Re: [sidr] On 0/0 at the 5 TAs - Some comments on the motivations

Sandra Murphy <sandy@tislabs.com> Thu, 08 September 2016 23:17 UTC

Return-Path: <sandy@tislabs.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 744AB12B29E for <sidr@ietfa.amsl.com>; Thu, 8 Sep 2016 16:17:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.409
X-Spam-Level:
X-Spam-Status: No, score=-3.409 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-1.508, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hLyRo_9Gt8OH for <sidr@ietfa.amsl.com>; Thu, 8 Sep 2016 16:17:36 -0700 (PDT)
Received: from walnut.tislabs.com (walnut.tislabs.com [192.94.214.200]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6163212B218 for <sidr@ietf.org>; Thu, 8 Sep 2016 16:17:36 -0700 (PDT)
Received: from nova.tislabs.com (unknown [10.66.1.77]) by walnut.tislabs.com (Postfix) with ESMTP id B1D3C28B0048; Thu, 8 Sep 2016 19:17:35 -0400 (EDT)
Received: from [127.0.0.1] (localhost.localdomain [127.0.0.1]) by nova.tislabs.com (Postfix) with ESMTP id A0DD91F8036; Thu, 8 Sep 2016 19:17:35 -0400 (EDT)
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\))
Content-Type: multipart/signed; boundary="Apple-Mail=_7E689BFB-E1E1-4F48-9277-76428475572B"; protocol="application/pgp-signature"; micalg=pgp-sha512
X-Pgp-Agent: GPGMail
From: Sandra Murphy <sandy@tislabs.com>
In-Reply-To: <1839617E-8453-4A26-9A4A-7428EE887CF5@gmail.com>
Date: Thu, 8 Sep 2016 19:17:27 -0400
Message-Id: <D0405488-0530-4E44-B408-2C1E833B1722@tislabs.com>
References: <85DF97DE-0EFD-4002-8EDE-83C3B6CB8E8F@gmail.com> <20160908153701.F0CA0420E4D8@minas-ithil.hactrn.net> <1839617E-8453-4A26-9A4A-7428EE887CF5@gmail.com>
To: "Carlos M. Martinez" <carlosm3011@gmail.com>
X-Mailer: Apple Mail (2.2104)
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidr/vqqDbbYiX5gk2bMXCh6NB4L4-QU>
Cc: sidr@ietf.org, Rob Austein <sra@hactrn.net>, Sandra Murphy <sandy@tislabs.com>
Subject: Re: [sidr] On 0/0 at the 5 TAs - Some comments on the motivations
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Sep 2016 23:17:38 -0000

speaking as a regular ol’ member:

> On Sep 8, 2016, at 11:57 AM, Carlos M. Martinez <carlosm3011@gmail.com> wrote:
> 
> Hi Rob,
> 
> I’ll let each RIR answer for themselves. In our case (LACNIC), we don’t support up/down. We’ve had a very rough implementation of a ‘parent’ CA for a while, but since there is essentially no demand for it from our members, the project always gets down-prioritized.
> 
> If the GTA was to gain any traction, we’d commit resources accordingly in order to support it from the ‘child’ side.
> 
> In short: it’s not the availability of up-down what has stalled the GTA.

If you had a client side implementation, then if a GTA did get established, you would be able to interact with the GTA for certification of your resources -- immediately.

That may also be why Rob asked his question, I dunno.  It’s why I was interested in the answers.

I think you have said “not yet, but we would 'commit resources accordingly’ ", which is reassuring.  It could mean “make this our highest priority, bar none”.  Good to know.  Of course, it might mean something quite different.

—Sandy, speaking as regular ol’ member

> 
> tks!
> 
> Carlos
> 
> On 8 Sep 2016, at 12:37, Rob Austein wrote:
> 
>> Hi, Carlos.  Technical question:
>> 
>> Do the current RIR CA implementations support the client role of the
>> "up-down" provisioning protocol, and, if so, has there been any recent
>> interop testing of this, either against other RIR CA implementations
>> or against mine?
>> 
>> APNIC's original implementation did support it.  I think RIPE's
>> implementation sort of supported it at one point but they did not
>> consider it production-ready.  Dunno about the others, and all of this
>> was a while ago, haven't heard much about it recently.
>> 
>> _______________________________________________
>> sidr mailing list
>> sidr@ietf.org
>> https://www.ietf.org/mailman/listinfo/sidr
> 
> _______________________________________________
> sidr mailing list
> sidr@ietf.org
> https://www.ietf.org/mailman/listinfo/sidr