Re: [sidr] WGLC: draft-ietf-sidr-origin-ops
Rob Austein <sra@hactrn.net> Mon, 14 November 2011 13:37 UTC
Return-Path: <sra@hactrn.net>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6BCCA11E80E9 for <sidr@ietfa.amsl.com>; Mon, 14 Nov 2011 05:37:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.244
X-Spam-Level:
X-Spam-Status: No, score=-102.244 tagged_above=-999 required=5 tests=[AWL=-0.356, BAYES_00=-2.599, HELO_MISMATCH_NET=0.611, RDNS_DYNAMIC=0.1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 50ehbN0vDAmY for <sidr@ietfa.amsl.com>; Mon, 14 Nov 2011 05:37:12 -0800 (PST)
Received: from cyteen.hactrn.net (cyteen.hactrn.net [IPv6:2002:425c:4242:0:210:5aff:fe86:1f54]) by ietfa.amsl.com (Postfix) with ESMTP id 2F27111E80DA for <sidr@ietf.org>; Mon, 14 Nov 2011 05:37:12 -0800 (PST)
Received: from minas-ithil.hactrn.net (dhcp-45b6.meeting.ietf.org [130.129.69.182]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "nargothrond.hactrn.net", Issuer "Grunchweather Associates" (verified OK)) by cyteen.hactrn.net (Postfix) with ESMTPS id A999B2846B for <sidr@ietf.org>; Mon, 14 Nov 2011 13:37:08 +0000 (UTC)
Received: from minas-ithil.hactrn.net (localhost [127.0.0.1]) by minas-ithil.hactrn.net (Postfix) with ESMTP id 72C05654865 for <sidr@ietf.org>; Mon, 14 Nov 2011 21:37:04 +0800 (CST)
Date: Mon, 14 Nov 2011 21:37:04 +0800
From: Rob Austein <sra@hactrn.net>
To: sidr@ietf.org
In-Reply-To: <48A7C4A7-7FFB-44CB-ABCA-76E148AE0574@castlepoint.net>
References: <CAL9jLaaOm_=W85r3P990A6DtROTcQwSJ-KBRzAi9ugw1Bo1_cQ@mail.gmail.com> <E4B4DE52-BBB3-4FA0-A75A-B51824BA83E7@lacnic.net> <m2hb3a7uqp.wl%randy@psg.com> <m2fwiu7uji.wl%randy@psg.com> <CAL9jLabcaLnBbZXbNf7Lbv+ppm-h9yO+wBHunG4s1=emOyM6=w@mail.gmail.com> <805B0799-7026-4532-A53C-4CFE3E863A33@castlepoint.net> <m21utbfbhb.wl%randy@psg.com> <48A7C4A7-7FFB-44CB-ABCA-76E148AE0574@castlepoint.net>
User-Agent: Wanderlust/2.15.5 (Almost Unreal) Emacs/22.3 Mule/5.0 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka")
Content-Type: text/plain; charset="US-ASCII"
Message-Id: <20111114133704.72C05654865@minas-ithil.hactrn.net>
Subject: Re: [sidr] WGLC: draft-ietf-sidr-origin-ops
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Nov 2011 13:37:29 -0000
At Mon, 14 Nov 2011 18:45:09 +0800, Shane Amante wrote: > > More specifically, what I've been attempting to ask here is how one > configures, in one's _local_ RPKI cache (that syncs to the outside > world), /where/ the RIR's publication points are on Day 1. Do I > contact one RIR (which maintains a list of other RIR's publication > points) -or- each RIR individually to ask what is their publication > point? (If you can help provide an answer as to what is the > expectation on the operator, I can then potentially help to provide > text). Starting point is most likely one or more Trust Anchor Locator (TAL) files, see draft-ietf-sidr-ta. On that glorious day when the RIRs and IANA have all their ducks in a row, there will be one public TAL for the root of the promised single tree; in the meantime, you'll likely have a small collection of TALs. Where do the TALs come from? Depends on whose TAL it is. Some of the RIRs publish their TALs on their web sites (one RIR, on the other hand, appears to be hiding the TAL for their pilot system in a locked filing cabinet in a disused lavatory in a subbasement with a sign reading "Beware Of Leopard", but that's neither here nor there). Those of us who write RPKI validation software collect these TALs when we can find and verify them, and I, at least, include them with my software. Ultimately, the problem is the same as distributing DNSSEC TAs, or any other TA for that matter. Pretty much by definition, these things have to be configured outside the automated system, because they're the bootstrap data. Inclusion in distributions of software using the system seems to be the most common way, but one could envision other methods (T shirts handed out at IETF or *OG meetings, publication in major newspapers, perhaps as QR codes, invent your own mechanism -- the key point is that grounds for believing the TAL come from outside the system we're trying to bootstrap).
