Re: [sidr] adverse actions -01 posted
Stephen Kent <kent@bbn.com> Wed, 27 July 2016 17:38 UTC
Return-Path: <kent@bbn.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E2CC412D0FD for <sidr@ietfa.amsl.com>; Wed, 27 Jul 2016 10:38:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.487
X-Spam-Level:
X-Spam-Status: No, score=-5.487 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-1.287, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4Huu5VAVLGnX for <sidr@ietfa.amsl.com>; Wed, 27 Jul 2016 10:38:57 -0700 (PDT)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.0.80]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F064612D0E6 for <sidr@ietf.org>; Wed, 27 Jul 2016 10:38:56 -0700 (PDT)
Received: from ssh.bbn.com ([192.1.122.15]:51258 helo=COMSEC.fios-router.home) by smtp.bbn.com with esmtp (Exim 4.77 (FreeBSD)) (envelope-from <kent@bbn.com>) id 1bSSnG-000MSN-Hc; Wed, 27 Jul 2016 13:38:54 -0400
From: Stephen Kent <kent@bbn.com>
To: Randy Bush <randy@psg.com>
References: <76dad5c8-114a-19fe-6fc2-cf3c45e0f666@bbn.com> <227BF007-90BD-4301-A349-FC01A1A5969A@ripe.net> <c9243c24-e976-c234-01c7-110c768ba0b6@bbn.com> <m2zip43s0q.wl%randy@psg.com>
Message-ID: <afb4f8dc-3e29-c8fe-f8fe-2d7b2fcd7a1f@bbn.com>
Date: Wed, 27 Jul 2016 13:38:54 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:45.0) Gecko/20100101 Thunderbird/45.2.0
MIME-Version: 1.0
In-Reply-To: <m2zip43s0q.wl%randy@psg.com>
Content-Type: multipart/alternative; boundary="------------C3891FEAD8E18829E0111099"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidr/BxBanqzADBO94SYJDy5CHjKqim4>
Cc: sidr <sidr@ietf.org>
Subject: Re: [sidr] adverse actions -01 posted
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Jul 2016 17:39:00 -0000
Randy, I read your comments carefully, and I'm puzzled by several of them. Your said, for example: > and what tim, and others, are trying to say is that exactly those > meanings are inappropriate. we do not really know intent, contracts, > and business/social context. the introduction says: Thus this document examines the implications of adverse actions with respect to INRs irrespective of the cause of the actions. That text was trying to indicate that , for example, nothing to do with whether an action is adverse. But, I have revised the intro to make this clearer. > i picked the first example of an 'adverse action' in your document and > explained how it can be normal operations (and it is said you have fixed > it, tyvm). i had hopes you would induce. Your comments persuaded me to revise the text in question and to note that not all examples of competing ROAs or certs represent adverse actions. That, IMHO, was an appropriate and adequate change. You didn't say that you found the term "adverse" to be a problem. > tim made a fair suggeston of a lighter word. Tim offered no suggestion for a different term, which is not helpful. Moreover, his tone communicated bias and defensiveness, which is also not helpful. Nonetheless, I have revised the introduction to address the cited concerns, but I have not adopted a new term, because: - it's reasonable, if one understands the definition - nobody has offered any alternative, much less a better alternative, that encompasses the full range of actions that may be he result of errors, attacks, etc. Steve -------- 1.Introduction In the context of this document, any change to the Resource Public Key Infrastructure (RPKI) [RFC6480] that modifies the set of Internet Numeric Resources (INRs) associated with an INR holder, and that is contrary to the holder's wishes, is termed "adverse". An action that results inan adverse charge (as defined above), may be the result of an attack on a CA [RFC7132], an error by a CA, or an error by or an attack on a repository operator. *Note that the CA that allocated the affected INRs may be acting in accordance with established policy, and thus the change may be legally justified, even though viewed as adverse by the INR holder. This document examines the implications of adverse actions with respect to INRs irrespective of the cause of the actions.* Additionally, when a ROA or router certificate is created that "competes" with an existing ROA or router certificate (respectively), the creation of the new ROA or router certificate may be adverse.(A newer ROA competes with an older ROA if the newer ROA points to a different ASN, contains the same or a more specific prefix, and is issued by a different CA.A newer router certificate competes with an older router certificate if the newer one contains the same ASN a different public key, and is issued by a different CA.)Note that transferring resources, or changing of upstream providers may yield competing ROAs and/or router certificates, under some circumstances. Thus not all instances of competition are adverse actions. As noted above, adverse changes to RPKI data may arise due to several types of causes. A CA may make a mistake in managing the RPKI objects it signs, or it may be subject to an attack. If an attack allows an adversary to use the private key of that CA to sign RPKI objects, then the effect is analogous to the CA making mistakes. There is also the possibility that a CA or repository operator may be subject to legal measures that compel them to make adverse changes to RPKI data.In many cases, such actions may be hard to distinguish from mistakes or attacks, other than with respect to the time required to remedy the adverse action.(Presumably the CA will take remedial action when a mistake or an attack is detected, so the effects are similar in these cases. If a CA has been legally compelled to effect an adverse change, remediation will likely not be swift.) This document analyzes the various types of actions by a CA (or independent repository operator) that can adversely affect the INRs associated with that CA, as well as the INRs of subordinate CAs.The analysis is based on examination of the data items in the RPKI repository, as controlled by a CA (or independent repository operator) and fetched by Relying Parties (RPs).The analysis is done from the perspective of an affected INR holder.
- Re: [sidr] adverse actions -01 posted Tim Bruijnzeels
- Re: [sidr] adverse actions -01 posted Tim Bruijnzeels
- [sidr] adverse actions -01 posted Stephen Kent
- Re: [sidr] adverse actions -01 posted Stephen Kent
- Re: [sidr] adverse actions -01 posted Randy Bush
- Re: [sidr] adverse actions -01 posted Stephen Kent
- Re: [sidr] adverse actions -01 posted Matthias Waehlisch
- Re: [sidr] adverse actions -01 posted Stephen Kent
- Re: [sidr] adverse actions -01 posted Randy Bush
- Re: [sidr] adverse actions -01 posted Stephen Kent
- Re: [sidr] adverse actions -01 posted Tim Bruijnzeels
- Re: [sidr] adverse actions -01 posted Christopher Morrow
- Re: [sidr] adverse actions -01 posted Sriram, Kotikalapudi (Fed)
- Re: [sidr] adverse actions -01 posted Stephen Kent
- Re: [sidr] adverse actions -01 posted Tim Bruijnzeels
- Re: [sidr] adverse actions -01 posted Declan Ma
- Re: [sidr] adverse actions -01 posted Tim Bruijnzeels
- Re: [sidr] adverse actions -01 posted Stephen Kent
- Re: [sidr] adverse actions -01 posted Randy Bush
- Re: [sidr] adverse actions -01 posted joel jaeggli
- Re: [sidr] adverse actions -01 posted John Curran