IETF Logo Mail Archive

Re: [sidr] Questions about draft-huston-rpki-validation-01

Stephen Kent <kent@bbn.com> Thu, 22 May 2014 18:39 UTC

Return-Path: <kent@bbn.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4D7C71A02C9 for <sidr@ietfa.amsl.com>; Thu, 22 May 2014 11:39:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.852
X-Spam-Level:
X-Spam-Status: No, score=-4.852 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.651, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lGMLDEJcq9pM for <sidr@ietfa.amsl.com>; Thu, 22 May 2014 11:39:29 -0700 (PDT)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.1.81]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AF8901A02CC for <sidr@ietf.org>; Thu, 22 May 2014 11:39:22 -0700 (PDT)
Received: from dhcp89-089-218.bbn.com ([128.89.89.218]:57833) by smtp.bbn.com with esmtp (Exim 4.77 (FreeBSD)) (envelope-from <kent@bbn.com>) id 1WnXtr-000BoO-Bj; Thu, 22 May 2014 14:39:31 -0400
Message-ID: <537E4456.9050009@bbn.com>
Date: Thu, 22 May 2014 14:39:18 -0400
From: Stephen Kent <kent@bbn.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.5.0
MIME-Version: 1.0
To: Geoff Huston <gih@apnic.net>
References: <aa922cfa32d64b01ad85a472faa9356b@BLUPR09MB053.namprd09.prod.outlook.com> <F69C5324-C865-46FB-9B49-940B47F29ADD@apnic.net> <519729f8a8c549ec98496c22fc6025a6@BLUPR09MB053.namprd09.prod.outlook.com> <452C0EF8-8A6C-4E75-B7B3-DDF4FFD87691@apnic.net> <375b352964154d2eab003662a377c688@BLUPR09MB053.namprd09.prod.outlook.com> <88BC9DDD-0F93-4041-A0DD-527DB61CD7D5@apnic.net> <edb249d3311944af920e850d6c65e8b9@BLUPR09MB053.namprd09.prod.outlook.com> <6F99EFB3-6813-4D40-9AEA-B1A8557F06EA@apnic.net> <a7b10fad36e94680a2851d2c8a2bc692@BLUPR09MB053.namprd09.prod.outlook.com> <FB4FB863-1AE0-41DB-97B1-FB022150D29E@ripe.net> <CAL9jLaY3-dy7vA2=bd3dNGM8cL0jqzSZZgwWtx84H_AxiotXCA@mail.gmail.com> <FF3700A5-A766-49C1-B282-26E10B508929@gmail.com> <CAL9jLaauY6kHa+U=TKjW3rDawVAzNhL4ctvBONgey6inFBuT7A@mail.gmail.com> <537CEB37.506@bbn.com> <02E084F0-C222-4753-ACCF-C239D6B6B29B@apnic.net>
In-Reply-To: <02E084F0-C222-4753-ACCF-C239D6B6B29B@apnic.net>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/sidr/9_u5WohYMV6VwjfswpUlGt1r09Q
Cc: sidr@ietf.org
Subject: Re: [sidr] Questions about draft-huston-rpki-validation-01
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 May 2014 18:39:35 -0000

Geoff,
> Hi Steve,
>
> I appreciate the backlog of mail you are working from, as you note in your mail, but
> I always think it useful to have carefully read a document before performing a critique. I'm sure
> you would agree with that sentiment. I was therefore quite surprised to find you had said the
> following:
>
>> 2- A separate concern is that the candidate doc contains two separable cases: one relaxes
>> path validation by not mandating that every subordinate cert contain only a subset
>> of the resources in the parent cert. The other case introduces the notion of a join
>> into the RPKI tree structure. This latter case was extensively criticized during the
>> SIDR WG meeting, by a number of folks. I suggest that case not be part of a new WG
>> doc at this time.

I did read the doc carefully, and we exchanged a few very detailed 
messages in mid-February,
prior to the SIDR meeting in London. But, that was a few months ago, and 
I conflated your
briefing at that meeting (specifically slide 15) with the text of the 
document.
My bad.
> I would be grateful for the precise reference in the "candidate doc" you talk about
> to the concept of a "join". I looked though draft-huston-rpki-validation-01.txt, and
> maybe I missed something incredibly obtuse and well buried in the whitespace, but I
> couldn't find any such reference in this document. Are you perhaps performing a critique
> of some other draft in this rather lengthy message and not in fact referring to
> draft-huston-rpki-validation-01.txt at all?
you're right; As noted above, I was referring to slide 15 in your 
briefing at
the SIDR meeting (a briefing on the doc in question, hence my confusion).
> The description of the first case is also inappropriately informal - the alternative view
> described in the draft is that a relying party can consider a certificate to be valid
> with respect to only those resources that are contained in all certificates that form
> the validation path. Perhaps the subtle difference in your description might be the
> cause of your evident discomfort with what you believe is contained in this document.
The "algorithm" in the I-D, Section 3.2, describes validity in terms of a
"specific resource". The definition of the phrase specific resource is 
vague,
at best. It made sense if one assumed that the specific resource was 
contained in
an EE or CA) since that would avoid declaring a superior CA cert as 
invalid if an
RP did not try to evaluate such a cert. But, for the incremental, top 
down CA
cert eval process, there is no indication of how one should determine a 
specific
resource. Your slides were better ion this point, suggesting that one 
construct
the set of valid resources as part of the cert path evaluation process. 
But, you
noted that my criticism of the "join" aspect of you design was 
inaccurate, because
it is not in the doc in question, so, equivalently, the improved 
description of
the proposed path validation alg in youyr slides ought not be in scope 
either :-).
> I think a careful read of section 2 of this draft adequately addresses why your proposal for
> additional operational procedures in point 1 of your note seems to be well wide of addressing the issues
> described in the draft.
I agree that my suggested CA practices represent a deviation from the 
mechanism you
are tryign to describe. But, if the WG is to consider revising path 
validation
based on the concerns you cite, then it makes sense to ask whether RIR 
CAs, in particular,
are doing what could already be done to avoid the problems in question. 
If not, then it
seems somewhat premature to impose significant changes on all RPs when 
CAs are not
doing what they could to address this potential problem. I'm not saying 
that we
ought not consider your proposal, but let's try to avoid the problem 
with easy,
prudent behavior by CAs, first.
> The assertion in point 3 that this is "not viable" I interpret as one opinion, most likely one held
> by yourself. Obviously there are other opinions and perspectives on this matter, and this draft
> describes such a different perspective and also includes the motivation behind it. I would recommend
> that perhaps this conversation would benefit from such a careful reading of the draft in question.
As I noted, and as you well know, I read the draft carefully and sent a 
couple of long messages to
you, cc'd to the WG chairs, on 2/13 and 14. The perspective of the I-D 
is not the issue; the issue is that it is imprecise on a number of 
important points. It is not a rigorous description of a proposal. Of 
course there are other opinions; there always are in the IETF.

Steve

v2.23.0 | Report a Bug | By Email