Re: [sidr] Last Call: <draft-ietf-sidr-rpki-validation-reconsidered-08.txt> (RPKI Validation Reconsidered) to Proposed Standard

"Alvaro Retana (aretana)" <> Wed, 26 July 2017 21:12 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id E7700131471; Wed, 26 Jul 2017 14:12:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -14.523
X-Spam-Status: No, score=-14.523 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id hGXIgOT5m0rt; Wed, 26 Jul 2017 14:12:43 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id E9757131D14; Wed, 26 Jul 2017 14:12:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;;; l=3026; q=dns/txt; s=iport; t=1501103557; x=1502313157; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=cvV8M+HomSm3S7VeKUpP/fMNxfuXvQPHfWZPSHzYsng=; b=hPXEVrzZ7P8rU0sgptZY8WIvikKsKtVmf4ryxF2x9gH0APq6IQ0YgLv6 pw+EAeTSokp3U6XlJbeq2EGVSBt5fkj5CCc+62clgFMMu0qvRblsIHGkR dMlm20GgXRgJr4pxVdiREL9XRhlD5Soq7MLJYKuQ4uNM3PYotjfNcIs8T c=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0BlAQB0BXlZ/5xdJa1dGwEBAQMBAQEJA?= =?us-ascii?q?QEBg1pkbScHjgWnaw6CBC6FGQIagzU/GAECAQEBAQEBAWsdC4UZBiMROgsQAgE?= =?us-ascii?q?IGgIfBwICAjAUARACBA4Fii8QsSOCJotGAQEBAQEBAQEBAQEBAQEBAQEBAQEBG?= =?us-ascii?q?AWBC4Idg02BYSuCeYQ9NoMTMIIxBYcnkDGIAwKHTYcXhTyCDIVQil6VbwEfOIE?= =?us-ascii?q?KdxVbAYU4gU52hncrgQWBDgEBAQ?=
X-IronPort-AV: E=Sophos;i="5.40,416,1496102400"; d="scan'208";a="461204248"
Received: from ([]) by with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 26 Jul 2017 21:12:36 +0000
Received: from ( []) by (8.14.5/8.14.5) with ESMTP id v6QLCaXk032608 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 26 Jul 2017 21:12:36 GMT
Received: from ( by ( with Microsoft SMTP Server (TLS) id 15.0.1210.3; Wed, 26 Jul 2017 16:12:35 -0500
Received: from ([]) by ([]) with mapi id 15.00.1210.000; Wed, 26 Jul 2017 16:12:35 -0500
From: "Alvaro Retana (aretana)" <>
To: "" <>
CC: "" <>, "" <>, "" <>
Thread-Topic: Last Call: <draft-ietf-sidr-rpki-validation-reconsidered-08.txt> (RPKI Validation Reconsidered) to Proposed Standard
Thread-Index: AQHTBkYBBykr1oUDM0WVW2Qz6POQOaJmrAQA
Date: Wed, 26 Jul 2017 21:12:35 +0000
Message-ID: <>
References: <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
user-agent: Microsoft-MacOutlook/f.22.0.170515
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: []
Content-Type: text/plain; charset="utf-8"
Content-ID: <>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <>
Subject: Re: [sidr] Last Call: <draft-ietf-sidr-rpki-validation-reconsidered-08.txt> (RPKI Validation Reconsidered) to Proposed Standard
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Secure Interdomain Routing <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 26 Jul 2017 21:12:46 -0000

Dear sidr WG:

I want to call attention to this Last Call.

The document has undergone significant editorial changes since the WGLC – none of which change the operation or other technical aspects.  The changes are meant mainly to not obsolete the current procedures at this time.

I have asked for an extended IETF Last Call (3 weeks instead of 2) to give the WG time to review.



On 7/26/17, 3:33 PM, " on behalf of The IESG" <> wrote:

The IESG has received a request from the Secure Inter-Domain Routing WG
(sidr) to consider the following document: - 'RPKI Validation Reconsidered'
  <draft-ietf-sidr-rpki-validation-reconsidered-08.txt> as Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits final
comments on this action. Please send substantive comments to the mailing lists by 2017-08-15. Exceptionally, comments may be
sent to instead. In either case, please retain the beginning of
the Subject line to allow automated sorting.


   This document specifies an alternative to the certificate validation
   procedure specified in RFC 6487 that reduces aspects of operational
   fragility in the management of certificates in the RPKI, while
   retaining essential security features.

   The use of this updated procedure is signaled by form of a set of
   alternative Object Identifiers (OIDs) indicating that the alternative
   version of RFC 3779 X.509 Extensions for IP Addresses and AS
   Identifiers, and certificate policy for the Resource Public Key
   Infrastructure (RFC 6484) defined in this document should be used.

   Furthermore this document provides an alternative to ROA (RFC 6482),
   and BGPSec Router Certificate (BGPSec PKI Profiles - publication
   requested) validation.

The file can be obtained via

IESG discussion can be tracked via

No IPR declarations have been submitted directly on this I-D.