IETF Logo Mail Archive

Re: [Sidrops] I-D Action: draft-ietf-sidrops-rpki-rsc-07.txt

Ben Maddison <benm@workonline.africa> Fri, 20 May 2022 13:58 UTC

Return-Path: <benm@workonline.africa>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1AD64C159527 for <sidrops@ietfa.amsl.com>; Fri, 20 May 2022 06:58:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=workonline.africa
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NVZKbyVPKYEr for <sidrops@ietfa.amsl.com>; Fri, 20 May 2022 06:58:44 -0700 (PDT)
Received: from EUR03-DBA-obe.outbound.protection.outlook.com (mail-dbaeur03on2062e.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe1a::62e]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 97E0CC15949F for <sidrops@ietf.org>; Fri, 20 May 2022 06:58:41 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=FF6nGPFvSbHJg1utmNOZK53REyALtoc2PCkS7OwWTwXboEWgRCHGyNpsEtqSjMim6I/AwA7+kImL5o291UHqFDTXQqjub63OxIzIQEV9kkyzTTGtjI2paNHYmnM6JXmrMNz7hCb03g81TLWp3mIZbxf0xl9YXBPpIQ+A0aHGO4lnmyypP+17voP2glXxKL32PqR3JdXzmWMaeJKTgDMTAhal+Ccw8LKAExJ5eQzsyM1joT1XxdfBf+7S2Sd7GwORHpUihuM8BVMfTWbc4neQQuTi1G+bu76WxyGM45oXGzwYs6bT8uh1QUz32A00q2I8lxq5RFcjlzAtkLKJh0hfVA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=SFK7p92ZrOfaUM1ToLO1FZvAB1I4e/vvahlLSJi/eNo=; b=WXdv6w/YWQpesJG2aF9E8EaNZeGgghQ4E3fNLCtBd+KA5pxE6WlpzQEMaUdKfDtJRAPWQtt5RGyHDHSAslANb1DDvM91MQQESeB5gm7y1QRcOdjQTWd/W96lN2OZXluVykMBJuCqzbXiXXVbwYVuoe6uNl8iJhEVj/xGg9AYlvupKaIOSAJFUUkebVA0nc39yGOzWPHhwMjKu1abYrLd76TCPnzZRTrT0AlJcyrinmByH+zjmNXwlXjkkjNSa6OA0ieVvW8PVNdJRpJBPHL9kWhnJqsX4upnHKQEQVpJjwMOTszILC3X+KfQUmBfhnEuJEfNARxrQtvMfubFjy2NHQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=workonline.africa; dmarc=pass action=none header.from=workonline.africa; dkim=pass header.d=workonline.africa; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=workonline.africa; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=SFK7p92ZrOfaUM1ToLO1FZvAB1I4e/vvahlLSJi/eNo=; b=VaOixEn1MQI9O/hdzHNRyuald7zeck422vaYA78qYo/u/sb4TuAxEMYHRncpaQCmOmSqoXpsf+vS8YusPELe990guqtcS1xVPBldni7uhkUiTnE3Yk794FAzCoYSfglMt6dwibdndoL0HuwEfIFHebArOu95Y90kFsJyUHjyeAM=
Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=workonline.africa;
Received: from AS8P190MB1078.EURP190.PROD.OUTLOOK.COM (2603:10a6:20b:2e7::13) by DB6P190MB0550.EURP190.PROD.OUTLOOK.COM (2603:10a6:6:33::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5273.17; Fri, 20 May 2022 13:58:29 +0000
Received: from AS8P190MB1078.EURP190.PROD.OUTLOOK.COM ([fe80::5865:ddf:4d4e:5ae7]) by AS8P190MB1078.EURP190.PROD.OUTLOOK.COM ([fe80::5865:ddf:4d4e:5ae7%5]) with mapi id 15.20.5273.017; Fri, 20 May 2022 13:58:28 +0000
Date: Fri, 20 May 2022 15:58:26 +0200
From: Ben Maddison <benm@workonline.africa>
To: Russ Housley <housley@vigilsec.com>
Cc: Randy Bush <randy@psg.com>, Job Snijders <job@fastly.com>, "sidrops@ietf.org" <sidrops@ietf.org>
Message-ID: <20220520135826.23h6eaurre7zvqxs@benm-laptop>
References: <165298105049.28270.14685971986743868185@ietfa.amsl.com> <YoZ/bsYUeHpCW3Mc@snel> <D55CE24C-36E2-4976-84BB-BDB19E0E2CC2@vigilsec.com> <DB9P190MB10839201BF38E8D1BCD485BBC0D09@DB9P190MB1083.EURP190.PROD.OUTLOOK.COM> <3BDB58DF-0431-4676-9606-611C129A4B0B@vigilsec.com> <m2o7ztfe4d.wl-randy@psg.com> <20220520012253.zu4abj7kotvg3m3z@benm-laptop> <80AD7E72-1F42-4314-B0A8-69819904F2EB@vigilsec.com>
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="cbqq5gcx6fikrlpm"
Content-Disposition: inline
In-Reply-To: <80AD7E72-1F42-4314-B0A8-69819904F2EB@vigilsec.com>
X-ClientProxiedBy: LO4P123CA0365.GBRP123.PROD.OUTLOOK.COM (2603:10a6:600:18e::10) To AS8P190MB1078.EURP190.PROD.OUTLOOK.COM (2603:10a6:20b:2e7::13)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 8142f737-7664-474f-ddb1-08da3a68d119
X-MS-TrafficTypeDiagnostic: DB6P190MB0550:EE_
X-Microsoft-Antispam-PRVS: <DB6P190MB055038D8172CFA42E41A54E1C0D39@DB6P190MB0550.EURP190.PROD.OUTLOOK.COM>
