IETF Logo Mail Archive

[Sidrops] Multiple publication points in certificate

"Hove, K.W. van (Koen, Student M-CS)" <k.w.vanhove@student.utwente.nl> Wed, 27 July 2022 20:17 UTC

Return-Path: <k.w.vanhove@student.utwente.nl>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 27B30C13193A for <sidrops@ietfa.amsl.com>; Wed, 27 Jul 2022 13:17:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.93
X-Spam-Level:
X-Spam-Status: No, score=-1.93 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=universiteittwente.onmicrosoft.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id El6iYmAz-Y_V for <sidrops@ietfa.amsl.com>; Wed, 27 Jul 2022 13:17:31 -0700 (PDT)
Received: from out48-ams.mf.surf.net (out48-ams.mf.surf.net [145.0.1.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 97916C13C500 for <sidrops@ietf.org>; Wed, 27 Jul 2022 13:17:07 -0700 (PDT)
Received: from exedge61.ad.utwente.nl (exedge61.ad.utwente.nl [130.89.9.12]) by outgoing2-ams.mf.surf.net (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 26RKH5oN025835 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for <sidrops@ietf.org>; Wed, 27 Jul 2022 22:17:05 +0200
Received: from exmrs72.ad.utwente.nl (2001:67c:2564:a187::2:72) by mail.ad.utwente.nl (2001:67c:2564:a187::2:161) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.9; Wed, 27 Jul 2022 22:17:04 +0200
Received: from EXMRS62.ad.utwente.nl (2001:67c:2564:a187::2:62) by exmrs72.ad.utwente.nl (2001:67c:2564:a187::2:72) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.9; Wed, 27 Jul 2022 22:17:04 +0200
Received: from exedge62.ad.utwente.nl (2001:67c:2564:a187::2:162) by EXMRS62.ad.utwente.nl (2001:67c:2564:a187::2:62) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.9 via Frontend Transport; Wed, 27 Jul 2022 22:17:04 +0200
Received: from EUR01-VE1-obe.outbound.protection.outlook.com (104.47.1.55) by mail.ad.utwente.nl (130.89.9.13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.9; Wed, 27 Jul 2022 22:17:04 +0200
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=FMkWOyL99nohugJC/8/SXSpq3NvU+cg8Blsf1s7uPT3CWjtGFyrdR7P3pKvVDqinisgl55RNoUuqZkoVWsNCNLO8d+hXw2/R20ODAbTUm+Kqs9v4bt+F+UTwoWSyGgmq9QJo1tpou3MdZtCJXQmJIVY7pY+l6/xk44g04MDSRoxLwJFGHl6Iy1cy8zY2CPSF7TE2CgZpTwNu0AhSWcedNUrtx73EU6vbUr7++LFpuFcVM1YHYMVCkD/yWoZ5RdH27euSk5JTgF4kJeI9PuWuPoyQj2Asgw8uh0k42Gz7m+tfIMeQjlshcRJviR1O+8jMY9+m7uKjI5Jlplvaevnspw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=yZHMNgeVsBtk1RjkTHU+MpJwYz+1pjfgOidTQreKgWk=; b=F4864LmM81TKDcJ+m3e9mbGj3jMRAYuLjH9bhUTbrNqzASBFu7/SJKg7O9MoIsixa/ezaaaRK4I6k0b0aU5vKgF/WSHFaF46XJHA1NmmRWEc4LGwSX5rtmaJvsYzLDBSw2PCnI8gZ4g8vYP53pu1BM11m+cKHr3hODjh31rA3KeR6kU6jB+fOnF3+HT4DAs4O7K/VWSrX825PMUwTjVWTCeaIFczrbJ/pAU60nxDJuDbQbI7hibEPgvlKwB97xFqpylMJHhJqeHRYdKruxRHOh9k+vHxjLQA8/Svy7YyhKr1QFlOtBTeb4FNTNLZCaxdflTlhsGT6+RrAhe8vZYpTQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=student.utwente.nl; dmarc=pass action=none header.from=student.utwente.nl; dkim=pass header.d=student.utwente.nl; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=universiteittwente.onmicrosoft.com; s=selector2-universiteittwente-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=yZHMNgeVsBtk1RjkTHU+MpJwYz+1pjfgOidTQreKgWk=; b=cR27bNFcb4W/zlKa66z1KIUnyBJnRpVg//pR13YpdN0DzPbKtUbayPkYa+SJSC30+kcTuWdMZUYk6240MStpa6u3gJfxlmShak2+KcDy3YOU8xfn/G/aG6B+b3UgcGZIQHHSMwXJaK+ITppPMHpHs5pdcrLgXx3eiG9RM6RzJpM=
