Re: [sidr] [Technical Errata Reported] RFC8416 (7080)
Ties de Kock <tdekock@ripe.net> Mon, 22 August 2022 08:47 UTC
Return-Path: <tdekock@ripe.net>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5497DC1526F4; Mon, 22 Aug 2022 01:47:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ripe.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id siQlrM6uit1y; Mon, 22 Aug 2022 01:47:39 -0700 (PDT)
Received: from molamola.ripe.net (molamola.ripe.net [193.0.19.113]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8FF44C1526E6; Mon, 22 Aug 2022 01:47:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ripe.net; s=s1-ripe-net; h=To:Cc:Date:Subject:Mime-Version:Content-Type:Message-Id:From ; bh=GJ14si2nVgFtcUxJmgxGlH7j0Skiw/EqT6om1V4Y+pU=; b=AK+KUgzllDjlpq+tCbzrtKZf SQHurUh3LU+IjUAUvVGR/pQMiKhUaDKD3Jwd02c0hMW4u4Y6cpGzpWUkPoZmP7wslJYoCNv3GyRUq L3nzvSL4gQNj5XkPoPurmpbkmhdwUGxXmVWghPj9/Z9kDREUSY/DxczTweqv4o9AebNa5eq71jOwn 5QHlmHmd3ADv1DUQ7pAPIGxXuhPYg/cUlSt4gK0MK3egqjpZktbmPEu12i4FMH8Vr6tdguWHHTyth 0lFIKoKb+weOdXlIrrwVr9POsSrYLuVglylJ9HStoK76G4VeC3NDzMQ/Iw2WGXpiFiOJG+N26hkZP xZOH0K0GrQ==;
Received: from bufobufo.ripe.net ([2001:67c:2e8:23::c100:170d]:48698) by molamola.ripe.net with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <tdekock@ripe.net>) id 1oQ35c-0008SJ-ME; Mon, 22 Aug 2022 10:47:20 +0200
Received: from sslvpn.ipv6.ripe.net ([2001:67c:2e8:9::c100:14e6] helo=smtpclient.apple) by bufobufo.ripe.net with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <tdekock@ripe.net>) id 1oQ35c-0006jz-FS; Mon, 22 Aug 2022 08:47:20 +0000
From: Ties de Kock <tdekock@ripe.net>
Message-Id: <63DB38A9-D503-4566-92F3-21D8A3FA3D68@ripe.net>
Content-Type: multipart/alternative; boundary="Apple-Mail=_399ED721-7182-473B-9607-E95DAD8ED2A4"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.120.41.1.1\))
Date: Mon, 22 Aug 2022 10:47:16 +0200
In-Reply-To: <6E03D553-6499-403E-B38A-6233A9DF6A9F@nlnetlabs.nl>
Cc: Warren Kumari <warren@kumari.net>, Ben Maddison <benm=40workonline.africa@dmarc.ietf.org>, RFC Errata System <rfc-editor@rfc-editor.org>, sidr@ietf.org, SIDR Operations WG <sidrops@ietf.org>, Chris Morrow <morrowc@ops-netman.net>, andrew-ietf@liquid.tech, jgs@juniper.net, david@mandelberg.org
To: Tim Bruijnzeels <tim@nlnetlabs.nl>
References: <20220810210643.1A9504C29D@rfcpa.amsl.com> <20220810212520.ateioe73xzawcldf@benm-laptop> <CAHw9_i+5Sy1A5Hi7NHcoQctLDBbsorPCz3y0ctDs3K7vL1j-Jw@mail.gmail.com> <6E03D553-6499-403E-B38A-6233A9DF6A9F@nlnetlabs.nl>
X-Mailer: Apple Mail (2.3696.120.41.1.1)
X-RIPE-Signature: 059faafd1cc22ebb05e1592c815fe1e1df96649438ed109394d554d68f7c44a7
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidr/md4e8h2cnN-zLl8Ic5Hpg9YROuA>
Subject: Re: [sidr] [Technical Errata Reported] RFC8416 (7080)
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Aug 2022 08:47:43 -0000
Hi Tim, all, > On 22 Aug 2022, at 10:29, Tim Bruijnzeels <tim@nlnetlabs.nl> wrote: > > Hi Warren, all, > > I (co-author) agree that this was an oversight. I have no objections to the change. > > However.. I haven't checked, but beware that current implementations might fail to parse the file if a "comment" member is added here, if they are (overly) strict. I expect that most will simply ignore this member. Perhaps it's wise that this is verified before finalising the errata. I checked two implementations. The (archived) RIPE NCC validator accepts a comment field in bgpsecAssertions. StayRTR does not parse the bgpsecAssertions structure and I expect it to ignore additional attributes. However, if there are any compliant implementations, following section 3.1, they would not accept a file that incorporates that follows the change proposed in this erratum: > ... An RP MUST consider any deviations from the specifications to > be errors. I think we need to keep this in mind when discussing this erratum. Kind regards, Ties > > Tim > >> On 21 Aug 2022, at 17:57, Warren Kumari <warren@kumari.net <mailto:warren@kumari.net>> wrote: >> >> >> Dear SIDROPS, at al, >> >> I believe that this Errata is correct, and I intends to mark it Verified unless I hear a clear objection by this Friday (August 26th). >> >> W >> >> >> >> On Wed, Aug 10, 2022 at 5:25 PM, Ben Maddison <benm=40workonline.africa@dmarc.ietf.org> wrote: >> Adding sidrops@ >> >> On 08/10, RFC Errata System wrote: >> >> The following errata report has been submitted for