IETF Logo Mail Archive

Re: [sidr] [Editorial Errata Reported] RFC6487 (5187)

Geoff Huston <gih@apnic.net> Tue, 28 November 2017 18:48 UTC

Return-Path: <gih@apnic.net>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9F405128B37 for <sidr@ietfa.amsl.com>; Tue, 28 Nov 2017 10:48:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=apnic.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Tw1TtO_lXmpy for <sidr@ietfa.amsl.com>; Tue, 28 Nov 2017 10:48:16 -0800 (PST)
Received: from JPN01-OS2-obe.outbound.protection.outlook.com (mail-os2jpn01on0055.outbound.protection.outlook.com [104.47.92.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1EFC1126557 for <sidr@ietf.org>; Tue, 28 Nov 2017 10:48:15 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=apnic.onmicrosoft.com; s=selector1-apnic-net; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=lw4yzAHeUVgsCgM9QflIu4OpQWxWxJhKesrRp6Ls9oM=; b=IipRoQCbVx2ft8rFXImDBCN8rPR1L9a2yTPtTaVf2JGhYFPEaoTPxth/R8ngXG+muH5xGOzI7hH5aiVcBFfpKwXinjX2AVOz4D2UHsP2h3CHkeiRYwuzMKdVvfreu63r0YizKkYFGNNyKEm3KD6W4Et6EuMx4mEcSiDiLOasK44=
Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=gih@apnic.net;
Received: from dhcp202.potaroo.net (203.16.208.142) by TY1PR04MB0703.apcprd04.prod.outlook.com (10.163.246.25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.260.4; Tue, 28 Nov 2017 18:48:07 +0000
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 11.1 \(3445.4.7\))
From: Geoff Huston <gih@apnic.net>
In-Reply-To: <CAEGXcODB3WtLNk3tQ52yUNDn2jVzxJYtQaCGhS_+tFmKEWHnZQ@mail.gmail.com>
Date: Wed, 29 Nov 2017 05:47:37 +1100
Cc: RFC Errata System <rfc-editor@rfc-editor.org>, George Michaelson <ggm@apnic.net>, robertl@apnic.net, Alia Atlas <akatlas@gmail.com>, db3546@att.com, aretana.ietf@gmail.com, morrowc@ops-netman.net, sandy@tislabs.com, sidr@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <147D5A96-CCBE-422B-AA82-C12802256844@apnic.net>
References: <20171128090411.26C0DB80C87@rfc-editor.org> <2D0550E2-5A6A-4C10-8B4A-74A1E88E1EC1@apnic.net> <CAEGXcODB3WtLNk3tQ52yUNDn2jVzxJYtQaCGhS_+tFmKEWHnZQ@mail.gmail.com>
To: Nikolai Malykh <nmalykh@gmail.com>
X-Mailer: Apple Mail (2.3445.4.7)
X-Originating-IP: [203.16.208.142]
X-ClientProxiedBy: KL1P15301CA0021.APCP153.PROD.OUTLOOK.COM (10.170.161.31) To TY1PR04MB0703.apcprd04.prod.outlook.com (10.163.246.25)
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: c1668fcc-6482-47be-5005-08d5369092af
X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(5600026)(4604075)(2017052603258); SRVR:TY1PR04MB0703;
