Re: [sidr] WG adoption poll for draft-huston-rpki-validation-01
Rob Austein <sra@hactrn.net> Tue, 29 April 2014 22:01 UTC
Return-Path: <sra@hactrn.net>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ED50D1A09CA for <sidr@ietfa.amsl.com>; Tue, 29 Apr 2014 15:01:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.551
X-Spam-Level:
X-Spam-Status: No, score=-2.551 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.651] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ldFsLYanil96 for <sidr@ietfa.amsl.com>; Tue, 29 Apr 2014 15:01:21 -0700 (PDT)
Received: from adrilankha.hactrn.net (adrilankha.hactrn.net [IPv6:2001:418:1::19]) by ietfa.amsl.com (Postfix) with ESMTP id 95AB91A09E6 for <sidr@ietf.org>; Tue, 29 Apr 2014 15:01:21 -0700 (PDT)
Received: from minas-ithil.hactrn.net (c-50-189-40-138.hsd1.ma.comcast.net [50.189.40.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "nargothrond.hactrn.net", Issuer "Grunchweather Associates" (verified OK)) by adrilankha.hactrn.net (Postfix) with ESMTPS id 6D24F3A61F for <sidr@ietf.org>; Tue, 29 Apr 2014 22:01:20 +0000 (UTC)
Received: from minas-ithil.hactrn.net (localhost [IPv6:::1]) by minas-ithil.hactrn.net (Postfix) with ESMTP id 47384C6B182 for <sidr@ietf.org>; Tue, 29 Apr 2014 18:01:19 -0400 (EDT)
Date: Tue, 29 Apr 2014 18:01:19 -0400
From: Rob Austein <sra@hactrn.net>
To: sidr@ietf.org
In-Reply-To: <BBA7CCE4-1A6C-4D06-A5DC-54B93A1D2202@tislabs.com>
References: <BBA7CCE4-1A6C-4D06-A5DC-54B93A1D2202@tislabs.com>
User-Agent: Wanderlust/2.15.5 (Almost Unreal) Emacs/22.3 Mule/5.0 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka")
Content-Type: text/plain; charset="US-ASCII"
Message-Id: <20140429220119.47384C6B182@minas-ithil.hactrn.net>
Archived-At: http://mailarchive.ietf.org/arch/msg/sidr/n8Wbwm_Fp9XssAFXqZmSn5kA8TE
Subject: Re: [sidr] WG adoption poll for draft-huston-rpki-validation-01
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Apr 2014 22:01:23 -0000
Unfortunately, the binary adopt-or-not question is insufficiently nuanced for a case like this. I think the WG needs a work item to explore the issue of decoupling RFC-3779-style[*] path validation from certificate validation. It may be that at the end of that process we will decide not to change the base specification, but in addition to whatever sympathy the WG might feel for CA operators near the root of the tree, I think there may be some real issues lurking here with respect to out-of-order validation problems and we need to explore them further. I really do not know at this point whether the result of the work we need to do on this will be a publishable document or not. I do not support the addition of joins in the RPKI tree, full stop. The WG chairs asked a couple of specific questions: > You are asked to indicate if you think that this is work that the wg > should be doing Yes, with the proviso that the end result may be a decision to leave well enough alone, in which case the only thing we might publish would be a history of our decision not to change anything. > and whether this draft is an acceptable starting point. As a problem statement, yes. With no intent to give offense, it's nowhere near being suitable as an amended specification, but such a document would be premature at this stage in any case. Starting with a problem statement seems appropriate, so long as we retain the option of keeping the current specification. Yes, this might end up meaning that, after years of work, the WG concludes that we should not change the specification. Sometimes you have to work on something for a while before you know whether you should be doing it. [*] "RFC-3779-style" because, if we change it, it won't be RFC 3779 anymore. It might well reuse all of RFC 3779's syntax and most of RFC 3779's semantics, but since there is deployed code that thinks it knows how to validate with the current semantics, at minimum I would want the hypothetical new thing to use different extnID OID values to flag the change. So, strictly speaking, this would be a new set of X.509v3 extensions that just happen to look exactly like the ones from RFC 3779.
- [sidr] WG adoption poll for draft-huston-rpki-val… Sandra Murphy
- Re: [sidr] WG adoption poll for draft-huston-rpki… Randy Bush
- Re: [sidr] WG adoption poll for draft-huston-rpki… Andy Newton
- Re: [sidr] WG adoption poll for draft-huston-rpki… George Michaelson
- Re: [sidr] WG adoption poll for draft-huston-rpki… Geoff Huston
- Re: [sidr] WG adoption poll for draft-huston-rpki… Mark Kosters
- Re: [sidr] WG adoption poll for draft-huston-rpki… Tim Bruijnzeels
- Re: [sidr] WG adoption poll for draft-huston-rpki… Sofía Silva Berenguer
- Re: [sidr] WG adoption poll for draft-huston-rpki… Sriram, Kotikalapudi
- Re: [sidr] WG adoption poll for draft-huston-rpki… Carlos M. Martinez
- Re: [sidr] WG adoption poll for draft-huston-rpki… Rob Austein
- Re: [sidr] WG adoption poll for draft-huston-rpki… Terry Manderson
- Re: [sidr] WG adoption poll for draft-huston-rpki… Byron Ellacott
- Re: [sidr] WG adoption poll for draft-huston-rpki… Neriah Sossou
- Re: [sidr] WG adoption poll for draft-huston-rpki… Tom Harrison
- Re: [sidr] WG adoption poll for draft-huston-rpki… Karen Seo
- Re: [sidr] WG adoption poll for draft-huston-rpki… Matthew Lepinski
- Re: [sidr] WG adoption poll for draft-huston-rpki… Sandra Murphy