Received: from DB9P195MB1420.EURP195.PROD.OUTLOOK.COM (2603:10a6:10:335::18) by PAXP195MB1341.EURP195.PROD.OUTLOOK.COM (2603:10a6:102:1ad::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5458.19; Wed, 27 Jul 2022 20:17:03 +0000
Received: from DB9P195MB1420.EURP195.PROD.OUTLOOK.COM ([fe80::a135:dd79:4daa:307b]) by DB9P195MB1420.EURP195.PROD.OUTLOOK.COM ([fe80::a135:dd79:4daa:307b%8]) with mapi id 15.20.5458.025; Wed, 27 Jul 2022 20:17:03 +0000
From: "Hove, K.W. van (Koen, Student M-CS)" <k.w.vanhove@student.utwente.nl>
To: "sidrops@ietf.org" <sidrops@ietf.org>
Thread-Topic: Multiple publication points in certificate
Thread-Index: Adih9WDWFWwzPvVhRAamZrtgdqJwBg==
Date: Wed, 27 Jul 2022 20:17:03 +0000
Message-ID: <DB9P195MB1420D2ABBBC3111449F141BB8C979@DB9P195MB1420.EURP195.PROD.OUTLOOK.COM>
Accept-Language: nl-NL, en-US
Content-Language: nl-NL
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=student.utwente.nl;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 04101cf4-87f8-420d-f86b-08da700cf85f
x-ms-traffictypediagnostic: PAXP195MB1341:EE_
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: H+f1wfWtxpoONNIeAQs/k6ZQg/kNfasJ9ecOMjIZ/5tfJZQK3nOvMOPNarxaoIs7QQji8lpZ5g6Ljg7ViG3TWFnlqP3rgVjU1VO6ZQPSbhUmIFXY+7O7GTIli8HrxF3eJiPZT//I+k11kVZIw9uxz+fig1A/O4gtUp2JvTjcIkruk3mSi+/AgO84S9F5ngY105/7ANkBjFNZXgou1T2NL9qNrenHJu4TIRLG6eCcWPm86tYQaw6z4RLWTmPI42zm4x7C7xss+ekno4iB+CZ7v8KrMwvYpAFTL9/0i4KNz5VpVtDqa8tgG46YX1O8GQBjDXu3RBekWpR1DcaCPEWRSGt0eTXLpUyFlYVmnqtgflx789RIEXZRzas59wvuVj1Tcf+MDqK4mGNvOC+hEjhe/oqT6PbgLumk3nznxR5/z3fxsX+QjapCRkGn2l6S8l0miar0OJ9OuSc0dug08ZzB4tn4NaNkIQNv/6Izf8zwmO/rdu38fOXs2iKCTdxCFeB5iEdrQ8MbqHnRVYN0j+NQkqwngknxpf/WcgzggjQBO4Q2taafiXBskwddg49J4r+o7aIbJ9GCeSpf39Ql1wIeiHGnfxQ57befuUunX4GTLj/H0L0o2g8xnG1oN75fsyD2/DGydTAwakEbv4gra9sTqOeDwP0MsiuSNk7fAkXce7QFXLjNY6n3kFoyZQI+Q55g+DeSGz18xYrzuhTr90Tpict7Fe5RMiU3nOXyBvMNB8erlqwdU+bwYRySaJ/Y/udQDJkdSsZKwman0Gy9H2xnTWkM/mwCTmfo4/ERoh9FXY0=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB9P195MB1420.EURP195.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230016)(4636009)(346002)(376002)(39860400002)(396003)(366004)(136003)(8676002)(7696005)(38070700005)(66476007)(66946007)(52536014)(66446008)(8936002)(76116006)(33656002)(478600001)(83380400001)(71200400001)(55016003)(6506007)(26005)(64756008)(66556008)(9686003)(4744005)(41320700001)(2906002)(86362001)(41300700001)(5660300002)(38100700002)(122000001)(186003)(316002)(786003)(6916009); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: