IETF Logo Mail Archive

Re: [sidr] draft-ietf-sidr-repos-struct to Standards Track

Terry Manderson <terry.manderson@icann.org> Fri, 22 July 2011 02:16 UTC

Return-Path: <terry.manderson@icann.org>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EBA9321F86A2 for <sidr@ietfa.amsl.com>; Thu, 21 Jul 2011 19:16:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.553
X-Spam-Level:
X-Spam-Status: No, score=-106.553 tagged_above=-999 required=5 tests=[AWL=0.046, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id roWdKfmYAP1T for <sidr@ietfa.amsl.com>; Thu, 21 Jul 2011 19:16:43 -0700 (PDT)
Received: from EXPFE100-1.exc.icann.org (expfe100-1.exc.icann.org [64.78.22.236]) by ietfa.amsl.com (Postfix) with ESMTP id 93B7A21F8681 for <sidr@ietf.org>; Thu, 21 Jul 2011 19:16:43 -0700 (PDT)
Received: from EXVPMBX100-1.exc.icann.org ([64.78.22.232]) by EXPFE100-1.exc.icann.org ([64.78.22.236]) with mapi; Thu, 21 Jul 2011 19:16:43 -0700
From: Terry Manderson <terry.manderson@icann.org>
To: Andrew Chi <achi@bbn.com>
Date: Thu, 21 Jul 2011 19:16:40 -0700
Thread-Topic: [sidr] draft-ietf-sidr-repos-struct to Standards Track
Thread-Index: AcxHshDlf1CW5p4mSnmkbzKWESapBwAY1NVK
Message-ID: <CA4F1AA8.1818D%terry.manderson@icann.org>
In-Reply-To: <4E2836C0.10808@bbn.com>
Accept-Language: en-US
Content-Language: en
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: Rob Austein <sra@isc.org>, "draft-ietf-sidr-repos-struct@tools.ietf.org" <draft-ietf-sidr-repos-struct@tools.ietf.org>, "sidr-chairs@tools.ietf.org" <sidr-chairs@tools.ietf.org>, "sidr@ietf.org" <sidr@ietf.org>
Subject: Re: [sidr] draft-ietf-sidr-repos-struct to Standards Track
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Jul 2011 02:16:44 -0000

Hi Andrew,


> 
> Therefore, the BBN validator does the only thing sensible, which is
> validate based on filename and certificate chain.  After that, we check
> against the manifest and emit a warning if it doesn't look right.  And
> we provide the user with configuration flags to control the output of
> validator: does he want output from the "perfect" ROAs only (with
> perfect manifests all the way up the chain), or is some level of
> grayness acceptable.
> 
> Manifests are murky, especially when you misuse them.  Filename
> extensions are not.

Maybe the repository should have been constructed in LDAP with a manifest
object there to confirm the ldap search returned all the roa objects.

I am, and still, remain uncomfortable about RPKI using filename extensions
as the only mechanism to select the validation regime. It might be a
flippant statement but even Microsoft office can tell a word document from
an excel document without the extension.

Perhaps Randy's terse statement about starting again with TLVs isn't
actually bad advice given that getting stuff from a repository isn't
actually a specific question/answer model.

Cheers
Terry

v2.23.0 | Report a Bug | By Email