IETF Logo Mail Archive

Re: [sidr] [Technical Errata Reported] RFC6482 (7079)

Geoff Huston <gih@apnic.net> Wed, 10 August 2022 18:24 UTC

Return-Path: <gih@apnic.net>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EE047C15C53A for <sidr@ietfa.amsl.com>; Wed, 10 Aug 2022 11:24:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.098
X-Spam-Level:
X-Spam-Status: No, score=-7.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, T_SPF_TEMPERROR=0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=apnic.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id feg146SLvR8x for <sidr@ietfa.amsl.com>; Wed, 10 Aug 2022 11:24:04 -0700 (PDT)
Received: from AUS01-SY4-obe.outbound.protection.outlook.com (mail-sy4aus01on2068.outbound.protection.outlook.com [40.107.107.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1F89DC13CCC3 for <sidr@ietf.org>; Wed, 10 Aug 2022 11:24:04 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=bZB55DG97gPXfygZWr9ErfiXFBrX7orPJm66EWXkxwkBARR/+RrbXnvOTC32oSGQKdSYbVUpLkWmiBV585KkUwGVR1TytU0AE3B5153N6uHdSAUqZJMSnDnMju1vH0NHjBVrvht6s58Qx7KPJzAndaGaKi+IRtd1LJCpUOczwIw0/jdhr3ScZiGKFzxY8ZWhMtmAg3oh2pzWlSTO/4uFkXb7jpJHTui7vAupUYA3vVJtDtGBm/NR5I7rPUh6eA7Z0+VafoMIq8IzWBBBXZXK6a2O33xwPZFJQ1vQPIR2AFcT0hr41uR2wzd8UC/KqASdee0rfMsfsZj6mUQmsh/XUg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=xg2C4pbt6lMjBx+KxuQcgVUCjzUK2/ZhOJUa6ejP5j4=; b=Phy4PgQ8hvexvTPGXU/R6FdbqveavbcKja8gfvghRbq4t44VVaT8uuV3ynWOliHoCLixpXodpd3Tj9sJDekhWNBFYP5u7o6U4/9J+qclyX5Ugxx0z2M3cYPAeqbG3NMdODtecO/jd2JTiJ6t6qssLGPS04D0bpkV4mdcNt5qiRfkmhg50Mlk/qny0ZPorGaQzqFWwvK29pQ3gqmmFk7TTuIK+KK0LU4bZMpQuVb0JNWOl9oSWNYFqLaXgwkhkfKVLPajfOYyyFj/IJBOiGb3nIlFtropPM18TGyABDxEYWN+e7ywgueba8f6jtj5kNsNuwBxdPZPXwWcxG8WjSH6uQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=apnic.net; dmarc=pass action=none header.from=apnic.net; dkim=pass header.d=apnic.net; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=apnic.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=xg2C4pbt6lMjBx+KxuQcgVUCjzUK2/ZhOJUa6ejP5j4=; b=o3F87UiyEEvFwRcl2i+UEIOh2G60UomY8Sm/OnS4rEMGnPrWNPVE8l+i2L2Sr1bsejHbOeHBysiwGe2dEkg2WVQ7fAzjyG5QA9CkqthVSZpOadmBGLnK1ez0ufY3ZdphdOq4XfT2npR/viTl9KMfx4N7fuVuCjWP69Xe/5CGSrI=
Received: from SYZP282MB3169.AUSP282.PROD.OUTLOOK.COM (2603:10c6:10:176::18) by ME3P282MB0772.AUSP282.PROD.OUTLOOK.COM (2603:10c6:220:8::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5504.14; Wed, 10 Aug 2022 18:23:59 +0000
Received: from SYZP282MB3169.AUSP282.PROD.OUTLOOK.COM ([fe80::447:1b79:cdd8:87b7]) by SYZP282MB3169.AUSP282.PROD.OUTLOOK.COM ([fe80::447:1b79:cdd8:87b7%9]) with mapi id 15.20.5504.020; Wed, 10 Aug 2022 18:23:59 +0000
From: Geoff Huston <gih@apnic.net>
To: John Scudder <jgs=40juniper.net@dmarc.ietf.org>
