Re: [sidr] Stephen Farrell's No Objection on draft-ietf-sidr-rpki-rtr-rfc6810-bis-08: (with COMMENT)

Stephen Farrell <stephen.farrell@cs.tcd.ie> Thu, 16 February 2017 00:45 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E153712960A; Wed, 15 Feb 2017 16:45:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.302
X-Spam-Level:
X-Spam-Status: No, score=-4.302 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2FuQJeFC8Xnm; Wed, 15 Feb 2017 16:45:09 -0800 (PST)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DD27F129407; Wed, 15 Feb 2017 16:45:08 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 0B9F1BE58; Thu, 16 Feb 2017 00:45:06 +0000 (GMT)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yi8rdNUW7y7J; Thu, 16 Feb 2017 00:45:05 +0000 (GMT)
Received: from [10.87.48.210] (95-45-153-252-dynamic.agg2.phb.bdt-fng.eircom.net [95.45.153.252]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 5A3F7BE51; Thu, 16 Feb 2017 00:45:04 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1487205904; bh=FWZnWsH6w5rvPpo+MlH0OVBM6pXe/LrqUTumyHEbsws=; h=Subject:To:References:Cc:From:Date:In-Reply-To:From; b=Gg1c3nTgpPsZ5P8I+KhJhhJLSPKp3QPvcff1ldHW+FPYPZlY7QurBPgpmFJq7JUB1 TbLY8V2VlkOIgYou6QQRj1+BNZkhVonwjv5CWURsBwQqqx7jnOsEezv430aAU5Xs+B hwuGQH6xCaVRLNWrHFdqDwm7ykZdU171pjPAXbEM=
To: Randy Bush <randy@psg.com>
References: <148720232741.31605.15317084262605753406.idtracker@ietfa.amsl.com> <m237fff06y.wl-randy@psg.com>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Message-ID: <fd195cf6-209b-2575-c7eb-6ae518af0b7f@cs.tcd.ie>
Date: Thu, 16 Feb 2017 00:45:03 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.7.0
MIME-Version: 1.0
In-Reply-To: <m237fff06y.wl-randy@psg.com>
Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="hGCN5ljpumpdFX3Ifnu8heS1h9291h2xe"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidr/F6M9i4hfStEvIk7QKpW3XmGrxos>
Cc: draft-ietf-sidr-rpki-rtr-rfc6810-bis@ietf.org, Chris Morrow <morrowc@ops-netman.net>, sidr-chairs@ietf.org, The IESG <iesg@ietf.org>, sidr@ietf.org
Subject: Re: [sidr] Stephen Farrell's No Objection on draft-ietf-sidr-rpki-rtr-rfc6810-bis-08: (with COMMENT)
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Feb 2017 00:45:11 -0000


On 16/02/17 00:28, Randy Bush wrote:
>> - section 9: What's the background to removing the statement
>> that one of TCP-AO ssh etc SHOULD be used? What is the reality
>> of deployments here? I assume it is not TCP-AO anyway but does
>> TLS or SSH get used?
> 
> TCP-AO never maaterialized.
> 
> off-hand, i can not think of a way to measure who is using what, but i
> have this horrible suspicion it's all "it's all inside our domain of
> control, so let's just run nekkid."

Yeah that's the concern. If the answer was "seems mostly folks
use ssh" (or tls, or ipsec, whatever), I'd have asked if we
could get away with at least a SHOULD-use for that.

Such encouragement would be good IMO, if it's non-fiction.

Cheers,
S.

> 
>> - various places: I think 6810 was correct in using "that" and
>> not "which" in many places. I realise that's a fairly frequent
>> style thing that gets toggled though, but I bet the RFC editor
>> sets a load of those back to "that" :-)
> 
> chicago style.  the rfced and we amuse ourselves over that one.  which
> is why rfced gets the big bucks.
> 
> randy
>