Re: [sidr] [Technical Errata Reported] RFC6482 (7079)

Geoff Huston <gih@apnic.net> Wed, 10 August 2022 18:24 UTC

Return-Path: <gih@apnic.net>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EE047C15C53A for <sidr@ietfa.amsl.com>; Wed, 10 Aug 2022 11:24:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.098
X-Spam-Level:
X-Spam-Status: No, score=-7.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, T_SPF_TEMPERROR=0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=apnic.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id feg146SLvR8x for <sidr@ietfa.amsl.com>; Wed, 10 Aug 2022 11:24:04 -0700 (PDT)
Received: from AUS01-SY4-obe.outbound.protection.outlook.com (mail-sy4aus01on2068.outbound.protection.outlook.com [40.107.107.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1F89DC13CCC3 for <sidr@ietf.org>; Wed, 10 Aug 2022 11:24:04 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=bZB55DG97gPXfygZWr9ErfiXFBrX7orPJm66EWXkxwkBARR/+RrbXnvOTC32oSGQKdSYbVUpLkWmiBV585KkUwGVR1TytU0AE3B5153N6uHdSAUqZJMSnDnMju1vH0NHjBVrvht6s58Qx7KPJzAndaGaKi+IRtd1LJCpUOczwIw0/jdhr3ScZiGKFzxY8ZWhMtmAg3oh2pzWlSTO/4uFkXb7jpJHTui7vAupUYA3vVJtDtGBm/NR5I7rPUh6eA7Z0+VafoMIq8IzWBBBXZXK6a2O33xwPZFJQ1vQPIR2AFcT0hr41uR2wzd8UC/KqASdee0rfMsfsZj6mUQmsh/XUg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=xg2C4pbt6lMjBx+KxuQcgVUCjzUK2/ZhOJUa6ejP5j4=; b=Phy4PgQ8hvexvTPGXU/R6FdbqveavbcKja8gfvghRbq4t44VVaT8uuV3ynWOliHoCLixpXodpd3Tj9sJDekhWNBFYP5u7o6U4/9J+qclyX5Ugxx0z2M3cYPAeqbG3NMdODtecO/jd2JTiJ6t6qssLGPS04D0bpkV4mdcNt5qiRfkmhg50Mlk/qny0ZPorGaQzqFWwvK29pQ3gqmmFk7TTuIK+KK0LU4bZMpQuVb0JNWOl9oSWNYFqLaXgwkhkfKVLPajfOYyyFj/IJBOiGb3nIlFtropPM18TGyABDxEYWN+e7ywgueba8f6jtj5kNsNuwBxdPZPXwWcxG8WjSH6uQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=apnic.net; dmarc=pass action=none header.from=apnic.net; dkim=pass header.d=apnic.net; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=apnic.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=xg2C4pbt6lMjBx+KxuQcgVUCjzUK2/ZhOJUa6ejP5j4=; b=o3F87UiyEEvFwRcl2i+UEIOh2G60UomY8Sm/OnS4rEMGnPrWNPVE8l+i2L2Sr1bsejHbOeHBysiwGe2dEkg2WVQ7fAzjyG5QA9CkqthVSZpOadmBGLnK1ez0ufY3ZdphdOq4XfT2npR/viTl9KMfx4N7fuVuCjWP69Xe/5CGSrI=
Received: from SYZP282MB3169.AUSP282.PROD.OUTLOOK.COM (2603:10c6:10:176::18) by ME3P282MB0772.AUSP282.PROD.OUTLOOK.COM (2603:10c6:220:8::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5504.14; Wed, 10 Aug 2022 18:23:59 +0000
