Re: [sidr] Terry Manderson's No Objection on draft-ietf-sidr-delta-protocol-07: (with COMMENT)

Tim Bruijnzeels <> Mon, 20 February 2017 15:08 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id C8DA11294D2; Mon, 20 Feb 2017 07:08:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id sBvpgG38YVxa; Mon, 20 Feb 2017 07:08:16 -0800 (PST)
Received: from ( [IPv6:2001:67c:2e8:11::c100:1372]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 2D69812950F; Mon, 20 Feb 2017 07:08:13 -0800 (PST)
Received: from ([]) by with esmtps (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.84_2) (envelope-from <>) id 1cfpZL-0007CP-LD; Mon, 20 Feb 2017 16:08:07 +0100
Received: from ([] by with esmtps (TLSv1:DHE-RSA-AES256-SHA:256) (Exim 4.84_2) (envelope-from <>) id 1cfpZL-0007lB-EN; Mon, 20 Feb 2017 16:08:03 +0100
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
Content-Type: multipart/alternative; boundary="Apple-Mail=_156BF0B3-736B-42BD-9690-926368066804"
From: Tim Bruijnzeels <>
In-Reply-To: <>
Date: Mon, 20 Feb 2017 16:08:02 +0100
Message-Id: <>
References: <> <> <> <>
To: Steve KENT <>
X-Mailer: Apple Mail (2.3124)
X-ACL-Warn: Delaying message
X-RIPE-Spam-Level: -------
X-RIPE-Spam-Report: Spam Total Points: -7.5 points pts rule name description ---- ---------------------- ------------------------------------ -7.5 ALL_TRUSTED Passed through trusted hosts only via SMTP -0.0 RP_MATCHES_RCVD Envelope sender domain matches handover relay domain 0.0 HTML_MESSAGE BODY: HTML included in message -0.0 BAYES_20 BODY: Bayes spam probability is 5 to 20% [score: 0.0665]
X-RIPE-Signature: 784d7acfe6559f2a0b602ec6519a071956a162ca6378e005b322c0bba5215ef3
Archived-At: <>
Cc: "" <>, "" <>, "" <>, The IESG <>, "" <>, "" <>
Subject: Re: [sidr] Terry Manderson's No Objection on draft-ietf-sidr-delta-protocol-07: (with COMMENT)
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Interdomain Routing <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 20 Feb 2017 15:08:27 -0000

Hi Steve, all,

> On 17 Feb 2017, at 18:26, Steve KENT <> wrote:
> Alvaro,
> Sorry I faukled to rely when  you posted you comment on this topic to the SIDR list. I don't support revising 6480, 6481, and 7730 to remove mandatory support for rsynch, at this time. The issue, for me, is not whether rysnc is better or worse than the delta protocol. The issue is that if we have no MTI protocol for disseminating RPKI repository data, we fail to ensure interoperability between repositories and relying parties. Given the fact that the delta protocol is still quite new, it seems more appropriate to retain rsync as MTI for now, and to generate another doc establishing a timeline for transition to the delta protocol. This is analogous to what we did in RFC 6489 and RFC 6916, where we specified an orderly transition process for key rollover and algorithm agility, respectively.

To make it abundantly clear let me re-state: I have no problem with this path.

I believe that Alvaro's suggestions were well-intended to make a future transition document easier, but I don't see any reason why this could not be done later. Having RRDP as an allowed additional mechanism, whilst still requiring rsync as well, will allow us to use it and gain experience. In other words I don't think that a migration document is not a requirement for finishing the RRDP protocol document itself.

I would suggest that a possible rsync phase-out is discussed in sidr-ops. More than willing to provide text or participate otherwise, provided that working group wants to take on the work.


> Steve
> From: sidr <> on behalf of Alvaro Retana (aretana) <>
> Sent: Friday, February 17, 2017 9:56:41 AM
> To: Tim Bruijnzeels; Terry Manderson;;;
> Cc:; The IESG;
> Subject: Re: [sidr] Terry Manderson's No Objection on draft-ietf-sidr-delta-protocol-07: (with COMMENT)
> Hi!
> I just want to provide a little bit more background on the topic below – and ask the Chairs to take an action to confirm with the WG.
> During the discussion resulting from my AD review of this document [1], the topic of whether the intent of the document was to replace rsync or not came up (see M16 in my review) – after some discussion we came to a way forward [2], which was to formally Update in RFC6480, RFC6481, and RFC7730 to change the mandatory to implement requirement for rsync and leave instead “a retrieval mechanism(s) consistent with the accessMethod element value(s)”.
> Even though this discussion happened on the sidr list, I sent a message to the WG asking for review of the changes [3]…but no reply was received.
> As Terry mentions below, these changes removed “the quality of a mandatory to implement retrieval mechanism”: rsync is no longer mandatory to implement, but neither is RRDP.  I personally think that is ok because it also allows to more flexibility; rsync or RRDP (or anything else “consistent with the accessMethod element value(s)”), or both can be implemented as primary and/or backup.
> **Chairs**:  Given that this is a significant change, and that the WG may have not been focused on the discussion, and that we now have a little more time given the fact that the IESG review of this document was deferred until Mar/2…  Please explicitly ask the WG to review the Updates to RFC6480, RFC6481 and RFC7730.  I think that a week of discussion on the list should be enough.
> Thanks!!
> Alvaro.
> [1] <>
> [2] <>
> [3] <>
> On 2/16/17, 10:17 AM, "iesg on behalf of Tim Bruijnzeels" < <> on behalf of <>> wrote:
> On 16 Feb 2017, at 03:03, Terry Manderson < <>> wrote:
> Terry Manderson has entered the following ballot position for
> draft-ietf-sidr-delta-protocol-07: No Objection
> When responding, please keep the subject line intact and reply to all
> email addresses included in the To and CC lines. (Feel free to cut this
> introductory paragraph, however.)
> Please refer to <>
> for more information about IESG DISCUSS and COMMENT positions.
> The document, along with other ballot positions, can be found here:
> <>
> ----------------------------------------------------------------------
> ----------------------------------------------------------------------
> Thank you for this work, it is clear and well written. While I have never
> (ever) been enamoured by RSYNC, and I much prefer this direction on a
> personal level, the updates to the existing RFCs regarding RSYNC does two
> things. The first is it demotes RSYNC to 'just another access mechanism',
> and the second is it appears to remove the quality of a mandatory to
> implement retrieval mechanism. Am I reading that correctly? If this is
> intentional and has workgroup consensus so be it and onwards we move..
> Initially this was written as an additional protocol, next to rsync. The idea was that rsync would be replaced altogether at some point, but the way to get there was intentionally left out of this document because we felt it should just focus on protocol.
> The changes you mention were made following AD review comments on 7 January. The intent as I understood it was to defer the question which retrieval mechanism is mandatory to another document, but leave the specifications generic.