Re: [Sidrops] [Last-Call] [lamps] Fwd: Last Call: <draft-ietf-sidrops-rpki-has-no-identity-04.txt> (The I in RPKI does not stand for Identity) to Proposed Standard

Russ Housley <housley@vigilsec.com> Fri, 11 March 2022 00:12 UTC

Return-Path: <housley@vigilsec.com>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 02B693A0C43; Thu, 10 Mar 2022 16:12:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.908
X-Spam-Level:
X-Spam-Status: No, score=-6.908 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id q1ul2STZ0dh6; Thu, 10 Mar 2022 16:12:50 -0800 (PST)
Received: from mail3.g24.pair.com (mail3.g24.pair.com [66.39.134.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 02FA73A0C3D; Thu, 10 Mar 2022 16:12:50 -0800 (PST)
Received: from mail3.g24.pair.com (localhost [127.0.0.1]) by mail3.g24.pair.com (Postfix) with ESMTP id D711E1232B9; Thu, 10 Mar 2022 19:12:45 -0500 (EST)
Received: from a860b60074bd.fios-router.home (pool-141-156-161-153.washdc.fios.verizon.net [141.156.161.153]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail3.g24.pair.com (Postfix) with ESMTPSA id C4F5A1232B8; Thu, 10 Mar 2022 19:12:45 -0500 (EST)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.21\))
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <19977.1646505904@localhost>
Date: Thu, 10 Mar 2022 19:12:45 -0500
Cc: Ben Kaduk <kaduk@mit.edu>, SIDR Operations WG <sidrops@ietf.org>, LAMPS <spasm@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <6AE9245C-A721-41B4-AE08-3D7CF680341F@vigilsec.com>
References: <164642447410.28300.14979172722907480601@ietfa.amsl.com> <20220305043121.GH22457@mit.edu> <19977.1646505904@localhost>
To: Michael Richardson <mcr+ietf@sandelman.ca>
X-Mailer: Apple Mail (2.3445.104.21)
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/34CO7OfOvaOwBtw8VTa0YAyrKVo>
Subject: Re: [Sidrops] [Last-Call] [lamps] Fwd: Last Call: <draft-ietf-sidrops-rpki-has-no-identity-04.txt> (The I in RPKI does not stand for Identity) to Proposed Standard
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Mar 2022 00:12:55 -0000

Michael:

Did you see the ARTART review on the last-call@ietf.org mail list?  I think you questions were answered by Randy in response to that review.

Russ


> On Mar 5, 2022, at 1:45 PM, Michael Richardson <mcr+ietf@sandelman.ca> wrote:
> 
> I have read the document.
> I was unaware of it until it was posted.
> 
> It seems like this document is fighting some kind of guerilla fight against
> pressures to provide a higher RoI for doing RPKI.
> 
> I'm personally really annoyed that ARIN has been so restrictive with access
> to the public key that can used to validate the RPKI that originates with
> them.
> 
> } It has been suggested that one could authenticate real-world business
> } transactions with the signatures of INR holders. E.g. Bill's Bait and Sushi
> } could use their AS in the RPKI to sign a Letter of Authorization (LOA) for
> } some other party to rack and stack hardware owned by BB&S. Unfortunately,
> } this is not formally feasible.
> 
> I think that it would be nice if some specific proposals were mentioned.
> 
> I don't really know what:
>  } no proof of termination
> 
> means.
> 
> I feel like this document might better be written by an ARIN or ICANN lawyer
> in a cease and decist kind of fashion, and that really, adults should be
> allowed to do whatever they like with their private keys in the privacy of
> their own HSMs.
> 
> It isn't clear that we gain by publishing this document.
> 
> At some poine in the 1990s, I was assured that Dunn & Bradstreet where going
> to issue certificates useful for business transactions.  That never, AFAIK,
> happened.
> 
> } Government of Elbonia
> 
> citation! citation! :-) :-)
> 
> --
> ]               Never tell me the odds!                 | ipv6 mesh networks [
> ]   Michael Richardson, Sandelman Software Works        |    IoT architect   [
> ]     mcr@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [
> 
> 
> --
> Michael Richardson <mcr+IETF@sandelman.ca>   . o O ( IPv6 IøT consulting )
>           Sandelman Software Works Inc, Ottawa and Worldwide
>