- [sidr] WGLC: draft-ietf-sidr-origin-ops Christopher Morrow
- Re: [sidr] WGLC: draft-ietf-sidr-origin-ops George, Wes
- Re: [sidr] WGLC: draft-ietf-sidr-origin-ops Arturo Servin
- Re: [sidr] WGLC: draft-ietf-sidr-origin-ops Randy Bush
- Re: [sidr] WGLC: draft-ietf-sidr-origin-ops Randy Bush
- Re: [sidr] WGLC: draft-ietf-sidr-origin-ops Christopher Morrow
- Re: [sidr] WGLC: draft-ietf-sidr-origin-ops Bert Wijnen (IETF)
- Re: [sidr] WGLC: draft-ietf-sidr-origin-ops Brian Dickson
- Re: [sidr] WGLC: draft-ietf-sidr-origin-ops Jay Borkenhagen
- Re: [sidr] WGLC: draft-ietf-sidr-origin-ops Shane Amante
- Re: [sidr] WGLC: draft-ietf-sidr-origin-ops Randy Bush
- Re: [sidr] WGLC: draft-ietf-sidr-origin-ops Danny McPherson
- Re: [sidr] WGLC: draft-ietf-sidr-origin-ops Shane Amante
- Re: [sidr] WGLC: draft-ietf-sidr-origin-ops George, Wes
- Re: [sidr] WGLC: draft-ietf-sidr-origin-ops Eric Osterweil
- Re: [sidr] WGLC: draft-ietf-sidr-origin-ops Christopher Morrow
- Re: [sidr] WGLC: draft-ietf-sidr-origin-ops Randy Bush
- Re: [sidr] WGLC: draft-ietf-sidr-origin-ops Shane Amante
- Re: [sidr] WGLC: draft-ietf-sidr-origin-ops Danny McPherson
- Re: [sidr] WGLC: draft-ietf-sidr-origin-ops Randy Bush
- Re: [sidr] WGLC: draft-ietf-sidr-origin-ops Danny McPherson
- Re: [sidr] WGLC: draft-ietf-sidr-origin-ops Christopher Morrow
- Re: [sidr] WGLC: draft-ietf-sidr-origin-ops George, Wes
- Re: [sidr] WGLC: draft-ietf-sidr-origin-ops Randy Bush
- Re: [sidr] WGLC: draft-ietf-sidr-origin-ops Christopher Morrow
- Re: [sidr] WGLC: draft-ietf-sidr-origin-ops Shane Amante
- Re: [sidr] WGLC: draft-ietf-sidr-origin-ops Rob Austein
- Re: [sidr] WGLC: draft-ietf-sidr-origin-ops Randy Bush
- Re: [sidr] WGLC: draft-ietf-sidr-origin-ops Danny McPherson
- Re: [sidr] WGLC: draft-ietf-sidr-origin-ops Christopher Morrow
- Re: [sidr] WGLC: draft-ietf-sidr-origin-ops Randy Bush