Re: [sidr] [Technical Errata Reported] RFC8416 (7080)

Tim Bruijnzeels <tim@nlnetlabs.nl> Mon, 22 August 2022 08:29 UTC

Return-Path: <tim@nlnetlabs.nl>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 71746C1526E6; Mon, 22 Aug 2022 01:29:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nlnetlabs.nl
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S0W-xt1N4fG5; Mon, 22 Aug 2022 01:29:51 -0700 (PDT)
Received: from outbound.soverin.net (outbound.soverin.net [185.233.34.21]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E91AAC1522AC; Mon, 22 Aug 2022 01:29:50 -0700 (PDT)
Received: from smtp.soverin.net (c04smtp-lb01.int.sover.in [10.10.4.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by outbound.soverin.net (Postfix) with ESMTPS id 4MB5Bd4VK3zQh; Mon, 22 Aug 2022 08:29:45 +0000 (UTC)
Received: from smtp.soverin.net (smtp.soverin.net [10.10.4.100]) by soverin.net
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=nlnetlabs.nl; s=soverin; t=1661156983; bh=ZHr3gfFrU1pin47Z7jPlZgAVREhHI42neiJlkJmv1Ec=; h=Subject:From:In-Reply-To:Date:Cc:References:To:From; b=lx7CmAvA1uBhLF9kXvSPy7pqyF1c7TU/ZA3ULmr5H21MVqP1V4/6hiIfWg0DORoDr mvC7snjIh37ikL6QL97IHIeFioRF5QGrZbGFqeqcWZ2HFaW7EO9nMkgy77dIy6DldB xpy/9iOYCjcZCPOQ/xcAkYMUDnh5eoeGRQ12Eyy2PvSVrMJle2R/PtAbTEvRf3mgfE u9XqyMY/Xe74UTs82IpJ59tXJM6Tv2VRyWTcIV4P3rQFqwJG1eBaD/npCmT6AfgtIe E4YOXjjXacksvuRGFkLXC7oXdhSrJWUJfnmFeGKlZ4tqYlngnw9RYB/lxELgAC/k9s Y0ieJjhujlXzQ==
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.100.31\))
From: Tim Bruijnzeels <tim@nlnetlabs.nl>
In-Reply-To: <CAHw9_i+5Sy1A5Hi7NHcoQctLDBbsorPCz3y0ctDs3K7vL1j-Jw@mail.gmail.com>
Date: Mon, 22 Aug 2022 10:29:39 +0200
Cc: Ben Maddison <benm=40workonline.africa@dmarc.ietf.org>, RFC Errata System <rfc-editor@rfc-editor.org>, sidr@ietf.org, SIDR Operations WG <sidrops@ietf.org>, Chris Morrow <morrowc@ops-netman.net>, andrew-ietf@liquid.tech, jgs@juniper.net, david@mandelberg.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <6E03D553-6499-403E-B38A-6233A9DF6A9F@nlnetlabs.nl>
References: <20220810210643.1A9504C29D@rfcpa.amsl.com> <20220810212520.ateioe73xzawcldf@benm-laptop> <CAHw9_i+5Sy1A5Hi7NHcoQctLDBbsorPCz3y0ctDs3K7vL1j-Jw@mail.gmail.com>
To: Warren Kumari <warren@kumari.net>
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidr/bUMkZW7kpmzagd6vYwxQKTOuYrA>
Subject: Re: [sidr] [Technical Errata Reported] RFC8416 (7080)
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Aug 2022 08:29:55 -0000

Hi Warren, all,

I (co-author) agree that this was an oversight. I have no objections to the change.

However.. I haven't checked, but beware that current implementations might fail to parse the file if a "comment" member is added here, if they are (overly) strict. I expect that most will simply ignore this member. Perhaps it's wise that this is verified before finalising the errata.

