Re: [sidr] AD Review of draft-ietf-sidr-rpki-validation-reconsidered-07

Declan Ma <madi@zdns.cn> Mon, 13 March 2017 06:26 UTC

Return-Path: <madi@zdns.cn>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D2ADF128B37 for <sidr@ietfa.amsl.com>; Sun, 12 Mar 2017 23:26:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UpO0vwfPBD0X for <sidr@ietfa.amsl.com>; Sun, 12 Mar 2017 23:26:57 -0700 (PDT)
Received: from gw1.turbomail.org (gw1.turbomail.org [159.8.83.126]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 791091293F8 for <sidr@ietf.org>; Sun, 12 Mar 2017 23:26:57 -0700 (PDT)
X-TM-DID: ab0815a845e3820d094f20516e42172c
Content-Type: text/plain; charset="gb2312"
Mime-Version: 1.0 (Mac OS X Mail 10.2 \(3259\))
From: Declan Ma <madi@zdns.cn>
In-Reply-To: <yj9ok27upcws.wl%morrowc@ops-netman.net>
Date: Mon, 13 Mar 2017 14:16:59 +0800
Content-Transfer-Encoding: quoted-printable
Message-Id: <6359B4B1-478D-4017-B259-7B60BA55FF39@zdns.cn>
References: <5821A5CF-EFF8-4CE3-9AA4-CFDB9C903D63@cisco.com> <20170311222527.324125ACF21@minas-ithil.hactrn.net> <yj9ok27upcws.wl%morrowc@ops-netman.net>
To: Chris Morrow <morrowc@ops-netman.net>
X-Mailer: Apple Mail (2.3259)
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidr/PuZsmarWuZ0e3q4nkz9fspNA9l8>
Cc: "sidr@ietf.org" <sidr@ietf.org>, "sidr-chairs@ietf.org" <sidr-chairs@ietf.org>, Rob Austein <sra@hactrn.net>, "draft-ietf-sidr-rpki-validation-reconsidered@ietf.org" <draft-ietf-sidr-rpki-validation-reconsidered@ietf.org>
Subject: Re: [sidr] AD Review of draft-ietf-sidr-rpki-validation-reconsidered-07
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Mar 2017 06:26:59 -0000

Speaking as the representative of RPSTIR team,

We are working on RPSTIR update in order to make it use the new algorithm to do INR validation. 

Before RP performs the new validation process, it needs to get the INRs from certificates.  And we found a bug of OPENSSL library when using OPENSSL to get resource sets from certificates, so we wrote our own code to do so.  

It seems to me that the only concern on OID is about using OPENSSL to get resource sets for further validation process. If the WG has decided to deprecate the original by using the Validation Reconsidered, why bother to bring a new OID ?

Declan(Di) Ma

ZDNS 

> 在 2017年3月13日,02:28,Chris Morrow <morrowc@ops-netman.net> 写道:
> 
> At Sat, 11 Mar 2017 17:25:27 -0500,
> Rob Austein <sra@hactrn.net> wrote:
>> 
>> At Thu, 9 Mar 2017 18:44:58 +0000, Alvaro Retana (aretana) wrote:
>>> 
>>> I just finished reading this document.  My review is predicated on
>>> the assumption that the intent of the WG is to define an additional
>>> validation process, and not amend/change/update/deprecate the
>>> existing one?yet, which is why there are not only process changes
>>> specified, but also new OIDs.
>> 
>> Alvaro,
>> 
>> I will let the WG chairs and authors speak to intent regarding the
>> existing validation process.
>> 
> 
> I think the intent of the WG is still to add the new validation
> process, then deprecate the original once all users are on code which
> supports the 'new' way.
> 
> -chris
> 
> _______________________________________________
> sidr mailing list
> sidr@ietf.org
> https://www.ietf.org/mailman/listinfo/sidr