IETF Logo Mail Archive

Re: [sidr] draft-ietf-sidr-repos-struct to Standards Track

"t.petch" <ietfc@btconnect.com> Fri, 22 July 2011 17:20 UTC

Return-Path: <ietfc@btconnect.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6B18821F8AFB for <sidr@ietfa.amsl.com>; Fri, 22 Jul 2011 10:20:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Xq9urCsZUoHc for <sidr@ietfa.amsl.com>; Fri, 22 Jul 2011 10:20:14 -0700 (PDT)
Received: from mail.btconnect.com (c2bthomr07.btconnect.com [213.123.20.125]) by ietfa.amsl.com (Postfix) with ESMTP id 1915321F8B2F for <sidr@ietf.org>; Fri, 22 Jul 2011 10:20:13 -0700 (PDT)
Received: from host86-174-254-236.range86-174.btcentralplus.com (HELO pc6) ([86.174.254.236]) by c2bthomr07.btconnect.com with SMTP id DWV32352; Fri, 22 Jul 2011 18:16:06 +0100 (BST)
Message-ID: <00f401cc488a$3f562a40$4001a8c0@gateway.2wire.net>
From: "t.petch" <ietfc@btconnect.com>
To: Terry Manderson <terry.manderson@icann.org>
References: <CA4F1AA8.1818D%terry.manderson@icann.org>
Date: Fri, 22 Jul 2011 18:12:53 +0200
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-Mirapoint-IP-Reputation: reputation=Fair-1, source=Queried, refid=tid=0001.0A0B0303.4E29B055.0050, actions=TAG
X-Junkmail-Premium-Raw: score=7/50, refid=2.7.2:2011.7.19.51514:17:7.586, ip=86.174.254.236, rules=__HAS_MSGID, __OUTLOOK_MSGID_1, __SANE_MSGID, __TO_MALFORMED_2, __BOUNCE_CHALLENGE_SUBJ, __BOUNCE_NDR_SUBJ_EXEMPT, __MIME_VERSION, __CT, CT_TP_8859_1, __CT_TEXT_PLAIN, __CTE, __HAS_X_PRIORITY, __HAS_MSMAIL_PRI, __HAS_X_MAILER, USER_AGENT_OE, __OUTLOOK_MUA_1, __USER_AGENT_MS_GENERIC, __ANY_URI, __URI_NO_PATH, __OEM_SOFTWARE_5, BODYTEXTP_SIZE_3000_LESS, BODY_SIZE_2000_2999, __MIME_TEXT_ONLY, RDNS_GENERIC_POOLED, BODY_SIZE_5000_LESS, RDNS_SUSP_GENERIC, __OUTLOOK_MUA, RDNS_SUSP, OEM_SOFTWARE_X1, BODY_SIZE_7000_LESS
X-Junkmail-Status: score=10/50, host=c2bthomr07.btconnect.com
X-Junkmail-Signature-Raw: score=unknown, refid=str=0001.0A0B020D.4E29B057.0137, ss=1, fgs=0, ip=0.0.0.0, so=2010-07-22 22:03:31, dmn=2009-09-10 00:05:08, mode=multiengine
X-Junkmail-IWF: false
Cc: Rob Austein <sra@isc.org>, draft-ietf-sidr-repos-struct@tools.ietf.org, sidr-chairs@tools.ietf.org, sidr@ietf.org
Subject: Re: [sidr] draft-ietf-sidr-repos-struct to Standards Track
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Jul 2011 17:20:15 -0000

----- Original Message -----
From: "Terry Manderson" <terry.manderson@icann.org>
To: "Andrew Chi" <achi@bbn.com>
Cc: "Rob Austein" <sra@isc.org>; <draft-ietf-sidr-repos-struct@tools.ietf.org>;
<sidr-chairs@tools.ietf.org>; <sidr@ietf.org>
Sent: Friday, July 22, 2011 4:16 AM

> Hi Andrew,
> >
> > Therefore, the BBN validator does the only thing sensible, which is
> > validate based on filename and certificate chain.  After that, we check
> > against the manifest and emit a warning if it doesn't look right.  And
> > we provide the user with configuration flags to control the output of
> > validator: does he want output from the "perfect" ROAs only (with
> > perfect manifests all the way up the chain), or is some level of
> > grayness acceptable.
> >
> > Manifests are murky, especially when you misuse them.  Filename
> > extensions are not.
>
> Maybe the repository should have been constructed in LDAP with a manifest
> object there to confirm the ldap search returned all the roa objects.
>
> I am, and still, remain uncomfortable about RPKI using filename extensions
> as the only mechanism to select the validation regime. It might be a
> flippant statement but even Microsoft office can tell a word document from
> an excel document without the extension.

Indeed; file extensions only work - and they have been working very well for a
long time - in and around PC systems because they are part of a belt and braces.
Almost all file formats also say what they are in the first line - GIF, jpeg,
PDF, Wordpro etc - so the file extension gets you to the application that can
then easily verify that what is has been passed is plausibly correct and not go
mad because eg Wordpro is trying to parse a PDF.

Given the distributed nature of the dynamic database that is RPKI, I would have
thought a self identifying first line would be essential.

Tom Petch

>
> Perhaps Randy's terse statement about starting again with TLVs isn't
> actually bad advice given that getting stuff from a repository isn't
> actually a specific question/answer model.
>
> Cheers
> Terry
>
> _______________________________________________
> sidr mailing list
> sidr@ietf.org
> https://www.ietf.org/mailman/listinfo/sidr

v2.23.0 | Report a Bug | By Email