Re: [sidr] draft-ietf-sidr-repos-struct to Standards Track
Terry Manderson <terry.manderson@icann.org> Mon, 18 July 2011 04:08 UTC
Return-Path: <terry.manderson@icann.org>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0AF4021F8B00 for <sidr@ietfa.amsl.com>; Sun, 17 Jul 2011 21:08:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.45
X-Spam-Level:
X-Spam-Status: No, score=-106.45 tagged_above=-999 required=5 tests=[AWL=0.149, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yPTVx3+Cndwt for <sidr@ietfa.amsl.com>; Sun, 17 Jul 2011 21:08:43 -0700 (PDT)
Received: from EXPFE100-1.exc.icann.org (expfe100-1.exc.icann.org [64.78.22.236]) by ietfa.amsl.com (Postfix) with ESMTP id 95CF021F8AFE for <sidr@ietf.org>; Sun, 17 Jul 2011 21:08:43 -0700 (PDT)
Received: from EXVPMBX100-1.exc.icann.org ([64.78.22.232]) by EXPFE100-1.exc.icann.org ([64.78.22.236]) with mapi; Sun, 17 Jul 2011 21:08:43 -0700
From: Terry Manderson <terry.manderson@icann.org>
To: Stephen Kent <kent@bbn.com>
Date: Sun, 17 Jul 2011 21:08:41 -0700
Thread-Topic: [sidr] draft-ietf-sidr-repos-struct to Standards Track
Thread-Index: AcxE9LHLE87ArBHcRkGCvfOHvH4ciwAC67S5
Message-ID: <CA49EEE9.17E21%terry.manderson@icann.org>
In-Reply-To: <p06240804ca494c3744bd@[198.18.176.250]>
Accept-Language: en-US
Content-Language: en
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: Rob Austein <sra@isc.org>, "draft-ietf-sidr-repos-struct@tools.ietf.org" <draft-ietf-sidr-repos-struct@tools.ietf.org>, "sidr@ietf.org" <sidr@ietf.org>, "sidr-chairs@tools.ietf.org" <sidr-chairs@tools.ietf.org>
Subject: Re: [sidr] draft-ietf-sidr-repos-struct to Standards Track
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Jul 2011 04:08:44 -0000
On 18/07/11 12:42 PM, "Stephen Kent" <kent@bbn.com> wrote: > At 4:42 PM -0700 7/17/11, Terry Manderson wrote: > > the filename extension, which is part of the "file" data type above, > conveys the needed info. yes, one could add an OID here, but > ultimately an RP will check the syntax and know which file is what > type. Som, adding an OID doesn't seem to help much in a manifest. So, I'm confused.. if the RP ultimately checks the syntax, why is tagging needed at all? > > if there are no mandated filename extensions, then every pub point is > a mini-DoS attack, as Rob noted. We can't prevent a rogue pub point > manager (or CA) from mislabelling files relative to the 3-char > extension, but why invite chaos :-)? Right, so its a processing issue. So through the hierarchy (loosely speaking TA points to CA, CA points to Rescert, Rescert points to publication point and manifest) the lesser of the chaos scenarios would be to put the 'labeling' in the highest possible location within the publication point. I'm guessing the most sane is the Manifest, if it is truly a standards action requirement. As the manifest is a signed object, it has the benefit of being tightly interpreted as an attestation by the issuer that this 'file' with a specified hash is a ROA. How much clearer do you need to be? or want to be? > > An earlier draft of this doc called the extensions mere > recommendations. I persuaded Geoff to make them mandatory. The > arguments I made then still > apply, which is why STD vs. BCP seems appropriate, to me. > Were those arguments made on list? if so I will go hunting and reflect on them with a Merlot in hand this evening. Terry
- [sidr] draft-ietf-sidr-repos-struct to Standards … Stewart Bryant
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Stephen Kent
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Geoff Huston
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Rob Austein
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Geoff Huston
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Rob Austein
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Terry Manderson
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Terry Manderson
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Geoff Huston
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Stephen Kent
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Stephen Kent
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Geoff Huston
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Terry Manderson
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Terry Manderson
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Terry Manderson
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Randy Bush
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Randy Bush
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Tim Bruijnzeels
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Terry Manderson
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Randy Bush
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Terry Manderson
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Randy Bush
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Terry Manderson
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Rob Austein
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Tim Bruijnzeels
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Sandra Murphy
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Sandra Murphy
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Sandra Murphy
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Randy Bush
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Terry Manderson
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Randy Bush
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Terry Manderson
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Terry Manderson
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Terry Manderson
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Sandra Murphy
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Sandra Murphy
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Terry Manderson
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Stephen Kent
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Stephen Kent
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Rob Austein
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Stephen Kent
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Terry Manderson
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Andrew Chi
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Terry Manderson
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… t.petch
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Stephen Kent
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Stephen Kent
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… t.petch
- [sidr] draft-ietf-sidr-repos-struct - Track Stewart Bryant