IETF Logo Mail Archive

Re: [sidr] wglc draft-ietf-sidr-policy-qualifiers-00

"Murphy, Sandra" <Sandra.Murphy@parsons.com> Fri, 23 August 2013 18:09 UTC

Return-Path: <prvs=1947730114=sandra.murphy@parsons.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 79A4611E80FE for <sidr@ietfa.amsl.com>; Fri, 23 Aug 2013 11:09:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.578
X-Spam-Level:
X-Spam-Status: No, score=-2.578 tagged_above=-999 required=5 tests=[AWL=0.022, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tm1K+TO+RCv1 for <sidr@ietfa.amsl.com>; Fri, 23 Aug 2013 11:09:23 -0700 (PDT)
Received: from txdal11mx03.parsons.com (txdal11mx03.parsons.com [206.219.199.111]) by ietfa.amsl.com (Postfix) with ESMTP id 70DA011E80EC for <sidr@ietf.org>; Fri, 23 Aug 2013 11:09:23 -0700 (PDT)
Received: from pps.filterd (txdal11mx03 [127.0.0.1]) by txdal11mx03.parsons.com (8.14.5/8.14.5) with SMTP id r7NHj61M017104; Fri, 23 Aug 2013 13:09:22 -0500
Received: from uther.sparta.com (uther.sparta.com [157.185.0.2]) by txdal11mx03.parsons.com with ESMTP id 1ee43njq7w-1 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NOT); Fri, 23 Aug 2013 13:09:21 -0500
Received: from durin.laguna.sparta.com ([10.62.216.7]) by Uther.sparta.com (8.13.8/8.13.8) with ESMTP id r7NI9KeP018280; Fri, 23 Aug 2013 11:09:20 -0700
Received: from CVA-HUB002.centreville.ads.sparta.com ([10.62.108.29]) by durin.laguna.sparta.com (8.13.8/8.13.8) with ESMTP id r7NI9JQw006101; Fri, 23 Aug 2013 11:09:20 -0700
Received: from CVA-MB002.centreville.ads.sparta.com ([fe80::6046:a82a:c500:c9ad]) by CVA-HUB002.centreville.ads.sparta.com ([fe80::9817:c0c5:e172:9d1c%11]) with mapi id 14.02.0342.003; Fri, 23 Aug 2013 14:09:19 -0400
From: "Murphy, Sandra" <Sandra.Murphy@parsons.com>
To: Andy Newton <andy@arin.net>, "Roque Gagliano (rogaglia)" <rogaglia@cisco.com>
Thread-Topic: [sidr] wglc draft-ietf-sidr-policy-qualifiers-00
Thread-Index: Ac5/P7KlsWW9gua6S/mEz+yRY2Jx6ACSJbqA///q8YCAAUv7gIAADzOAgDv5C7Q=
Date: Fri, 23 Aug 2013 18:09:18 +0000
Message-ID: <24B20D14B2CD29478C8D5D6E9CBB29F6749E7607@CVA-MB002.centreville.ads.sparta.com>
References: <EF4348D391D0334996EE9681630C83F0221213C8@xmb-rcd-x02.cisco.com>, <CE0AC78A.26953%andy@arin.net>
In-Reply-To: <CE0AC78A.26953%andy@arin.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.62.8.137]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.10.8794, 1.0.431, 0.0.0000 definitions=2013-08-23_04:2013-08-23, 2013-08-23, 1970-01-01 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 kscore.is_bulkscore=0 kscore.compositescore=0 circleOfTrustscore=8.37910746102275 compositescore=0.01616681895707 urlsuspect_oldscore=0.601740022158007 suspectscore=0 recipient_domain_to_sender_totalscore=1431 phishscore=0 bulkscore=0 kscore.is_spamscore=0 recipient_to_sender_totalscore=2 recipient_domain_to_sender_domain_totalscore=7703 rbsscore=0.01616681895707 spamscore=0 recipient_to_sender_domain_totalscore=2 urlsuspectscore=0.1 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=7.0.1-1305240000 definitions=main-1308230071
Cc: "sidr@ietf.org" <sidr@ietf.org>
Subject: Re: [sidr] wglc draft-ietf-sidr-policy-qualifiers-00
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Aug 2013 18:09:29 -0000

Speaking as working group chair:

I can't be certain that this indicates a promise to modify the draft or not.  Roque, Andy, could you comment?

If so, a new version is needed and I'll say so on the list.
If not, I'll have to ask for resolution on list.

Speaking as regular ol' member (and a bit as wg chair, as I'm not clear about the intent of the new text):

I don't think this text hurts anything, but I am puzzled about the intent.  If "all known" implementations comply, why mention the problem?  OTOH, it might serve to forestall AD/IESG questions.

So I agree with Andy's observation, though I'd say a heading "Backward Compatibility Considerations" rather than "Interoperability Considerations" suits the situation better. 

(Apologies - searching for the thread, I found these comments stuck in my draft folder from 17 July.)

--Sandy

P.S.  

"strick"->"strict" 
"RPKI signed objects" -> "RPKI objects" <because you mean CA certs as well and signed objects might be taken to mean only ROAs and ghostbusters and manifests etc>  
"implements"->"include" or "contain" or...
"RP"-> relying party (or you'll have to define the acronym somewhere)
Not sure what ""as in IDR" means.

________________________________________
From: Andy Newton [andy@arin.net]
Sent: Tuesday, July 16, 2013 9:49 AM
To: Roque Gagliano (rogaglia)
Cc: Murphy, Sandra; sidr@ietf.org
Subject: Re: [sidr] wglc draft-ietf-sidr-policy-qualifiers-00

This sounds fine to me, though it is really an interoperability
considerations section thingy. The IETF does those now, right? :)

-andy

On 7/16/13 4:55 AM, "Roque Gagliano (rogaglia)" <rogaglia@cisco.com> wrote:

>Thanks Andy.
>
>Do you think we need to add something in the security section about the
>transition?
>
>Something like:
>
>"A RP that performs a strick validation based on RFC6487 and fails to
>support the updates described in this document, would incorrectly
>invalidate RPKI signed objects that implements the changes in Section 2.
>At the time of this writing, all known RP software suites (you can
>mention them as in IDR) were tested and supported the updates on this
>document"
>
>Roque
>
>On Jul 15, 2013, at 7:07 PM, Andy Newton <andy@arin.net> wrote:
>
>> On 7/15/13 10:22 AM, "Roque Gagliano (rogaglia)" <rogaglia@cisco.com>
>> wrote:
>>
>>> Before sending my support to advance to the IESG, I wanted to ask the
>>> author if they have tested the effects of this change on existing RP
>>> tools. Do they really set the certificate as invalid?
>>
>> Yes, we have tested against the three RP suites. One did not require a
>> change while the other two required simple one line changes. Current
>> releases of all three now accommodate it.
>>
>> -andy
>>
>
>

v2.43.4 | Report a Bug | By Email | System Status