Re: [sidr] rpki-tree-validation vs. madi-sidr-rp

Tim Bruijnzeels <tim@ripe.net> Thu, 30 June 2016 14:47 UTC

Return-Path: <tim@ripe.net>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6EBE412D7CC for <sidr@ietfa.amsl.com>; Thu, 30 Jun 2016 07:47:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.326
X-Spam-Level:
X-Spam-Status: No, score=-3.326 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-1.426] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8iOhbW1O7Psr for <sidr@ietfa.amsl.com>; Thu, 30 Jun 2016 07:47:02 -0700 (PDT)
Received: from molamola.ripe.net (molamola.ripe.net [IPv6:2001:67c:2e8:11::c100:1371]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 67C9312D767 for <sidr@ietf.org>; Thu, 30 Jun 2016 07:47:02 -0700 (PDT)
Received: from nene.ripe.net ([193.0.23.10]) by molamola.ripe.net with esmtps (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.84) (envelope-from <tim@ripe.net>) id 1bIdF3-000CIF-HJ; Thu, 30 Jun 2016 16:46:59 +0200
Received: from sslvpn.ripe.net ([193.0.20.230] helo=vpn-133.ripe.net) by nene.ripe.net with esmtps (TLSv1:AES256-SHA:256) (Exim 4.72) (envelope-from <tim@ripe.net>) id 1bIdF3-0007DR-Cm; Thu, 30 Jun 2016 16:46:57 +0200
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
Content-Type: text/plain; charset=utf-8
From: Tim Bruijnzeels <tim@ripe.net>
In-Reply-To: <E95FB6AF-2BF6-448A-8FF1-80CBCAAE577C@zdns.cn>
Date: Thu, 30 Jun 2016 16:46:57 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <D0D28E42-F00F-4A8A-8158-0893543275ED@ripe.net>
References: <0891ea5b-6a68-581d-7f5c-0e6f71fe76d2@bbn.com> <E95FB6AF-2BF6-448A-8FF1-80CBCAAE577C@zdns.cn>
To: Declan Ma <madi@zdns.cn>
X-Mailer: Apple Mail (2.3124)
X-ACL-Warn: Delaying message
X-RIPE-Spam-Level: ----------
X-RIPE-Spam-Report: Spam Total Points: -10.7 points pts rule name description ---- ---------------------- ------------------------------------ -7.5 ALL_TRUSTED Passed through trusted hosts only via SMTP -1.3 RP_MATCHES_RCVD Envelope sender domain matches handover relay domain -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000]
X-RIPE-Signature: 784d7acfe6559f2a0b602ec6519a07190fdaf1fdb4b748bd66432221e8e0986a
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidr/1c9AGutjG-Kncum33mqAhEVKD5s>
Cc: sidr <sidr@ietf.org>
Subject: Re: [sidr] rpki-tree-validation vs. madi-sidr-rp
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Jun 2016 14:47:07 -0000

Hi,

The point that I was trying to make, but maybe not clearly, is that rpki-tree-validation is indeed intended as an Informational document specifically detailing our implementation only, but that the RP implementers discussed earlier during WG sessions that we might want to create a generalised RP requirement, or even BCP validation document at a later stage. So I was just somewhat surprised to see this come up.

That being said, we are all busy, so I have no problem with you taking the lead in the effort to document the generalised RP requirements instead. Especially as an Informational document referencing the authoritative docs - as it seems to do.

Tim


> On 30 Jun 2016, at 07:09, Declan Ma <madi@zdns.cn> wrote:
> 
> Hi, all,
> 
> Speaking as the co-author of ‘Requirements for Resource Public Key Infrastructure (RPKI) Relying Parties’,
> 
> In addition to the clarification made by Steve, I would like to deliver a clear message here that this draft is intended to make the RP requirements well framed, which are segmented with orthogonal functionalities in different sections.
> 
> As such, those ‘functional components’ could be crafted and distributed across the operational timeline of an RP software . 
> 
> We would appreciate your comments on this document.
> 
> Di
> ZDNS
> 
> 
>> 在 2016年6月29日,02:19,Stephen Kent <kent@bbn.com> 写道:
>> 
>> Although I was not present at the BA SIDR meeting, I did participate remotely for one of the sessions. I recall the discussion of the I-D that tries to collect all of the RP requirements in one place, with cites to the sources of these requirements. It part, I recall folks at the mic arguing that this I-D was redundant relative to the existing WG document on tree validation. I don't think this is an accurate comparison of the two docs, although I agree that there is overlap between them.
>> 
>> RPKI tree validation describes how the RIPE RP software works. It includes references to 6 SIDR RFCs to explain why the software performs certain checks. The RP requirements doc cites 11 SIDR RFCs, plus the BGPsec (router cert) profile. Thus it appears that the requirements doc tries to address a wider set of RFCs relevant to RP requirements. More importantly, the requirements doc is generic, while the tree validation doc is expressly a description of one RP implementation. Thus it is an example of how that implementation tries to meet the RP requirements, not a general characterization of RP requirements.
>> 
>> 
>> Thus I think it appropriate to proceed with both docs.
>> 
>> Steve
>> 
>> _______________________________________________
>> sidr mailing list
>> sidr@ietf.org
>> https://www.ietf.org/mailman/listinfo/sidr
> 
> _______________________________________________
> sidr mailing list
> sidr@ietf.org
> https://www.ietf.org/mailman/listinfo/sidr