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: RDjLShmWVi8igzviIqfVfysfisbjgnc7+OZI9pkGN1z3lD2Bgx+s8l+S4GhoXoIlIRex197oCIpGTznoUWgOX8Sha8y5HeS3VvwXcuaJ7icnOWpTyyJ+nT8pYETI3sY2DS1mn2jyKtAeWW6mPbHcxp8XlCo+EQNgBfc7NKyhBWf2bYnTmqCEDz4gOlpZ9i67Lcs8H+lcU8CLm4ubRAmMReIL1ioSL1SAqxazZ5j7GhIVlH6jm83dJThkSEfS4fJbHqXj8zNaipVNwtxkiB8VoxdgaGurd++hinQrW+K1NWil1mlmVq84GyvApbcTBSvqlgLUaWbrNnnn3KHF5yxV5ITarlBsda77eYw4pan1jPwVn9/nQLC9VR8brMuYx+2jWdjNe+sRI4aPbE8TF89DyANIY+bBd/tbSgQN/33KOS8v+PHuicz+UE3AX+UZlK+k6VuX3JCdccWGp+D74mcoYgWJvbs8aI4GlTGj6Mmxws3H4c2IKIS3W47M/Fz6MkbbL+Kis7kv5yL0fwwO4tB32yqPuetdWkivbmVyf6HEYHsa8yrY5GZFumEOtaHAT8HWjbAi1by/bECei08L/PW+R/DfOs3w3Du/V0PVKHahK1++ST6XgLDA42RRAqnrTZp/3R/eWAJyhnp9MPrJ8yakTEqhRlKSkvJP2irmzqh6LPKcSDT6kox7mZWGADvYEo8d+k+oFpl1KgRJVC45BegmiJbXMEBTeQc85J42tiwxROi73UlORsx8rLGcNCfo4ZnK
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AS8P190MB1078.EURP190.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230001)(7916004)(366004)(396003)(136003)(376002)(346002)(39840400004)(6506007)(9686003)(6512007)(41300700001)(86362001)(21480400003)(52116002)(44144004)(1076003)(186003)(38100700002)(26005)(38350700002)(83380400001)(54906003)(6916009)(33716001)(8936002)(4326008)(8676002)(5660300002)(2906002)(66476007)(66556008)(316002)(6486002)(508600001)(66946007)(46492015)(2700100001); DIR:OUT; SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: r7VZ867FqLZ1IhyeyP2eZ0UHckzAtpE8s5ZAw0MIO3Lv5mc22XPVnDFdDFDmQij5BFSSluVJChTcvFRi/n+6fttE3xQAxn4p65dVHivKX7D3BBsHpSlewV7zw+Z1A2U7Qat+Ka66cDCBU8+fbtA74zN+if66Wq64xIsLT5t/5dWw+RWBW4czhDCvxKDjTenzrj+SFi5l6gfui7/5rymiCT990ItUdtfxgxHvxAsF4UPaoFuY0TblCMD7/kTAvMjGBddHaqKbPHierrD7mmuv/sfFSBqilJ7LJg9JiMGCOxYZ4DABbcdzJj9L30ZuOXjMM6snd0Fu8qyyEIWVSkBPxwwz5ReMekQacrgbGbXNuDAv4jl9CYGeBJWBzlrFf2DPyH0HQ/6lQ7nvah35UBVPka+Cat7Q3zNFV2Ow2pnpAqFW3b90AmG5pumM+hHo1FR7rRqlngFUY7dQFW3w/Wx28JXVknrmHk1qWVMK/GpDBG+8eqmGZTSSUlxzcQKeiCpX2Rc3sfcAwcCK8JuOzi50w9bqogYaMzz2D+EKPkJiPatxEYzq6BfQYUV+uZ8ungDkyTRKdjUiFpWZcXv/OuxBISDwqzx1rzSD/EtYc+VneTh4w5q0gmk8hWu5/ZxLsM9zgg84tw4xUn59Y9Q66CcSf3dvrvzCFhraeIT6dQfm2wBw7tgeWGA+xCk/xYiOvh9rsfokyWefr5UkiBIZ8oQpZxqRrxDWRA5OewL6MLe7+qVay4X9M2O24+4v0nPWbcULn4OpjG5RDsE1Z4onnd9hsrgtwMyek1dunGmkYPqxdR6aWI1tZZPoLDZ0G0/G2yjSROdgKtDcxw2DBzF0AtBr0G7kaZn6OCUgZWMESnJKpSr/KhAZdDUQERR7ttkcF1+Jn01vW0/j8qE83TJsAnPSQDKXlehmr8gohY6E1JI8usZVPV+d2PmpcWSYvVBajV3VT+J1H8Ddx41zh7aX6+wuy0zQ+oWqYxaNx1h1Vkl9wQlV+SCjHSeWxN7RE/7cHn6rJatEZMLpQxDpV1m5BLiLcd70a2yUKJD3uK4Au7FwxiDZ11YoPAPLTTLLcj5XPp5yscqEwioIAYtW+oPhoMfSfzrmxwV+B6uQetuXzFTlc3cdYXRP3w4grm+ZK6hRcAxxkQPWE6AryggZlMzpGCIzd98sjdCx7ru98vs4XHW1sLZS08J0AvobqflN+85c4A9DiR8naq+rqYSEasLEJT72bkDBGOYroDhqFzdQ0LQdUAmkUmN47lHJk+MA+Nxwjxw1v98i9buuUTTxEIMUu7J+mt6IJf+6gWuuN4XtkoXiymCVqED22waH07vLuliwv8UI6+vhjcQwNtcyadVkvpZaRuVKPmGxit2R7a9vRC9Y8BwztdOdyErYF6+8t8YrnsmYVJMWUXGqj/+H+/Unt+pjCY+zkgNeY/UuZbOr8KAcd+nqwsTLjzRKaLqTpJocpD6eCxlVMvPOTN3sGeJSusZ4jQwV6v+W/NyiP7fTLXkGdMiMY8c5GLZkizGaLy2rEMFO9z9nWN437aOhZa+awpxPbxSAPOc/4uh7buZ8QAy+HZEb9ocrweeypnjHROHjjcVdd0jEeq8P/Nli+rKeE5KD1yLCuFbm437XByxK7zd/MOLRalVd6nywmpsnKodtsTqK+mOLwyl4vzuNVxPzDd20mwU+EUWa5uscIML+hyASBTRikbQnxpKvGaVt+l6fwtHhpWYgHb5vfX+LJbcMZumBZmKqg88NsjedLg/5+3QXkiI=
X-OriginatorOrg: workonline.africa
X-MS-Exchange-CrossTenant-Network-Message-Id: 8142f737-7664-474f-ddb1-08da3a68d119
X-MS-Exchange-CrossTenant-AuthSource: AS8P190MB1078.EURP190.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 May 2022 13:58:28.7375 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: b4e811d5-95e8-453a-b640-0fba8d3b9ef7
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: NGKq6jqKWOimjxX5rYe/64fq36Wq/E14+2RamgC0wPen/5SR0j9THSqjTvU2X/fckeiWj4+u6Km/WgpcoFN4AQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6P190MB0550
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/1iEy5pFW7LNLVTj9p91NsrRYjSc>
Subject: Re: [Sidrops] I-D Action: draft-ietf-sidrops-rpki-rsc-07.txt
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 May 2022 13:58:53 -0000

