Re: [sidr] wglc draft-ietf-sidr-policy-qualifiers-00
Geoff Huston <gih@apnic.net> Fri, 23 August 2013 22:04 UTC
Return-Path: <gih@apnic.net>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F2D8111E8123 for <sidr@ietfa.amsl.com>; Fri, 23 Aug 2013 15:04:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -99.443
X-Spam-Level:
X-Spam-Status: No, score=-99.443 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_NET=0.611, RDNS_NONE=0.1, RELAY_IS_203=0.994, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C8CNik2U+1ui for <sidr@ietfa.amsl.com>; Fri, 23 Aug 2013 15:03:58 -0700 (PDT)
Received: from ao-mailgw.apnic.net (ao-mailgw.apnic.net [IPv6:2001:dd8:b:98::120]) by ietfa.amsl.com (Postfix) with SMTP id 4846B11E8127 for <sidr@ietf.org>; Fri, 23 Aug 2013 15:03:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=apnic.net; s=c3po; h=received:received:received:content-type:mime-version:subject:from:in-reply-to: date:cc:content-transfer-encoding:message-id:references:to:x-mailer: return-path; bh=vVRdTZNeta2aBlBTeJnC/shq6iQwXqCPv2AtjkbweX8=; b=v4gbEXZyN7wPJLtbh3zKsDLC5Df5higUeDTRbg2yBgXvbzQBw92L7KZGRqPD9eL9NvHUnAHNZ9o+8 B8eQ3GR2lro5WCRlstOurmr/DbkrWEJDOgKE7LXgE3C3oY3KSJvo4uT4MRe2pJjM6D+bQ3wjmXLoHL nMjldrbogOqkyQeg=
Received: from NXMDA1.org.apnic.net (unknown [203.119.101.249]) by ao-mailgw.apnic.net (Halon Mail Gateway) with ESMTP; Sat, 24 Aug 2013 08:02:47 +1000 (EST)
Received: from IAMDA2.org.apnic.net (2001:dd8:a:852::21) by NXMDA1.org.apnic.net (2001:dd8:9:802::11) with Microsoft SMTP Server (TLS) id 14.1.218.12; Sat, 24 Aug 2013 08:03:51 +1000
Received: from [172.31.9.187] (203.119.101.249) by IAMDA2.org.apnic.net (203.119.111.21) with Microsoft SMTP Server (TLS) id 14.1.438.0; Sat, 24 Aug 2013 08:03:49 +1000
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0 (Mac OS X Mail 6.5 \(1508\))
From: Geoff Huston <gih@apnic.net>
In-Reply-To: <24B20D14B2CD29478C8D5D6E9CBB29F6749E7607@CVA-MB002.centreville.ads.sparta.com>
Date: Sat, 24 Aug 2013 08:03:36 +1000
Content-Transfer-Encoding: quoted-printable
Message-ID: <973B0890-766F-4023-8F35-876936E470C6@apnic.net>
References: <EF4348D391D0334996EE9681630C83F0221213C8@xmb-rcd-x02.cisco.com>, <CE0AC78A.26953%andy@arin.net> <24B20D14B2CD29478C8D5D6E9CBB29F6749E7607@CVA-MB002.centreville.ads.sparta.com>
To: "Murphy, Sandra" <Sandra.Murphy@parsons.com>
X-Mailer: Apple Mail (2.1508)
Cc: "sidr@ietf.org" <sidr@ietf.org>
Subject: Re: [sidr] wglc draft-ietf-sidr-policy-qualifiers-00
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Aug 2013 22:04:02 -0000
Wouldn't it be better to note that: As an update to RFC6487, this document broadens the class of certificates that conform to the RPKI profile by explicitly including within the profile those certificates that contain a policy qualifier as described here. Geoff On 24/08/2013, at 4:09 AM, "Murphy, Sandra" <Sandra.Murphy@parsons.com> wrote: > Speaking as working group chair: > > I can't be certain that this indicates a promise to modify the draft or not. Roque, Andy, could you comment? > > If so, a new version is needed and I'll say so on the list. > If not, I'll have to ask for resolution on list. > > Speaking as regular ol' member (and a bit as wg chair, as I'm not clear about the intent of the new text): > > I don't think this text hurts anything, but I am puzzled about the intent. If "all known" implementations comply, why mention the problem? OTOH, it might serve to forestall AD/IESG questions. > > So I agree with Andy's observation, though I'd say a heading "Backward Compatibility Considerations" rather than "Interoperability Considerations" suits the situation better. > > (Apologies - searching for the thread, I found these comments stuck in my draft folder from 17 July.) > > --Sandy > > P.S. > > "strick"->"strict" > "RPKI signed objects" -> "RPKI objects" <because you mean CA certs as well and signed objects might be taken to mean only ROAs and ghostbusters