RFC8416, >> "Simplified Local Internet Number Resource Management with the RPKI (SLURM)". >> >> -------------------------------------- >> You may review the report below and at: >> https://www.rfc-editor.org/errata/eid7080 >> >> -------------------------------------- >> Type: Technical >> Reported by: Ben Maddison <benm@workonline.africa> >> >> Section: 3.4.2 >> >> Original Text >> ------------- >> The above is expressed as a value of the "bgpsecAssertions" member, as an array of zero or more objects. Each object MUST contain one each of all of the following members: >> >> o An "asn" member, whose value is a number. >> >> o An "SKI" member, whose value is the Base64 encoding without trailing '=' (Section 5 of [RFC4648]) of the certificate's Subject Key Identifier as described in Section 4.8.2 of [RFC6487] (This is the value of the ASN.1 OCTET STRING without the ASN.1 tag or length fields.) >> >> o A "routerPublicKey" member, whose value is the Base64 encoding without trailing '=' (Section 5 of [RFC4648]) of the equivalent to the subjectPublicKeyInfo value of the router certificate's public key, as described in [RFC8208]. This is the full ASN.1 DER encoding of the subjectPublicKeyInfo, including the ASN.1 tag and length values of the subjectPublicKeyInfo SEQUENCE. >> >> Corrected Text >> -------------- >> The above is expressed as a value of the "bgpsecAssertions" member, as an array of zero or more objects. Each object MUST contain one each of all of the following members: >> >> o An "asn" member, whose value is a number. >> >> o An "SKI" member, whose value is the Base64 encoding without trailing '=' (Section 5 of [RFC4648]) of the certificate's Subject Key Identifier as described in Section 4.8.2 of [RFC6487] (This is the value of the ASN.1 OCTET STRING without the ASN.1 tag or length fields.) >> >> o A "routerPublicKey" member, whose value is the Base64 encoding without trailing '=' (Section 5 of [RFC4648]) of the equivalent to the subjectPublicKeyInfo value of the router certificate's public key, as described in [RFC8208]. This is the full ASN.1 DER encoding of the subjectPublicKeyInfo, including the ASN.1 tag and length values of the subjectPublicKeyInfo SEQUENCE. >> >> In addition, each object MAY contain one optional "comment" member, whose value is a string. >> >> Notes >> ----- >> The "comment" member is allowed to appear in every other structure defined by the document, and was clearly intended to be allowed here too, since it appears in the examples presented in sections 3.4.2 and 3.5 >> >> Instructions: >> ------------- >> This erratum is currently posted as "Reported". If necessary, please use "Reply All" to discuss whether it should be verified or rejected. When a decision is reached, the verifying party can log in to change the status and edit the report, if necessary. >> >> -------------------------------------- >> RFC8416 (draft-ietf-sidr-slurm-08) >> -------------------------------------- >> Title : Simplified Local Internet Number Resource Management with the RPKI (SLURM) Publication Date : August 2018 >> Author(s) : D. Ma, D. Mandelberg, T. Bruijnzeels Category : PROPOSED STANDARD >> Source : Secure Inter-Domain Routing >> Area : Routing >> Stream : IETF >> Verifying Party : IESG >> >> _______________________________________________ >> sidr mailing list >> sidr@ietf.org >> https://www.ietf.org/mailman/listinfo/sidr >> >> >> _______________________________________________ >> sidr mailing list >> sidr@ietf.org <mailto:sidr@ietf.org> >> https://www.ietf.org/mailman/listinfo/sidr <https://www.ietf.org/mailman/listinfo/sidr> > > _______________________________________________ > sidr mailing list > sidr@ietf.org <mailto:sidr@ietf.org> > https://www.ietf.org/mailman/listinfo/sidr <https://www.ietf.org/mailman/listinfo/sidr>
- [sidr] [Technical Errata Reported] RFC8416 (7080) RFC Errata System
- Re: [sidr] [Technical Errata Reported] RFC8416 (7… Ben Maddison
- Re: [sidr] [Technical Errata Reported] RFC8416 (7… Warren Kumari
- Re: [sidr] [Technical Errata Reported] RFC8416 (7… Tim Bruijnzeels
- Re: [sidr] [Technical Errata Reported] RFC8416 (7… Ben Maddison
- Re: [sidr] [Technical Errata Reported] RFC8416 (7… Ties de Kock
- Re: [sidr] [Sidrops] [Technical Errata Reported] … Job Snijders
- Re: [sidr] [Sidrops] [Technical Errata Reported] … Job Snijders
- Re: [sidr] [Sidrops] [Technical Errata Reported] … Di Ma