CC: Randy Bush <randy@psg.com>, "job@fastly.com" <job@fastly.com>, "mlepinski@bbn.com" <mlepinski@bbn.com>, "sidr@ietf.org" <sidr@ietf.org>, "morrowc@ops-netman.net" <morrowc@ops-netman.net>, "andrew-ietf@liquid.tech" <andrew-ietf@liquid.tech>, "dkong@bbn.com" <dkong@bbn.com>, "skent@bbn.com" <skent@bbn.com>, RFC Errata System <rfc-editor@rfc-editor.org>
Thread-Topic: [sidr] [Technical Errata Reported] RFC6482 (7079)
Thread-Index: AQHYrMdTrvbu0ShqB0mONIiE0JWwoa2oWIGAgAAY3wCAAAHHAA==
Date: Wed, 10 Aug 2022 18:23:59 +0000
Message-ID: <7F9F96A9-3DBC-4E13-9A61-0AF101FCF1F9@apnic.net>
References: <20220810144136.990619606E@rfcpa.amsl.com> <m24jykt57g.wl-randy@psg.com> <AE3F9D44-2986-4EB6-B0EA-2376119DFFF9@juniper.net>
In-Reply-To: <AE3F9D44-2986-4EB6-B0EA-2376119DFFF9@juniper.net>
Accept-Language: en-AU, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3696.120.41.1.1)
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=apnic.net;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 52cf3d33-e9e3-4c10-0514-08da7afd7e65
x-ms-traffictypediagnostic: ME3P282MB0772:EE_
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: Z0mKTn5f+WrJZ9f2xsVLRclhHsLJsvJJZSW2+POA2xGQJNv+deljt+6vY6J4X7UTkNLR1CMOp+7ZtS7ja/UIw6cBF4Bj/zTzhCjbD32PJMStYrMRarTvzP/GZF8RiFTYYoFa5vjHgtFxK7khPzAU1VxO3vCZ4+0c5dSGdHueX5yD0Za0wp2cnuWNlZWxFmas1ZIPsgIhimlz0cXgQna+x69Ak01IN4rVWHkIfY6jPY9O9eu0KfHaa9DHvTyuRtV/KcApsv8pOdYUtdJwI+9nyy9l1vyaDQZwbx1/mxYtHjO4+UxLcstibP7a4yQqwjR3xOE9vXCAf5L5tbAhg6Pnc/h+lSh/6xdcbR8O83bltoXymRBeKb7/7dBCQytTbb5IJ4fv+uWf50xPZN6IJvgHwDNxeDVg7JmAARP/FO+baSy/s96uu070zK4cLXsbW1f/hR9TjXe2GIiamSrWJaHFw0vGiz4UvFjRi6KodQqEKllAsxI+YBF+xxRjPUfMjd09d3pSSOyilnG4/nKJZ05O5p4vy2DtVbKr7/wyK2bOCd2CdsGfeHgwOr3rP2vsaYtvRJ7vdkO2zuR1vO5KOybWkcEpzic1dQWWH8iyLadRfQq6IwX3n0m7OI5oy4pwFgXw6U/ClDAIvTT2LChrt4gcdRQkyFLHqc6lxuQQChLS5U2MjgkhtzM61Qz1QQwbZ8YgEGLHN3m3l/1i18o7RoCfDMxJZVvWvEe3iuGtXtAcfGWX+f7XIQ9NTWzZQAwBfRzvnxOYfSVk9SpulWVJpa1xSqwmr9CDBUcLLwNoEurNHlwwASsNWyyG793Y7BJi+pvsK7ILT88wE0x+vYLxivaM37yoo/hdNTZqmdthREDIuaY=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SYZP282MB3169.AUSP282.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230016)(4636009)(346002)(136003)(39840400004)(396003)(376002)(366004)(186003)(2616005)(33656002)(86362001)(38070700005)(122000001)(38100700002)(478600001)(2906002)(6486002)(966005)(8676002)(316002)(4326008)(8936002)(4744005)(36756003)(7416002)(6506007)(71200400001)(5660300002)(6512007)(53546011)(76116006)(91956017)(41300700001)(64756008)(66556008)(66946007)(66476007)(66446008)(54906003)(45980500001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: