IETF Logo Mail Archive

Re: [sidr] WGLC for draft-ietf-sidr-rpki-rtr-rfc6810-bis-03

David Mandelberg <david@mandelberg.org> Tue, 17 March 2015 04:46 UTC

Return-Path: <david@mandelberg.org>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 73CD41A0064 for <sidr@ietfa.amsl.com>; Mon, 16 Mar 2015 21:46:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.001
X-Spam-Level:
X-Spam-Status: No, score=-0.001 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S7Ov0_IROH-q for <sidr@ietfa.amsl.com>; Mon, 16 Mar 2015 21:46:26 -0700 (PDT)
Received: from nm22-vm6.access.bullet.mail.bf1.yahoo.com (nm22-vm6.access.bullet.mail.bf1.yahoo.com [216.109.115.149]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8C6571A0062 for <sidr@ietf.org>; Mon, 16 Mar 2015 21:46:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1426567585; bh=TThjZVcSzuj5ARZMIOUaCLYjzPo3EdPzj4O3REXZm2M=; h=Date:From:To:Subject:In-Reply-To:References:From:Subject; b=SSxWqdJI34dMXnzbv/AXr1uHh0nTfnRvNC4Mo9aAPedjZlMaRs/xjLIxKddFxbPSkoIL76fRMOrGGwI8XU6IlIrHOtx2O3ubqAJacx3y8xna2O+ZAnxb/EMFmFpJDZP5zTQOYqHUvI3kjfg5+bUoAMbfmsXHuSowlsY3VfXkhrBjRftv5wfrKP6ZF/g/KZUNjEnbSXBKaD6xO3jOPFybOXGh5gUsziHnC4VSFzgiEdJvdd6H3qGdjSNpJQX40C1RpoB2DCZPQMHufhXtb3973z3qhjoFUaTRDLcLaW+S93sEl2Sz/9VNUKxeidmWxQGpQyBlJ0rDUqajzPLdVM9tzg==
Received: from [66.196.81.157] by nm22.access.bullet.mail.bf1.yahoo.com with NNFMP; 17 Mar 2015 04:46:25 -0000
Received: from [98.138.104.99] by tm3.access.bullet.mail.bf1.yahoo.com with NNFMP; 17 Mar 2015 04:46:25 -0000
Received: from [127.0.0.1] by smtp119.sbc.mail.ne1.yahoo.com with NNFMP; 17 Mar 2015 04:46:25 -0000
X-Yahoo-Newman-Id: 652186.68859.bm@smtp119.sbc.mail.ne1.yahoo.com
X-Yahoo-Newman-Property: ymail-3
X-YMail-OSG: pzAHGz8VM1luCNN..zpxKmGnpMQD12dEiJNZaNvDcpZ0fGA QGEzqD9csy0O2ToE5MqjQHQ183thpnaAkmqVJbWt9ZNTImzDnMR45NyqjP5Q 4wmfuiOPJ.xtFvrawidnl_r9tgUonoRwOvwAKJo4CEre1QdHGu3vEk86ZaVD 3vcils59AAJ8gUtvF_77gvID0L3dZJiTYNSx5FwHH3V3o4LDuJfQ8w4ZctmH 3BCCl.t1qRV0ucpyTG_jUDmRyxSzTAguqwkQZt7l.x8mUTUFffyiH5CwF.r8 0j3mrVkIx4uogr2EMoWjHjQJNRb9xl0B5Pf5uELDoWUqM.bGhZ6fELx8vxj8 Nbv68wpjaedQAfTEJAFgs_SCUFzWF3lgqC9C9l5CU5R6vBcstyQc.TDuSlFf hX0Jn7IHSaziYIjUHCITlFORJ0xNNYjIs1Ut_v4F_nU.v5R98GkXgJcOUvp9 ABYc6RKPOH5ZYWOd8sJtBHYpVDN3x.O9UBsce7llJTcVOQOARiQ2iFMNNQ69 wb6VVISVC7IOyk372wWgMJ0BujKjEGlYQc35PRPRJ2nScREiSmNzZqYPLU4N 9X1M0fvnxC3JOsUAP5CR5P8bU7ipuvnBrrtayvA8017OdfMS40w--
X-Yahoo-SMTP: 4kJJK.qswBDPuwyc5wW.BPAQqNXdy5j09UNyeAS0pyOQ708-
Received: from secure.mandelberg.org (c-76-24-31-176.hsd1.ma.comcast.net [76.24.31.176]) by uriel.mandelberg.org (Postfix) with ESMTPSA id 1CFE71C6058 for <sidr@ietf.org>; Tue, 17 Mar 2015 00:46:24 -0400 (EDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Date: Tue, 17 Mar 2015 00:46:23 -0400
From: David Mandelberg <david@mandelberg.org>
To: sidr@ietf.org
In-Reply-To: <A5144FF9-FD2A-4284-A8FE-E0CB89F1E00F@tislabs.com>
References: <A5144FF9-FD2A-4284-A8FE-E0CB89F1E00F@tislabs.com>
Message-ID: <729d38908098b3cb55910eaf98fb346a@mail.mandelberg.org>
X-Sender: david@mandelberg.org
User-Agent: Roundcube Webmail/0.7.2
Archived-At: <http://mailarchive.ietf.org/arch/msg/sidr/3ye53MY_UCwaKu8rlqwA2lKl0YQ>
Subject: Re: [sidr] WGLC for draft-ietf-sidr-rpki-rtr-rfc6810-bis-03
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Mar 2015 04:46:28 -0000

