Re: [sidr] Terry Manderson's No Objection on draft-ietf-sidr-delta-protocol-07: (with COMMENT)

Steve KENT <> Fri, 17 February 2017 17:27 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id ED074129ADA; Fri, 17 Feb 2017 09:27:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id DcyGJXhHrUx1; Fri, 17 Feb 2017 09:27:13 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id A1E9D129AD9; Fri, 17 Feb 2017 09:27:13 -0800 (PST)
Received: from ( []) by ( with ESMTPS id v1HHQnRv009855 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Fri, 17 Feb 2017 17:26:49 GMT
Received: from ([]) by ( with ESMTPS id v1HHQmmC003867 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Fri, 17 Feb 2017 17:26:48 GMT
Received: from ( by ( with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.860.16; Fri, 17 Feb 2017 17:26:47 +0000
Received: from ([]) by ([]) with mapi id 15.01.0860.012; Fri, 17 Feb 2017 17:26:47 +0000
From: Steve KENT <>
To: "Alvaro Retana (aretana)" <>, Tim Bruijnzeels <>, Terry Manderson <>, "" <>, "" <>, "" <>
Thread-Topic: [sidr] Terry Manderson's No Objection on draft-ietf-sidr-delta-protocol-07: (with COMMENT)
Thread-Index: AQHSh/jc+D7LiTjdNkeAgX5msN87YaFrv6WAgAGMgYCAACgCog==
Date: Fri, 17 Feb 2017 17:26:47 +0000
Message-ID: <>
References: <> <>, <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
Content-Type: multipart/alternative; boundary="_000_5c3ee940068042b592026fd52d223cc2CY1PR0601MB023008fmgd2m_"
MIME-Version: 1.0
X-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-02-17_14:, , signatures=0
X-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-02-17_14:, , signatures=0
X-DMZ-Spam-Details: rule=notspam policy=default score=0 spamscore=0 suspectscore=0 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1612050000 definitions=main-1702170161
X-DMZ-Spam-Reason: mlx
Archived-At: <>
Cc: "" <>, The IESG <>, "" <>
Subject: Re: [sidr] Terry Manderson's No Objection on draft-ietf-sidr-delta-protocol-07: (with COMMENT)
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Interdomain Routing <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 17 Feb 2017 17:27:17 -0000


Sorry I faukled to rely when  you posted you comment on this topic to the SIDR list. I don't support revising 6480, 6481, and 7730 to remove mandatory support for rsynch, at this time. The issue, for me, is not whether rysnc is better or worse than the delta protocol. The issue is that if we have no MTI protocol for disseminating RPKI repository data, we fail to ensure interoperability between repositories and relying parties. Given the fact that the delta protocol is still quite new, it seems more appropriate to retain rsync as MTI for now, and to generate another doc establishing a timeline for transition to the delta protocol. This is analogous to what we did in RFC 6489 and RFC 6916, where we specified an orderly transition process for key rollover and algorithm agility, respectively.


From: sidr <> on behalf of Alvaro Retana (aretana) <>
Sent: Friday, February 17, 2017 9:56:41 AM
To: Tim Bruijnzeels; Terry Manderson;;;
Cc:; The IESG;
Subject: Re: [sidr] Terry Manderson's No Objection on draft-ietf-sidr-delta-protocol-07: (with COMMENT)


I just want to provide a little bit more background on the topic below – and ask the Chairs to take an action to confirm with the WG.

During the discussion resulting from my AD review of this document [1], the topic of whether the intent of the document was to replace rsync or not came up (see M16 in my review) – after some discussion we came to a way forward [2], which was to formally Update in RFC6480, RFC6481, and RFC7730 to change the mandatory to implement requirement for rsync and leave instead “a retrieval mechanism(s) consistent with the accessMethod element value(s)”.

Even though this discussion happened on the sidr list, I sent a message to the WG asking for review of the changes [3]…but no reply was received.

As Terry mentions below, these changes removed “the quality of a mandatory to implement retrieval mechanism”: rsync is no longer mandatory to implement, but neither is RRDP.  I personally think that is ok because it also allows to more flexibility; rsync or RRDP (or anything else “consistent with the accessMethod element value(s)”), or both can be implemented as primary and/or backup.

**Chairs**:  Given that this is a significant change, and that the WG may have not been focused on the discussion, and that we now have a little more time given the fact that the IESG review of this document was deferred until Mar/2…  Please explicitly ask the WG to review the Updates to RFC6480, RFC6481 and RFC7730.  I think that a week of discussion on the list should be enough.




On 2/16/17, 10:17 AM, "iesg on behalf of Tim Bruijnzeels" <<> on behalf of<>> wrote:

On 16 Feb 2017, at 03:03, Terry Manderson <<>> wrote:
Terry Manderson has entered the following ballot position for
draft-ietf-sidr-delta-protocol-07: No Objection
When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)
Please refer to
for more information about IESG DISCUSS and COMMENT positions.
The document, along with other ballot positions, can be found here:
Thank you for this work, it is clear and well written. While I have never
(ever) been enamoured by RSYNC, and I much prefer this direction on a
personal level, the updates to the existing RFCs regarding RSYNC does two
things. The first is it demotes RSYNC to 'just another access mechanism',
and the second is it appears to remove the quality of a mandatory to
implement retrieval mechanism. Am I reading that correctly? If this is
intentional and has workgroup consensus so be it and onwards we move..

Initially this was written as an additional protocol, next to rsync. The idea was that rsync would be replaced altogether at some point, but the way to get there was intentionally left out of this document because we felt it should just focus on protocol.

The changes you mention were made following AD review comments on 7 January. The intent as I understood it was to defer the question which retrieval mechanism is mandatory to another document, but leave the specifications generic.