[sidr] New draft on separating validation from object retrieval
Tim Bruijnzeels <tim@ripe.net> Fri, 09 November 2012 13:24 UTC
Return-Path: <tim@ripe.net>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D32CD21F8538 for <sidr@ietfa.amsl.com>; Fri, 9 Nov 2012 05:24:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.074
X-Spam-Level:
X-Spam-Status: No, score=-2.074 tagged_above=-999 required=5 tests=[AWL=-0.526, BAYES_00=-2.599, HTML_MESSAGE=0.001, SARE_TOWRITE=1.05]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LUcgmQY9v+oU for <sidr@ietfa.amsl.com>; Fri, 9 Nov 2012 05:24:15 -0800 (PST)
Received: from postgirl.ripe.net (postgirl.ipv6.ripe.net [IPv6:2001:67c:2e8:11::c100:1342]) by ietfa.amsl.com (Postfix) with ESMTP id B55A521F862A for <sidr@ietf.org>; Fri, 9 Nov 2012 05:24:14 -0800 (PST)
Received: from dodo.ripe.net ([193.0.23.4]) by postgirl.ripe.net with esmtps (TLSv1:AES256-SHA:256) (Exim 4.72) (envelope-from <tim@ripe.net>) id 1TWoZ9-0003RT-VQ for sidr@ietf.org; Fri, 09 Nov 2012 14:24:13 +0100
Received: from cat.ripe.net ([193.0.1.249] helo=[IPv6:::1]) by dodo.ripe.net with esmtp (Exim 4.72) (envelope-from <tim@ripe.net>) id 1TWoZ9-0004ff-Kx for sidr@ietf.org; Fri, 09 Nov 2012 14:24:11 +0100
From: Tim Bruijnzeels <tim@ripe.net>
Content-Type: multipart/alternative; boundary="Apple-Mail=_81D686EC-E04E-40BB-A7AD-5AF2BDDA8A65"
Message-Id: <191C8370-A074-4B58-9BB5-47EACC92FBF0@ripe.net>
Date: Fri, 09 Nov 2012 08:24:09 -0500
To: "sidr@ietf.org" <sidr@ietf.org>
Mime-Version: 1.0 (Mac OS X Mail 6.2 \(1499\))
X-Mailer: Apple Mail (2.1499)
X-Anti-Virus: Kaspersky Anti-Virus for Linux Mail Server 5.6.48/RELEASE, bases: 20120425 #7816575, check: 20121109 clean
X-RIPE-Spam-Level: --
X-RIPE-Spam-Report: Spam Total Points: -2.2 points pts rule name description ---- ---------------------- ------------------------------------ -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP -0.4 RP_MATCHES_RCVD Envelope sender domain matches handover relay domain 1.1 SARE_TOWRITE BODY: Contains phrasing used by spammers -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] 0.0 HTML_MESSAGE BODY: HTML included in message
X-RIPE-Signature: 784d7acfe6559f2a0b602ec6519a071988b5c8488e81d2500c51b0b2cf969759
Subject: [sidr] New draft on separating validation from object retrieval
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Nov 2012 13:24:16 -0000
Hi all, I have already had some informal discussions about this and decided to write our ideas up in a informational draft: http://www.ietf.org/internet-drafts/draft-tbruijnzeels-sidr-validation-local-cache-00.txt I will do a short talk on this during today's sidr session to explain the background. Further discussion can then be done on list. For the impatient, the gist: In our view this approach demonstrates a way to do top-down RPKI validation that is independent from *where* objects were retrieved and thus it is useful when thinking about multiple publication points, or alternative ways to fetch or share unvalidated objects. The main question for the working group is wether we're willing to change the way RPs can handle manifest, i.e. MAY they treat them as authoritative sources to walk down the rpki tree? Cheers Tim
- [sidr] New draft on separating validation from ob… Tim Bruijnzeels