Re: [sidr] draft-ietf-sidr-repos-struct to Standards Track

Sandra Murphy <Sandra.Murphy@sparta.com> Tue, 19 July 2011 14:44 UTC

Return-Path: <Sandra.Murphy@cobham.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CC6C421F8698 for <sidr@ietfa.amsl.com>; Tue, 19 Jul 2011 07:44:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.867
X-Spam-Level:
X-Spam-Status: No, score=-101.867 tagged_above=-999 required=5 tests=[AWL=0.732, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GqCSeg-SvQSo for <sidr@ietfa.amsl.com>; Tue, 19 Jul 2011 07:44:39 -0700 (PDT)
Received: from M4.sparta.com (M4.sparta.com [157.185.61.2]) by ietfa.amsl.com (Postfix) with ESMTP id 48CF721F8658 for <sidr@ietf.org>; Tue, 19 Jul 2011 07:44:39 -0700 (PDT)
Received: from Beta5.sparta.com (beta5.sparta.com [157.185.63.21]) by M4.sparta.com (8.13.5/8.13.5) with ESMTP id p6JEfp6M009014; Tue, 19 Jul 2011 09:41:51 -0500
Received: from mailbin2.ads.sparta.com (mailbin.sparta.com [157.185.85.6]) by Beta5.sparta.com (8.13.8/8.13.8) with ESMTP id p6JEfpxY027598; Tue, 19 Jul 2011 09:41:51 -0500
Received: from SMURPHY-LT.columbia.ads.sparta.com ([157.185.81.116]) by mailbin2.ads.sparta.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.4675); Tue, 19 Jul 2011 10:41:50 -0400
Date: Tue, 19 Jul 2011 10:41:50 -0400
From: Sandra Murphy <Sandra.Murphy@sparta.com>
To: Terry Manderson <terry.manderson@icann.org>
In-Reply-To: <CA4BBB06.17F28%terry.manderson@icann.org>
Message-ID: <Pine.WNT.4.64.1107191040380.6484@SMURPHY-LT.columbia.ads.sparta.com>
References: <CA4BBB06.17F28%terry.manderson@icann.org>
X-X-Sender: sandy@mailbin.sparta.com
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"; format="flowed"
X-OriginalArrivalTime: 19 Jul 2011 14:41:50.0672 (UTC) FILETIME=[FEA0D500:01CC4621]
Cc: "draft-ietf-sidr-repos-struct@tools.ietf.org" <draft-ietf-sidr-repos-struct@tools.ietf.org>, sidr wg list <sidr@ietf.org>
Subject: Re: [sidr] draft-ietf-sidr-repos-struct to Standards Track
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Jul 2011 14:44:39 -0000

On Tue, 19 Jul 2011, Terry Manderson wrote:

>
> On 19/07/11 9:15 PM, "Randy Bush" <randy@psg.com> wrote:
>
>>> I think there is an easier way, as already suggested. Add the object
>>> type to the manifest in FileandHash.
>>>
>>> 1) the rescert points to the publication point and manifest
>>> 2) the manifest is mandatory
>>> 3) the manifest is signed
>>> 4) the manifest is nicely(?) readable ASN.1
>>
>> so move the deck chairs from coding the type in a directory maintained
>> by the operating system to one the spec and the programmers write and
>> maintain?  big win there, eh?
>
> The win is to eliminate a threat that has already been identified on the
> list.

I see that someone else has already responded to this statement, but I'd 
like to chime in that I'd like to see an explicit statement of the threat 
and how the OID mechanism you suggest would counter it.

--Sandy, speaking as wg chair