IETF Logo Mail Archive

Re: [sidr] draft-ietf-sidr-repos-struct to Standards Track

Sandra Murphy <Sandra.Murphy@sparta.com> Tue, 19 July 2011 14:37 UTC

Return-Path: <Sandra.Murphy@cobham.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 26E6921F85F2 for <sidr@ietfa.amsl.com>; Tue, 19 Jul 2011 07:37:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.811
X-Spam-Level:
X-Spam-Status: No, score=-101.811 tagged_above=-999 required=5 tests=[AWL=0.788, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AIdTb-j3tCTo for <sidr@ietfa.amsl.com>; Tue, 19 Jul 2011 07:37:51 -0700 (PDT)
Received: from M4.sparta.com (M4.sparta.com [157.185.61.2]) by ietfa.amsl.com (Postfix) with ESMTP id 673A321F85AA for <sidr@ietf.org>; Tue, 19 Jul 2011 07:37:50 -0700 (PDT)
Received: from Beta5.sparta.com (beta5.sparta.com [157.185.63.21]) by M4.sparta.com (8.13.5/8.13.5) with ESMTP id p6JEbnFJ008917; Tue, 19 Jul 2011 09:37:49 -0500
Received: from mailbin2.ads.sparta.com (mailbin.sparta.com [157.185.85.6]) by Beta5.sparta.com (8.13.8/8.13.8) with ESMTP id p6JEblIg027398; Tue, 19 Jul 2011 09:37:47 -0500
Received: from SMURPHY-LT.columbia.ads.sparta.com ([157.185.81.116]) by mailbin2.ads.sparta.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.4675); Tue, 19 Jul 2011 10:37:46 -0400
Date: Tue, 19 Jul 2011 10:37:46 -0400
From: Sandra Murphy <Sandra.Murphy@sparta.com>
To: Tim Bruijnzeels <tim@ripe.net>
In-Reply-To: <6D9FDC97-2A01-4916-B5AF-C25174891FEC@ripe.net>
Message-ID: <Pine.WNT.4.64.1107191036260.6484@SMURPHY-LT.columbia.ads.sparta.com>
References: <m239i2pllp.wl%randy@psg.com> <CA4BBB06.17F28%terry.manderson@icann.org> <20110719135956.C8EC033C66F@minas-ithil.hactrn.net> <6D9FDC97-2A01-4916-B5AF-C25174891FEC@ripe.net>
X-X-Sender: sandy@mailbin.sparta.com
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"; format="flowed"
X-OriginalArrivalTime: 19 Jul 2011 14:37:46.0944 (UTC) FILETIME=[6D5AE400:01CC4621]
Cc: Rob Austein <sra@isc.org>, draft-ietf-sidr-repos-struct@tools.ietf.org, sidr@ietf.org
Subject: Re: [sidr] draft-ietf-sidr-repos-struct to Standards Track
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Jul 2011 14:37:52 -0000

On Tue, 19 Jul 2011, Tim Bruijnzeels wrote:

>
> On Jul 19, 2011, at 3:59 PM, Rob Austein wrote:
>
>> At Tue, 19 Jul 2011 05:51:50 -0700, Terry Manderson wrote:
>>>
>>> The win is to eliminate a threat that has already been identified on the
>>> list.
>>
>> What threat?  Please describe it.
>>
>> The only "threat" I saw discussed is, in my opinion, a non-issue: an
>> attacker can mangle filenames in the unprotected data stream, thus
>> causing objects to fail validation.  An attacker who can do that can
>> also mangle the objects themselves in the unprotected data stream,
>> which will also cause the objects to fail validation, so being able to
>> change the filenames doesn't give the attacker anything new.
>>
>>> The suggestion of adding the mapping/type into the Manifest (while
>>> awkward in ietf processing) gives both the mapping result, and
>>> removes the CA/Repository threat identified.
>>
>> The file types are already in the manifest, because the file types are
>> encoded in the filenames, which are in the manifest.
>
> and to add to this:
> Objects may appear in the repository but not on the manifest (manifest doc 8.5).
> So having the type as a field in the manifest does not help.
>
> I am sorry if I am oversimplifying or missing the point but my impression is that:
> - some people don't like file extension mapping for reasons that are not technically convincing to me.
> - other people say that having them will actually make it much easier to solve problems between RPs and publishers.
>
> Like I said I am happy to have this mapping as a standard elsewhere if the repos-struct draft has other stuff in it preventing this from going to standards track.


A process reminder here.  Several other documents point to the 
repos-struct draft, some of them specifically regarding the file 
extensions.  Separating out the tagging into a separate document could 
mean some serious review of multiple documents.

--Sandy, speaking as wg chair



>
> And if we can't have standard I suppose we will just trial-error-parse-it-all and say 'Can't understand your "object"', instead of something useful...
>


> Regards,
>
> Tim
> _______________________________________________
> sidr mailing list
> sidr@ietf.org
> https://www.ietf.org/mailman/listinfo/sidr
>

v2.23.0 | Report a Bug | By Email