Re: [sidr] Opsdir last call review of draft-ietf-sidrops-rtr-keying-02

Sean Turner <sean@sn3rd.com> Wed, 16 January 2019 04:56 UTC

Return-Path: <sean@sn3rd.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 149E01310EA for <sidr@ietfa.amsl.com>; Tue, 15 Jan 2019 20:56:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nDbFe68s_5H7 for <sidr@ietfa.amsl.com>; Tue, 15 Jan 2019 20:56:06 -0800 (PST)
Received: from mail-ed1-x534.google.com (mail-ed1-x534.google.com [IPv6:2a00:1450:4864:20::534]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D71661310DA for <sidr@ietf.org>; Tue, 15 Jan 2019 20:56:02 -0800 (PST)
Received: by mail-ed1-x534.google.com with SMTP id g22so4368715edr.7 for <sidr@ietf.org>; Tue, 15 Jan 2019 20:56:02 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=OM8K5ltrNqyCLXOQs/z7H2b/ogWyaHFUZI5GsnTwJzs=; b=gx9cTe6e1YMq53VIL+13LCaLMAQCBWms131TiqgNfgxIY4+H/dG/G56SCr8DBSbLiR ORcIr7gJwf2HGwHUal1DPIHfd4dHoNA5KHgdaC9wGDX4uK3EHeKvjFVejXygz74eOv9m mibXSTN4TWR3UKKrYVjktUYo5zZhdk/+8Kqs4=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=OM8K5ltrNqyCLXOQs/z7H2b/ogWyaHFUZI5GsnTwJzs=; b=a2HL2WDyRLtnxtO8RNkipIhB1Ugc45uqgY4NBwPNO0WJZs61ZVxSLw32sXknd3JhK0 iSx1YrucFpqqK+hEFlLbC6BIQFjnhVSHcrjKfMhepKjwTFG6+JcC1GgqbFM3n2JGCvlV VV2WBXvUZqE8nymOiV+B0pWJ06RJ2G9UZVpmoTItoTO3get2qCkUXLnd/PPghrpixdPR ZNumr/wEc5AhP2n4pOibH4uVGAtZ2Vkftrf3fzoN53LRZXy8cWSVgxaFfCYCtldaffDw 9pQPDUnBFiaY7p+V6ExFbRAAHBuV33ZQTcN4W0sNI2vFa7pY/3xWF1+tb+HJSxMlff5H H6mA==
X-Gm-Message-State: AJcUukePXdxLUUnkbpxtST6w85W+j7I5JnGOEIBPp2mlJdgIQP2MvPmc HbbBFZJZj2JcIXppnnfyZqzARA==
X-Google-Smtp-Source: ALg8bN7Cx75KVm+gGsMruCyBitUDVzEHzjNm9+Sap9PeF6X1MQQKGERJ25lQA+gBiTQTVXz2PUFVow==
X-Received: by 2002:aa7:d684:: with SMTP id d4mr5685349edr.59.1547614561152; Tue, 15 Jan 2019 20:56:01 -0800 (PST)
Received: from [5.5.33.23] (vpn.snozzages.com. [204.42.252.17]) by smtp.gmail.com with ESMTPSA id k26-v6sm3011536ejv.59.2019.01.15.20.55.57 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 15 Jan 2019 20:56:00 -0800 (PST)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 12.2 \(3445.102.3\))
From: Sean Turner <sean@sn3rd.com>
In-Reply-To: <CAL9jLaa3T72oJZCm0pHpjjkf3AXY2Fz5sk+7ZFC=_BzGMTYEbg@mail.gmail.com>
Date: Tue, 15 Jan 2019 20:55:57 -0800
Cc: SIDROps Chairs <sidrops-chairs@ietf.org>, ops-dir <ops-dir@ietf.org>, IETF Discuss <ietf@ietf.org>, SIDR Operations WG <sidrops@ietf.org>, sidr@ietf.org, draft-ietf-sidrops-rtr-keying.all@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <0D959FE6-928D-48E0-B748-A372F67F8B96@sn3rd.com>
References: <154582975877.9431.8940530526143232465@ietfa.amsl.com> <m28t0cgyay.wl-randy@psg.com> <AF37EC12-1CA0-40B2-9224-698AF44B6286@sobco.com> <CAHw9_i+hbRwUjccD3-Q7-fzgNsb5HZpv64YUhmiwd_cwKGCYRA@mail.gmail.com> <CAL9jLaa3T72oJZCm0pHpjjkf3AXY2Fz5sk+7ZFC=_BzGMTYEbg@mail.gmail.com>
To: Christopher Morrow <morrowc.lists@gmail.com>, Warren Kumari <warren@kumari.net>, Scott Bradner <sob@sobco.com>
X-Mailer: Apple Mail (2.3445.102.3)
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidr/v5mvFBYGPZVwuAZjcCg5CkKFKjQ>
Subject: Re: [sidr] Opsdir last call review of draft-ietf-sidrops-rtr-keying-02
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Jan 2019 04:56:10 -0000