Tim

> On 21 Aug 2022, at 17:57, Warren Kumari <warren@kumari.net> wrote:
> 
> 
> Dear SIDROPS, at al,
> 
> I believe that this Errata is correct, and I intends to mark it Verified unless I hear a clear objection by this Friday (August 26th).
> 
> W
> 
> 
> 
> On Wed, Aug 10, 2022 at 5:25 PM, Ben Maddison <benm=40workonline.africa@dmarc.ietf.org> wrote:
> Adding sidrops@
> 
> On 08/10, RFC Errata System wrote:
> 
> The following errata report has been submitted for RFC8416, 
> "Simplified Local Internet Number Resource Management with the RPKI (SLURM)".
> 
> -------------------------------------- 
> You may review the report below and at: 
> https://www.rfc-editor.org/errata/eid7080
> 
> -------------------------------------- 
> Type: Technical 
> Reported by: Ben Maddison <benm@workonline.africa>
> 
> Section: 3.4.2
> 
> Original Text 
> ------------- 
> The above is expressed as a value of the "bgpsecAssertions" member, as an array of zero or more objects. Each object MUST contain one each of all of the following members:
> 
> o An "asn" member, whose value is a number.
> 
> o An "SKI" member, whose value is the Base64 encoding without trailing '=' (Section 5 of [RFC4648]) of the certificate's Subject Key Identifier as described in Section 4.8.2 of [RFC6487] (This is the value of the ASN.1 OCTET STRING without the ASN.1 tag or length fields.)
> 
> o A "routerPublicKey" member, whose value is the Base64 encoding without trailing '=' (Section 5 of [RFC4648]) of the equivalent to the subjectPublicKeyInfo value of the router certificate's public key, as described in [RFC8208]. This is the full ASN.1 DER encoding of the subjectPublicKeyInfo, including the ASN.1 tag and length values of the subjectPublicKeyInfo SEQUENCE.
> 
> Corrected Text 
> -------------- 
> The above is expressed as a value of the "bgpsecAssertions" member, as an array of zero or more objects. Each object MUST contain one each of all of the following members:
> 
> o An "asn" member, whose value is a number.
> 
> o An "SKI" member, whose value is the Base64 encoding without trailing '=' (Section 5 of [RFC4648]) of the certificate's Subject Key Identifier as described in Section 4.8.2 of [RFC6487] (This is the value of the ASN.1 OCTET STRING without the ASN.1 tag or length fields.)
> 
> o A "routerPublicKey" member, whose value is the Base64 encoding without trailing '=' (Section 5 of [RFC4648]) of the equivalent to the subjectPublicKeyInfo value of the router certificate's public key, as described in [RFC8208]. This is the full ASN.1 DER encoding of the subjectPublicKeyInfo, including the ASN.1 tag and length values of the subjectPublicKeyInfo SEQUENCE.
> 
> In addition, each object MAY contain one optional "comment" member, whose value is a string.
> 
> Notes 
> ----- 
> The "comment" member is allowed to appear in every other structure defined by the document, and was clearly intended to be allowed here too, since it appears in the examples presented in sections 3.4.2 and 3.5
> 
> Instructions: 
> ------------- 
> This erratum is currently posted as "Reported". If necessary, please use "Reply All" to discuss whether it should be verified or rejected. When a decision is reached, the verifying party can log in to change the status and edit the report, if necessary.
> 
> -------------------------------------- 
> RFC8416 (draft-ietf-sidr-slurm-08) 
> -------------------------------------- 
> Title : Simplified Local Internet Number Resource Management with the RPKI (SLURM) Publication Date : August 2018 
> Author(s) : D. Ma, D. Mandelberg, T. Bruijnzeels Category : PROPOSED STANDARD 
> Source : Secure Inter-Domain Routing 
> Area : Routing 
> Stream : IETF 
> Verifying Party : IESG
> 
> _______________________________________________ 
> sidr mailing list 
> sidr@ietf.org 
> https://www.ietf.org/mailman/listinfo/sidr
> 
> 
> _______________________________________________
> sidr mailing list
> sidr@ietf.org
> https://www.ietf.org/mailman/listinfo/sidr