Re: [sidr] draft-ietf-sidr-repos-struct to Standards Track

Terry Manderson <terry.manderson@icann.org> Mon, 18 July 2011 04:08 UTC

Return-Path: <terry.manderson@icann.org>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0AF4021F8B00 for <sidr@ietfa.amsl.com>; Sun, 17 Jul 2011 21:08:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.45
X-Spam-Level:
X-Spam-Status: No, score=-106.45 tagged_above=-999 required=5 tests=[AWL=0.149, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yPTVx3+Cndwt for <sidr@ietfa.amsl.com>; Sun, 17 Jul 2011 21:08:43 -0700 (PDT)
Received: from EXPFE100-1.exc.icann.org (expfe100-1.exc.icann.org [64.78.22.236]) by ietfa.amsl.com (Postfix) with ESMTP id 95CF021F8AFE for <sidr@ietf.org>; Sun, 17 Jul 2011 21:08:43 -0700 (PDT)
Received: from EXVPMBX100-1.exc.icann.org ([64.78.22.232]) by EXPFE100-1.exc.icann.org ([64.78.22.236]) with mapi; Sun, 17 Jul 2011 21:08:43 -0700
From: Terry Manderson <terry.manderson@icann.org>
To: Stephen Kent <kent@bbn.com>
Date: Sun, 17 Jul 2011 21:08:41 -0700
Thread-Topic: [sidr] draft-ietf-sidr-repos-struct to Standards Track
Thread-Index: AcxE9LHLE87ArBHcRkGCvfOHvH4ciwAC67S5
Message-ID: <CA49EEE9.17E21%terry.manderson@icann.org>
In-Reply-To: <p06240804ca494c3744bd@[198.18.176.250]>
Accept-Language: en-US
Content-Language: en
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: Rob Austein <sra@isc.org>, "draft-ietf-sidr-repos-struct@tools.ietf.org" <draft-ietf-sidr-repos-struct@tools.ietf.org>, "sidr@ietf.org" <sidr@ietf.org>, "sidr-chairs@tools.ietf.org" <sidr-chairs@tools.ietf.org>
Subject: Re: [sidr] draft-ietf-sidr-repos-struct to Standards Track
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Jul 2011 04:08:44 -0000

On 18/07/11 12:42 PM, "Stephen Kent" <kent@bbn.com> wrote:

> At 4:42 PM -0700 7/17/11, Terry Manderson wrote:
> 
> the filename extension, which is part of the "file" data type above,
> conveys the needed info. yes, one could add an OID here, but
> ultimately an RP will check the syntax and know which file is what
> type. Som, adding an OID doesn't seem to help much in a manifest.

So, I'm confused.. if the RP ultimately checks the syntax, why is tagging
needed at all?

> 
> if there are no mandated filename extensions, then every pub point is
> a mini-DoS attack, as Rob noted. We can't prevent a rogue pub point
> manager (or CA) from mislabelling files relative to the 3-char
> extension, but why invite chaos :-)?

Right, so its a processing issue.

So through the hierarchy (loosely speaking TA points to CA, CA points to
Rescert, Rescert points to publication point and manifest) the lesser of the
chaos scenarios would be to put the 'labeling' in the highest possible
location within the publication point. I'm guessing the most sane is the
Manifest, if it is truly a standards action requirement.

As the manifest is a signed object, it has the benefit of being tightly
interpreted as an attestation by the issuer that this 'file' with a
specified hash is a ROA. How much clearer do you need to be? or want to be?

> 
> An earlier draft of this doc called the extensions mere
> recommendations.  I persuaded Geoff to make them mandatory. The
> arguments I made then still
> apply, which is why STD vs. BCP seems appropriate, to me.
> 

Were those arguments made on list? if so I will go hunting and reflect on
them with a Merlot in hand this evening.

Terry