On 2015-03-06 05:22, Sandra Murphy wrote:
> Please comment to the list whether you believe that this draft is
> ready for publication.

I reviewed this draft. My substantive comments are below, and I'll send 
nits to the authors. Other than the below and the comment that Tim B 
sent to the list, I think the draft is ready for publication. (Note that 
while I have written a cache implementation of version 0 of this 
protocol, I have not yet written an implementation of version 1.)

Section 5 says "Fields with unspecified content MUST be zero on 
transmission and MAY be ignored on receipt" and Section 5.1 says "Fields 
shown as zero or reserved MUST be zero.  The value of such a field MUST 
be ignored on receipt." Are there three separate things (unspecified, 
zero, and reserved) to which these different rules apply? Or are these 
all the same thing, and the MAY in the first quote conflicts with the 
second MUST in the second quote?

The Router Key PDU (section 5.10) uses a fixed-size field for the SKI. 
What's the plan for algorithm agility, if the size of the SKI changes? 
if the size of the SKI does not change, but the algorithm does?

Section 7 adds the requirement that "A router MUST start each transport 
session by issuing either a Reset Query or a Serial Query." However, I 
don't see an additional requirement that the cache can't start sending 
PDUs (e.g., a Serial Notify) before it receives a Query from the router. 
Maybe there should be? Our current (version 0) implementation sends a 
Serial Notify whenever there is a new serial number, even if the router 
has not yet made any queries. If a version 1 router connects to our 
version 0 cache and we somehow manage to send a Serial Notify before the 
router is able to send a Query, what should the router do? Likewise, 
what should the router do if it receives any version 1 PDU before it has 
sent a Query?

What happens if version 1 is successfully negotiated, but a later PDU 
is sent (in either direction) with its version set to 0? Should the 
receiving side send an Error Report and disconnect? Likewise, what 
happens if version 0 is successfully negotiated, but a later PDU has a 
version of 1? Should the receiving side send an Error Report and 
disconnect? Even if the version 1 PDU is a Query (router to cache) and 
the cache supports version 1? I have no issue with disallowing 
re-negotiation of the protocol version, but I think it should be clearly 
specified that negotiation happens only at the beginning of a transport 
session.

-- 
David Eric Mandelberg / dseomn
http://david.mandelberg.org/

v2.23.0 | Report a Bug | By Email