Hi Russ,

On 05/20, Russ Housley wrote:
> Ben:
> 
> >> 
> >>> Sorry that I was not clear.  Since the goal is to align with RFC 3779,
> >>> we should use the same definition as was used there, which is OCTET
> >>> STRING (SIZE (2..3)).
> >> 
> >> this makes more sense to me, as i do not see a win in having rules that
> >> apply on wednesdays and fridays and not on other days of the week.  one
> >> wants to be able to write tools that are not complicated unnecesarily.
> >> 
> > I think I am explaining the intent poorly. I will try again.
> > 
> > The intent is not to align with the ASN.1 definitions of 3779, but with
> > the DER wire-format produced by implementations of 3779.
> > 
[..]
> > 
> > In the specific case of the addressFamily field, allowing the SAFI-byte
> > in the ASN.1, but then requiring that it MUST be absent in normative
> > text (as is the case in other RPKI RFCs, e.g. 6487) would run contrary
> > to the above goals.
> > Implementors would be forced to do the constraint check by hand, even if
> > they were generating the other constraints from the ASN.1 definitions.
> > 
> > Hope that makes more sense?
> 
> Not for me.  As you explain, you want compatibility with the library.
> It produces a 2 octet value.  That is compatible with OCTET STRING
> (SIZE (2..3)).
> 
Yes, agreed. It is also compatible with OCTET STRING (SIZE (2)).

> I do not want someone to encode a value with the ASN.1 in RFC 3779 and
> then have a decode failure by an implementation that uses this ASN.1.
> 
Not all possible values of 3779 types are permitted in the eContent of
an RSC.

If someone encodes a value using an 3779 implementation that, for
example, contains 'inherit' or a 3-octet addressFamily, puts that value
in the eContent of an RSC, and then tries to decode the object, then a
decode error *is* the proper outcome.

Cheers,

Ben

v2.23.0 | Report a Bug | By Email