Re: [sidr] AD Review of draft-ietf-sidr-rpki-oob-setup-04

Rob Austein <> Wed, 21 December 2016 18:14 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id D5E4B1294FE; Wed, 21 Dec 2016 10:14:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -5.001
X-Spam-Status: No, score=-5.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-3.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id vlw00egK449F; Wed, 21 Dec 2016 10:14:32 -0800 (PST)
Received: from ( [IPv6:2001:418:1::19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 5CF5D129501; Wed, 21 Dec 2016 10:14:32 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "", Issuer "Grunchweather Associates" (not verified)) by (Postfix) with ESMTPS id 0D98339917; Wed, 21 Dec 2016 18:14:32 +0000 (UTC)
Received: from (localhost [IPv6:::1]) by (Postfix) with ESMTP id 5C8754470DE7; Wed, 21 Dec 2016 13:13:23 -0500 (EST)
Date: Wed, 21 Dec 2016 13:13:23 -0500
From: Rob Austein <>
To: "Alvaro Retana (aretana)" <>
In-Reply-To: <>
References: <> <> <> <> <>
User-Agent: Wanderlust/2.15.5 (Almost Unreal) Emacs/22.3 Mule/5.0 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka")
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Message-Id: <>
Archived-At: <>
Cc: Chris Morrow <>,, Rob Austein <>,,
Subject: Re: [sidr] AD Review of draft-ietf-sidr-rpki-oob-setup-04
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Interdomain Routing <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 21 Dec 2016 18:14:34 -0000

At Wed, 21 Dec 2016 12:20:54 +0000, Alvaro Retana (aretana) wrote:
> it still doesn?t tell me what the child should do.  I don?t think
> you want to specify taking up one or the other, but at least include
> some text that says that the child can choose.
> In thinking about this I came up with another question.  A
> repository doesn?t have to honor every publisher_request it
> receives, right?   Specially ones that are the result of a referral?
> There is a ?refused? error reason defined, so that takes care of
> that?but I?m thinking that as a client I might want to take an
> <offer> instead of playing around with a <referral> because I know
> for sure my parent can do the job.  I?m sure there are other
> considerations that the child should take into account.  I?m ok if
> you just write that the selection criteria is out of scope.

I just added this to the end of "Protocol Walk-Through":

        Any RPKI operator is free to run their own publication service
        should they feel a need to do so, and a child need not accept
        any particular &lt;offer/&gt; or &lt;referral/&gt;.  In
        general, having a smaller number of larger publication
        repositories is probably good for overall system performance,
        because it will tend to reduce the number of distinct
        repositories from which each relying party will need to fetch,
        but the decision on where to publish is up to individual RPKI
        CA operators and out of scope for this protocol.

I hope this addresses the issue.  Same URLs for updated version:

> Proposed -05, reflecting comments from AD review:
> Absent objections, I will post to I-D repository, probably tomorrow.

I think we are close enough at this point that I will push this
version this afternoon.  Can always do another rev if we must, but I
want to get these changes into the version that directorates are being
asked to review.