IETF Logo Mail Archive

Re: [sidr] Current document status && directionz

Christopher Morrow <morrowc.lists@gmail.com> Thu, 08 September 2016 18:39 UTC

Return-Path: <christopher.morrow@gmail.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 64A8E12B0D9 for <sidr@ietfa.amsl.com>; Thu, 8 Sep 2016 11:39:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XRzlMaTNEfiL for <sidr@ietfa.amsl.com>; Thu, 8 Sep 2016 11:39:31 -0700 (PDT)
Received: from mail-qk0-x233.google.com (mail-qk0-x233.google.com [IPv6:2607:f8b0:400d:c09::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2D47812B068 for <sidr@ietf.org>; Thu, 8 Sep 2016 11:39:31 -0700 (PDT)
Received: by mail-qk0-x233.google.com with SMTP id m184so52102540qkb.1 for <sidr@ietf.org>; Thu, 08 Sep 2016 11:39:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=kFNYPfaRPjODuPu/RnZbHa3s8X1Uj42TTzRPU44IO4Q=; b=K1xVQAhP3om7ZtnRwDzwdW9aNmqvC6zL2+d1jCx6vAOlmNXO0895iudPRXpWKdhIz7 oC1Xql92xZTQjCcEdNyWfETE3FhX1dkVcqqDSHyul8oEJPaG7DxyxcARC8WGYjeiZ4+Q DaOty13Pch0G3DgUCBHDxVwWBRZUYGhynA3mdvuhKhIP8C212I1zNtlIaV5v2wOmyL3b 8J68crPXvUvb5nueiz+WZqkXAmRaMRKWaLIoPR7bEwMkuVSihvnkWEj/y7g5GE0QXeBD bEdZUZSrH75EIn+Nmw1xUyHDHhFVimFNpL5rkjzKRKjvlXlNhKOWzhXKikLCUsS3j6B7 yDTQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=kFNYPfaRPjODuPu/RnZbHa3s8X1Uj42TTzRPU44IO4Q=; b=YJMbR1yyeTfHCoFmc/+yTIISu3QjqZl0hWuN0jf37I3kh29Cu8UqpsPJ8E1T/DDkJy OS3G3GcXJj0N/FS0WL9rjirJG7SnZF1GUKJe3RIZGS+UwjC8S/yTDR8t+OJBLIplVKN/ tCEFXHUUF2lLEi3fA4TE1gDbytTIrsRzq2PlXdgeAwrj0YYtmVXsJLpw/6tG9BOQOeH4 6EGpxhkj1HIAcQcW6tUA8RMwuGvdYauSv2qHD7Vd1kyUC5CtT6E8p5J1ljkUpb3D7Rf/ KNrtx8pSdyKD0SfH9mHAks+kPyQsLEbElOeKIBGAqGkcmHyFGgBs2EKBruyjgVe/wZDQ LHig==
X-Gm-Message-State: AE9vXwPGpvDnkfyJpWIiHm6f0v+wSePBFJPdDrNXfKFn9wJIAlCFBv5jWMMaNHTwZtWUgvp4y9SMuUzRheqNnA==
X-Received: by 10.55.8.138 with SMTP id 132mr1476496qki.198.1473359970244; Thu, 08 Sep 2016 11:39:30 -0700 (PDT)
MIME-Version: 1.0
Sender: christopher.morrow@gmail.com
Received: by 10.140.85.116 with HTTP; Thu, 8 Sep 2016 11:39:29 -0700 (PDT)
In-Reply-To: <etPan.57d1a24b.58365fa2.1a2d@virtualized.org>
References: <yj9ooa46aumt.wl%morrowc@ops-netman.net> <AAE3F119-98A3-4618-BBFB-76F921316BD1@gmail.com> <349cb6ac-f4fe-29e5-b01f-3223b14e47de@gmail.com> <m2shteszs3.wl-randy@psg.com> <0a66024b-5cae-1abb-dc53-b11c1e35cdeb@bbn.com> <20160906220000.F1005420823A@minas-ithil.hactrn.net> <CAL9jLaYLJ2_1Dj9BtpQBa+Ta+BrGdvNpHHfFgrRxQ6SVo-6RXw@mail.gmail.com> <20160907040720.769594208DBB@minas-ithil.hactrn.net> <CAL9jLabwQQzigJF1=36dY7uWVcHSBKBmRC8DLd4pv1F1i0PZJg@mail.gmail.com> <etPan.57d1a24b.58365fa2.1a2d@virtualized.org>
From: Christopher Morrow <morrowc.lists@gmail.com>
Date: Thu, 08 Sep 2016 14:39:29 -0400
X-Google-Sender-Auth: r7E69htiVU285yYB7l6Rrs3Ofc4
Message-ID: <CAL9jLaZEf6q_ziU4261uc6kA7UzE=01ok5uXsnH9+yFi_dmNxQ@mail.gmail.com>
To: David Conrad <drc@virtualized.org>
Content-Type: multipart/alternative; boundary="001a114c23f6a71fa6053c03598c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidr/WFyRyBnOVLHTVDOJNdR5WxEAOeo>
Cc: "sidr@ietf.org" <sidr@ietf.org>
Subject: Re: [sidr] Current document status && directionz
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Sep 2016 18:39:33 -0000

(I appreciate the corrections, and I really was trying to not be political
nor be mean to the political parts)

On Thu, Sep 8, 2016 at 1:39 PM, David Conrad <drc@virtualized.org> wrote:

> Chris,
>
> On September 7, 2016 at 4:42:21 AM, Christopher Morrow (
> morrowc.lists@gmail.com) wrote:
>
> I don't disagree that running a CA is 'simple'... I think though that if
> the RIRs are in a position where there won't be a single root above them
> 'for a while' (it's been ~10 yrs at this point) but they feel they need to
> move forward with something, is this direction acceptable? is it better to
> document that decision and it's gotchas than to not move forward at all? or
> to 'continue waiting for the single root' to arrive?
>
> For blood pressure spiking reasons, I have been trying to keep out of this
> discussion, but this put me over the edge.
>

sorry about that, not trying to get people angry, really.


> As far as I am aware, ICANN as the IANA Internet Numbering Functions
> Operator, has been and continues to be willing to provide RPKI "single
> root" services. In point of fact, ages ago, I personally authorized
> non-trivial expenditures (including hiring staff) to set up and deploy a
> working RPKI root pilot to allow the RIRs to test working with a single
> root as directed by the IAB in https://www.iab.org/documents/
> correspondence-reports-documents/docs2010/iab-statement-on-the-rpki/:
>
> "Thus, the IAB strongly recommends a single root aligned with the root of
> the address allocation hierarchy (now part of the IANA function). "
> After said testbed deployment, I was informed that none of the RIRs were
> interested in participating in the tests.
>
>
doh! ok, so some mixed signals, that sucks. and makes this confusing and
hard to fix... going forward though, what's the path? "get rir and
iana/icann to agree that this is important, set a schedule for deployment,
profit?"


> I will admit a high level of amazement and not a small amount of
> disappointment at the fascinating level of complexity being created in
> order to avoid a single root.
>
> This is not technical.
>
>
ok, so we're back to: "I hear what you are saying, we (community) really
need 'single root' please go make that happen."

it seems to me.

-chris

v2.23.0 | Report a Bug | By Email