Re: [sidr] RIR's moving to all resources (0/0) RPKI TA's
John Curran <jcurran@arin.net> Wed, 12 July 2017 11:03 UTC
Return-Path: <jcurran@arin.net>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 835BD131675 for <sidr@ietfa.amsl.com>; Wed, 12 Jul 2017 04:03:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tQhVlP4td_Y0 for <sidr@ietfa.amsl.com>; Wed, 12 Jul 2017 04:03:39 -0700 (PDT)
Received: from smtp2.arin.net (smtp2.arin.net [IPv6:2001:500:110:201::52]) by ietfa.amsl.com (Postfix) with ESMTP id 0CF12131678 for <sidr@ietf.org>; Wed, 12 Jul 2017 04:03:39 -0700 (PDT)
Received: by smtp2.arin.net (Postfix, from userid 323) id 704F539AB; Wed, 12 Jul 2017 07:03:38 -0400 (EDT)
Received: from ASHEDGE02.corp.arin.net (ashedge02.corp.arin.net [199.43.0.123]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp2.arin.net (Postfix) with ESMTPS id 8A09D3979; Wed, 12 Jul 2017 07:03:37 -0400 (EDT)
Received: from CAS02ASH.corp.arin.net (10.4.30.63) by ASHEDGE02.corp.arin.net (199.43.0.123) with Microsoft SMTP Server (TLS) id 15.0.847.32; Wed, 12 Jul 2017 07:03:20 -0400
Received: from CAS01ASH.corp.arin.net (10.4.30.62) by CAS02ASH.corp.arin.net (10.4.30.63) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Wed, 12 Jul 2017 07:03:25 -0400
Received: from CAS01ASH.corp.arin.net ([fe80::4803:bd5b:dc93:20f6]) by CAS01ASH.corp.arin.net ([fe80::4803:bd5b:dc93:20f6%18]) with mapi id 15.00.1210.000; Wed, 12 Jul 2017 07:03:25 -0400
From: John Curran <jcurran@arin.net>
To: Randy Bush <randy@psg.com>
CC: sidr <sidr@ietf.org>
Thread-Topic: [sidr] RIR's moving to all resources (0/0) RPKI TA's
Thread-Index: AQHS+u3BNxE2sF9fbU+7ct0eA4E6wqJQSieA
Date: Wed, 12 Jul 2017 11:03:24 +0000
Message-ID: <851E48AE-90C3-4BD5-8A34-310050C212A8@arin.net>
References: <30FCD56B-818B-4D1E-B3F3-D2A3E2850D6E@arin.net> <m27ezevxkq.wl-randy@psg.com>
In-Reply-To: <m27ezevxkq.wl-randy@psg.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [199.43.0.124]
Content-Type: text/plain; charset="utf-8"
Content-ID: <CAC61293AD2717469439AE552D41D2E1@corp.arin.net>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidr/lwCObzRSK9KXjtd6GFvAPrXXIfU>
Subject: Re: [sidr] RIR's moving to all resources (0/0) RPKI TA's
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Jul 2017 11:03:40 -0000
On 12 Jul 2017, at 5:00 AM, Randy Bush <randy@psg.com> wrote: > >> FYI. While excellent progress is ongoing with the alternative >> algorithm specified in draft-ietf-sidr-rpki-validation-reconsidered, >> it is worth noting that the RIRs will presently be moving to all >> resource RPKI TA’s to help mitigate the risk of massive downstream >> invalidation that would occur in the case of inconsistencies under >> present validation algorithm: > > what continues to amuse me is that all these contortions address rir > failures we have not seen; while the failures we have seen (ee cert in > manifest expiration timing, etc.) have not been systematically > addressed. Randy - While your amusement is not the primary goal of the system, it does serve as a good reminder that there is more work to be done. This change shouldn’t be viewed as anything other than one small step in the journey of making RPKI services more robust. Thanks, /John