Re: [sidr] WGLC for draft-ietf-sidr-slurm-04
Christopher Morrow <morrowc.lists@gmail.com> Tue, 20 June 2017 15:55 UTC
Return-Path: <christopher.morrow@gmail.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 40FDA131458; Tue, 20 Jun 2017 08:55:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T_VMR6x46aM4; Tue, 20 Jun 2017 08:55:52 -0700 (PDT)
Received: from mail-qt0-x234.google.com (mail-qt0-x234.google.com [IPv6:2607:f8b0:400d:c0d::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E7CFA131A91; Tue, 20 Jun 2017 08:52:54 -0700 (PDT)
Received: by mail-qt0-x234.google.com with SMTP id w1so136179182qtg.2; Tue, 20 Jun 2017 08:52:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=rJg56xscWiJFG0bQcEkSKNR5TgkYeyh9mGp6y6A/JK0=; b=jsOODCZMCt1cO99PNY61gZWqgcEeMEclOZ6TlGuN1RN26g+woPAXaFrtIpaC91lc+m 1swGKsiADjcPjGMhKqvyPnRY7acZrTSewbnPkIsq1um099oXfSvAhzo/NUox3RTpELzK Ill35ML42MTpIGpsvTYTqlQPBZUBu01RlL4sBDQAAxOl26Jce7eKXHXoePimn3n//fCe UCcAce0hMJIopn3srqP3Z7abN4Ds7KgaNiQaqa2ccY4GAmL/H+tnQu4lAk1mCdapkTJF qRWFKhl+pxbMjBHPHKxJIaFuW25amAkEwJQmCYXvPIPeJ88DOhVRwliVw1KGL6W19j1B Vpnw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=rJg56xscWiJFG0bQcEkSKNR5TgkYeyh9mGp6y6A/JK0=; b=Fr0G4uVU8pHEmZYT66WBSOhOKwLxKk6zMp2MBOX2tDm+ECZRSOEkg+fbwX/DqfS3lC 9FVU+duBT1RPdyb41jEXAnAl9LDjvKFXhOVxLETqtEjl6xCdWDGMxnTk0yJBpA/oGoQ4 YTF0gv67Bb98h815yDND89c/mZQ38LqygGmOOIs7EWHshCOh7jpLiFZfqGtV07/04zyR aFFXb4+Mwj56VlvGsl4Uaka/DdlL74dzEbpKuuQgsPp0r1QGn8vUu9NPS72TCaEbJEt3 zK32IJm6DBxH5zTR6Sw58S913Lc7U9PzAIdIXfo7RV/7Y/tNQNLGBjpDDPkGiB7I26F3 e67Q==
X-Gm-Message-State: AKS2vOwWRIk3+b5E9wmTWNJQrrRxy0N0+pOxbPCA5uJNaXGJeFMm2VJ6 wAonnq0XyDyc/h6pl9lUtL/ACVib2g==
X-Received: by 10.237.44.101 with SMTP id f92mr36522756qtd.150.1497973974065; Tue, 20 Jun 2017 08:52:54 -0700 (PDT)
MIME-Version: 1.0
Sender: christopher.morrow@gmail.com
Received: by 10.140.86.106 with HTTP; Tue, 20 Jun 2017 08:52:53 -0700 (PDT)
In-Reply-To: <FE73D619-1368-4A22-8FB1-D310F277D731@ripe.net>
References: <801A5228-4DF6-4882-A2A9-77B9BAD58871@tislabs.com> <FE73D619-1368-4A22-8FB1-D310F277D731@ripe.net>
From: Christopher Morrow <morrowc.lists@gmail.com>
Date: Tue, 20 Jun 2017 11:52:53 -0400
X-Google-Sender-Auth: yqsMaB5Cjmd516Gsume_jkXaRbk
Message-ID: <CAL9jLaYv-RZz8rzDy9XpjAsuVV4tFtxO33-0OjLQo2J00R60GA@mail.gmail.com>
To: Tim Bruijnzeels <tim@ripe.net>
Cc: Sandra Murphy <sandy@tislabs.com>, sidr chairs <sidr-chairs@ietf.org>, sidr <sidr@ietf.org>
Content-Type: multipart/alternative; boundary="94eb2c0615fc9b671a0552663e85"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidr/AlxT7Ejr1k2AjpZSCRyzzSyTunI>
Subject: Re: [sidr] WGLC for draft-ietf-sidr-slurm-04
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Jun 2017 15:55:54 -0000
