[Sidrops] feedback on draft-michaelson-rpki-rta
Job Snijders <job@sobornost.net> Sat, 26 December 2020 17:50 UTC
Return-Path: <job@sobornost.net>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5EA3B3A0B8F for <sidrops@ietfa.amsl.com>; Sat, 26 Dec 2020 09:50:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g37cxkC8m5Gg for <sidrops@ietfa.amsl.com>; Sat, 26 Dec 2020 09:50:56 -0800 (PST)
Received: from outbound.soverin.net (outbound.soverin.net [IPv6:2a01:4f8:fff0:2d:8::215]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6BA253A0A81 for <sidrops@ietf.org>; Sat, 26 Dec 2020 09:50:55 -0800 (PST)
Received: from smtp.freedom.nl (unknown [10.10.3.36]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by outbound.soverin.net (Postfix) with ESMTPS id 4F45A602C8 for <sidrops@ietf.org>; Sat, 26 Dec 2020 17:50:52 +0000 (UTC)
Received: from smtp.freedom.nl (smtp.freedom.nl [116.202.65.211]) by soverin.net
Received: from localhost (bench.sobornost.net [local]) by bench.sobornost.net (OpenSMTPD) with ESMTPA id 173bb77b; Sat, 26 Dec 2020 17:50:49 +0000 (UTC)
Date: Sat, 26 Dec 2020 17:50:49 +0000
From: Job Snijders <job@sobornost.net>
To: sidrops@ietf.org
Message-ID: <X+d3+e5Rj/Q7Dchv@bench.sobornost.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
X-Clacks-Overhead: GNU Terry Pratchett
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/3jzvsqP_8L3Js39tGXujIyUPR7E>
Subject: [Sidrops] feedback on draft-michaelson-rpki-rta
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 26 Dec 2020 17:50:59 -0000
Dear group, Reading draft-michaelson-rpki-rta-02 while writing some work-in-progress code, I have some suggestions that hopefully improve the ease of use of RTAs. WIP: http://sobornost.net/~job/rpki-client-rta.patch.txt While it is useful property of RTAs they can be exchanged via email or webforms (aka 'private B2B'), I also envision use cases where RTA objects are best distributed through a publication protocol (public INR holder statements). I forsee increased interoperability if the document specifies some constraints on how to publish RTAs via RSYNC/RRDP, if the Resource Holder chooses to use that path. Some suggestions for text are included below. Of course, from a cryptographic validation and 'permissionless innovation' point-of-view the 'standalone' use of RTAs (without IANA actions) is perfectly valid and applicable, however from an interopability point-of-view I would encourage the group to also go through the motions on describing how to publicly publish RTAs, and thus target Standards Track. Kind regards, Job --------------------- OLD: Intended status: Experimental NEW: Intended status: Standards Track --------------------- Section 8 OLD: An RTA and its associated EE certificates MAY appear on an RPKI Manifest and MAY be published in a repository. NEW: An RTA and its associated EE certificates MAY appear on an RPKI Manifest and MAY be published in a repository. If an RTA appears on an RPKI Manifest, the RTA's file extension MUST be '.rta'. ---------------------- OLD: Section 9 IANA is entirely off the hook on this one. NEW: Section 9.1 OID The IANA is requested to reference the '1.2.840.113549.1.9.16.1.36' OID as Resource Tagged Attestations in the RPKI Signed Objects registry created by [RFC6488]. Section 9.2 File Extension IANA is requested to an item for the Ghostbusters Record file extension to the "RPKI Repository Name Scheme" created by [RFC6481] as follows: '.rta', 'Resource Tagged Attestation', ref: [draft-michaelson-rpki-rta] Section 9.3 Media Type The IANA is requested to register the media type application/rpki-rta as follows: Type name: application Subtype name: rpki-resourcetaggedattestations Required parameters: None Optional parameters: None Encoding considerations: binary Security considerations: Carries an Resource Tagged Attestation [draft-michaelson-rpki-rta] Applications that use this media type: RPKI users. Additional information: Content: This media type is a signed object, as defined in [draft-michaelson-rpki-rta], which contains an arbitary canonicalized payload as defined above in this document. Magic number(s): None File extension(s): .rta Person & email address to contact for further information: George Michaelson <ggm@apnic.net> Intended usage: COMMON Restrictions on usage: None Author: George Michaelson <ggm@apnic.net> Change controller: George Michaelson <ggm@apnic.net> --------------------------
- [Sidrops] feedback on draft-michaelson-rpki-rta Job Snijders
- Re: [Sidrops] feedback on draft-michaelson-rpki-r… Claudio Jeker
- Re: [Sidrops] feedback on draft-michaelson-rpki-r… Job Snijders
- Re: [Sidrops] feedback on draft-michaelson-rpki-r… Stephen Kent
- Re: [Sidrops] feedback on draft-michaelson-rpki-r… Claudio Jeker
- Re: [Sidrops] feedback on draft-michaelson-rpki-r… Job Snijders
- Re: [Sidrops] feedback on draft-michaelson-rpki-r… Stephen Kent
- Re: [Sidrops] feedback on draft-michaelson-rpki-r… Ben Maddison
- Re: [Sidrops] feedback on draft-michaelson-rpki-r… Tim Bruijnzeels
- Re: [Sidrops] feedback on draft-michaelson-rpki-r… Korsback, Fredrik
- Re: [Sidrops] feedback on draft-michaelson-rpki-r… Tim Bruijnzeels
- Re: [Sidrops] feedback on draft-michaelson-rpki-r… Stephen Kent
- Re: [Sidrops] feedback on draft-michaelson-rpki-r… George Michaelson
- Re: [Sidrops] feedback on draft-michaelson-rpki-r… Ben Maddison
- Re: [Sidrops] feedback on draft-michaelson-rpki-r… Martin Hoffmann
- Re: [Sidrops] feedback on draft-michaelson-rpki-r… Job Snijders
- Re: [Sidrops] feedback on draft-michaelson-rpki-r… George Michaelson
- Re: [Sidrops] feedback on draft-michaelson-rpki-r… Job Snijders
- Re: [Sidrops] feedback on draft-michaelson-rpki-r… Job Snijders
- Re: [Sidrops] feedback on draft-michaelson-rpki-r… Martin Hoffmann
- Re: [Sidrops] feedback on draft-michaelson-rpki-r… Di Ma