Apologies for just finding this now …

I seem to remember a WG discussion about whether this draft should be BCP or ST.  We discussed BCP addressing both what the IETF wanted to be the best practice as well as what is the actual current practice.  Since BGPsec was/is new it was/is hard to say it fell in the latter bucket and there was at least one person who felt that the router and operator driven methods weren’t the way to go in the future (hence why there is s8 the "advanced deployment scenarios” section).  So the WG said go ST and because this draft has exhausted me we just changed it to ST.  I will note that the SECDIR and RTGDIR both had this same comment it seems like we’re back to BCP.  I think there was another message somewhere about changing this to BCP so I will do that in -03 unless I hear otherwise.

spt

> On Dec 26, 2018, at 08:29, Christopher Morrow <morrowc.lists@gmail.com>; wrote:
> 
> BCP seems like a fine answer here, I'm not remembering why we would have swapped to ST from BCP.
> 
> On Wed, Dec 26, 2018 at 11:12 AM Warren Kumari <warren@kumari.net>; wrote:
> [ + Sandy, Alvaro ]
> 
> On Wed, Dec 26, 2018 at 9:51 AM Scott Bradner <sob@sobco.com>; wrote:
> that use of a MUST is commendable but its not exactly an interoperability issue 
> 
> to me “must” works in this case (and the other cases in this document)
> 
> but, that said, 2119 has been misused for kinda a long time so its not a new sin
> 
> 
> This document has a long history -- it was originally a product of the SIDR Working Group (as draft-ietf-sidr-rtr-keying), and only moved over to SIDROPS recently, when SIDR closed down (https://datatracker.ietf.org/wg/sidr/about/).
> 
> The document was originally a BCP (https://datatracker.ietf.org/doc/draft-ietf-sidr-rtr-keying/09/), but was changed to Standards Track in -10 (https://www.ietf.org/archive/id/draft-ietf-sidr-rtr-keying-10.txt).
> 
> 
> I have gone back through the agenda and minutes for IETF 92 (https://datatracker.ietf.org/doc/agenda-92-sidr/), IETF 93 (https://datatracker.ietf.org/doc/agenda-93-sidr/) and IETF 94 (https://datatracker.ietf.org/doc/agenda-94-sidr/). 
> I also went back and watched the video recordings from IETF 94: https://youtu.be/fElkBi4UMEA?t=2397 and wasn't able to find any discussion of why the change was made, but I *was* able to find some changes made between -09 and -10 which seem to be the outcome of those discussions. 
> 
> Authors / SIDROPS [0] & SIDR / chairs -  can y'all remember why the track change was made? 
> 
> Whatever the case, the IETF LC was done as Standards Track (a higher level), and so it could always be "downgraded" to BCP / informational during IESG Eval.
> I personally think it "feels" like BCP, but I don't have full history / inherited the document and don't want to be arbitrarily making changes.
> 
> 
> W
> [0]: SIDROPS and SIDR participant overlap is almost 100%.
> 
> 
>  
> Scott
> 
> > On Dec 26, 2018, at 9:25 AM, Randy Bush <randy@psg.com>; wrote:
> > 
> > mornin’ scott,
> > 
> >> it is hard to see why it should be standards track or why it should 
> >> be using RFC 2119 type terminology.
> > 
> > these are two separate issues.  
> > 
> > alvaro and the chairs can adjudicate what flavor of ice cream it should
> > be.  it my memory says it was a wg decision.  i really do not care.
> > 
> > as to 2119 language, i kinda feel it should remain.  it is used
> > sparingly. but is crucial when used.  e.g.
> > 
> >      all private keys MUST be protected when at rest in a secure
> >      fashion.
> > 
> > i suspect we would want to keep that strongly prescriptive; but it is
> > not a hill on which i am interested in dying.
> > 
> > randy
> 
> 
> 
> -- 
> I don't think the execution is relevant when it was obviously a bad idea in the first place.
> This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants.
>    ---maf
> _______________________________________________
> sidr mailing list
> sidr@ietf.org
> https://www.ietf.org/mailman/listinfo/sidr