Re: [sidr] I-D Action: draft-ietf-sidr-rpki-tree-validation-01.txt

Oleg Muravskiy <oleg@ripe.net> Fri, 08 July 2016 23:04 UTC

Return-Path: <oleg@ripe.net>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3DBBA12D8D2; Fri, 8 Jul 2016 16:04:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.326
X-Spam-Level:
X-Spam-Status: No, score=-8.326 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-1.426] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F1MJpGOdq27z; Fri, 8 Jul 2016 16:04:57 -0700 (PDT)
Received: from molamola.ripe.net (molamola.ripe.net [IPv6:2001:67c:2e8:11::c100:1371]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 525B712D7EF; Fri, 8 Jul 2016 16:04:57 -0700 (PDT)
Received: from titi.ripe.net ([193.0.23.11]) by molamola.ripe.net with esmtps (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.84) (envelope-from <oleg@ripe.net>) id 1bLepK-0001kN-C4; Sat, 09 Jul 2016 01:04:55 +0200
Received: from dog.ripe.net ([193.0.1.217] helo=[IPv6:::1]) by titi.ripe.net with esmtps (TLSv1:AES256-SHA:256) (Exim 4.72) (envelope-from <oleg@ripe.net>) id 1bLepJ-0005Em-4r; Sat, 09 Jul 2016 01:04:53 +0200
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\))
Content-Type: text/plain; charset=us-ascii
From: Oleg Muravskiy <oleg@ripe.net>
In-Reply-To: <20160708225123.32075.21604.idtracker@ietfa.amsl.com>
Date: Sat, 9 Jul 2016 01:04:52 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <100F7109-D601-478A-959D-7260AC21A31A@ripe.net>
References: <20160708225123.32075.21604.idtracker@ietfa.amsl.com>
To: internet-drafts@ietf.org
X-Mailer: Apple Mail (2.2104)
X-ACL-Warn: Delaying message
X-RIPE-Spam-Level: ----------
X-RIPE-Spam-Report: Spam Total Points: -10.7 points pts rule name description ---- ---------------------- ------------------------------------ -7.5 ALL_TRUSTED Passed through trusted hosts only via SMTP -1.3 RP_MATCHES_RCVD Envelope sender domain matches handover relay domain -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000]
X-RIPE-Signature: c408758d4ce2e8eb06762a65a3365b74edf8ea5ddad4c9bfeb490374f2683c87
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidr/qGDTH4OH2dThmWjVAjGxLus-Lq8>
Cc: sidr@ietf.org, i-d-announce@ietf.org
Subject: Re: [sidr] I-D Action: draft-ietf-sidr-rpki-tree-validation-01.txt
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Jul 2016 23:04:59 -0000

This is an update to the draft-ietf-sidr-rpki-tree-validation.

No major changes, mostly clarifications that address comments from Steve Kent, and additional information as requested at the previous WG session.  Hope this version is more clear and close to final.


Oleg


> On 09 Jul 2016, at 00:51, internet-drafts@ietf.org wrote:
> 
> 
> A New Internet-Draft is available from the on-line Internet-Drafts directories.
> This draft is a work item of the Secure Inter-Domain Routing of the IETF.
> 
>        Title           : RPKI Certificate Tree Validation by a Relying Party Tool
>        Authors         : Oleg Muravskiy
>                          Tim Bruijnzeels
> 	Filename        : draft-ietf-sidr-rpki-tree-validation-01.txt
> 	Pages           : 12
> 	Date            : 2016-07-08
> 
> Abstract:
>   This document describes the approach to validate the content of the
>   RPKI certificate tree, as used by the RIPE NCC RPKI Validator.  This
>   approach is independent of a particular object retrieval mechanism.
>   This allows it to be used with repositories available over the rsync
>   protocol, the RPKI Repository Delta Protocol, and repositories that
>   use a mix of both.
> 
>   This algorithm does not rely on content of repository directories,
>   but uses the Authority Key Identifier (AKI) field of a manifest and a
>   certificate revocation list (CRL) objects to discover manifest and
>   CRL objects issued by a particular Certificate Authority (CA).  It
>   further uses the hashes of manifest entries to discover other objects
>   issued by the CA.
> 
> 
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-ietf-sidr-rpki-tree-validation/
> 
> There's also a htmlized version available at:
> https://tools.ietf.org/html/draft-ietf-sidr-rpki-tree-validation-01
> 
> A diff from the previous version is available at:
> https://www.ietf.org/rfcdiff?url2=draft-ietf-sidr-rpki-tree-validation-01
> 
> 
> Please note that it may take a couple of minutes from the time of submission
> until the htmlized version and diff are available at tools.ietf.org.
> 
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
> 
> _______________________________________________
> sidr mailing list
> sidr@ietf.org
> https://www.ietf.org/mailman/listinfo/sidr
>