Re: [sidr] draft-ietf-sidr-repos-struct to Standards Track

Tim Bruijnzeels <tim@ripe.net> Tue, 19 July 2011 14:25 UTC

Return-Path: <tim@ripe.net>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EC15721F87C5 for <sidr@ietfa.amsl.com>; Tue, 19 Jul 2011 07:25:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Utvj+lqNeMT1 for <sidr@ietfa.amsl.com>; Tue, 19 Jul 2011 07:25:34 -0700 (PDT)
Received: from postgirl.ripe.net (postgirl.ipv6.ripe.net [IPv6:2001:67c:2e8:11::c100:1342]) by ietfa.amsl.com (Postfix) with ESMTP id 12A7021F8588 for <sidr@ietf.org>; Tue, 19 Jul 2011 07:25:34 -0700 (PDT)
Received: from ayeaye.ripe.net ([193.0.23.5]) by postgirl.ripe.net with esmtps (TLSv1:AES256-SHA:256) (Exim 4.72) (envelope-from <tim@ripe.net>) id 1QjBEm-0003cu-HN; Tue, 19 Jul 2011 16:25:29 +0200
Received: from timbru.vpn.ripe.net ([193.0.21.62]) by ayeaye.ripe.net with esmtps (TLSv1:AES128-SHA:128) (Exim 4.72) (envelope-from <tim@ripe.net>) id 1QjBEm-0001bv-4V; Tue, 19 Jul 2011 16:25:28 +0200
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: text/plain; charset="us-ascii"
From: Tim Bruijnzeels <tim@ripe.net>
In-Reply-To: <20110719135956.C8EC033C66F@minas-ithil.hactrn.net>
Date: Tue, 19 Jul 2011 16:25:27 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <6D9FDC97-2A01-4916-B5AF-C25174891FEC@ripe.net>
References: <m239i2pllp.wl%randy@psg.com> <CA4BBB06.17F28%terry.manderson@icann.org> <20110719135956.C8EC033C66F@minas-ithil.hactrn.net>
To: Rob Austein <sra@isc.org>
X-Mailer: Apple Mail (2.1084)
X-RIPE-Spam-Level: ----
X-RIPE-Spam-Report: Spam Total Points: -4.0 points pts rule name description ---- ---------------------- ------------------------------------ -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP -1.1 RP_MATCHES_RCVD Envelope sender domain matches handover relay domain -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000]
X-RIPE-Signature: 784d7acfe6559f2a0b602ec6519a0719ac290000d2169aa1b676ea98ffdf1ab7
Cc: draft-ietf-sidr-repos-struct@tools.ietf.org, sidr@ietf.org
Subject: Re: [sidr] draft-ietf-sidr-repos-struct to Standards Track
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Jul 2011 14:25:35 -0000

On Jul 19, 2011, at 3:59 PM, Rob Austein wrote:

> At Tue, 19 Jul 2011 05:51:50 -0700, Terry Manderson wrote:
>> 
>> The win is to eliminate a threat that has already been identified on the
>> list.
> 
> What threat?  Please describe it.
> 
> The only "threat" I saw discussed is, in my opinion, a non-issue: an
> attacker can mangle filenames in the unprotected data stream, thus
> causing objects to fail validation.  An attacker who can do that can
> also mangle the objects themselves in the unprotected data stream,
> which will also cause the objects to fail validation, so being able to
> change the filenames doesn't give the attacker anything new.
> 
>> The suggestion of adding the mapping/type into the Manifest (while
>> awkward in ietf processing) gives both the mapping result, and
>> removes the CA/Repository threat identified.
> 
> The file types are already in the manifest, because the file types are
> encoded in the filenames, which are in the manifest.

and to add to this:
Objects may appear in the repository but not on the manifest (manifest doc 8.5).
So having the type as a field in the manifest does not help.

I am sorry if I am oversimplifying or missing the point but my impression is that:
- some people don't like file extension mapping for reasons that are not technically convincing to me.
- other people say that having them will actually make it much easier to solve problems between RPs and publishers.

Like I said I am happy to have this mapping as a standard elsewhere if the repos-struct draft has other stuff in it preventing this from going to standards track.

And if we can't have standard I suppose we will just trial-error-parse-it-all and say 'Can't understand your "object"', instead of something useful...

Regards,

Tim