Received: from SYZP282MB3169.AUSP282.PROD.OUTLOOK.COM ([fe80::447:1b79:cdd8:87b7]) by SYZP282MB3169.AUSP282.PROD.OUTLOOK.COM ([fe80::447:1b79:cdd8:87b7%9]) with mapi id 15.20.5504.020; Wed, 10 Aug 2022 18:23:59 +0000
From: Geoff Huston <gih@apnic.net>
To: John Scudder <jgs=40juniper.net@dmarc.ietf.org>
CC: Randy Bush <randy@psg.com>, "job@fastly.com" <job@fastly.com>, "mlepinski@bbn.com" <mlepinski@bbn.com>, "sidr@ietf.org" <sidr@ietf.org>, "morrowc@ops-netman.net" <morrowc@ops-netman.net>, "andrew-ietf@liquid.tech" <andrew-ietf@liquid.tech>, "dkong@bbn.com" <dkong@bbn.com>, "skent@bbn.com" <skent@bbn.com>, RFC Errata System <rfc-editor@rfc-editor.org>
Thread-Topic: [sidr] [Technical Errata Reported] RFC6482 (7079)
Thread-Index: AQHYrMdTrvbu0ShqB0mONIiE0JWwoa2oWIGAgAAY3wCAAAHHAA==
Date: Wed, 10 Aug 2022 18:23:59 +0000
Message-ID: <7F9F96A9-3DBC-4E13-9A61-0AF101FCF1F9@apnic.net>
References: <20220810144136.990619606E@rfcpa.amsl.com> <m24jykt57g.wl-randy@psg.com> <AE3F9D44-2986-4EB6-B0EA-2376119DFFF9@juniper.net>
In-Reply-To: <AE3F9D44-2986-4EB6-B0EA-2376119DFFF9@juniper.net>
Accept-Language: en-AU, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3696.120.41.1.1)
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=apnic.net;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 52cf3d33-e9e3-4c10-0514-08da7afd7e65
x-ms-traffictypediagnostic: ME3P282MB0772:EE_
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: Z0mKTn5f+WrJZ9f2xsVLRclhHsLJsvJJZSW2+POA2xGQJNv+deljt+6vY6J4X7UTkNLR1CMOp+7ZtS7ja/UIw6cBF4Bj/zTzhCjbD32PJMStYrMRarTvzP/GZF8RiFTYYoFa5vjHgtFxK7khPzAU1VxO3vCZ4+0c5dSGdHueX5yD0Za0wp2cnuWNlZWxFmas1ZIPsgIhimlz0cXgQna+x69Ak01IN4rVWHkIfY6jPY9O9eu0KfHaa9DHvTyuRtV/KcApsv8pOdYUtdJwI+9nyy9l1vyaDQZwbx1/mxYtHjO4+UxLcstibP7a4yQqwjR3xOE9vXCAf5L5tbAhg6Pnc/h+lSh/6xdcbR8O83bltoXymRBeKb7/7dBCQytTbb5IJ4fv+uWf50xPZN6IJvgHwDNxeDVg7JmAARP/FO+baSy/s96uu070zK4cLXsbW1f/hR9TjXe2GIiamSrWJaHFw0vGiz4UvFjRi6KodQqEKllAsxI+YBF+xxRjPUfMjd09d3pSSOyilnG4/nKJZ05O5p4vy2DtVbKr7/wyK2bOCd2CdsGfeHgwOr3rP2vsaYtvRJ7vdkO2zuR1vO5KOybWkcEpzic1dQWWH8iyLadRfQq6IwX3n0m7OI5oy4pwFgXw6U/ClDAIvTT2LChrt4gcdRQkyFLHqc6lxuQQChLS5U2MjgkhtzM61Qz1QQwbZ8YgEGLHN3m3l/1i18o7RoCfDMxJZVvWvEe3iuGtXtAcfGWX+f7XIQ9NTWzZQAwBfRzvnxOYfSVk9SpulWVJpa1xSqwmr9CDBUcLLwNoEurNHlwwASsNWyyG793Y7BJi+pvsK7ILT88wE0x+vYLxivaM37yoo/hdNTZqmdthREDIuaY=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SYZP282MB3169.AUSP282.