Re: [sidr] two stranded docuemnts - stake time

Tim Bruijnzeels <tim@ripe.net> Mon, 01 August 2016 14:34 UTC

Return-Path: <tim@ripe.net>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E26F612D6AF for <sidr@ietfa.amsl.com>; Mon, 1 Aug 2016 07:34:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.186
X-Spam-Level:
X-Spam-Status: No, score=-3.186 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-1.287] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VUTC2IMNlhIV for <sidr@ietfa.amsl.com>; Mon, 1 Aug 2016 07:34:11 -0700 (PDT)
Received: from molamola.ripe.net (molamola.ripe.net [IPv6:2001:67c:2e8:11::c100:1371]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4439212D672 for <sidr@ietf.org>; Mon, 1 Aug 2016 07:34:11 -0700 (PDT)
Received: from nene.ripe.net ([193.0.23.10]) by molamola.ripe.net with esmtps (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.84) (envelope-from <tim@ripe.net>) id 1bUEI7-0004wf-3T; Mon, 01 Aug 2016 16:34:04 +0200
Received: from sslvpn.ripe.net ([193.0.20.230] helo=vpn-18.ripe.net) by nene.ripe.net with esmtps (TLSv1:AES256-SHA:256) (Exim 4.72) (envelope-from <tim@ripe.net>) id 1bUEI6-0002b5-RR; Mon, 01 Aug 2016 16:34:02 +0200
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
Content-Type: multipart/alternative; boundary="Apple-Mail=_EDE272FE-7059-4DCB-BE64-39C72ABD52D3"
From: Tim Bruijnzeels <tim@ripe.net>
In-Reply-To: <67f9b7b7-d490-1671-3b30-8c1ab73d2d12@bbn.com>
Date: Mon, 1 Aug 2016 16:34:02 +0200
Message-Id: <78682CEF-7643-47B9-AD73-22ADC3B653C4@ripe.net>
References: <yj9oinvzi8gj.wl%morrowc@ops-netman.net> <87E65996-2ACD-4A3A-8D20-1C7911CBBB72@tislabs.com> <58c60c65-b96c-4984-4ba4-4d4e64e51538@bbn.com> <yj9ofur2iqgd.wl%morrowc@ops-netman.net> <m28twudtww.wl%randy@psg.com> <CAL9jLab9Zaz1UjJfjJNmjU3FcMkF+mSYKLj7VGKEydK0FKOjJg@mail.gmail.com> <4866b582-0016-2136-1dc6-e95946eeff78@bbn.com> <99F55C95-7589-4594-B1B1-8988682FBB46@ripe.net> <67f9b7b7-d490-1671-3b30-8c1ab73d2d12@bbn.com>
To: Stephen Kent <kent@bbn.com>
X-Mailer: Apple Mail (2.3124)
X-ACL-Warn: Delaying message
X-RIPE-Spam-Level: --------
X-RIPE-Spam-Report: Spam Total Points: -8.8 points pts rule name description ---- ---------------------- ------------------------------------ -7.5 ALL_TRUSTED Passed through trusted hosts only via SMTP -1.3 RP_MATCHES_RCVD Envelope sender domain matches handover relay domain 0.0 HTML_MESSAGE BODY: HTML included in message -0.0 BAYES_20 BODY: Bayes spam probability is 5 to 20% [score: 0.0908]
X-RIPE-Signature: 784d7acfe6559f2a0b602ec6519a0719f2d3dea43be4a524f36ced4a031d1f2c
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidr/CuLG9wBx3nLqJErTLtgjJxn3jp4>
Cc: Chris Morrow <morrowc@ops-netman.net>, sidr <sidr@ietf.org>
Subject: Re: [sidr] two stranded docuemnts - stake time
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Aug 2016 14:34:16 -0000

Steve,


> On 01 Aug 2016, at 14:42, Stephen Kent <kent@bbn.com> wrote:
> 
> Tim,
> 
> 
>> 
>> Although I appreciate that Randy is trying to explain the case in terms anyone can understand, it would be preferable to keep it general.
> agreed.
>> 
>>> (Including a parenthetical note about the historical precedent of a Dutch court order involving RIPE is relevant and might be included.)
>> 
>> If there was such a precedent, but there isn't. I have raised this before, but again...
> I am familiar with the incident. While it is true that the court did not order RIPE to do anything with RPKI data, the precedent it set has often been cited as an indication of what might happen in the future. That's why the adverse actions document identifies the following cause for some types of actions:
> There is also the possibility that a CA or repository operator may be subject to legal measures that compel them to generate "bogus" signed objects or remove legitimate repository data.
> This is the sort of more formal language I have encouraged Randy to use in the LTA use cases doc, to no avail.

You will notice that I did NOT object to this being raised as a possibility as such.

I object to presenting a different case altogether as a precedent to support the impression that it's not a question of if, but when this will happen.

This is not constructive.

It would be lot more constructive to explain to law enforcers how such an action would be ineffective, and ultimately counter productive. Wording like this might help:

    Law enforcement would be ill-advised to take this cause of action as it will degrade the trust that
    operators place in the global RPKI. Not only can operators use local policy to circumvent the "bogus"
    objects - making it an ineffective measure, abuse of this power will also lead to operators choosing
    not to use RPKI at all. This in turn will mean that critical internet infrastructure will remain
    vulnerable to hijacks.

In short it should be made clear to "law enforcement" that there is no precedent, and that this is very much against their own interests. If they want to ban some traffic, there are much more reliable methods at their disposal, with much less collateral damage.

Tim