Re: [sidr] I-D Action: draft-ietf-sidr-rpki-validation-reconsidered-09.txt

Tim Bruijnzeels <tim@ripe.net> Thu, 16 November 2017 08:44 UTC

Return-Path: <tim@ripe.net>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 61AB1129A84 for <sidr@ietfa.amsl.com>; Thu, 16 Nov 2017 00:44:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Level:
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TmYMSF_LfzpK for <sidr@ietfa.amsl.com>; Thu, 16 Nov 2017 00:44:31 -0800 (PST)
Received: from molamola.ripe.net (molamola.ripe.net [IPv6:2001:67c:2e8:11::c100:1371]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 88838129566 for <sidr@ietf.org>; Thu, 16 Nov 2017 00:44:31 -0800 (PST)
Received: from titi.ripe.net ([193.0.23.11]) by molamola.ripe.net with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.89) (envelope-from <tim@ripe.net>) id 1eFFmf-0005Ir-GX for sidr@ietf.org; Thu, 16 Nov 2017 09:44:30 +0100
Received: from sslvpn.ripe.net ([193.0.20.230] helo=vpn-250.ripe.net) by titi.ripe.net with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.89) (envelope-from <tim@ripe.net>) id 1eFFmd-00062D-LT; Thu, 16 Nov 2017 09:44:29 +0100
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Tim Bruijnzeels <tim@ripe.net>
In-Reply-To: <151081919187.28369.12154628810347674400@ietfa.amsl.com>
Date: Thu, 16 Nov 2017 16:44:20 +0800
Content-Transfer-Encoding: quoted-printable
Message-Id: <C098087D-009D-48F6-8456-61B8BC020F3E@ripe.net>
References: <151081919187.28369.12154628810347674400@ietfa.amsl.com>
To: sidr <sidr@ietf.org>
X-Mailer: Apple Mail (2.3273)
X-ACL-Warn: Delaying message
X-RIPE-Spam-Level: -------
X-RIPE-Spam-Report: Spam Total Points: -7.5 points pts rule name description ---- ---------------------- ------------------------------------ -7.5 ALL_TRUSTED Passed through trusted hosts only via SMTP
X-RIPE-Signature: 784d7acfe6559f2a0b602ec6519a071965b1375632d4af3d28ca24defb61afc5
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidr/5PQbbeqjqquXKZI3ADLlh-t8NLs>
Subject: Re: [sidr] I-D Action: draft-ietf-sidr-rpki-validation-reconsidered-09.txt
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Nov 2017 08:44:33 -0000

Dear WG,

This version was uploaded because looking at this on-line proved more convenient for IESG review, as opposed to the version of this that I sent as an email attachment. We have a had a discussion about remaining DISCUSS items and a -10 version is coming soon as well. Possibly still before I board my plane home tomorrow, otherwise early next week.

Kind regards,

Tim

> On 16 Nov 2017, at 15:59, internet-drafts@ietf.org wrote:
> 
> 
> A New Internet-Draft is available from the on-line Internet-Drafts directories.
> This draft is a work item of the Secure Inter-Domain Routing WG of the IETF.
> 
>        Title           : RPKI Validation Reconsidered
>        Authors         : Geoff Huston
>                          George Michaelson
>                          Carlos M. Martinez
>                          Tim Bruijnzeels
>                          Andrew Lee Newton
>                          Daniel Shaw
> 	Filename        : draft-ietf-sidr-rpki-validation-reconsidered-09.txt
> 	Pages           : 22
> 	Date            : 2017-11-15
> 
> Abstract:
>   This document specifies an alternative to the certificate validation
>   procedure specified in RFC 6487 that reduces aspects of operational
>   fragility in the management of certificates in the RPKI, while
>   retaining essential security features.
> 
>   Where the procedure specified in RFC 6487 requires that Resource
>   Certificates are rejecting entirely if they are found to over-claim
>   any resources not contained on the issuing certificate, the
>   validation process defined here allows an issuing Certificate
>   Authority to chose to communicate that such Resource Certificates
>   should be accepted for the intersection of their resources and the
>   issuing certificate.
> 
>   This choice is signalled by form of a set of alternative Object
>   Identifiers (OIDs) of RFC 3779 X.509 Extensions for IP Addresses and
>   AS Identifiers, and certificate policy for the Resource Public Key
>   Infrastructure (RFC 6484).  It should be noted that in case these
>   OIDs are not used for any certificate under a Trust Anchor, the
>   validation procedure defined here has the same outcome as the
>   procedure defined in RFC 6487
> 
>   Furthermore this document provides an alternative to ROA (RFC 6482),
>   and BGPSec Router Certificate (BGPSec PKI Profiles - publication
>   requested) validation.
> 
> 
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-ietf-sidr-rpki-validation-reconsidered/
> 
> There are also htmlized versions available at:
> https://tools.ietf.org/html/draft-ietf-sidr-rpki-validation-reconsidered-09
> https://datatracker.ietf.org/doc/html/draft-ietf-sidr-rpki-validation-reconsidered-09
> 
> A diff from the previous version is available at:
> https://www.ietf.org/rfcdiff?url2=draft-ietf-sidr-rpki-validation-reconsidered-09
> 
> 
> Please note that it may take a couple of minutes from the time of submission
> until the htmlized version and diff are available at tools.ietf.org.
> 
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
> 
> _______________________________________________
> sidr mailing list
> sidr@ietf.org
> https://www.ietf.org/mailman/listinfo/sidr
>