IETF Logo Mail Archive

Re: [sidr] Questions about draft-huston-rpki-validation-01

Geoff Huston <gih@apnic.net> Tue, 18 March 2014 19:10 UTC

Return-Path: <gih@apnic.net>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D922D1A0494 for <sidr@ietfa.amsl.com>; Tue, 18 Mar 2014 12:10:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.338
X-Spam-Level:
X-Spam-Status: No, score=-102.338 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, RP_MATCHES_RCVD=-0.547, SPF_PASS=-0.001, T_DKIM_INVALID=0.01, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eCsP0I7uXCVL for <sidr@ietfa.amsl.com>; Tue, 18 Mar 2014 12:10:34 -0700 (PDT)
Received: from ao-mailgw.apnic.net (ao-mailgw.apnic.net [IPv6:2001:dd8:b:98::120]) by ietfa.amsl.com (Postfix) with SMTP id B83641A044C for <sidr@ietf.org>; Tue, 18 Mar 2014 12:10:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=apnic.net; s=c3po; h=received:received:content-type:mime-version:subject:from:in-reply-to:date:cc: content-transfer-encoding:message-id:references:to:x-mailer:return-path; bh=g00i+y+c8zLWE+4A7mHdRITUpwaJU+8v7/TbqxCYd/A=; b=X4MDg7r1JyTDPk+l/QFCrOQeh3y09W4EZcLjRcLm06wqJQ6827A9PvVXirA7NRV1a2ETyYm6Qk+0O tMxkK+cOAUigWhiosKIBrQ4s/ZLWvsU1NHxjkIC0GIZ5Cw654QKepzYs/7zPDnebHb7JH+zIPl8rcF ZTNsrnx6R57fw1kE=
Received: from NXMDA1.org.apnic.net (unknown [203.119.101.249]) by ao-mailgw.apnic.net (Halon Mail Gateway) with ESMTP; Wed, 19 Mar 2014 05:10:23 +1000 (EST)
Received: from dhcp150.potaroo.net (203.119.101.249) by NXMDA1.org.apnic.net (203.119.107.11) with Microsoft SMTP Server (TLS) id 14.1.218.12; Wed, 19 Mar 2014 05:10:22 +1000
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0 (Mac OS X Mail 7.2 \(1874\))
From: Geoff Huston <gih@apnic.net>
In-Reply-To: <edb249d3311944af920e850d6c65e8b9@BLUPR09MB053.namprd09.prod.outlook.com>
Date: Wed, 19 Mar 2014 06:10:20 +1100
Content-Transfer-Encoding: quoted-printable
Message-ID: <6F99EFB3-6813-4D40-9AEA-B1A8557F06EA@apnic.net>
References: <aa922cfa32d64b01ad85a472faa9356b@BLUPR09MB053.namprd09.prod.outlook.com> <F69C5324-C865-46FB-9B49-940B47F29ADD@apnic.net> <519729f8a8c549ec98496c22fc6025a6@BLUPR09MB053.namprd09.prod.outlook.com>, <452C0EF8-8A6C-4E75-B7B3-DDF4FFD87691@apnic.net> <375b352964154d2eab003662a377c688@BLUPR09MB053.namprd09.prod.outlook.com>, <88BC9DDD-0F93-4041-A0DD-527DB61CD7D5@apnic.net> <edb249d3311944af920e850d6c65e8b9@BLUPR09MB053.namprd09.prod.outlook.com>
To: "Sriram, Kotikalapudi" <kotikalapudi.sriram@nist.gov>
X-Mailer: Apple Mail (2.1874)
Archived-At: http://mailarchive.ietf.org/arch/msg/sidr/YxhZEd02NmFU8L4z6-uoZVlUg8I
Cc: George Michaelson <ggm@apnic.net>, sidr wg list <sidr@ietf.org>
Subject: Re: [sidr] Questions about draft-huston-rpki-validation-01
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Mar 2014 19:10:40 -0000

> 
> That is good. But what I meant was (in your I-D under discussion) does 
> the alternate validation algorithm for a ROA need slightly different wording 
> (as compared to that for certificates)? 

I think not.  RFC6482 did not define how the EE certificate is to be validated.
It simply states that the IP addresses listed in the ROA must also be
found in the resource extensions of the signing EE cert. This still holds.

i.e. no change is required there.

regards,

  Geoff

v2.23.0 | Report a Bug | By Email