Re: [sidr] I-D Action: draft-ietf-sidr-rpki-validation-reconsidered-00.txt

Sandra Murphy <sandy@tislabs.com> Fri, 31 October 2014 21:49 UTC

Content-Type: multipart/signed; boundary="Apple-Mail=_1576308D-E878-4A46-9FAC-3EDF2F09BFA0"; protocol="application/pgp-signature"; micalg="pgp-sha512"
Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\))
From: Sandra Murphy <sandy@tislabs.com>
In-Reply-To: <34544385-27D4-4E7D-B465-53AAA2D9623B@ripe.net>
Date: Fri, 31 Oct 2014 17:49:42 -0400
Message-Id: <AD579320-0234-4186-A873-677F6FF2DD98@tislabs.com>
References: <20140702012717.18291.24295.idtracker@ietfa.amsl.com> <415BB336-1A6C-48DD-BD0F-BC9EB0C3506F@ripe.net> <53CFFF3C.2040406@bbn.com> <BB01407F-A226-4531-9FDD-50E1B0A238F0@ripe.net> <53D151F0.80808@bbn.com> <C838412C-D16C-4C88-B022-85484789444A@ripe.net> <53D178A6.7060502@bbn.com> <CFF7CDF2.4AB4B%bje@apnic.net> <65886423-144A-48B5-A0EF-D35D4A4FE890@ripe.net> <CA+z-_EUXA0TWDqHV-9sFbgS2vyXiKE9EKBae6K0eihuhKTsm2A@mail.gmail.com> <53DAA101.8020305@bbn.com> <53E11912.7050904@gmail.com> <53E1486B.1080604@bbn.com> <53E151C7.1090508@gmail.com> <53E24D68.8020705@bbn.com> <75B90A7B-ED14-4716-A12C-2EDB1AA7851D@arin.net> <m2ha1m25iq.wl%randy@psg.com> <CFA4B932-E694-4CD6-B615-341FBD35CF26@arin.net> <m21tsq1j00.wl%randy@psg.com> <06ECFB67-7928-4860-8E1C-C661258E31DD@ripe.net> <8B92C382-8F04-4BC5-9419-E106119B8FA1@istaff.org> <34544385-27D4-4E7D-B465-53AAA2D9623B@ripe.net>
To: Tim Bruijnzeels <tim@ripe.net>
Archived-At: http://mailarchive.ietf.org/arch/msg/sidr/6A99rEvH7OjZWK6hL_txLIzhlF4
Cc: sidr wg list <sidr@ietf.org>, Sandra Murphy <sandy@tislabs.com>
Subject: Re: [sidr] I-D Action: draft-ietf-sidr-rpki-validation-reconsidered-00.txt
Precedence: list

speaking as regular ol' member.

On Oct 30, 2014, at 2:38 PM, Tim Bruijnzeels <tim@ripe.net> wrote:

> Hi John, all,
> 
> Hoping to clarify my reasoning why I think this is validation approach provides a significant quick win..
> 
> 
> On 29 Oct 2014, at 00:17, John Curran <jcurran@istaff.org> wrote:
> 
>> On Aug 11, 2014, at 11:58 AM, Tim Bruijnzeels <tim@ripe.net> wrote:
>>> 
>>> @1 The *grand*-parent shrinks the *parent* certificate without the parent knowing about this, and some of these resources appear on the, now overclaiming, child certificate. The grand-parent and parent are not involved in an active transfer process. They may not agree that the resource in question should be removed, or the grand-parent may have shrunk these resources in error.

If the removed resources re improperly removed, accepting the remaining resources does not help them.

I don't think this is an error case that we are trying to work out, here.  If we are trying to address that, we have a whole lot more solution space to explore.

>>> 
>>> If the CA really intended that the remaining resources should not be tied to the certificate, they would have revoked. 

Ironically, and no one has mentioned this much, but the CP says if a certificate's resources are reduced, the certificate with the original set is revoked.  

(Then a new certificate with the reduced set is issued with the same key.  I think that's weird.  There are people who think it is weird that I think it is weird.  :-)  )

I wonder sometimes if evaluating a ROA EE cert would find the new reduced certificate in the cache first or the issuing original certificate on the CRL first.

--Sandy, speaking as regular ol' member

Attachment: signature.asc

[sidr] I-D Action: draft-ietf-sidr-rpki-validatio… internet-drafts
Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Byron Ellacott
Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Tim Bruijnzeels
Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Carlos M. Martinez
Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Stephen Kent
Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Stephen Kent
Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Russ Housley
Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Sandra Murphy
Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Tim Bruijnzeels
Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Tim Bruijnzeels
Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Stephen Kent
Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Sandra Murphy
Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Stephen Kent
Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Stephen Kent
Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Stephen Kent
Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Rob Austein
Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Tim Bruijnzeels
Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Stephen Kent
Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Byron Ellacott
Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Stephen Kent
Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Tim Bruijnzeels
Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Carlos Martinez-Cagnazzo
Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Stephen Kent
Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… George, Wes
Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Sandra Murphy
Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… George, Wes
Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Carlos M. Martinez
Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Tim Bruijnzeels
Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Stephen Kent
Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Carlos M. Martinez
Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Stephen Kent
Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Andy Newton
Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Sandra Murphy
Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Randy Bush
Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Andy Newton
Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Andy Newton
Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Carlos M. Martinez
Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Sandra Murphy
Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Carlos M. Martinez
Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Andy Newton
Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Sandra Murphy
Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Randy Bush
Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Randy Bush
Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Carlos M. Martinez
Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Carlos M. Martinez
Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… George, Wes
Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Roque Gagliano (rogaglia)
Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Tim Bruijnzeels
Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Andy Newton
Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Andy Newton
Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Byron Ellacott
Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… John Curran
Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Carlos M. Martinez
Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Geoff Huston
Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Tim Bruijnzeels
Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Sandra Murphy
Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Sandra Murphy
Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Geoff Huston

Re: [sidr] I-D Action: draft-ietf-sidr-rpki-validation-reconsidered-00.txt

Attachment: signature.asc