Re: [sidr] draft-ietf-sidr-repos-struct to Standards Track

[Andrew Chi <achi@bbn.com>]

On 7/20/2011 11:03 PM, Terry Manderson wrote:
>
> On 21/07/11 2:15 AM, "Rob Austein"<sra@isc.org>  wrote:
>
>> At Tue, 19 Jul 2011 14:03:18 -0700, Terry Manderson wrote:
>>>
>>> Rob's observation that the extension exists in the manifest file name is a
>>> close approximation provided words exist as highlighted which gives clear
>>> instruction to implementers as to
>>> 1) make the first approximation of validation regime on the filename in the
>>> _manifest_
>>> 2) then try all others
>>> 3) give up.
>>
>> Sorry, wrong.  Attempt validation based on the filename type; if that
>> fails, the object is toast regardless of whether the filename appears
>> in the manifest or not.  Don't expect the RP to play guessing games.
>
> You wouldn't check the manifest? The manifest seems like the hinge point to
> me.

As another implementer, I agree with Rob.

Manifests cannot solve everything.  They detect when an expected file is 
NOT present.  If you try to use them as a comprehensive listing, you run 
into tons of gray areas.  I'll refrain from rehashing the discussion in 
the other thread about manifests, but you can insert that here.

Therefore, the BBN validator does the only thing sensible, which is 
validate based on filename and certificate chain.  After that, we check 
against the manifest and emit a warning if it doesn't look right.  And 
we provide the user with configuration flags to control the output of 
validator: does he want output from the "perfect" ROAs only (with 
perfect manifests all the way up the chain), or is some level of 
grayness acceptable.

Manifests are murky, especially when you misuse them.  Filename 
extensions are not.

-Andrew