Re: [sidr] Terry Manderson's No Objection on draft-ietf-sidr-delta-protocol-07: (with COMMENT)

Rob Austein <sra@hactrn.net> Sat, 11 March 2017 20:53 UTC

Return-Path: <sra@hactrn.net>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 519341295BF; Sat, 11 Mar 2017 12:53:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vM7vTCVoToFc; Sat, 11 Mar 2017 12:53:58 -0800 (PST)
Received: from khatovar.hactrn.net (khatovar.hactrn.net [198.180.150.30]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 29D1B129415; Sat, 11 Mar 2017 12:53:58 -0800 (PST)
Received: from minas-ithil.hactrn.net (c-73-47-197-23.hsd1.ma.comcast.net [73.47.197.23]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "nargothrond.hactrn.net", Issuer "Grunchweather Associates" (not verified)) by khatovar.hactrn.net (Postfix) with ESMTPS id EBC90139A2; Sat, 11 Mar 2017 20:53:56 +0000 (UTC)
Received: from minas-ithil.hactrn.net (localhost [IPv6:::1]) by minas-ithil.hactrn.net (Postfix) with ESMTP id 9E01F5A9836; Sat, 11 Mar 2017 15:53:56 -0500 (EST)
Date: Sat, 11 Mar 2017 15:53:56 -0500
From: Rob Austein <sra@hactrn.net>
To: Tim Bruijnzeels <tim@ripe.net>
In-Reply-To: <C15B021C-48E2-4BA1-94F9-325420E14B10@ripe.net>
References: <148721059915.31454.12790381111112907537.idtracker@ietfa.amsl.com> <47B3699A-B344-4BA5-A131-309A6DF04FBD@ripe.net> <3A008C78-B846-4F8F-A813-C54C276FAEFD@cisco.com> <A3DDD124-EBE6-42AC-B66F-532AF0A5E175@cisco.com> <9DC16A6F-84C6-4E59-9086-3C4EB1A0C05E@ripe.net> <C15B021C-48E2-4BA1-94F9-325420E14B10@ripe.net>
User-Agent: Wanderlust/2.15.5 (Almost Unreal) Emacs/22.3 Mule/5.0 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka")
Content-Type: text/plain; charset=US-ASCII
Message-Id: <20170311205356.9E01F5A9836@minas-ithil.hactrn.net>
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidr/CKQscj2zYKUU_SB54BLStvE_hEQ>
Cc: "sidr@ietf.org" <sidr@ietf.org>, "sidr-chairs@ietf.org" <sidr-chairs@ietf.org>, "morrowc@ops-netman.net" <morrowc@ops-netman.net>, The IESG <iesg@ietf.org>, "sandy@tislabs.com" <sandy@tislabs.com>, "draft-ietf-sidr-delta-protocol@ietf.org" <draft-ietf-sidr-delta-protocol@ietf.org>
Subject: Re: [sidr] Terry Manderson's No Objection on draft-ietf-sidr-delta-protocol-07: (with COMMENT)
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 11 Mar 2017 20:53:59 -0000

[Late response]

At Tue, 28 Feb 2017 15:25:49 +0100, Tim Bruijnzeels wrote:
> > On 27 Feb 2017, at 10:24, Oleg Muravskiy <oleg@ripe.net> wrote:
...
> > In order to allow RRDP in TAL, I think we have to keep the update
> > to RFC7730 in draft-ietf-sidr-delta-protocol, namely this part of
> > the draft:
> 
> While I share my co-author's enthusiasm to update the TAL document,
> I propose to do this as a separate effort so that the delta protocol
> doesn't depend on this. It's not needed by the protocol after all,
> but would help scale access to Trust Anchor certificates.
> 
> Also when we go here I believe we will have to allow HTTPS
> specifically as an alternative scheme. And we may have discussions
> whether it should be allowed in addition or even instead of rsync
> (which I believe may be a lot simpler than phasing out rsync
> everywhere else).

FWIW, I agree with Tim.  See RFC 1925 (5) :)