Re: [sidr] [Sidrops] [Technical Errata Reported] RFC6482 (7525)

Job Snijders <job@fastly.com> Wed, 31 May 2023 17:41 UTC

Return-Path: <jsnijders@fastly.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EA179C152564 for <sidr@ietfa.amsl.com>; Wed, 31 May 2023 10:41:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.093
X-Spam-Level:
X-Spam-Status: No, score=-2.093 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=fastly.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YpzH3zeX8PS7 for <sidr@ietfa.amsl.com>; Wed, 31 May 2023 10:41:35 -0700 (PDT)
Received: from mail-oo1-xc2d.google.com (mail-oo1-xc2d.google.com [IPv6:2607:f8b0:4864:20::c2d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 96FE3C152F1C for <sidr@ietf.org>; Wed, 31 May 2023 10:39:24 -0700 (PDT)
Received: by mail-oo1-xc2d.google.com with SMTP id 006d021491bc7-558565cc58fso551063eaf.0 for <sidr@ietf.org>; Wed, 31 May 2023 10:39:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastly.com; s=google; t=1685554763; x=1688146763; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=WyG8VjZasStj1p4J2xAu/rJZF8zLVuBchWmy2nfM538=; b=sRsSUJaJiiILFpRzN4Lmnd7n271ZUJ3dO04TjXQsKgNKAdtb/sgC3aHC7rt8dilzDZ AZFCPEO4di4c9YVhwN3BOUisy6FuPGUnKjBmchgG9fvNjG61T6/BHIYT47bkBsQPIBEn YVtoKV/bSefXyVRCsE42wpJWHzkG49Lvz3BCI=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1685554763; x=1688146763; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=WyG8VjZasStj1p4J2xAu/rJZF8zLVuBchWmy2nfM538=; b=RdU8XWX+p9DDxg3mFj/LWR/WGzoImwogjYiTnKYQWwPHV2T/TdFxeHqDxLcwqzWKMx 8Yc9I+yW02TFKh8PfGfFe2vKTdcIE23bEaSAV9q/5iSCZb4R6p13Aqyz+CVhz/3snu4m BjGs/pZXVWWA7ytd5ogzke1qWP40ocaS9IJ55yBtzAzV0MenI9KlhcgS/7B8r2aj0rWw pjvUPmWZnv328OPNAQVXxi+sivvXATRWZI4GivexfMX5O3PsH6AHyYWjISARtyWwHhrW ZuzjfH6p5WyNGEYCFSZ9LUb+aEEnYtw+6wtRWe8mwCrwhJZzIiLlFxO5xqpH1t6dmYJy e4YQ==
X-Gm-Message-State: AC+VfDys7NmyhJAJnLKemvE1+ROiiAuhGxG/dYQLGtKFD9fNa0ZSFf0E QSX6AvESNu0OUgnTRNaVoNmjvtCyXw96ySXDvO00Jw==
X-Google-Smtp-Source: ACHHUZ63GIkbpp6p6ncb9XFP2IwtXPw27i4adIlZYkjvrRu1zsHaFUwO9kiZbqN2UlsAuPs6VY+kyhW6YO0V1ebYf6M=
X-Received: by 2002:a4a:378a:0:b0:555:722e:3ca with SMTP id r132-20020a4a378a000000b00555722e03camr3804652oor.5.1685554763566; Wed, 31 May 2023 10:39:23 -0700 (PDT)
MIME-Version: 1.0
References: <20230526184930.82A2255D5E@rfcpa.amsl.com> <14822925-681F-44D9-AE5C-3BC00E140674@juniper.net>
In-Reply-To: <14822925-681F-44D9-AE5C-3BC00E140674@juniper.net>
From: Job Snijders <job@fastly.com>
Date: Wed, 31 May 2023 19:39:12 +0200
Message-ID: <CAMFGGcBzaSxgfOobDqt4_1Rq10GeoikDQd=gWV7ZUrzzMYZ3PQ@mail.gmail.com>
To: John Scudder <jgs=40juniper.net@dmarc.ietf.org>
Cc: Alvaro Retana <aretana.ietf@gmail.com>, Andrew Alston <andrew-ietf@liquid.tech>, Chris Morrow <morrowc@ops-netman.net>, Jim Guichard <james.n.guichard@futurewei.com>, "dkong@bbn.com" <dkong@bbn.com>, "kent@alum.mit.edu" <kent@alum.mit.edu>, "mlepinski.ietf@gmail.com" <mlepinski.ietf@gmail.com>, "sachaboudjema@gmail.com" <sachaboudjema@gmail.com>, "sandy@tislabs.com" <sandy@tislabs.com>, "sidr@ietf.org" <sidr@ietf.org>, "sidrops@ietf.org" <sidrops@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000eeb8af05fd00ccdb"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidr/qIT_7kTrBiDW66XZH2nEoTJQY8A>
Subject: Re: [sidr] [Sidrops] [Technical Errata Reported] RFC6482 (7525)
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 May 2023 17:41:39 -0000

Dear John,

I think the report is correct, and it seems we already resolved it in the
-bis effort:
https://www.ietf.org/archive/id/draft-ietf-sidrops-rfc6482bis-03.html

Section 4.3.1 of the -bis contains the same sentence the errata report
proposed “The addresses field represents prefixes as a sequence of type
ROAIPAddress.”

