IETF Logo Mail Archive

Re: [sidr] WG acceptance call for draft-ymbk-rpki-grandparenting

"Carlos M. martinez" <carlosm3011@gmail.com> Fri, 10 August 2012 13:28 UTC

Return-Path: <carlosm3011@gmail.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4107A21F85DB for <sidr@ietfa.amsl.com>; Fri, 10 Aug 2012 06:28:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9ThySTs8H1qI for <sidr@ietfa.amsl.com>; Fri, 10 Aug 2012 06:28:36 -0700 (PDT)
Received: from mail-yx0-f172.google.com (mail-yx0-f172.google.com [209.85.213.172]) by ietfa.amsl.com (Postfix) with ESMTP id 4615421F85E7 for <sidr@ietf.org>; Fri, 10 Aug 2012 06:28:36 -0700 (PDT)
Received: by yenm5 with SMTP id m5so1689449yen.31 for <sidr@ietf.org>; Fri, 10 Aug 2012 06:28:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=3oeRPhZpD6KAZOIlhhlCwxsY9K98PFsITdD55eAVCg4=; b=aEwFwb42NBoIqZKKEsST/s2cDb6MOBglQpbt9xg5wPDzG5s6eHQVlUCRygRXVcwhN2 bRaxja3T1YMDYJz2Y7r91XcKxpqMI9TOH69jSEzDUeuE/vNlJKruUg1o3rcWToiRaVZq qlJB0LaWS6sUPovvyLXxbwObSmHpO6upG4Aa+vt/48D9PqbMw/i322nGw9tV8bUy3xk2 jMgHHAG8iJIxGjCXK5qXzKIVa4yF2RC4SuV57o/GafPbVLSOp9ntmH38HQdoT+8DAoYZ m/slQIgNh6o7iKk8dfvDDbPUyxPdWIPj6Ft/RELHuHGgkcFGNjtLkfL32R+6JsN0zURr OmOg==
Received: by 10.101.139.20 with SMTP id r20mr899230ann.38.1344605315717; Fri, 10 Aug 2012 06:28:35 -0700 (PDT)
Received: from Carloss-MacBook-Pro.local (r186-54-255-218.dialup.adsl.anteldata.net.uy. [186.54.255.218]) by mx.google.com with ESMTPS id a79sm7320987yhk.16.2012.08.10.06.28.31 (version=SSLv3 cipher=OTHER); Fri, 10 Aug 2012 06:28:34 -0700 (PDT)
Message-ID: <50250C7F.8060603@gmail.com>
Date: Fri, 10 Aug 2012 10:28:31 -0300
From: "Carlos M. martinez" <carlosm3011@gmail.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:14.0) Gecko/20120713 Thunderbird/14.0
MIME-Version: 1.0
To: sidr@ietf.org
References: <FE3A7AFD-0064-477A-B8F0-55735610CC9A@isode.com> <53D504DF-C0A3-4CFC-AD93-689630336F7D@apnic.net> <097D025D-1879-455C-BB14-F9C8BFAC88AA@ripe.net> <m2y5lo86hj.wl%randy@psg.com> <CAL9jLaYanPMasuNk1gFHXpXCMWDE1vVkL5B_z88KSNRj5Mq6tQ@mail.gmail.com>
In-Reply-To: <CAL9jLaYanPMasuNk1gFHXpXCMWDE1vVkL5B_z88KSNRj5Mq6tQ@mail.gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Subject: Re: [sidr] WG acceptance call for draft-ymbk-rpki-grandparenting
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Aug 2012 13:28:37 -0000

<speaking only for myself>

I support the concept of grandpareting. However, as others here, believe
the document needs more work.

I share Andy's concerns, and personally believe that if grandparenting
is going to be an 'approved' practice (a RFC or even a WG draft tends to
give people such feelings) then this document or other document needs to
clearly state requirements for grandparents so relying parties can keep
trusting the system.

I'd love to see a flag somewhere that marks that a given cert/roa
represents a grandchild and not a direct child.

regards

Carlos

On 8/9/12 3:25 PM, Christopher Morrow wrote:
> an interesting outgrowth of the grandparenting could be the ability to
> 'avoid' LEA actions at middle tiers of the address allocation
> heirarchy... that's something to consider, i'd say.
> 
> On Thu, Aug 9, 2012 at 10:50 AM, Randy Bush <randy@psg.com> wrote:
>> tim,
>>
>> i see where some confusion might come from
>>
>>> I am not sure how many big ISPs / LIRs follow this discussion, but I
>>> expect that there commercial contractual concerns exist regarding this
>>> and I highly doubt that such companies will follow this document's
>>> advice, just because it's a standard.
>>
>> i know rirs like to speak for their members, but this document was
>> written by one of them :)
>>
>> as a large isp, we serve a fair number of smaller isps.  i specifically
>> had in mind the circumstance where one of our customers failed and their
>> child needed support.  we're engineers, and our primary concern is that
>> the packets get delivered.
>>
>> indeed, the contractual concerns you raise are specifically why one may
>> not want to disturb the child's cert while seeing that the grandchild's
>> packets are delivered.
>>
>> i also have concern that rirs are not seeing the needs of the community,
>> which includes the grandchildren (even though you do not rent integers
>> to them directly).
>>
>> the issue here is operational packet delivery, not rir policy.
>>
>> randy
>> _______________________________________________
>> sidr mailing list
>> sidr@ietf.org
>> https://www.ietf.org/mailman/listinfo/sidr
> _______________________________________________
> sidr mailing list
> sidr@ietf.org
> https://www.ietf.org/mailman/listinfo/sidr
>

v2.23.0 | Report a Bug | By Email