Howdy WG folks. this seems to not have gotten much review (after the authors changed a bunch).. can we get some readin/reviewin/commentin going on here please? :) On Mon, Apr 17, 2017 at 2:06 PM, Tim Bruijnzeels <tim@ripe.net> wrote: > Dear WG > > One thing the authors noted was that there may be discussion needed around > the filtering of BGPSec assertions based on matching SKI - as the document > currently says. This was added mainly in an attempt to make the spec > feature complete and give an operator full freedom on filter rules. > > SKIs use SHA-1. And recently it has been shown that SHA-1 collisions can > be generated. This could lead one to believe that filtering of assertions > based on a SKIs may not be a good idea. However, it should be noted that > such collisions are probably irrelevant here. A ‘malicious' CA can always > issue another router certificate for an existing (and requested) router > certificate SKI and public key. So ‘collisions’ can exist anyway and a more > secure hashing algorithm would not help. > > The more fundamental question here is if it is really useful to have > filtering based on the key itself - and if so - should it be possible to > filter on the key alone (as the draft allows) or only in combination with > an asserted ASN for that key (also allowed in this draft)? > > As said it was mainly added for feature completeness, but it would be good > to hear from this WG what the thoughts are. Personally I don’t see a big > issue here - and would leave it to operators to use the options as they see > fit. But if there are concerns and there is no clear use case then I for > one would be happy to take it out again in which case BGPSec assertions can > only be filtered on matching ASN. > > Cheers > Tim > > > On 10 Apr 2017, at 17:49, Sandra Murphy <sandy@tislabs.com> wrote: > > > > The authors of draft-ietf-sidr-slurm-04, "Simplified Local internet > nUmber Resource Management with the RPKI”, have indicated that they believe > the current version includes all wg comments and is mature and ready for > working group last call. > > > > This message starts a WGLC for draft-ietf-sidr-slurm-04. The WGLC will > end 24 April 2017. > > > > The draft can be found at https://tools.ietf.org/html/ > draft-ietf-sidr-slurm-04 or https://datatracker.ietf.org/ > doc/draft-ietf-sidr-slurm/. > > > > Please reply to the list whether the document is ready for publication > or you have comments that you think should be addressed. > > > > Please do read and respond to the list. Remember that responses are > required to gauge consensus, silence is not consent. > > > > —Sandy, speaking as wg co-chair > > _______________________________________________ > > sidr mailing list > > sidr@ietf.org > > https://www.ietf.org/mailman/listinfo/sidr > > _______________________________________________ > sidr mailing list > sidr@ietf.org > https://www.ietf.org/mailman/listinfo/sidr >
- [sidr] WGLC for draft-ietf-sidr-slurm-04 Sandra Murphy
- Re: [sidr] WGLC for draft-ietf-sidr-slurm-04 Tim Bruijnzeels
- Re: [sidr] WGLC for draft-ietf-sidr-slurm-04 Christopher Morrow
- [sidr] once more with feeling! WGLC for draft-iet… Sandra Murphy
- Re: [sidr] once more with feeling! WGLC for draft… Mehmet Adalier
- Re: [sidr] once more with feeling! WGLC for draft… Xialiang (Frank)
- Re: [sidr] once more with feeling! WGLC for draft… xiechf.bri@chinatelecom.cn
- Re: [sidr] once more with feeling! WGLC for draft… Declan Ma
- Re: [sidr] once more with feeling! WGLC for draft… Tim Bruijnzeels
- Re: [sidr] once more with feeling! WGLC for draft… Declan Ma
- Re: [sidr] once more with feeling! WGLC for draft… Tim Bruijnzeels