Re: [sidr] I-D Action: draft-ietf-sidr-rpki-rtr-23.txt

Danny McPherson <danny@tcb.net> Wed, 11 January 2012 04:13 UTC

Return-Path: <danny@tcb.net>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D060211E8083 for <sidr@ietfa.amsl.com>; Tue, 10 Jan 2012 20:13:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Fbuygu+np3Ry for <sidr@ietfa.amsl.com>; Tue, 10 Jan 2012 20:13:21 -0800 (PST)
Received: from dog.tcb.net (dog.tcb.net [64.78.150.133]) by ietfa.amsl.com (Postfix) with ESMTP id 5168D11E8080 for <sidr@ietf.org>; Tue, 10 Jan 2012 20:13:21 -0800 (PST)
Received: by dog.tcb.net (Postfix, from userid 0) id E08CF368199; Tue, 10 Jan 2012 21:13:18 -0700 (MST)
Received: from new-host-9.home (pool-98-118-240-226.clppva.fios.verizon.net [98.118.240.226]) (authenticated-user smtp) (TLSv1/SSLv3 AES128-SHA 128/128) by dog.tcb.net with SMTP; Tue, 10 Jan 2012 21:13:18 -0700 (MST) (envelope-from danny@tcb.net)
X-Avenger: version=0.7.8; receiver=dog.tcb.net; client-ip=98.118.240.226; client-port=63352; syn-fingerprint=65535:48:1:64:M1460,N,W3,N,N,T,S MacOS 10.4.8; data-bytes=0
Mime-Version: 1.0 (Apple Message framework v1251.1)
Content-Type: text/plain; charset=us-ascii
From: Danny McPherson <danny@tcb.net>
In-Reply-To: <m21ur7nf7k.wl%randy@psg.com>
Date: Tue, 10 Jan 2012 23:13:03 -0500
Content-Transfer-Encoding: 7bit
Message-Id: <5A64D71D-F778-450A-9BAC-BCC78C93A021@tcb.net>
References: <20120109151153.7946.29762.idtracker@ietfa.amsl.com> <m24nw4syc0.wl%randy@psg.com> <6855CE88-68E6-49BE-94D0-EA19ACE07F69@tcb.net> <p06240803cb32917ccb3c@[172.20.8.192]> <m21ur7nf7k.wl%randy@psg.com>
To: Randy Bush <randy@psg.com>
X-Mailer: Apple Mail (2.1251.1)
Cc: sidr wg list <sidr@ietf.org>
Subject: Re: [sidr] I-D Action: draft-ietf-sidr-rpki-rtr-23.txt
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Jan 2012 04:13:21 -0000

On Jan 10, 2012, at 9:30 PM, Randy Bush wrote:

> with a little work, i can usually understand geoff's.  the above seems
> to spend all of it's power budget on trying to appear erudite, and the
> result is quite unintelligible to at least this st00pid geek.

Erudite is a fine choice of words here, I was hoping it'd 
lead to corrections from those more learned.  I ask that 
you please indulge me Randy, I suspect you've already 
got this all figured out.  

Let me ask a couple questions, that may help me resolve 
my confusions with this.

Do you foresee rpki-rtr being "augmented" for router on-
boarding of additional RPKI-derived data to enable things 
like those provided in the BGPSEC protocol document, e.g., 
S.5 of bgpsec-protocol I-D:

[snip]

5.  Processing a Received BGPSEC Update

   Validation of a BGPSEC update messages makes use of data from RPKI
   certificates and signed Route Origination Authorizations (ROA).  In
   particular, to validate update messages containing the
   BGPSEC_Path_Signatures attribute, it is necessary that the recipient
   have access to the following data obtained from valid RPKI
   certificates and ROAs:

   o  For each valid RPKI end-entity certificate containing an AS Number
      extension, the AS Number, Public Key and Subject Key Identifier
      are required

   o  For each valid ROA, the AS Number and the list of IP address
      prefixes

[/snip]

I labeled these things prospectively [more] volatile than current 
rpki-rtr "stuff", that may or may not be appropriate.
 
If this is the intention, then have you selected the publication 
dates for the documents that "augment" this brand new rpki-rtr 
protocol, I'd like to know when I need to factor those documents 
as well? 

A general observation is that while this piecemeal draft 
progression approach appears well designed to pass IETF 
publication gates, I'm not sure it's optimal for considering 
systemic and inter-dependency implications.

Alas...

> but i think danny is happy with the changes.  and if danny is happy, i
> guess i am.

Excellent...


-danny