IETF Logo Mail Archive

Re: [sidr] draft-ietf-sidr-repos-struct to Standards Track

Stephen Kent <kent@bbn.com> Sat, 23 July 2011 14:22 UTC

Return-Path: <kent@bbn.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CE27021F86AB for <sidr@ietfa.amsl.com>; Sat, 23 Jul 2011 07:22:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.525
X-Spam-Level:
X-Spam-Status: No, score=-106.525 tagged_above=-999 required=5 tests=[AWL=0.074, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VIo4HkirNH81 for <sidr@ietfa.amsl.com>; Sat, 23 Jul 2011 07:22:44 -0700 (PDT)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.0.80]) by ietfa.amsl.com (Postfix) with ESMTP id 40A1921F8677 for <sidr@ietf.org>; Sat, 23 Jul 2011 07:22:41 -0700 (PDT)
Received: from dommiel.bbn.com ([192.1.122.15]:56474 helo=[130.129.18.170]) by smtp.bbn.com with esmtp (Exim 4.74 (FreeBSD)) (envelope-from <kent@bbn.com>) id 1Qkd5u-0007FI-SL; Sat, 23 Jul 2011 10:22:18 -0400
Mime-Version: 1.0
Message-Id: <p06240800ca507a73b7e4@[172.17.25.20]>
In-Reply-To: <CA4F1AA8.1818D%terry.manderson@icann.org>
References: <CA4F1AA8.1818D%terry.manderson@icann.org>
Date: Sat, 23 Jul 2011 09:22:40 -0400
To: Terry Manderson <terry.manderson@icann.org>
From: Stephen Kent <kent@bbn.com>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Cc: Rob Austein <sra@isc.org>, "draft-ietf-sidr-repos-struct@tools.ietf.org" <draft-ietf-sidr-repos-struct@tools.ietf.org>, "sidr-chairs@tools.ietf.org" <sidr-chairs@tools.ietf.org>, "sidr@ietf.org" <sidr@ietf.org>
Subject: Re: [sidr] draft-ietf-sidr-repos-struct to Standards Track
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 23 Jul 2011 14:22:44 -0000

At 7:16 PM -0700 7/21/11, Terry Manderson wrote:
>Hi Andrew,
>
>
>>
>>  Therefore, the BBN validator does the only thing sensible, which is
>>  validate based on filename and certificate chain.  After that, we check
>>  against the manifest and emit a warning if it doesn't look right.  And
>>  we provide the user with configuration flags to control the output of
>>  validator: does he want output from the "perfect" ROAs only (with
>>  perfect manifests all the way up the chain), or is some level of
>>  grayness acceptable.
>>
>>  Manifests are murky, especially when you misuse them.  Filename
>>  extensions are not.
>
>Maybe the repository should have been constructed in LDAP with a manifest
>object there to confirm the ldap search returned all the roa objects.

LDAP would be terrible in this context. It is not well suited to
the "I want everything that has changed since this time" model of
repository access that RPs need here.

Steve

v2.23.0 | Report a Bug | By Email