IETF Logo Mail Archive

Re: [sidr] I-D Action: draft-ietf-sidr-lta-use-cases-00.txt

Tim Bruijnzeels <tim@ripe.net> Sat, 08 February 2014 14:33 UTC

Return-Path: <tim@ripe.net>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 20CB61A0323 for <sidr@ietfa.amsl.com>; Sat, 8 Feb 2014 06:33:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.548
X-Spam-Level:
X-Spam-Status: No, score=-0.548 tagged_above=-999 required=5 tests=[RP_MATCHES_RCVD=-0.548] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pG0G84exNMZc for <sidr@ietfa.amsl.com>; Sat, 8 Feb 2014 06:33:54 -0800 (PST)
Received: from kaka.ripe.net (kaka.ripe.net [IPv6:2001:67c:2e8:11::c100:1347]) by ietfa.amsl.com (Postfix) with ESMTP id B9BA81A0322 for <sidr@ietf.org>; Sat, 8 Feb 2014 06:33:54 -0800 (PST)
Received: from titi.ripe.net ([193.0.23.11]) by kaka.ripe.net with esmtps (TLSv1:AES256-SHA:256) (Exim 4.72) (envelope-from <tim@ripe.net>) id 1WC8yW-0006Eo-Jp; Sat, 08 Feb 2014 15:33:55 +0100
Received: from s258-sslvpn-1.ripe.net ([193.0.20.231] helo=vpn-2.ripe.net) by titi.ripe.net with esmtps (TLSv1:AES128-SHA:128) (Exim 4.72) (envelope-from <tim@ripe.net>) id 1WC8yW-0004JZ-Es; Sat, 08 Feb 2014 15:33:44 +0100
Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\))
Content-Type: text/plain; charset="us-ascii"
From: Tim Bruijnzeels <tim@ripe.net>
In-Reply-To: <24B20D14B2CD29478C8D5D6E9CBB29F6940A848A@HSV-MB001.huntsville.ads.sparta.com>
Date: Sat, 08 Feb 2014 15:33:44 +0100
Content-Transfer-Encoding: quoted-printable
Message-Id: <F8D5F608-853E-47BE-9C0F-F54C4208E04F@ripe.net>
References: <20140205235515.22408.47624.idtracker@ietfa.amsl.com> <24B20D14B2CD29478C8D5D6E9CBB29F6940A848A@HSV-MB001.huntsville.ads.sparta.com>
To: "Murphy, Sandra" <Sandra.Murphy@parsons.com>
X-Mailer: Apple Mail (2.1510)
X-RIPE-Spam-Level: ---
X-RIPE-Spam-Report: Spam Total Points: -3.5 points pts rule name description ---- ---------------------- ------------------------------------ -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP -0.6 RP_MATCHES_RCVD Envelope sender domain matches handover relay domain -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000]
X-RIPE-Signature: 784d7acfe6559f2a0b602ec6519a07199728d2a68b592407dabac8b6fc2be810
Cc: "sidr@ietf.org" <sidr@ietf.org>
Subject: Re: [sidr] I-D Action: draft-ietf-sidr-lta-use-cases-00.txt
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 08 Feb 2014 14:33:57 -0000

Hi,

On Feb 6, 2014, at 1:28 AM, "Murphy, Sandra" <Sandra.Murphy@parsons.com> wrote:

> The lta-use-cases draft was motivated as a way to start/guide discussion of the Local Trust Anchor Management draft and the Suspenders draft.
> 
> The question is whether we need both efforts, or only one, and if so, which one.
> 
> So we need to discuss the use cases.  And discuss the two drafts.
> 
> Local Trust Anchor Use Cases: http://tools.ietf.org/html/draft-ietf-sidr-lta-use-cases-00  (below)

Looks like a good starting point to me. Though I had to parse the line about unicorns twice..

> Local Trust Anchor Management: http://tools.ietf.org/html/draft-ietf-sidr-ltamgmt-08

If I understood correctly it was the authors intent to replace the existing ltamgmt document with the new work?

> Suspenders: http://tools.ietf.org/html/draft-kent-sidr-suspenders-00

Fundamentally I think there is a problem in letting a child refer to a third party that can override its parent. I think it just doesn't fit in the hierarchical rpki, and hence all the complexity to deal with history, and trying to separate noise from signal. I appreciate that it's well intended and a lot of thought has gone into this, but in my opinion this is a very complicated way to deal with this.

What I would suggest instead is to go to the third party directly. I think we already have all the building blocks..

This third party can publish a TAL containing resources that it claims to know better. They can then operate a normal CA and publish all the ROAs they see fit, or even act as parent CA using up-down. RPs could be configured to use both TAs and treat them as complementary (i.e. accept the ROAs from both), or exclusive (i.e. ignore the ROAs for the resources listed by third party under any other TA tree), or probably best even: alert the operator and let them choose and set defaults.

To deal with Carol's case, well-known third parties could be set up. If all is well they should have no content, but the key difference is that it would no longer be possible to do a *covert* attack on Carol. I understand that it's re-active rather than pro-active, but I think this is enough to make the attack moot: it's not very effective and it has drawbacks: it degrades trust and thereby security of internet infrastructure. 

Bob can just create a complementary TAL for the private space.

Alice can create a TAL that takes precedence, and have her management's vision of the truth.

All this needs some tooling, but I don't think it needs more standards.

Tim


> 
> --Sandy, speaking as one of the wg co-chairs
> ________________________________________
> From: sidr [sidr-bounces@ietf.org] on behalf of internet-drafts@ietf.org [internet-drafts@ietf.org]
> Sent: Wednesday, February 05, 2014 6:55 PM
> To: i-d-announce@ietf.org
> Cc: sidr@ietf.org
> Subject: [sidr] I-D Action: draft-ietf-sidr-lta-use-cases-00.txt
> 
> A New Internet-Draft is available from the on-line Internet-Drafts directories.
> This draft is a work item of the Secure Inter-Domain Routing Working Group of the IETF.
> 
>        Title           : RPKI Local Trust Anchor Use Cases
>        Author          : Randy Bush
>        Filename        : draft-ietf-sidr-lta-use-cases-00.txt
>        Pages           : 5
>        Date            : 2014-02-05
> 
> Abstract:
>   There are a number of critical circumstances where a localized
>   routing domain needs to augment or modify its view of the Global
>   RPKI.  This document attempts to outline a few of them.
> 
> 
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-ietf-sidr-lta-use-cases/
> 
> There's also a htmlized version available at:
> http://tools.ietf.org/html/draft-ietf-sidr-lta-use-cases-00
> 
> 
> Please note that it may take a couple of minutes from the time of submission
> until the htmlized version and diff are available at tools.ietf.org.
> 
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
> 
> _______________________________________________
> sidr mailing list
> sidr@ietf.org
> https://www.ietf.org/mailman/listinfo/sidr
> _______________________________________________
> sidr mailing list
> sidr@ietf.org
> https://www.ietf.org/mailman/listinfo/sidr

v2.23.0 | Report a Bug | By Email