X-Microsoft-Exchange-Diagnostics: 1; TY1PR04MB0703; 3:Z2BZEhiXaovc9eO5ZKqEx04ZYbM/Zc/lXLV4w9EJuI0ZFswKW1dblvonqbtzv5ffAKnuaHS3DMCqXwAWqu47K6OrBx9GKvK4mO6m0vOsURGtcbSUsKN/FRGkkrYJ+pxVeM53ENqO1IuY9V3V9VbIFykjwmBYa4JznWc4yuDwCr+KBay++ipKRvmFvKSPMEjfEoOuApm9ACzw3dkusM0V/tAwijXgxVT6vsqNOzyy0YXcpl7OSl26UpKG2y/Qd0S8; 25:GZQhZ1orvlfRAGLGxCRuSCO6O9nP8Ln785cYlLPyjfgNJpgJ0F6m4CxGi2Jzv427etGp6cghJ/9LouQ8aQzyucSeMxErzVmYWoqVm22iHW7K3InP/R5tCex1dKaOGInsYl1EkPvSr1hNJceoNSTPvSo3EpMdGT4y+F+yK9u9qZlTxTFckv9b65hZaksq7effZzyeXDbAFFBJFVE9d3F2NRdFet5ZAUgiNJUZ2cEXN6UonfldlG8qw16zSGIG38dQhsxU9Tg0w8rCPHeEfV/WfqpOAs31EIPXluFcMp/vb0krVGkcIZMo03nZMU+Php+4js+zedPdxcXA91JYfIX1IA==; 31:ulYjjLkkdaS+Uu+8aV/ShYKZWJntrBlXspSFHrE+pFxwDA0WpAtevqKBW4B3sFRQe6zw1Y7cS4NJOzISy4rCIjA0uOlN3cIlHESntkDdWVRMUZEXlDm8Gjg8E+rRuJzgzgBE8rZ8VV5/ljR9usq8Am437jd/acI8FiEa2sd5PCngH1G3/r1ooNji5XkxXLdzOuGBImiiMbcs6BBu99tVmcongUDeIYJuJ19rGPFU6I8=
X-MS-TrafficTypeDiagnostic: TY1PR04MB0703:
X-Microsoft-Antispam-PRVS: <TY1PR04MB07039C3DA8C3F36866DF232AB83A0@TY1PR04MB0703.apcprd04.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:(131327999870524);
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040450)(2401047)(5005006)(8121501046)(10201501046)(3002001)(3231022)(93006095)(93001095)(6041248)(20161123558100)(201703131423075)(201703061421075)(20161123562025)(20161123560025)(20161123555025)(20161123564025)(6072148)(201708071742011); SRVR:TY1PR04MB0703; BCL:0; PCL:0; RULEID:(100000803101)(100110400095); SRVR:TY1PR04MB0703;
X-Microsoft-Exchange-Diagnostics: 1; TY1PR04MB0703; 4:ZvJdHJ133cK157c/Wp9BudOq2hI3/AuYIqFyOrVM0HYSBGkW9ZuSEFa8kDdMO2AoOG3miPRQA34fid+VZV9mcuUk/8uhPUjRrIhCBm4A7AbTCjopse4vJVeUIOgXp97D0O+LaV/F1tyHLUQTRePZdMCiaA11R7Igp++Jx+FjmG4d0tIezp7EIqTu+2iYQ016RZ1VXMTfLXZStMQltPrLY4GLAFcKCTg0J7PlvTwc7bxYDvrT+rpSJy14Z6rssOKNUtq8jVM8nBNeKcs0J/0A2TbylMrKFX6ogSIBuX+ovVdR5Ieuin3ZuARuLxd+aN0E
X-Forefront-PRVS: 0505147DDB
X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(6009001)(366004)(346002)(376002)(199003)(189002)(24454002)(377424004)(6116002)(50986999)(47776003)(23726003)(2906002)(66066001)(76176999)(966005)(50466002)(36756003)(25786009)(57306001)(101416001)(6512007)(508600001)(3846002)(105586002)(5660300001)(53936002)(6306002)(7736002)(16526018)(54906003)(305945005)(106356001)(33656002)(97736004)(1720100001)(53416004)(8746002)(4001150100001)(8676002)(81166006)(81156014)(6246003)(8936002)(52116002)(6506006)(1411001)(4326008)(189998001)(6916009)(2950100002)(50226002)(6486002)(86362001)(69596002)(39060400002)(229853002)(53546010)(68736007)(83716003)(6666003)(82746002)(42262002); DIR:OUT; SFP:1101; SCL:1; SRVR:TY1PR04MB0703; H:dhcp202.potaroo.net; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
Received-SPF: None (protection.outlook.com: apnic.net does not designate permitted sender hosts)