qAE/mTccwGXQIToHUeFy65qKo+BgcK15AzOpUPTqopndCubrXWAu9P1ESpYV2//AQMKaWJx925XjAiIsuEn69t5GLlajyfl7nQx2UnFAlpSBnyAIszUXDzN8qSvZFugS5QIrAtCQ+KX0ONRRWPZ/52JvkLMTQe1eGKn1pETO0TNseJWWCbTKqf9LRotgKp0px0YTlnLN2tEfmBpokaNeW2512gEP+xOWiSPQTkI9BiP3//cWhuLhPV9x8OHkLE/PqSofDOG2bD0SBpnV1/7c5BtEwJEX8DvnVFgkrzpM9hEv8B4X37iQ/u//KxMhZYO01YPyZdm0ls8VITU73okLS8TP9uD1LUB7AHmQcN+zxDstRYH8IRgTPD2kg5Hawl8M5DbpGeBXtSsKHyPGJrt8lU/X4U1dkFcvF/1LUrTlobFOWI0zBkj6+oSAZIvtG7+Rp2utIADPHVE+5LdrrVsNuYBXCzYPcAA1lb50Xi6PYYX4eKJS32yBa+clHZ4n7zOCWIc8VxFpWD/muBPiw+l1D7eJT/6f+bOe6/6pN+BRcs+SSbiNPhlMRdov8j/0T3PeHekWsm/XVIbMVkzBLV6ZwMYg6KkABr0u8b4DDaIeeJYC6r2wExPfKrIqV+pTmkmcwF+cWodPsN3QIDo3W5IvU8eI120qbfxsip/Kj329pNsvHCer37cmlnFpJQiVwq7eTzQZAJw0Ehl4RNBGZogVCizjFdK0t+vGoLJwtpgGSs7zAMS+pPo17UTcAv9l+LXSIIzaMhB33wlfUIs3FoQDFDu763bq2kA3Ul4XjvxdmNPy+YfXoSuCyV9vXpdZxXz6x1HLLqUDz/MtNQ5yU38S6ecCSKc+G+DGUNhiigSSk4sz4QeTwZnehpKweC/azN7aL5xVS9+Sd1mEkhEomOShrFIcsE3F5iGIJ/qXxD0f7eTgfeiRq9grinCNqF6rfNJaGjGH+yOjzUtt7lgoUhq7EW3uPAPadzrVFfIC6MIUKj2hFDD+dFUUp4KZhafy74oP+57IgDmofyB4OzJGMAa7g0QRo2pHHYsweNKodxDdzt8WyP93MDMuL2SXEznufZLQn5mN8SWxVduntnmMyNaE81P6cAzZ2388tR34I8XQQLqdRdchn6UXh4dmBMIFtExHV5qAJIX8LFEEqZ3E0iMtr5dNi8WW4BSQxaGIOWjAtam9bpAhLb3o/LDRnuu/pfzeKFTwZBo/Ol16cOdtK8M2qpd1+jduIwitreK1zdMBwXy2BbnMGthMeDJNe2Xb8Oi9nNE1e0ogc1sdnsPoA5OT8pIvqzBiIvKABTlfR6gJ/Q5LUemiX8ayymSHDmjRes57r1SbRfn/jv0OEAoVLAZim0B/TrrEl0DKZpoa0hboEUJZQ6HbnkoPIwGaFsZ7Tg6T6RjcDiczsS4DpL9GOahiweRQLXDvay8dqY3/Cp/pNxkYDzFY737lQgH+XDBFIukuTEsz/Fb52UXXDtTbSxnpjm6lupWjY50JSc3rQ80hOgsICk7j08Lcmnd2ifjU9IEbQSDzj1krMoWLBqhSx3mbEf4eCVvnVrwj5uzC0y3inVCnd3zdh1UhFD1qFoQdGWYd1WvCe3ZpOf9COsTPAJoPm0AmVpnQ/KuuG/y7d/sF7t79YM1SJfMkhMS7n0e7y5ek
Content-Type: text/plain; charset="utf-8"
Content-ID: <85D0A0F84AAB124A8280E4A37558354B@AUSP282.PROD.OUTLOOK.COM>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: apnic.net
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SYZP282MB3169.AUSP282.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 52cf3d33-e9e3-4c10-0514-08da7afd7e65
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Aug 2022 18:23:59.2054 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 127d8d0d-7ccf-473d-ab09-6e44ad752ded
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: zFTw37HVM+1MzLev5z2AlAT3LEjRf1ZvRdNEoNc1jYxRHF8+133RcYlrRB9LzbNj
X-MS-Exchange-Transport-CrossTenantHeadersStamped: ME3P282MB0772
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidr/yGj8xJh9h-krcJXtW-xuTBeSnf4>
Subject: Re: [sidr] [Technical Errata Reported] RFC6482 (7079)
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Aug 2022 18:24:09 -0000


> On 10 Aug 2022, at 11:17 am, John Scudder <jgs=40juniper.net@dmarc.ietf.org> wrote:
> 
> On Aug 10, 2022, at 12:48 PM, Randy Bush <randy@psg.com> wrote:
>> 
>> while i agree with the sentiment, to this amateur, this smells more like
>> a bit more of a change than an erratum.
> 
> That’s how it looks to me, too. It may be instructive to look at numbered item 5 under https://www.ietf.org/about/groups/iesg/statements/processing-errata-ietf-stream/
> 

I agree with John here. The adding of a further constraint to the EE certificate used to sign a ROA is
a material change to the interoperability of implementations pre- and post- this change.

Geoff

v2.23.0 | Report a Bug | By Email