Re: [sidr] draft-ietf-sidr-repos-struct to Standards Track

Stephen Kent <kent@bbn.com> Mon, 18 July 2011 02:45 UTC

Return-Path: <kent@bbn.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 61C9F21F8AD1 for <sidr@ietfa.amsl.com>; Sun, 17 Jul 2011 19:45:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.516
X-Spam-Level:
X-Spam-Status: No, score=-106.516 tagged_above=-999 required=5 tests=[AWL=0.083, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8Q+2GhcbdM7Q for <sidr@ietfa.amsl.com>; Sun, 17 Jul 2011 19:45:00 -0700 (PDT)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.1.81]) by ietfa.amsl.com (Postfix) with ESMTP id D49F221F8ABD for <sidr@ietf.org>; Sun, 17 Jul 2011 19:45:00 -0700 (PDT)
Received: from dommiel.bbn.com ([192.1.122.15]:50436 helo=[198.18.176.250]) by smtp.bbn.com with esmtp (Exim 4.74 (FreeBSD)) (envelope-from <kent@bbn.com>) id 1Qidp1-0001Fx-80; Sun, 17 Jul 2011 22:44:39 -0400
Mime-Version: 1.0
Message-Id: <p06240804ca494c3744bd@[198.18.176.250]>
In-Reply-To: <CA49B09E.17E05%terry.manderson@icann.org>
References: <CA49B09E.17E05%terry.manderson@icann.org>
Date: Sun, 17 Jul 2011 22:42:29 -0400
To: Terry Manderson <terry.manderson@icann.org>
From: Stephen Kent <kent@bbn.com>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Cc: Rob Austein <sra@isc.org>, "draft-ietf-sidr-repos-struct@tools.ietf.org" <draft-ietf-sidr-repos-struct@tools.ietf.org>, "sidr@ietf.org" <sidr@ietf.org>, "sidr-chairs@tools.ietf.org" <sidr-chairs@tools.ietf.org>
Subject: Re: [sidr] draft-ietf-sidr-repos-struct to Standards Track
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Jul 2011 02:45:01 -0000

At 4:42 PM -0700 7/17/11, Terry Manderson wrote:
>...
>
>This actually makes me wonder why the manifest (
>draft-ietf-sidr-rpki-manifests) in:
>
>FileAndHash ::=     SEQUENCE {
>       file            IA5String,
>       hash            BIT STRING
>       }
>
>Doesn't have a RPKIObjectIdentifier that tells the relying party what the
>object it has just retrieved is in terms of ROA/CERT/etc, as a signed
>attestation.

the filename extension, which is part of the "file" data type above, 
conveys the needed info. yes, one could add an OID here, but 
ultimately an RP will check the syntax and know which file is what 
type. Som, adding an OID doesn't seem to help much in a manifest.

>(and then an appropriate IANA registry for RPKIObjectIdentifier could then
>be created and populated as a standards track)
>
>If repos-struct was standards track and the naming scheme was the prime
>mapping system then if a RPKI repository publication [1] point is
>compromised (or even MiTM!) it would be a trivial exercise to perform some
>substitutions on the filename to confuse (routing security downgrade DoS)
>the relying party.

if there are no mandated filename extensions, then every pub point is 
a mini-DoS attack, as Rob noted. We can't prevent a rogue pub point 
manager (or CA) from mislabelling files relative to the 3-char 
extension, but why invite chaos :-)?

An earlier draft of this doc called the extensions mere 
recommendations.  I persuaded Geoff to make them mandatory. The 
arguments I made then still
apply, which is why STD vs. BCP seems appropriate, to me.

Steve