X-Microsoft-Exchange-Diagnostics: 1; TY1PR04MB0703; 23:/iPhPZwf2qecSYCIDG+LT8gSrf6JSACXOx7+QygGv1gvuSnNGQet1luYY/R5+VvdAWA/jO26tXLVpZyX9oO5ADBNCZuRHTc3P5ooToec9OnDJ0IbfXH5JH0tNQUVJHyoTBTTpy5QjY6RVLE5yPPHMP2+oq9hkTgpSwLGXMy6epGbThQT5a7bl17foYi+1/1qfZTC3DjzdTRR/vVMS63UA/KejKGac99aiLPCgHq/BlpzYG2PI1KO+1R2xvV4YzkgC3p5k6k7Ja0T5FFP6/rUKMjKQhjg9hdMhBFne1iIJdBxO98kLmsoOkSCMHCONk/k/QGkef2/GpuAWfjgeIq3EN/in0D9EVbGJvb1qbqc6GRDySvIdJj5/spIEzSWRqcyP8TjD20vzApCqPg3S8VvJy7+fIPXmlDvoBacKJfL5zNGoX98VqiRWVleWK8MGcg63AJp06OYoA7+lmlT0H55CLD2a+GXDqWLDHy2ul4bnObQdDmaYxuxbuu9785QhQ/3vb1f6+x4nFMCYyJRn8qnnhi8k9xyvS4sLkR1SiGzXhsolQIhB0ktfLU0X7RUiimoppj7vUSIMPVHcsf1zhZqkQ1nQxh2sJhkr6PucGm5r9eQrn0OWwRHYMWCCRKIHhOJQz4MXvsypT/MJNDGP7Qwg06CvnGHlagORcgL5Rt5ImLwSLEGQLGjUl4PLY0cAfOcB8I+VowpMNYxpbOhOAeVo7ZdGI8XrUiInzz2+dUEW1/16zfSUHqZ05SdTysCGjFQpNjgON20i2e2Zv4g2HFO0jvQshIpPdX56NX6md6kE8dGNony3GdrWhSG16Wb+JDvZGlq2LtDP0nTsoXnx4TeeisLO66NZ8pePfcmIjsgHrvBRfID67f7TGvrqaviZEs6iql2HaG6cdADjUteCJf8YEklMNKQc8uVdqHtXQZOd+V7R7M1j+NfH6tAu7Kr01n5gaBPIP6KIiTnoNmhhHZtfwlj5pdwuL0AZuelRrKwmFx8ZwFcxdBeLAScPOevFWotxh4cnAkfuYJK5H8iacjzR1mkVnQUOORVeDkdCU97mtsNEomnZS/54Drr90A487lA6ipae6RZMH9NGWbdsDO9zw2xyweLyorjHgCmpLJuTM0fbHO3I+F2TSMwHFMDMWa+vDJltqUXMz8SiM7ueKgCrPyXcI1MJWIeQXM6vdgGeWHpvdS/lGbSvbAt1nbAdkrKnzXMHbUsMmSQsc1MbNailB5SYqorVmOKyXWGqmsrDwXw0d8ZfpjeWxT524FB8zDvOygBgJzDEfvED4BXUaASt2n6AhFis30IVoV9Ck3yI2+guYpiSQC28ZQ0DFM3VNgn9KBNHT9EpHENPOeYBauzBez/praHSeSsoWjcoekCILM3ElZeLfYsl//2b21pSn+dIFMDiuX9B3NyJfyNKfEa+sVS8MNX9zBSLsIlx2MQFyM=
X-Microsoft-Exchange-Diagnostics: 1; TY1PR04MB0703; 6:dFsn0gNWctlxdg8oF5PZMDG8iBx9Vrnp1cz8ypzIVoGm9A4nXkh0SbDL4jZJiIujhEzLdBrDLkzK0hdT9BUbvJAy/uDLSTI0lkod+LKqcz2194h3VnV3rD9CywlJJRQDoPh9xDP0GSSypLZVBivzI73a3X9BwPK8QTMaIJPOaxxNq5pZKdY20weTmlgXHmdmGVNZhlezi3ytOqjnPU80ig+8dWa5sr1Ty13miKJp+dKcGg1SSrmP4r3bBeX5i8cb+UGTo95XQfdJvrGQ0S3lafBVdzcv9SURtP/4EQ0uylyb7mteOKaQQ/dkCIfj/XibYQbYA0Pva207DtWsqBT5K+1stBO5bKBTa/wkqU9WwSY=; 5:bmB8XkaeUnizxmAuiVyQDIZ4Puqz7ikUeKTIZ15ZSQgeu7DxfG+5Ai5+m9DLvjG5kmlBNaeTbXwR32ctKFRsr9tp5d6/1vOMT4jXdxVQXPFbJFR2GppSIrLkSSoL3JZxAujiRgVRbYa68WsHYG6sag9lGFe8YKTTzuUlGsX17PQ=; 24:30jR9O5jCu4r+L2AW9BBOX1UXd4fHsfGHeFXYnR+jO5bgQclxeQusRrO9hkK1c8O59c2eIGWowvG76eVWB2rmFw61PPwJJ6XPIcCAXHt2kw=; 7:GaJYshsCrJSOJQVbG0bEfUZ1GEpKxfEcFivAvTUM/oDn+17iLFB4v6H0GRm47iFLibLq3qPlXZgbrINSlY09ycFqEmTsqzf/NEqFzjpvbXLXN3LR91vazLN+FLS+qVztAjNkSzDd8mitFHZhsejaJS0V9Tjy5FzFToUIxPDkVCq5qyoGE3cNyFv8fnzF1pRXK3y83lhKDMpWQNdt9fUbDIWuNJ04liv+552f4gQMeCpE+s0IcsSKmtGMz76Gw8/s
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-OriginatorOrg: apnic.net
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Nov 2017 18:48:07.8039 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: c1668fcc-6482-47be-5005-08d5369092af
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 127d8d0d-7ccf-473d-ab09-6e44ad752ded
X-MS-Exchange-Transport-CrossTenantHeadersStamped: TY1PR04MB0703
