IETF Logo Mail Archive

Re: [sidr] I-D Action: draft-ietf-sidr-rpsl-sig-06.txt

Andrei Robachevsky <andrei.robachevsky@gmail.com> Wed, 04 March 2015 00:32 UTC

Return-Path: <andrei.robachevsky@gmail.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 08E951A1BE8 for <sidr@ietfa.amsl.com>; Tue, 3 Mar 2015 16:32:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RpP6E4H7Rkkj for <sidr@ietfa.amsl.com>; Tue, 3 Mar 2015 16:32:26 -0800 (PST)
Received: from mail-pa0-x232.google.com (mail-pa0-x232.google.com [IPv6:2607:f8b0:400e:c03::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8053F1A1BD7 for <sidr@ietf.org>; Tue, 3 Mar 2015 16:32:26 -0800 (PST)
Received: by padfa1 with SMTP id fa1so22360406pad.3 for <sidr@ietf.org>; Tue, 03 Mar 2015 16:32:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type; bh=KTbP7mc3ewCqQnLsUmDn7jSPJsgj6DISroXkR3yHDXQ=; b=NggaFdHeRzoBfgYw6iFjzE1PKSwfJz6+8XnD23Gs/KhKwpjn91Xt78S1IrL9AOmUvG sLHypt/9VZEf3CvNKm18iNLKNKj9Zxp43ICCQXY/SbZkfxKQG4g3Wi6tJlXMcTkI4gZz z3GCOsXFDfdGbotc13f10ha8D4qgnI2eSyB54F9QcDo1TcRHtv80hb4TPZ2DziTNTmfF 8JNBJQ8dICkAyYjaBEq+1KuoGVM4x951HlmKco7TPwX+KJuLnUQcvHGf6WadBa3fGI1c 8Y9HOxubjB1rOz2ySV8lQG78fOExNKxJp8uZG/cE9VAAWEJRmjte0U6hQWzQ3Zx13Wz1 CYWQ==
X-Received: by 10.66.146.6 with SMTP id sy6mr2208852pab.150.1425429145457; Tue, 03 Mar 2015 16:32:25 -0800 (PST)
Received: from ISOC-A1FD58.local (fw.jfa07.roonets.jp. [61.206.20.162]) by mx.google.com with ESMTPSA id z9sm2164514par.6.2015.03.03.16.32.23 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 03 Mar 2015 16:32:24 -0800 (PST)
Message-ID: <54F65293.3090405@gmail.com>
Date: Wed, 04 Mar 2015 01:32:19 +0100
From: Andrei Robachevsky <andrei.robachevsky@gmail.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:31.0) Gecko/20100101 Thunderbird/31.4.0
MIME-Version: 1.0
To: Stephen Kent <kent@bbn.com>, sidr@ietf.org
References: <20141126164443.26069.29089.idtracker@ietfa.amsl.com> <54760513.2050709@innovationslab.net> <54F5E16D.9020002@bbn.com>
In-Reply-To: <54F5E16D.9020002@bbn.com>
Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="2tLtBlM2cN6NeCr7qEc3p0nlI8LOhqXsP"
Archived-At: <http://mailarchive.ietf.org/arch/msg/sidr/OXWftzw7vC-EEDjbKQRG0Ya-rMU>
Subject: Re: [sidr] I-D Action: draft-ietf-sidr-rpsl-sig-06.txt
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Mar 2015 00:32:28 -0000

Stephen Kent wrote on 03/03/15 17:29:
> I worry that accommodating multiple signatures will cause confusion for
> RPs. One would need to specify what to do if one sig fails, but other
> succeed,
> for example.

I think the draft is clear about that, requiring all signatures to be
valid. And if we want to follow the RPSS/RFC2725 approach, then multiple
signatures are needed.

But, it is not entirely clear to me why we need an "o" field and not
just multiple "signature:" attributes in cases when signing by several
parties is required.

Regards,

Andrei

v2.23.0 | Report a Bug | By Email