Re: [sidr] RPKI validator testing summary

Andrew Chi <achi@bbn.com> Fri, 09 December 2011 15:25 UTC

Return-Path: <achi@bbn.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8A82C21F852E for <sidr@ietfa.amsl.com>; Fri, 9 Dec 2011 07:25:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.216
X-Spam-Level:
X-Spam-Status: No, score=-6.216 tagged_above=-999 required=5 tests=[AWL=0.383, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FkL6T7FzRLW3 for <sidr@ietfa.amsl.com>; Fri, 9 Dec 2011 07:25:30 -0800 (PST)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.0.80]) by ietfa.amsl.com (Postfix) with ESMTP id AEB3D21F84ED for <sidr@ietf.org>; Fri, 9 Dec 2011 07:25:30 -0800 (PST)
Received: from dhcp89-089-139.bbn.com ([128.89.89.139]:64134 helo=[127.0.0.1]) by smtp.bbn.com with esmtp (Exim 4.74 (FreeBSD)) (envelope-from <achi@bbn.com>) id 1RZ2KE-000FwD-5g; Fri, 09 Dec 2011 10:25:27 -0500
Message-ID: <4EE22863.6020000@bbn.com>
Date: Fri, 09 Dec 2011 10:25:23 -0500
From: Andrew Chi <achi@bbn.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:8.0) Gecko/20111105 Thunderbird/8.0
MIME-Version: 1.0
To: Tim Bruijnzeels <tim@ripe.net>
References: <4ED64E04.7030408@bbn.com> <E3871AC3-6960-433A-8A34-7F10087A7EC7@apnic.net> <E03612FA-E271-4243-AE29-858D242B91CE@apnic.net> <m2r50m8gk2.wl%randy@psg.com> <1BADD28A-5808-48BB-A85D-275ED141D2D8@apnic.net> <m2liqu8aw4.wl%randy@psg.com> <4EDE40B0.8090903@bbn.com> <A6FEED2E-987B-4C81-8574-9646ED1C5CEF@ripe.net>
In-Reply-To: <A6FEED2E-987B-4C81-8574-9646ED1C5CEF@ripe.net>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: sidr wg <sidr@ietf.org>
Subject: Re: [sidr] RPKI validator testing summary
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Dec 2011 15:25:31 -0000

On 12/6/2011 11:55 AM, Tim Bruijnzeels wrote:
> And possibly in future for other (non-sidr even) object types that an address holder may not necessarily want to publish in the global rpki, but send directly to any RP for validation instead.

Let's clarify the terminology.

1. Certification path validation is always top down (rfc5280)
2. Path *discovery* is not covered by rfc5280.

AIA is for #2, discovery.  Based on the preceding discussion, the global 
rpki appears to need only top-down discovery(?).  Tim has given an 
example where bottom-up discovery could be useful -- data sent directly 
to an RP rather than published in the global rpki.

-Andrew