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230016)(4636009)(346002)(136003)(39840400004)(396003)(376002)(366004)(186003)(2616005)(33656002)(86362001)(38070700005)(122000001)(38100700002)(478600001)(2906002)(6486002)(966005)(8676002)(316002)(4326008)(8936002)(4744005)(36756003)(7416002)(6506007)(71200400001)(5660300002)(6512007)(53546011)(76116006)(91956017)(41300700001)(64756008)(66556008)(66946007)(66476007)(66446008)(54906003)(45980500001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?utf-8?B?cUFFL21UY2N3R1hRSVRvSFVlRnk2NXFLbytCZ2NLMTVBek9wVVBUcW9wbmRD?= =?utf-8?B?dWJyWFdBdTlQMUVTcFlWMi8vQVFNS2FXSng5MjVYakFpSXN1RW42OXQ1R0xs?= =?utf-8?B?YWp5Zmw3blF4MlVuRkFscFNCbnlBSXN6VVhEek44cVN2WkZ1Z1M1UUlyQXRD?= =?utf-8?B?UStLWDBPTlJSV1BaLzUySnZrTE1UUWUxZUdLbjFwRVRPMFROc2VKV1dDYlRL?= =?utf-8?B?cWY5TFJvdGdLcDBweDBZVGxuTE4ydEVmbUJwb2thTmVXMjUxMmdFUCt4T1dp?= =?utf-8?B?U1BRVGtJOUJpUDMvL2NXaHVMaFBWOXg4T0hrTEUvUHFTb2ZET0cyYkQwU0Jw?= =?utf-8?B?blYxLzdjNUJ0RXdKRVg4RHZuVkZna3J6cE05aEV2OEI0WDM3aVEvdS8vS3hN?= =?utf-8?B?aFpZTzAxWVB5WmRtMGxzOFZJVFU3M29rTFM4VFA5dUQxTFVCN0FIbVFjTit6?= =?utf-8?B?eERzdFJZSDhJUmdUUEQya2c1SGF3bDhNNURicEdlQlh0U3NLSHlQR0pydDhs?= =?utf-8?B?VS9YNFUxZGtGY3ZGLzFMVXJUbG9iRk9XSTB6QmtqNitvU0FaSXZ0RzcrUnAy?= =?utf-8?B?dXRJQURQSFZFKzVMZHJyVnNOdVlCWEN6WVBjQUExbGI1MFhpNlBZWVg0ZUtK?= =?utf-8?B?UzMyeUJhK2NsSFo0bjd6T0NXSWM4VnhGcFdEL211QlBpdytsMUQ3ZUpULzZm?= =?utf-8?B?K2JPZTYvNnBOK0JSY3MrU1NiaU5QaGxNUmRvdjhqLzBUM1BlSGVrV3NtL1hW?= =?utf-8?B?SWJNVmt6QkxWNlp3TVlnNktrQUJyMHU4YjRERGFJZWVKWUM2cjJ3RXhQZkty?= =?utf-8?B?SXFWK3BUbWttY3dGK2NXb2RQc04zUUlEbzNXNUl2VThlSTEyMHFiZnhzaXAv?= =?utf-8?B?S2ozMjlwTnN2SENlcjM3Y21sbkZwSlFpVndxN2VUelFaQUp3MEVobDRSTkJH?= =?utf-8?B?Wm9nVkNpempGZEswdCt2R29MSnd0cGdHU3M3ekFNUytwUG8xN1VUY0F2OWwr?= =?utf-8?B?TFhTSUl6YU1oQjMzd2xmVUlzM0ZvUURGRHU3NjNicTJrQTNVbDRYanZ4ZG1O?= =?utf-8?B?UHkrWWZYb1N1Q3lWOXZYcGRaeFh6NngxSExMcVVEei9NdE5RNXlVMzhTNmVj?= =?utf-8?B?Q1NLYytHK0RHVU5oaWlnU1NrNHN6NFFlVHdabmVocEt3ZUMvYXpON2FMNXhW?= =?utf-8?B?UzkrU2QxbUVraEVvbU9TaHJGSWNzRTNGNWlHSUovcVh4RDBmN2VUZ2ZlaVJx?= =?utf-8?B?OWdyaW5DTnFGNnJmTkphR2pHSCt5T2p6VXR0N2xnb1VocTdFVzN1UEFQYWR6?= =?utf-8?B?clZGZklDNk1JVUtqMmhGREQrZEZVVXA0S1poYWZ5NzRvUCs1N0lnRG1vZnlC?= =?utf-8?B?NE96SkdNQWE3ZzBRUm8ycEhIWXN3ZU5Lb2R4RGR6dDhXeVA5M01ETXVMMlNY?= =?utf-8?B?RXpudWZaTFFuNW1OOFNXeFZkdW50bm1NeU5hRTgxUDZjQXpaMjM4OHRSMzRJ?= =?utf-8?B?OFhRUUxxZFJkY2huNlVYaDRkbUJNSUZ0RXhIVjVxQUpJWDhMRkVFcVozRTBp?