Re: [sidr] draft-ymbk-rpki-grandparenting-00.txt

Andrei Robachevsky <> Fri, 29 June 2012 15:05 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id EFAEF21F8697 for <>; Fri, 29 Jun 2012 08:05:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id he5hP29DeSqG for <>; Fri, 29 Jun 2012 08:05:46 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id A489121F86C1 for <>; Fri, 29 Jun 2012 08:05:45 -0700 (PDT)
Received: by eaaq13 with SMTP id q13so1631614eaa.31 for <>; Fri, 29 Jun 2012 08:05:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:x-enigmail-version:content-type :content-transfer-encoding; bh=FnCJe6B/e7rV2IPRCV7emX++sBaG/IMpX/ukZabkyrg=; b=o2mBMTpdhX8bnm/MmvrMWUPlkC8Ogqok8bveRQStIedZQwL9paZD+Z+IyF9FshkbYC 9H4Ul/Gj/5CqU0IJwGiqmFC9viEG3brtnl90ZC35LuWCBmFFFdV4tsTrIKRTJ6IwrCbD ehCaag2VmU0w7AZMHmppfzkKF6HibgVulCt5OMIrladtmPJCtWLrdE9fZiKBfOnCU622 3WyigCLhaBdGwlMDVV7s4ut4d/BEvB+7pI24vsW/seJySWyL13aIZiqDX+XTYXATJAZy AQ594pyDsMKdHUTYtjM/J3eT+u8MRRVzX9txXnMVFsweUVjV32MDg2jLFvHf9OJkcxTs zMGg==
Received: by with SMTP id p10mr760623eef.110.1340982344723; Fri, 29 Jun 2012 08:05:44 -0700 (PDT)
Received: from Andrei-Robachevskys-MacBook-Air.local ( []) by with ESMTPS id m46sm8736094eeh.9.2012. (version=SSLv3 cipher=OTHER); Fri, 29 Jun 2012 08:05:43 -0700 (PDT)
Message-ID: <>
Date: Fri, 29 Jun 2012 17:05:41 +0200
From: Andrei Robachevsky <>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:13.0) Gecko/20120614 Thunderbird/13.0.1
MIME-Version: 1.0
To: Randy Bush <>
References: <> <>
In-Reply-To: <>
X-Enigmail-Version: 1.4.2
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: sidr wg list <>
Subject: Re: [sidr] draft-ymbk-rpki-grandparenting-00.txt
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 29 Jun 2012 15:05:47 -0000

Hash: SHA1

Hi Randy,

Randy Bush wrote on 06/06/2012 16:00:
> Abstract: There are circumstances in RPKI operations where a
> resource holder&#39;s parent may not be able to, or may not choose
> to, facilitate full and proper registration of the holder&#39;s
> data.  As in real life, the holder may form a relationship to their
> grandparent who is willing to aid the grandchild.  This document
> describes simple procedures for doing so.

The procedures make sense, but I am still trying to figure out what
the draft is trying to recommend.

Surely, what is described is technically possible, but it gives RPs no
clue if the procedures were followed. In fact, what a RP may see would
not be "congruent with the number resource allocation framework" [CP].

IMO a clean implementation would necessarily entail punching a hole in
C's certificate. But this is not what the draft recommends.

Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
Comment: Using GnuPG with Mozilla -