding in the Abstract.
> >
> > Appendix A is in RelaxNG; I would like a reference for that
language.
> >
> > Is Appendix A Normative?  i.e. in the event of a mismatch between
the
> > body of the I-D and Appendix A, which wins?  If Appendix A, then
that
> > reference should be Normative.
>
> Thanks for the review!  I agree with all of the above, will post
> revisions post-LC unless there is reason to update sooner.
>
> Yes, I think the RelaxNG schema had best be normative.  We already
> found and fixed one minor disagreement between text and schema;
> unsurprisingly, running code in that case agreed with the schema.
>
> _______________________________________________
> sidr mailing list
> sidr@ietf.org
> https://www.ietf.org/mailman/listinfo/sidr