Re: [sidr] WG adoption poll for draft-huston-rpki-validation-01
Rob Austein <sra@hactrn.net> Tue, 29 April 2014 22:01 UTC
Return-Path: <sra@hactrn.net>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ED50D1A09CA for <sidr@ietfa.amsl.com>; Tue, 29 Apr 2014 15:01:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.551
X-Spam-Level:
X-Spam-Status: No, score=-2.551 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.651] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ldFsLYanil96 for <sidr@ietfa.amsl.com>; Tue, 29 Apr 2014 15:01:21 -0700 (PDT)
Received: from adrilankha.hactrn.net (adrilankha.hactrn.net [IPv6:2001:418:1::19]) by ietfa.amsl.com (Postfix) with ESMTP id 95AB91A09E6 for <sidr@ietf.org>; Tue, 29 Apr 2014 15:01:21 -0700 (PDT)
Received: from minas-ithil.hactrn.net (c-50-189-40-138.hsd1.ma.comcast.net [50.189.40.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "nargothrond.hactrn.net", Issuer "Grunchweather Associates" (verified OK)) by adrilankha.hactrn.net (Postfix) with ESMTPS id 6D24F3A61F for <sidr@ietf.org>; Tue, 29 Apr 2014 22:01:20 +0000 (UTC)
Received: from minas-ithil.hactrn.net (localhost [IPv6:::1]) by minas-ithil.hactrn.net (Postfix) with ESMTP id 47384C6B182 for <sidr@ietf.org>; Tue, 29 Apr 2014 18:01:19 -0400 (EDT)
Date: Tue, 29 Apr 2014 18:01:19 -0400
From: Rob Austein <sra@hactrn.net>
To: sidr@ietf.org
In-Reply-To: <BBA7CCE4-1A6C-4D06-A5DC-54B93A1D2202@tislabs.com>
References: <BBA7CCE4-1A6C-4D06-A5DC-54B93A1D2202@tislabs.com>
User-Agent: Wanderlust/2.15.5 (Almost Unreal) Emacs/22.3 Mule/5.0 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka")
Content-Type: text/plain; charset="US-ASCII"
Message-Id: <20140429220119.47384C6B182@minas-ithil.hactrn.net>
Archived-At: http://mailarchive.ietf.org/arch/msg/sidr/n8Wbwm_Fp9XssAFXqZmSn5kA8TE
Subject: Re: [sidr] WG adoption poll for draft-huston-rpki-validation-01
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Apr 2014 22:01:23 -0000
Unfortunately, the binary adopt-or-not question is insufficiently
nuanced for a case like this.
I think the WG needs a work item to explore the issue of decoupling
RFC-3779-style[*] path validation from certificate validation. It may
be that at the end of that process we will decide not to change the
base specification, but in addition to whatever sympathy the WG might
feel for CA operators near the root of the tree, I think there may be
some real issues lurking here with respect to out-of-order validation
problems and we need to explore them further.
I really do not know at this point whether the result of the work we
need to do on this will be a publishable document or not.
I do not support the addition of joins in the RPKI tree, full stop.
The WG chairs asked a couple of specific questions:
> You are asked to indicate if you think that this is work that the wg
> should be doing
Yes, with the proviso that the end result may be a decision to leave
well enough alone, in which case the only thing we might publish would
be a history of our decision not to change anything.
> and whether this draft is an acceptable starting point.
As a problem statement, yes. With no intent to give offense, it's
nowhere near being suitable as an amended specification, but such a
document would be premature at this stage in any case.
Starting with a problem statement seems appropriate, so long as we
retain the option of keeping the current specification. Yes, this
might end up meaning that, after years of work, the WG concludes that
we should not change the specification. Sometimes you have to work on
something for a while before you know whether you should be doing it.
[*] "RFC-3779-style" because, if we change it, it won't be RFC 3779
anymore. It might well reuse all of RFC 3779's syntax and most of
RFC 3779's semantics, but since there is deployed code that thinks
it knows how to validate with the current semantics, at minimum I
would want the hypothetical new thing to use different extnID OID
values to flag the change. So, strictly speaking, this would be a
new set of X.509v3 extensions that just happen to look exactly
like the ones from RFC 3779.
- [sidr] WG adoption poll for draft-huston-rpki-val… Sandra Murphy
- Re: [sidr] WG adoption poll for draft-huston-rpki… Randy Bush
- Re: [sidr] WG adoption poll for draft-huston-rpki… Andy Newton
- Re: [sidr] WG adoption poll for draft-huston-rpki… George Michaelson
- Re: [sidr] WG adoption poll for draft-huston-rpki… Geoff Huston
- Re: [sidr] WG adoption poll for draft-huston-rpki… Mark Kosters
- Re: [sidr] WG adoption poll for draft-huston-rpki… Tim Bruijnzeels
- Re: [sidr] WG adoption poll for draft-huston-rpki… Sofía Silva Berenguer
- Re: [sidr] WG adoption poll for draft-huston-rpki… Sriram, Kotikalapudi
- Re: [sidr] WG adoption poll for draft-huston-rpki… Carlos M. Martinez
- Re: [sidr] WG adoption poll for draft-huston-rpki… Rob Austein
- Re: [sidr] WG adoption poll for draft-huston-rpki… Terry Manderson
- Re: [sidr] WG adoption poll for draft-huston-rpki… Byron Ellacott
- Re: [sidr] WG adoption poll for draft-huston-rpki… Neriah Sossou
- Re: [sidr] WG adoption poll for draft-huston-rpki… Tom Harrison
- Re: [sidr] WG adoption poll for draft-huston-rpki… Karen Seo
- Re: [sidr] WG adoption poll for draft-huston-rpki… Matthew Lepinski
- Re: [sidr] WG adoption poll for draft-huston-rpki… Sandra Murphy