[sidr] Terry Manderson's Discuss on draft-ietf-sidr-publication-10: (with DISCUSS)

"Terry Manderson" <terry.manderson@icann.org> Wed, 18 January 2017 06:29 UTC

Return-Path: <terry.manderson@icann.org>
X-Original-To: sidr@ietf.org
Delivered-To: sidr@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 8918F120727; Tue, 17 Jan 2017 22:29:50 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: "Terry Manderson" <terry.manderson@icann.org>
To: "The IESG" <iesg@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 6.40.3
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <148472099055.32074.3466420839397217706.idtracker@ietfa.amsl.com>
Date: Tue, 17 Jan 2017 22:29:50 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidr/ILAouFzMfx8D8a7UI1iRCvueM_w>
Cc: morrowc@ops-netman.net, sidr-chairs@ietf.org, draft-ietf-sidr-publication@ietf.org, sidr@ietf.org
Subject: [sidr] Terry Manderson's Discuss on draft-ietf-sidr-publication-10: (with DISCUSS)
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.17
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Jan 2017 06:29:50 -0000

Terry Manderson has entered the following ballot position for
draft-ietf-sidr-publication-10: Discuss

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)

Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.

The document, along with other ballot positions, can be found here:


Updating after reading sidr-oob-setup-06.

I see that the publisher wins as per Section 5.2.4

My original discuss us below, so you may omit the concern about
negotiating the URI. The remainder stands.


Thanks for finally bringing this protocol forward.

I support Alissa's and Alexey's concerns.

I only have one discuss for this draft.

Looking at section 4, operational considerations I was expecting to see a
review of any considerations as to how this protocol works, the
interaction between the layers of HTTP, CMS, and XML and any
implementation differences/difficulties that exist between the 2 known
implementations. Instead there is a discussion on laying out the
repository structure under the mandatory to implement _retrieval_
mechanism (RSYNC) and the nuances of RSYNC itself. This appears to be
misplaced as the protocol (HTTP/CMS/XML) interactions here are simply
about publication from a certificate authority operator to a repository
operator, and in that space surely the publication protocol (this doc) is
agnostic to the exact repo structure.

In both a database world (not a file based one) and where multiple RPKI
fetch mechanisms (rsync, http, torrent, etc ...) are used, how is the
exact URI meaningful for sidr-publication? There might be a deeper
problem here regarding any potential collisions and negotiation of the
URI space between the certificate authority operator and the publication
repository operator. (sure, in a situation where Alice does both, no
problem.) So you may wish to address issues like that in the operational
considerations section as opposed to dealing with RSYNC (in)efficiencies.