= =?utf-8?B?TXRyNWROaThXVzRCU1F4YUdJT1dqQXRhbTlicEFoTGIzby9MRFJudXUvcGZ6?= =?utf-8?B?ZUtGVHdaQm8vT2wxNmNPZHRLOE0ycXBkMStqZHVJd2l0cmVLMXpkTUJ3WHky?= =?utf-8?B?QmJuTUd0aE1lREpOZTJYYjhPaTluTkUxZTBvZ2Mxc2Ruc1BvQTVPVDhwSXZx?= =?utf-8?B?ekJpSXZLQUJUbGZSNmdKL1E1TFVlbWlYOGF5eW1TSERtalJlczU3cjFTYlJm?= =?utf-8?B?bi9qdjBPRUFvVkxBWmltMEIvVHJyRWwwREtacG9hMGhib0VVSlpRNkhibmtv?= =?utf-8?B?UEl3R2FGc1o3VGc2VDZSamNEaWN6c1M0RHBMOUdPYWhpd2VSUUxYRHZheThk?= =?utf-8?B?cVkzL0NwL3BOeGtZRHpGWTczN2xRZ0grWERCRkl1a3VURXN6L0ZiNTJVWFhE?= =?utf-8?B?dFRiU3hucGptNmx1cFdqWTUwSlNjM3JRODBoT2dzSUNrN2owOExjbW5kMmlm?= =?utf-8?B?alU5SUViUVNEemoxa3JNb1dMQnFoU3gzbWJFZjRlQ1Z2blZyd2o1dXpDMHkz?= =?utf-8?B?aW5WQ25kM3pkaDFVaEZEMXFGb1FkR1dZZDFXdkNlM1pwT2Y5Q09zVFBBSm9Q?= =?utf-8?Q?m0AmVpnQ/KuuG/y7d/sF7t79YM1SJfMkhMS7n0e7y5ek?=
Content-Type: text/plain; charset="utf-8"
Content-ID: <85D0A0F84AAB124A8280E4A37558354B@AUSP282.PROD.OUTLOOK.COM>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: apnic.net
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SYZP282MB3169.AUSP282.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 52cf3d33-e9e3-4c10-0514-08da7afd7e65
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Aug 2022 18:23:59.2054 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 127d8d0d-7ccf-473d-ab09-6e44ad752ded
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: zFTw37HVM+1MzLev5z2AlAT3LEjRf1ZvRdNEoNc1jYxRHF8+133RcYlrRB9LzbNj
X-MS-Exchange-Transport-CrossTenantHeadersStamped: ME3P282MB0772
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidr/yGj8xJh9h-krcJXtW-xuTBeSnf4>
Subject: Re: [sidr] [Technical Errata Reported] RFC6482 (7079)
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Aug 2022 18:24:09 -0000


> On 10 Aug 2022, at 11:17 am, John Scudder <jgs=40juniper.net@dmarc.ietf.org> wrote:
> 
> On Aug 10, 2022, at 12:48 PM, Randy Bush <randy@psg.com> wrote:
>> 
>> while i agree with the sentiment, to this amateur, this smells more like
>> a bit more of a change than an erratum.
> 
> That’s how it looks to me, too. It may be instructive to look at numbered item 5 under https://www.ietf.org/about/groups/iesg/statements/processing-errata-ietf-stream/
> 

I agree with John here. The adding of a further constraint to the EE certificate used to sign a ROA is
a material change to the interoperability of implementations pre- and post- this change.

Geoff