Re: [Sidrops] Manifest entry filename validation

Erik Rozendaal <erozendaal@ripe.net> Thu, 19 November 2020 15:53 UTC

Return-Path: <erozendaal@ripe.net>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ECEAB3A0C15; Thu, 19 Nov 2020 07:53:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ripe.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ouKlEc4Omajj; Thu, 19 Nov 2020 07:53:38 -0800 (PST)
Received: from molamola.ripe.net (molamola.ripe.net [IPv6:2001:67c:2e8:11::c100:1371]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B8EE53A0C0A; Thu, 19 Nov 2020 07:53:38 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ripe.net; s=s1-ripe-net; h=To:Message-Id:Cc:Date:From:Subject:Mime-Version: Content-Type; bh=2nHuUItGRDDzt4VDEQT0R8KT9zHx+wmOCP/wYvCv/Z4=; b=HSDi/nEjXOWw 30Mi78UNqPOKQYvIMIL+4zexWYCtTAgBjW0fQBIw3/U8vlKeNRGN3drj7lPvuXRs4fTgjmVHg6R0d CEyK9GyX60SQYLrZUQ7ED8szbg3sJjEdhdu+efKrS0ogBPRL/HlkzwuytQQx59S985JouM9jclLmp PsDH2spwiLrZIDV0meFfl6b5CWSNaGGJDdxgtSet3XlOtM/vwcJiuerFuEdYtUpTR7uvjT9bUfuy5 Gm8coq73VOest9ks3lJ31XSHkbtEwV2BJzPqOnalXabmzH44SKZ0GzJSnGKpa9LO8KJEN/yvmXHwv jzqmtmsxX1lDkwmoAB6MHw==;
Received: from allealle.ripe.net ([193.0.23.12]:44072) by molamola.ripe.net with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94) (envelope-from <erozendaal@ripe.net>) id 1kfmFd-0000Tx-Gj; Thu, 19 Nov 2020 16:53:37 +0100
Received: from sslvpn.ipv6.ripe.net ([2001:67c:2e8:9::c100:14e6] helo=[IPv6:2001:67c:2e8:1200::14e]) by allealle.ripe.net with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94) (envelope-from <erozendaal@ripe.net>) id 1kfmFd-0001FN-Cl; Thu, 19 Nov 2020 16:53:37 +0100
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.4\))
From: Erik Rozendaal <erozendaal@ripe.net>
In-Reply-To: <3078ef7c-e282-a196-9f07-21789276673d@verizon.net>
Date: Thu, 19 Nov 2020 16:53:36 +0100
Cc: sidrops@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <FBEEE5E8-2A49-45E5-A840-F4E0BEEFC659@ripe.net>
References: <18CC986C-97FA-41F6-A530-F782D3104A31@ripe.net> <3078ef7c-e282-a196-9f07-21789276673d@verizon.net>
To: Stephen Kent <stkent=40verizon.net@dmarc.ietf.org>
X-Mailer: Apple Mail (2.3608.120.23.2.4)
X-ACL-Warn: Delaying message
X-RIPE-Signature: 3081e9bfa2e75d9dc8fe5e8110458a3898ac02a6125958ee1ab94cf393f3f1f0
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/-2l9IZIL9bnEjiLh7kgAj4UyPRY>
Subject: Re: [Sidrops] Manifest entry filename validation
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Nov 2020 15:53:40 -0000

Hi Steve,

> On 19 Nov 2020, at 15:59, Stephen Kent <stkent=40verizon.net@dmarc.ietf.org> wrote:
> 
> I believe the character set restrictions are appropriate, as is prohibiting single and double period directory entry names, and mandating the presence of the 3-character suffix. I also have no problem with prohibiting a specific set of names, such as the Windows-centric ones you mention.
> 
> The proposal to prohibit entries that differ only due to capitalization is worrisome. All of the other syntactic tests are easy to perform on individual entries. This test seems to require examining all entries at once to detect a violation. I'd rather not include this rule, because of the added complexity. Would folks like to mandate use of only upper or lower case characters as an alternative?

Most of the additional proposed rules are an (probably incomplete) attempt to make rsync work on non-Unix systems. Maybe we can just make this a recommendation or SHOULD, or just forget about this. RRDP should not be affected unless you directly map object URIs to filenames on a file system. 

Only allowing lower- or uppercase characters will break existing objects in the RPKI and require changes at the CA level, so that's probably a no-go.

Kind regards,
Erik