Re: [sidr] draft-ietf-sidr-repos-struct to Standards Track
Stephen Kent <kent@bbn.com> Mon, 18 July 2011 02:33 UTC
Return-Path: <kent@bbn.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8C4E221F886C for <sidr@ietfa.amsl.com>; Sun, 17 Jul 2011 19:33:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.504
X-Spam-Level:
X-Spam-Status: No, score=-106.504 tagged_above=-999 required=5 tests=[AWL=0.095, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bfJIfiG74Xgp for <sidr@ietfa.amsl.com>; Sun, 17 Jul 2011 19:33:47 -0700 (PDT)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.1.81]) by ietfa.amsl.com (Postfix) with ESMTP id 10DE321F8A57 for <sidr@ietf.org>; Sun, 17 Jul 2011 19:33:47 -0700 (PDT)
Received: from dommiel.bbn.com ([192.1.122.15]:43523 helo=[198.18.176.250]) by smtp.bbn.com with esmtp (Exim 4.74 (FreeBSD)) (envelope-from <kent@bbn.com>) id 1QideI-0001Ek-D8; Sun, 17 Jul 2011 22:33:34 -0400
Mime-Version: 1.0
Message-Id: <p06240802ca494b0cfe83@[198.18.176.250]>
In-Reply-To: <F3747D13-2885-4DBE-8B86-DAE1C61D75CA@apnic.net>
References: <4E209AC9.5040808@cisco.com> <20110717145323.6460631BDB0@minas-ithil.hactrn.net> <F3747D13-2885-4DBE-8B86-DAE1C61D75CA@apnic.net>
Date: Sun, 17 Jul 2011 22:32:02 -0400
To: Geoff Huston <gih@apnic.net>
From: Stephen Kent <kent@bbn.com>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Cc: Rob Austein <sra@isc.org>, draft-ietf-sidr-repos-struct@tools.ietf.org, sidr-chairs@tools.ietf.org, sidr@ietf.org
Subject: Re: [sidr] draft-ietf-sidr-repos-struct to Standards Track
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Jul 2011 02:33:47 -0000
At 7:41 AM +1000 7/18/11, Geoff Huston wrote: >On 18/07/2011, at 12:53 AM, Rob Austein wrote: > >> This draft defines the mappings from filename extension (.cer, .roa, >> .crl, etc) to ASN.1 object type (X.509 certificate, ROA, CRL, etc). >> >> Without this mapping, relying party tools have no way of knowing what >> they're looking at in most cases, and would have to attempt to decode >> every object in various ways to see which (if any) worked. This would >> be tedious, error prone, and generally a bad idea. > >But wouldn't the CMS (and ASN.1 for that matter) effectively tell >the RP what the object was intended to be? It strikes me that the >file name extension is a bit of syntactic sugar rather than an >essential and necessary component, so I'm curious to understand what >has changed in this particular PKI that makes the filename extension >such a necessary attribute. If this is the case would a rogue CA be >able to mount an effective DOS attack for all RPs by deliberately >mis-naming objects? If youy want to compare the RPKI to the general PKI repository model (X.500), note that in an X.500 directory, every object is tagged in a fashion analogous to the filename extension. LDAP tags objects as well. So why is it not appropriate to do so, in a normative fashion here? Steve
- [sidr] draft-ietf-sidr-repos-struct to Standards … Stewart Bryant
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Stephen Kent
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Geoff Huston
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Rob Austein
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Geoff Huston
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Rob Austein
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Terry Manderson
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Terry Manderson
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Geoff Huston
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Stephen Kent
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Stephen Kent
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Geoff Huston
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Terry Manderson
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Terry Manderson
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Terry Manderson
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Randy Bush
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Randy Bush
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Tim Bruijnzeels
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Terry Manderson
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Randy Bush
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Terry Manderson
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Randy Bush
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Terry Manderson
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Rob Austein
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Tim Bruijnzeels
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Sandra Murphy
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Sandra Murphy
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Sandra Murphy
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Randy Bush
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Terry Manderson
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Randy Bush
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Terry Manderson
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Terry Manderson
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Terry Manderson
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Sandra Murphy
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Sandra Murphy
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Terry Manderson
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Stephen Kent
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Stephen Kent
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Rob Austein
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Stephen Kent
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Terry Manderson
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Andrew Chi
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Terry Manderson
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… t.petch
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Stephen Kent
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Stephen Kent
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… t.petch
- [sidr] draft-ietf-sidr-repos-struct - Track Stewart Bryant