and manifests etc> > "implements"->"include" or "contain" or... > "RP"-> relying party (or you'll have to define the acronym somewhere) > Not sure what ""as in IDR" means. > > ________________________________________ > From: Andy Newton [andy@arin.net] > Sent: Tuesday, July 16, 2013 9:49 AM > To: Roque Gagliano (rogaglia) > Cc: Murphy, Sandra; sidr@ietf.org > Subject: Re: [sidr] wglc draft-ietf-sidr-policy-qualifiers-00 > > This sounds fine to me, though it is really an interoperability > considerations section thingy. The IETF does those now, right? :) > > -andy > > On 7/16/13 4:55 AM, "Roque Gagliano (rogaglia)" <rogaglia@cisco.com> wrote: > >> Thanks Andy. >> >> Do you think we need to add something in the security section about the >> transition? >> >> Something like: >> >> "A RP that performs a strick validation based on RFC6487 and fails to >> support the updates described in this document, would incorrectly >> invalidate RPKI signed objects that implements the changes in Section 2. >> At the time of this writing, all known RP software suites (you can >> mention them as in IDR) were tested and supported the updates on this >> document" >> >> Roque >> >> On Jul 15, 2013, at 7:07 PM, Andy Newton <andy@arin.net> wrote: >> >>> On 7/15/13 10:22 AM, "Roque Gagliano (rogaglia)" <rogaglia@cisco.com> >>> wrote: >>> >>>> Before sending my support to advance to the IESG, I wanted to ask the >>>> author if they have tested the effects of this change on existing RP >>>> tools. Do they really set the certificate as invalid? >>> >>> Yes, we have tested against the three RP suites. One did not require a >>> change while the other two required simple one line changes. Current >>> releases of all three now accommodate it. >>> >>> -andy >>> >> >> > > > _______________________________________________ > sidr mailing list > sidr@ietf.org > https://www.ietf.org/mailman/listinfo/sidr
- [sidr] wglc draft-ietf-sidr-policy-qualifiers-00 Murphy, Sandra
- Re: [sidr] wglc draft-ietf-sidr-policy-qualifiers… Randy Bush
- Re: [sidr] wglc draft-ietf-sidr-policy-qualifiers… George Michaelson
- Re: [sidr] wglc draft-ietf-sidr-policy-qualifiers… Randy Bush
- Re: [sidr] wglc draft-ietf-sidr-policy-qualifiers… Melinda Shore
- Re: [sidr] wglc draft-ietf-sidr-policy-qualifiers… John Curran
- Re: [sidr] wglc draft-ietf-sidr-policy-qualifiers… Melinda Shore
- Re: [sidr] wglc draft-ietf-sidr-policy-qualifiers… John Curran
- Re: [sidr] wglc draft-ietf-sidr-policy-qualifiers… Randy Bush
- Re: [sidr] wglc draft-ietf-sidr-policy-qualifiers… John Curran
- Re: [sidr] wglc draft-ietf-sidr-policy-qualifiers… Robert Loomans
- Re: [sidr] wglc draft-ietf-sidr-policy-qualifiers… Stephen Kent
- Re: [sidr] wglc draft-ietf-sidr-policy-qualifiers… Roque Gagliano (rogaglia)
- Re: [sidr] wglc draft-ietf-sidr-policy-qualifiers… Tim Bruijnzeels
- Re: [sidr] wglc draft-ietf-sidr-policy-qualifiers… Tim Bruijnzeels
- Re: [sidr] wglc draft-ietf-sidr-policy-qualifiers… Andy Newton
- Re: [sidr] wglc draft-ietf-sidr-policy-qualifiers… Andy Newton
- Re: [sidr] wglc draft-ietf-sidr-policy-qualifiers… Tim Bruijnzeels
- Re: [sidr] wglc draft-ietf-sidr-policy-qualifiers… Roque Gagliano (rogaglia)
- Re: [sidr] wglc draft-ietf-sidr-policy-qualifiers… Andy Newton
- Re: [sidr] wglc draft-ietf-sidr-policy-qualifiers… Rob Austein
- Re: [sidr] wglc draft-ietf-sidr-policy-qualifiers… Sean Turner
- Re: [sidr] wglc draft-ietf-sidr-policy-qualifiers… Danny McPherson
- Re: [sidr] wglc draft-ietf-sidr-policy-qualifiers… Murphy, Sandra
- Re: [sidr] wglc draft-ietf-sidr-policy-qualifiers… Geoff Huston
- Re: [sidr] wglc draft-ietf-sidr-policy-qualifiers… Andy Newton
- Re: [sidr] wglc draft-ietf-sidr-policy-qualifiers… Geoff Huston
- Re: [sidr] wglc draft-ietf-sidr-policy-qualifiers… Roque Gagliano (rogaglia)
- Re: [sidr] wglc draft-ietf-sidr-policy-qualifiers… Murphy, Sandra
- Re: [sidr] wglc draft-ietf-sidr-policy-qualifiers… Christopher Morrow