Re: [sidr] [Errata Verified] RFC8360 (5638)
Tim Bruijnzeels <tim@nlnetlabs.nl> Thu, 14 February 2019 08:39 UTC
Return-Path: <tim@nlnetlabs.nl>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8007B131091; Thu, 14 Feb 2019 00:39:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7
X-Spam-Level:
X-Spam-Status: No, score=-7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nlnetlabs.nl
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xbj3UBxLKJ9U; Thu, 14 Feb 2019 00:39:25 -0800 (PST)
Received: from dicht.nlnetlabs.nl (open.nlnetlabs.nl [IPv6:2a04:b900::1:0:0:10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 18579131055; Thu, 14 Feb 2019 00:39:25 -0800 (PST)
Received: from [IPv6:2a04:b900::1:b9b9:e896:9203:8e3a] (unknown [IPv6:2a04:b900:0:1:b9b9:e896:9203:8e3a]) by dicht.nlnetlabs.nl (Postfix) with ESMTPSA id 3585715E21; Thu, 14 Feb 2019 09:39:22 +0100 (CET)
Authentication-Results: dicht.nlnetlabs.nl; dmarc=pass (p=none dis=none) header.from=nlnetlabs.nl
Authentication-Results: dicht.nlnetlabs.nl; spf=pass smtp.mailfrom=tim@nlnetlabs.nl
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=nlnetlabs.nl; s=default; t=1550133562; bh=4IjEFQBkJ+T1tFt25sxPJ2drLR5+zGwwoAxg8Io8Oxs=; h=Subject:From:In-Reply-To:Date:Cc:References:To; b=V20gBcLt35d/sc4TNsxti48omjtH9be/zD0SjVZuK5vuBcyDQBZoZ/SUP6YiHyeTI 3WcpAboyRDMcJpiFOlcxHpF/OtpevPOHX1CbSCMGNxO+VGLlnr+USQRmbBCmsdC1P/ iifu3YPQW+UxmCflBXjQnKENlScKqNKm/7tFS0Rs=
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 12.2 \(3445.102.3\))
From: Tim Bruijnzeels <tim@nlnetlabs.nl>
In-Reply-To: <28B68FF3-EE99-43BA-9CF8-BF73A56F1640@tislabs.com>
Date: Thu, 14 Feb 2019 09:39:21 +0100
Cc: sidr list <sidr@ietf.org>, The IESG <iesg@ietf.org>, Daniel Shaw <daniel@afrinic.net>, "Carlos M. Martinez" <carlos@lacnic.net>, George Michaelson <ggm@apnic.net>, Tim Bruijnzeels <tim@nlnetlabs.nl>
Content-Transfer-Encoding: quoted-printable
Message-Id: <8F9E7B83-9ABE-489B-8038-6586A6EBEAA3@nlnetlabs.nl>
References: <20190213194103.A1B3AB82674@rfc-editor.org> <28B68FF3-EE99-43BA-9CF8-BF73A56F1640@tislabs.com>
To: Sandra Murphy <sandy@tislabs.com>
X-Mailer: Apple Mail (2.3445.102.3)
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidr/eoVabJOSV1lgEySfhaNJC1Le_p8>
Subject: Re: [sidr] [Errata Verified] RFC8360 (5638)
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Feb 2019 08:39:28 -0000
Hi all, The errata is correct, this is a copy paste error. There should be no impact on implementation, other than that if the implementation follows the original text strictly it will not work for ASNs on a trust anchor certificate, and if it's changed to follow the corrected text it will work. Mea culpa, I blame my copy/paste skills and replaying short term memory and my intent in proof reading my own bit of text here. Tim > On 13 Feb 2019, at 22:36, Sandra Murphy <sandy@tislabs.com> wrote: > > I’d be interested to hear from the implementer(s) of the validation-reconsidered RFC what impact there is in handling this change. > > (I suspect little impact, if any, but it would be very good to hear it from the implementer(s). Suspicions don’t count for much.) > > —Sandy > >> On Feb 13, 2019, at 2:41 PM, RFC Errata System <rfc-editor@rfc-editor.org> wrote: >> >> The following errata report has been verified for RFC8360, >> "Resource Public Key Infrastructure (RPKI) Validation Reconsidered". >> >> -------------------------------------- >> You may review the report below and at: >> http://www.rfc-editor.org/errata/eid5638 >> >> -------------------------------------- >> Status: Verified >> Type: Technical >> >> Reported by: Alberto Leiva Popper <ydahhrk@gmail.com> >> Date Reported: 2019-02-13 >> Verified by: Warren Kumari (Ops AD) (IESG) >> >> Section: 4.2.4.4 >> >> Original Text >> ------------- >> 7. Compute the VRS-IP and VRS-AS set values as indicated below: >> >> * If the IP Address Delegation extension is present in >> certificate x and x=1, set the VRS-IP to the resources found >> in this extension. >> >> * If the IP Address Delegation extension (...) >> >> * If the IP Address Delegation extension (...) >> >> * If the IP Address Delegation extension is present in >> certificate x and x=1, set the VRS-IP to the resources found >> in this extension. >> >> * If the AS Identifier Delegation extension (...) >> >> * If the AS Identifier Delegation extension (...) >> >> Corrected Text >> -------------- >> 7. Compute the VRS-IP and VRS-AS set values as indicated below: >> >> * If the IP Address Delegation extension is present in >> certificate x and x=1, set the VRS-IP to the resources found >> in this extension. >> >> * If the IP Address Delegation extension (...) >> >> * If the IP Address Delegation extension (...) >> >> * If the AS Identifier Delegation extension is present in >> certificate x and x=1, set the VRS-AS to the resources found >> in this extension. >> >> * If the AS Identifier Delegation extension (...) >> >> * If the AS Identifier Delegation extension (...) >> >> Notes >> ----- >> There seems to be a copy-paste error. >> >> There are two bullet points explaining the initialization of VRS-IP, and none explaining the initialization of VRS-AS. >> >> All the evidence suggests that the two extensions (IP Address Delegation and AS Identifier Delegation) are meant to be handled similarly, so I believe that the last three bullet points are supposed to perfectly mirror the first three. >> >> -------------------------------------- >> RFC8360 (draft-ietf-sidr-rpki-validation-reconsidered-10) >> -------------------------------------- >> Title : Resource Public Key Infrastructure (RPKI) Validation Reconsidered >> Publication Date : April 2018 >> Author(s) : G. Huston, G. Michaelson, C. Martinez, T. Bruijnzeels, A. Newton, D. Shaw >> Category : PROPOSED STANDARD >> Source : Secure Inter-Domain Routing >> Area : Routing >> Stream : IETF >> Verifying Party : IESG >> >> _______________________________________________ >> sidr mailing list >> sidr@ietf.org >> https://www.ietf.org/mailman/listinfo/sidr > > _______________________________________________ > sidr mailing list > sidr@ietf.org > https://www.ietf.org/mailman/listinfo/sidr
- [sidr] [Errata Verified] RFC8360 (5638) RFC Errata System
- Re: [sidr] [Errata Verified] RFC8360 (5638) Sandra Murphy
- Re: [sidr] [Errata Verified] RFC8360 (5638) Sandra Murphy
- Re: [sidr] [Errata Verified] RFC8360 (5638) Tim Bruijnzeels