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidr/k1OzAxbmseLCcSajHcgwXxQdQLc>
Subject: Re: [sidr] [Editorial Errata Reported] RFC6487 (5187)
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Nov 2017 18:48:20 -0000

the set may be empty - still reject


> On 28 Nov 2017, at 9:30 pm, Nikolai Malykh <nmalykh@gmail.com> wrote:
> 
> May but not must.
> What about certificate that contain IP address set only OR AS number set only (not both)?
> 
> 2017-11-28 13:01 GMT+03:00 Geoff Huston <gih@apnic.net>:
> Reject - in the context of resource certificates the resources may contain
> both IP addresses _AND_ AS numbers.
> 
> 
> 
> > On 28 Nov 2017, at 8:04 pm, RFC Errata System <rfc-editor@rfc-editor.org> wrote:
> >
> > The following errata report has been submitted for RFC6487,
> > "A Profile for X.509 PKIX Resource Certificates".
> >
> > --------------------------------------
> > You may review the report below and at:
> > http://www.rfc-editor.org/errata/eid5187
> >
> > --------------------------------------
> > Type: Editorial
> > Reported by: Nikolai Malykh <nmalykh@gmail.com>
> >
> > Section: 7.1
> >
> > Original Text
> > -------------
> >      encompass
> >         Given two IP address and AS number sets, X and Y, X
> >         "encompasses" Y if, for every contiguous range of IP addresses
> >         or AS numbers elements in set Y, the range element is either
> >         "more specific" than or "equal" to a contiguous range element
> >         within the set X.
> >
> >
> > Corrected Text
> > --------------
> >      encompass
> >         Given two IP address or two AS number sets, X and Y, X
> >         "encompasses" Y if, for every contiguous range of IP addresses
> >         or AS numbers elements in set Y, the range element is either
> >         "more specific" than or "equal" to a contiguous range element
> >         within the set X.
> >
> >
> > Notes
> > -----
> >
> >
> > Instructions:
> > -------------
> > This erratum is currently posted as "Reported". If necessary, please
> > use "Reply All" to discuss whether it should be verified or
> > rejected. When a decision is reached, the verifying party
> > can log in to change the status and edit the report, if necessary.
> >
> > --------------------------------------
> > RFC6487 (draft-ietf-sidr-res-certs-22)
> > --------------------------------------
> > Title               : A Profile for X.509 PKIX Resource Certificates
> > Publication Date    : February 2012
> > Author(s)           : G. Huston, G. Michaelson, R. Loomans
> > Category            : PROPOSED STANDARD
> > Source              : Secure Inter-Domain Routing
> > Area                : Routing
> > Stream              : IETF
> > Verifying Party     : IESG
> 
>

v2.23.0 | Report a Bug | By Email