IETF Logo Mail Archive

Re: [sidr] Questions about draft-huston-rpki-validation-01

Christopher Morrow <morrowc.lists@gmail.com> Mon, 19 May 2014 18:38 UTC

Return-Path: <christopher.morrow@gmail.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DB61A1A0104 for <sidr@ietfa.amsl.com>; Mon, 19 May 2014 11:38:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.6
X-Spam-Level:
X-Spam-Status: No, score=-0.6 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tkBCR6FVa8Af for <sidr@ietfa.amsl.com>; Mon, 19 May 2014 11:38:51 -0700 (PDT)
Received: from mail-la0-x236.google.com (mail-la0-x236.google.com [IPv6:2a00:1450:4010:c03::236]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 93CAA1A00D7 for <sidr@ietf.org>; Mon, 19 May 2014 11:38:50 -0700 (PDT)
Received: by mail-la0-f54.google.com with SMTP id pv20so4461397lab.13 for <sidr@ietf.org>; Mon, 19 May 2014 11:38:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=+qbBza/AkYcbyHuduV68YnoSe0t3dqjpTRLS3U4Sdfo=; b=JEfLfAAAX2z1i0AhozdcPWBRUMk98OygTwngBlRyUxrALgkAl4NEEjiv1gpfWhYaD4 Pv4VupFBbzz/jiN+h4uTArqHQERUa90fEVJOlzIgo9o7KF/gsdOeHnmLeg+FzUTIqJX0 Zd3jNZKnS3TjaSw61aqETunLeznVHivWsRK8RQTIBpJqLlBtfGf6eiXa0ZJUf1JI8Akv 2WE6pTuEf+06uo9D+nqXKfeC1+iA/0dquMNrt5vk5+KzBc2BVXAdOlBVK2Q9y3YEi8qx lojhEpCSVHoRVzi6zCrCSaQwdBVmUKGApRPjjs8rgzRTu+PwMugrAe+ftnecvNBKnhx+ oqTA==
MIME-Version: 1.0
X-Received: by 10.152.42.194 with SMTP id q2mr27867657lal.39.1400524728871; Mon, 19 May 2014 11:38:48 -0700 (PDT)
Sender: christopher.morrow@gmail.com
Received: by 10.153.5.161 with HTTP; Mon, 19 May 2014 11:38:48 -0700 (PDT)
In-Reply-To: <FB4FB863-1AE0-41DB-97B1-FB022150D29E@ripe.net>
References: <aa922cfa32d64b01ad85a472faa9356b@BLUPR09MB053.namprd09.prod.outlook.com> <F69C5324-C865-46FB-9B49-940B47F29ADD@apnic.net> <519729f8a8c549ec98496c22fc6025a6@BLUPR09MB053.namprd09.prod.outlook.com> <452C0EF8-8A6C-4E75-B7B3-DDF4FFD87691@apnic.net> <375b352964154d2eab003662a377c688@BLUPR09MB053.namprd09.prod.outlook.com> <88BC9DDD-0F93-4041-A0DD-527DB61CD7D5@apnic.net> <edb249d3311944af920e850d6c65e8b9@BLUPR09MB053.namprd09.prod.outlook.com> <6F99EFB3-6813-4D40-9AEA-B1A8557F06EA@apnic.net> <a7b10fad36e94680a2851d2c8a2bc692@BLUPR09MB053.namprd09.prod.outlook.com> <FB4FB863-1AE0-41DB-97B1-FB022150D29E@ripe.net>
Date: Mon, 19 May 2014 14:38:48 -0400
X-Google-Sender-Auth: Q5UhVEq6X4Ya_R86nN917VEqUz0
Message-ID: <CAL9jLaY3-dy7vA2=bd3dNGM8cL0jqzSZZgwWtx84H_AxiotXCA@mail.gmail.com>
From: Christopher Morrow <morrowc.lists@gmail.com>
To: Tim Bruijnzeels <tim@ripe.net>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/sidr/d5bKsJM77Ey01u2JmtTtxlBJA0s
Cc: "Sriram, Kotikalapudi" <kotikalapudi.sriram@nist.gov>, George Michaelson <ggm@apnic.net>, sidr wg list <sidr@ietf.org>
Subject: Re: [sidr] Questions about draft-huston-rpki-validation-01
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 May 2014 18:38:52 -0000

On Thu, Apr 17, 2014 at 11:35 AM, Tim Bruijnzeels <tim@ripe.net> wrote:
> Certificate 1: {10.0.0.0/12, AS64501, AS64505, AS64509}  (TA certificate)
> Certificate 2: {10.0.0.0/22, AS64501, AS64505, AS64511}
> Certificate 3: {10.0.0.0/20, AS64501, AS64509}

It's unclear to me what would happen if you split this into a
prefix/asn per cert and just carried more certs in your purse. Why
would I not just add more certs to my purse? is there a particular
reason to conglomerate these under the minimal number of certs? are we
trying to minimize space in my purse? if so the purse is large, and
the certs very small... I could 10x or 100x the number of certs here
and be ok still.

-chris

v2.23.0 | Report a Bug | By Email