Re: [sidr] Stephen Farrell's No Objection on draft-ietf-sidr-bgpsec-algs-16: (with COMMENT)
Sean Turner <sean@sn3rd.com> Tue, 13 December 2016 14:27 UTC
Return-Path: <sean@sn3rd.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D66A51298C0 for <sidr@ietfa.amsl.com>; Tue, 13 Dec 2016 06:27:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MJxd1teqHhjr for <sidr@ietfa.amsl.com>; Tue, 13 Dec 2016 06:27:52 -0800 (PST)
Received: from mail-qk0-x235.google.com (mail-qk0-x235.google.com [IPv6:2607:f8b0:400d:c09::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B91E81298BC for <sidr@ietf.org>; Tue, 13 Dec 2016 06:27:25 -0800 (PST)
Received: by mail-qk0-x235.google.com with SMTP id n204so117573717qke.2 for <sidr@ietf.org>; Tue, 13 Dec 2016 06:27:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=MBeNOmDetJ1Q7hmGL2aOCXcicmAs9aHtzNm8HqZZrSo=; b=M+mJJM+6YcSEsvOPkaLWr0S2wK782C4yEp7NzJw2AShAqypUrFzMGWEfbQ4dySFzyc cxkVyiewnud89HIcFvIL2IomBeIhxaXR15EOC3JQDlI4S8s5UETQJMD2Pa5rTTodZTlL JLde2xsM7qvEPqGPPAxCBGkjh5tHoz5fj4uUc=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=MBeNOmDetJ1Q7hmGL2aOCXcicmAs9aHtzNm8HqZZrSo=; b=LiF1oqKC4IZFMhSSHbdDX4QS41CfwT4IEC37+xKCG6/7xOwrmh1lImlUzEW8eDB5Hq r9oYYGl7M/tBXoQn/WuZafZfm7yCRbUO+iMdzN6QMWttNqyB/eQYGT4mzD/w6TSv9Kl4 zMeRXUjOOKRnPkhiQ+zlovAzgt2I+h1E1zQDYXQsROB4GCWKd2IVtxjAZ/L406PMc6j3 jChwXmMHyR2hYMyYGDH2dQCnb3FfR8NfXwfIhaQQ7EfmVTbWiCa1QjQfKRTHy+iYdO63 M6zC0Wt8mbOHyT+zV9Wps4XrDmFSokDClQhpYeunzMTeEd5QRvzAUwI5tKED5TWr7uTi Q7Jg==
X-Gm-Message-State: AKaTC03e+lu3CAtPoTT9H1fyqQ6tM2J0K9C8Q096ICr/yIbsJnEpoZtUAKPhZTLpa8FH/g==
X-Received: by 10.55.6.11 with SMTP id 11mr78936949qkg.29.1481639244829; Tue, 13 Dec 2016 06:27:24 -0800 (PST)
Received: from [172.16.0.92] (pool-173-73-120-80.washdc.east.verizon.net. [173.73.120.80]) by smtp.gmail.com with ESMTPSA id 21sm29169347qkh.4.2016.12.13.06.27.23 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 13 Dec 2016 06:27:24 -0800 (PST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
From: Sean Turner <sean@sn3rd.com>
In-Reply-To: <148163006122.29374.7201338314702333753.idtracker@ietfa.amsl.com>
Date: Tue, 13 Dec 2016 09:27:23 -0500
Content-Transfer-Encoding: quoted-printable
Message-Id: <D97AC2C9-913A-4ECA-AAED-A8CE96FA9965@sn3rd.com>
References: <148163006122.29374.7201338314702333753.idtracker@ietfa.amsl.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
X-Mailer: Apple Mail (2.3124)
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidr/f7fhPWtW8vhlk_n6fiMwu7S7DLo>
Cc: draft-ietf-sidr-bgpsec-algs@ietf.org, Sandra Murphy <sandy@tislabs.com>, sidr chairs <sidr-chairs@ietf.org>, The IESG <iesg@ietf.org>, sidr wg list <sidr@ietf.org>
Subject: Re: [sidr] Stephen Farrell's No Objection on draft-ietf-sidr-bgpsec-algs-16: (with COMMENT)
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Dec 2016 14:27:55 -0000
On Dec 13, 2016, at 06:54, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote: > > Stephen Farrell has entered the following ballot position for > draft-ietf-sidr-bgpsec-algs-16: No Objection > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-sidr-bgpsec-algs/ > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > - As Randy commented, if the goal is to smallerise the > packets, it'd have been nice to use eddsa here but I assume > that wasn't practical due to the timing and the number of > RPKI elements that'd need to be defined for that? Is that > right? Did the WG consider using 25519 instead of p256? If > not, is it worth asking, just in case everyone loves the > idea more than this? We weren’t trying to optimize for the smallest possible packets just smaller than RSA because at the time we were deciding on the algorithm suite, which was circa ’11, 25519 (or really any other EC-based algorithm) wasn’t far enough along the standardization path. And, you’re right there was a grunch of timing/elements that needed to be come together to make any other EC-based algorithm realistic. Since we’re now cc'ing the WG on IESG ballot positions it kind of feels like it just got asked ;) Personally, I think it’s fine the way it is and for what it’s worth there are now interoperable implementations (see below). > - Documents like this are better with test vectors included > or referenced. Couldn't you add those or some pointers to > those? Would they be better in this draft or in the protocol draft (on the 20170115 IESG telechat)? Either way I reached out to Oliver Borchers @ NIST who did some interop testing between QuaggaSRx and BIRD [0]. Hoping that doing some packet captures with a simple example (BGPsec packets, private key+certs) wouldn’t be too hard to pull off; it’ll double the size of this draft that’s for sure. Cheers, spt [0] https://tinyurl.com/hdsux2d
- [sidr] Stephen Farrell's No Objection on draft-ie… Stephen Farrell
- Re: [sidr] Stephen Farrell's No Objection on draf… Sean Turner
- Re: [sidr] Stephen Farrell's No Objection on draf… Stephen Farrell