Re: [sidr] I-D Action: draft-ietf-sidr-rpki-rtr-23.txt

Danny McPherson <> Wed, 11 January 2012 04:13 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id D060211E8083 for <>; Tue, 10 Jan 2012 20:13:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id Fbuygu+np3Ry for <>; Tue, 10 Jan 2012 20:13:21 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 5168D11E8080 for <>; Tue, 10 Jan 2012 20:13:21 -0800 (PST)
Received: by (Postfix, from userid 0) id E08CF368199; Tue, 10 Jan 2012 21:13:18 -0700 (MST)
Received: from new-host-9.home ( []) (authenticated-user smtp) (TLSv1/SSLv3 AES128-SHA 128/128) by with SMTP; Tue, 10 Jan 2012 21:13:18 -0700 (MST) (envelope-from
X-Avenger: version=0.7.8;; client-ip=; client-port=63352; syn-fingerprint=65535:48:1:64:M1460,N,W3,N,N,T,S MacOS 10.4.8; data-bytes=0
Mime-Version: 1.0 (Apple Message framework v1251.1)
Content-Type: text/plain; charset="us-ascii"
From: Danny McPherson <>
In-Reply-To: <>
Date: Tue, 10 Jan 2012 23:13:03 -0500
Content-Transfer-Encoding: 7bit
Message-Id: <>
References: <> <> <> <p06240803cb32917ccb3c@[]> <>
To: Randy Bush <>
X-Mailer: Apple Mail (2.1251.1)
Cc: sidr wg list <>
Subject: Re: [sidr] I-D Action: draft-ietf-sidr-rpki-rtr-23.txt
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 11 Jan 2012 04:13:21 -0000

On Jan 10, 2012, at 9:30 PM, Randy Bush wrote:

> with a little work, i can usually understand geoff's.  the above seems
> to spend all of it's power budget on trying to appear erudite, and the
> result is quite unintelligible to at least this st00pid geek.

Erudite is a fine choice of words here, I was hoping it'd 
lead to corrections from those more learned.  I ask that 
you please indulge me Randy, I suspect you've already 
got this all figured out.  

Let me ask a couple questions, that may help me resolve 
my confusions with this.

Do you foresee rpki-rtr being "augmented" for router on-
boarding of additional RPKI-derived data to enable things 
like those provided in the BGPSEC protocol document, e.g., 
S.5 of bgpsec-protocol I-D:


5.  Processing a Received BGPSEC Update

   Validation of a BGPSEC update messages makes use of data from RPKI
   certificates and signed Route Origination Authorizations (ROA).  In
   particular, to validate update messages containing the
   BGPSEC_Path_Signatures attribute, it is necessary that the recipient
   have access to the following data obtained from valid RPKI
   certificates and ROAs:

   o  For each valid RPKI end-entity certificate containing an AS Number
      extension, the AS Number, Public Key and Subject Key Identifier
      are required

   o  For each valid ROA, the AS Number and the list of IP address


I labeled these things prospectively [more] volatile than current 
rpki-rtr "stuff", that may or may not be appropriate.
If this is the intention, then have you selected the publication 
dates for the documents that "augment" this brand new rpki-rtr 
protocol, I'd like to know when I need to factor those documents 
as well? 

A general observation is that while this piecemeal draft 
progression approach appears well designed to pass IETF 
publication gates, I'm not sure it's optimal for considering 
systemic and inter-dependency implications.


> but i think danny is happy with the changes.  and if danny is happy, i
> guess i am.