The new description of ROAIPAddress also emphasises the “address” field
contains a single prefix.

It would be good to confirm with the reporter whether the description in
the -bis document matches their understanding of the ASN.1 notation.

If the -bis document as-is matches their understanding, it might mean that
multiple people independently observed a discrepancy in the original RFC.
:-)

Kind regards,

Job

Ps. There is an “addresses” field in one structure, and in another
structure an “address” field. :-)

On Wed, 31 May 2023 at 19:01, John Scudder <jgs=40juniper.net@dmarc.ietf.org>
wrote:

> +sidrops
>
> The substance of the erratum is:
>
> - The sentence "The addresses field represents prefixes as a sequence of
> type ROAIPAddress” is added at the end of the first paragraph.
>
> This seems like an OK change although not a necessary one. If verified,
> it’d be as editorial Hold For Document Update. It doesn’t seem like it adds
> much to the spec, so I’m not inclined to verify it but could be talked into
> it.
>
> - In the second paragraph:
>         - “a ROAIPAddress structure” -> “the ROAIPAddress structure” (“a”
> becomes “the”)
>         - The ROAIPAddress structure changes from a sequence of IPAddress,
> to a single IPaddress (capitalization sic)
>
> The submitter says this change would align the prose description with the
> ASN.1. However, I don’t see that — I’m hardly an ASN.1 expert, but on the
> face of it, this (from Appendix A, also present in Section 3) looks like a
> sequence, not a singleton. The word “sequence” is right there, in ALL CAPS
> even.
>
>    ROAIPAddress ::= SEQUENCE {
>       address IPAddress,
>       maxLength INTEGER OPTIONAL }
>
> As far as I can tell, this change is wrong and should be rejected.
>
> I would appreciate a second opinion from someone more conversant with the
> RFC and associated technology than I am before I reject it.
>
> —John
>
> > On May 26, 2023, at 2:49 PM, RFC Errata System <
> rfc-editor@rfc-editor.org> wrote:
> >
> >
> > The following errata report has been submitted for RFC6482,
> > "A Profile for Route Origin Authorizations (ROAs)".
> >
> > --------------------------------------
> > You may review the report below and at:
> >
> https://urldefense.com/v3/__https://www.rfc-editor.org/errata/eid7525__;!!NEt6yMaO-gk!GngQXDPNfl9uVTFUdN8h1LmYMMzXgBRp-NQTdsuPLKBo7KLOI4k9kFTNxaLsmnpNBXUj3GVFEfbA57aSAEPHFg$
> >
> > --------------------------------------
> > Type: Technical
> > Reported by: Sacha Boudjema  <sachaboudjema@gmail.com>

>
> > Section: 3.3
> >
> > Original Text
> > -------------
> > Within the ROAIPAddressFamily structure, addressFamily contains the
> Address Family Identifier (AFI) of an IP address family.  This
> specification only supports IPv4 and IPv6.  Therefore, addressFamily MUST
> be either 0001 or 0002.
> >
> > Within a ROAIPAddress structure, the addresses field represents prefixes
> as a sequence of type IPAddress.  (See [RFC3779] for more details).  If
> present, the maxLength MUST be an integer ...
> >
> >
> > Corrected Text
> > --------------
> > Within the ROAIPAddressFamily structure, addressFamily contains the
> Address Family Identifier (AFI) of an IP address family.  This
> specification only supports IPv4 and IPv6.  Therefore, addressFamily MUST
> be either 0001 or 0002. The addresses field represents prefixes as a
> sequence of type ROAIPAddress.
> >
> > Within the ROAIPAddress structure, the address field represents an IPv4
> or IPv6 prefix of type IPaddress (See [RFC3779] for more details).  If
> present, the maxLength MUST be an integer ...
> >
> > Notes
> > -----
> > Original text contradicts does not align with normative ASN.1 schema.
> >
> > Instructions:
> > -------------
> > This erratum is currently posted as "Reported". If necessary, please
> > use "Reply All" to discuss whether it should be verified or
> > rejected. When a decision is reached, the verifying party
> > can log in to change the status and edit the report, if necessary.
> >
> > --------------------------------------
> > RFC6482 (draft-ietf-sidr-roa-format-12)
> > --------------------------------------
> > Title               : A Profile for Route Origin Authorizations (ROAs)
> > Publication Date    : February 2012
> > Author(s)           : M. Lepinski, S. Kent, D. Kong
> > Category            : PROPOSED STANDARD
> > Source              : Secure Inter-Domain Routing
> > Area                : Routing
> > Stream              : IETF
> > Verifying Party     : IESG
>
> _______________________________________________
> Sidrops mailing list
> Sidrops@ietf.org
> https://www.ietf.org/mailman/listinfo/sidrops
>