Re: [sidr] Current document status && directionz

David Conrad <drc@virtualized.org> Thu, 08 September 2016 17:39 UTC

Return-Path: <drc@virtualized.org>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A6F8C12B294 for <sidr@ietfa.amsl.com>; Thu, 8 Sep 2016 10:39:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=virtualized-org.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K9kZsR6qNV46 for <sidr@ietfa.amsl.com>; Thu, 8 Sep 2016 10:39:28 -0700 (PDT)
Received: from mail-pa0-x231.google.com (mail-pa0-x231.google.com [IPv6:2607:f8b0:400e:c03::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EBED512B03F for <sidr@ietf.org>; Thu, 8 Sep 2016 10:39:27 -0700 (PDT)
Received: by mail-pa0-x231.google.com with SMTP id cm16so19467182pac.0 for <sidr@ietf.org>; Thu, 08 Sep 2016 10:39:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=virtualized-org.20150623.gappssmtp.com; s=20150623; h=date:from:to:cc:message-id:in-reply-to:references:subject :mime-version; bh=CbqfG9A7ugwSXWWbO62tLOlsUD7ffmH1iJ0R5wrAkY4=; b=EhjDYVUQf8C7bXUjJUxhVV4DpoJRMCddndERsqgI2igOr6lfDWvHCnI3lklIpMDSkb A1T+2OJa3UHFBrVBBuGQAhJ5ZDSYsfpqUBgoco7iyC+2lRpXtCYecU9GqiP8wTIQq/XI W9mCSDCPwsLcg8S7ThMjjpLB3JqQPi0okk0+jwL7KWsvq8bKcfJhKAL9E/Vtphr+JXkU 8ITFIf8KTr0P3eNJPXN+mlZp6auEeUfbKnAVZImG9T++xlLe1U/Sg7RJr/myxzK508J5 uPbVojHu2R1HN15+KYhhpaF9+NyOx84lcp3wXJkarFmsKXHdkyJMjiTEK0TbW4YKclQU muqQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:date:from:to:cc:message-id:in-reply-to :references:subject:mime-version; bh=CbqfG9A7ugwSXWWbO62tLOlsUD7ffmH1iJ0R5wrAkY4=; b=WFx4D8bzV55nnI2ys5iCqRFOUVok0IAvAB4JmnyFhzOdYNubzUNP9QmmqebaNln7Wu u2FL5+buOuMVgblAgi8gvT273bJ3BtWKsFBnfUyHcrM+jYsEvtMHovus0qI4xd4DR1b8 +cvK+qy9hK6D0o8vHIjDOKmjCFrzn+MbH/vA6bdcgLxFddBj7xjHLi+5WX9eFIZClsS5 YqwO14zRuHLLOalpoUX9N3dqGsEXjP5EDnfXzc48Rucqi+zhxazxtVk4y8F34Kmvd6Wg ujaBFsPfUBzee/hopO+VAmTbKPUZrX5MAkLWt02MxO8zaQ5cn8qECgrrJcT57ku0h8SO qAIg==
X-Gm-Message-State: AE9vXwPxS0uqjBzT8CeS0ahJLjYLLktCpLzSlnpKBbbksmHF/3Zq+hB0BTliJhNbCpE0Ow==
X-Received: by 10.66.182.167 with SMTP id ef7mr1477345pac.128.1473356367486; Thu, 08 Sep 2016 10:39:27 -0700 (PDT)
Received: from DACO-4417.local.mail ([72.234.167.101]) by smtp.gmail.com with ESMTPSA id yu7sm57956349pab.45.2016.09.08.10.39.25 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 08 Sep 2016 10:39:26 -0700 (PDT)
Date: Thu, 08 Sep 2016 07:39:23 -1000
From: David Conrad <drc@virtualized.org>
To: Christopher Morrow <morrowc.lists@gmail.com>
Message-ID: <etPan.57d1a24b.58365fa2.1a2d@virtualized.org>
In-Reply-To: <CAL9jLabwQQzigJF1=36dY7uWVcHSBKBmRC8DLd4pv1F1i0PZJg@mail.gmail.com>
References: <yj9ooa46aumt.wl%morrowc@ops-netman.net> <AAE3F119-98A3-4618-BBFB-76F921316BD1@gmail.com> <349cb6ac-f4fe-29e5-b01f-3223b14e47de@gmail.com> <m2shteszs3.wl-randy@psg.com> <0a66024b-5cae-1abb-dc53-b11c1e35cdeb@bbn.com> <20160906220000.F1005420823A@minas-ithil.hactrn.net> <CAL9jLaYLJ2_1Dj9BtpQBa+Ta+BrGdvNpHHfFgrRxQ6SVo-6RXw@mail.gmail.com> <20160907040720.769594208DBB@minas-ithil.hactrn.net> <CAL9jLabwQQzigJF1=36dY7uWVcHSBKBmRC8DLd4pv1F1i0PZJg@mail.gmail.com>
X-Mailer: Airmail (382)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="A6B4569A-0ECD-40C0-B133-0CD42E39F507"; protocol="application/pgp-signature"; micalg="pgp-sha512"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidr/koC7Da73Sp2Np76bHTXbQsfpO2E>
Cc: "sidr@ietf.org" <sidr@ietf.org>
Subject: Re: [sidr] Current document status && directionz
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Sep 2016 17:39:30 -0000

Chris,

On September 7, 2016 at 4:42:21 AM, Christopher Morrow (morrowc.lists@gmail.com) wrote:
I don't disagree that running a CA is 'simple'... I think though that if the RIRs are in a position where there won't be a single root above them 'for a while' (it's been ~10 yrs at this point) but they feel they need to move forward with something, is this direction acceptable? is it better to document that decision and it's gotchas than to not move forward at all? or to 'continue waiting for the single root' to arrive?
For blood pressure spiking reasons, I have been trying to keep out of this discussion, but this put me over the edge.

As far as I am aware, ICANN as the IANA Internet Numbering Functions Operator, has been and continues to be willing to provide RPKI "single root" services. In point of fact, ages ago, I personally authorized non-trivial expenditures (including hiring staff) to set up and deploy a working RPKI root pilot to allow the RIRs to test working with a single root as directed by the IAB in https://www.iab.org/documents/correspondence-reports-documents/docs2010/iab-statement-on-the-rpki/:

"Thus, the IAB strongly recommends a single root aligned with the root of the address allocation hierarchy (now part of the IANA function). "

After said testbed deployment, I was informed that none of the RIRs were interested in participating in the tests.

I will admit a high level of amazement and not a small amount of disappointment at the fascinating level of complexity being created in order to avoid a single root.

This is not technical.  

Regards,
-drc