UOeDZ5xaXgfivBAtF59uUL6Oka/yAMheCtKlsDP/OS+686ClaL5RU+XC1kyhOhOMZJX/jW/spV7nDRaWuw81kjbiR+ggDgJfJz4Wyhs19oG9moBu5QLNB0dyCSw5xBI9UjczYBIQ67v5mKGuyt00VaC/b1FNvjSjl9JNndUVVD0r72XsDVI/3H0K6nEXNlKtkMRgE9HYlktBBmHwoITvUS0WXJcyS3TSO4lWEzPMYmmnJNYen6c9NQYEwQbCL+2Qd7tfYSU3zwBgakYMnmXF3eqSTh/x7S3MLbuhVpPGGHqZjRW99QkKcYrgn2FhHdb6P57EQA3IPEjGwvvxqPOtYarG2k6eMPYFYIVe2hUIdk6Fg/59TTSZTENYXpoiLszqOhQeIsKfjqgeXy1zbENoAC3lWwAH13FsTezsdiTL6l2ke36qBWDV6NMlr252BTsSrNbUImFb/Z2Hpgp7WsCQnU2yOI31K9ph0FF7pbIcUSKAFkAViFFZIjuzuBjllfbojKyOBuuzCzKdAqogZZk4d23WK+Ri9zgqgd9dqzyaoaVzdmrO9DzUS0MdNQGN+8v8hhMQwIaqAlkUNPZHIga/4+MqJRPPnOTFq0I+l7DXJM8Ts3OPPV7oWYyv+UsAWdZxzHg8QZgRDDVTmCCpaf7bMYYlSeoQAghWPEKKGtaQjvW5YfOZuvMrclhQRNnwEuwoRbFmG+NBwXOS09u7jIenKYMBF51K4uVwAFQ0tShIiIWXH+jVea8lgwd5xB2o5n2BM2tjLowwYLjWFR8NSNpPqclNGS5esLEBckWpFFTLZd6BIcGOatiYPcaQN9syvNpe/XCtZ5pOuCwgv0N3VSZa2+Uw87UQ0inHgLiHTmT4xyqOlN203PuKLLOvMEVKZ5/4yTIDZpb+F/CGyQYYSjQDgn1pkZvSk7aVjM0bpJ74YOUibLvkYmwjDpaJSIgaEvNK2M8LlrKk6TPl5a4KcvjuqCjNr06Rme/v6thjOvqjoCXbkN/kzMkZap+657LZmDdwpkPei/UpE0cQIj3XQfu4RQQl2EG8lnxPGyA8jba1XjHmpGt2UApFkcDEaP04SkzR1kk3Hl0gnwd22tHIYTvIo8w0a/VM7nUL8DzyssvxiW0D+TQB7ayJLflIdtQzmfehqaCGhB2yPXDBM7f9nHMC8OsqpOCrRMbtQrjNlIcTu7m3tlgU/0aWZEwvBzsXrzBVMmDMsiugrO5F1tmRXdLzrrvWy84DaA/PAlMYosErfFI2z3cjeqjfMCHKdNCF5GvxxNeUL86NdLqA+gMccLsRY7JfcWYY6Fdww2xTHtAHlYiVw/aBYcZyOfJ8z0oqU24dKzD18dFBHkDGFCt89XDcfk1ir5lzCFkkLG662xrmoCmxLusYYvztOoF393meV7Q0rImNWxAlZrf0C+5Eixfv4geWzwnTTfawnxTzKL4xlOVjEnR+WqIayHtrEa6ZvZS5OP83g/hUYSOLdNzeCMY7B9RE1iyJ6V8cGQLwRS+gPHCEvouSQKDXQ09NBKTojXD8gBSTLvsnMcSWQc3I9FUpykCeO6mnZkUkztezw2ptRHAHGF1PK4N9YNIRCO3tm4e0agJ8sHoQKtDQNHTNdp3WLA==
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DB9P195MB1420.EURP195.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 04101cf4-87f8-420d-f86b-08da700cf85f
X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Jul 2022 20:17:03.4991 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 723246a1-c3f5-43c5-acdc-43adb404ac4d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: QcjahhqmXVtS6Cy6HlooGbVRJwSDsxWue3i9eLUUpbv0U5LFL4DrzHTLCJUOYIZWdRT6+RD98emhBa2HW2NrCiG93NSNcqakVa69kPtnOq0=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAXP195MB1341
X-OriginatorOrg: student.utwente.nl
X-Bayes-Prob: 0.7178 (Score 2, tokens from: utwente-out:default, utwente:default, base:default, @@RPTN)
X-CanIt-Geo: ip=130.89.9.12; country=NL; latitude=52.3824; longitude=4.8995; http://maps.google.com/maps?q=52.3824,4.8995&z=6
X-CanItPRO-Stream: utwente-out:default (inherits from utwente:default, base:default)
X-Canit-Stats-ID: 0v80kh5Bz - 9267fb1e9484 - 20220727
X-Scanned-By: CanIt (www . roaringpenguin . com)
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/1UZrlOhYk346xaokF037mY9kyNc>
Subject: [Sidrops] Multiple publication points in certificate
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Jul 2022 20:17:34 -0000

Dear all,

Recently I investigated strategies to make ROAs more resilient to outages by publishing them at multiple publication points. During the discussion, I noticed that the SIA AccessDescription extension on certificates, specifically the id-ad-rpkiNotify accessMethod referenced in RFC 8182 section 3.2, does not mention that there can only be one. As far as I can see, there is no restriction in the standard that there must be at most one for each type. In theory multiple RRDP URIs (or rsync URIs for that matter) should be possible. Is this correct, or did I overlook something? And if so, what is the expected behaviour when multiple are defined? 

Cordially,
Koen van Hove

v2.23.0 | Report a Bug | By Email