IETF Logo Mail Archive

Re: [Sidrops] [art] Artart telechat review of draft-ietf-sidrops-rpki-has-no-identity-05

Francesca Palombini <francesca.palombini@ericsson.com> Tue, 12 April 2022 13:39 UTC

Return-Path: <francesca.palombini@ericsson.com>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3546D3A1FB4; Tue, 12 Apr 2022 06:39:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.11
X-Spam-Level:
X-Spam-Status: No, score=-2.11 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dakIrSOarggt; Tue, 12 Apr 2022 06:39:45 -0700 (PDT)
Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-db3eur04on0606.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe0c::606]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 771133A1FAD; Tue, 12 Apr 2022 06:39:43 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=HeOGV8RMTGg/DvZxoQX0UWjCvV8+dSlF+JWhefxI01mlrTT02r3Y6kI1uXV7Hsp5oXhhIVd0ADDZHi6ObuURNaNbjSUXorvAg4F96hK/9wEkp5Y/ZV55CLiwkpfPHIwN9WG6qZX7E2Ir25bZm1N1dnGXJv9Tux5IdtmaWO6wFPlLn7QST/xIwZ0QoAPlqMfsU0x23RFaZqTxphLA2L82g/TVJNcvpa4HS1gPLJnOKI3EBGYnJxtNR/GD0kTrKt6L37C0pFEkqIaeIQxI5Nq2N5i709pRhs5j6dIlZJPZ9l8kQmaBLdnC1ENtdrsVEc7JB80k4Ae1ttfp3OLs3sGdPw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=0ZirRDRLd17RrICKh8RjU9NglPzn48xTnao7elePa9g=; b=kdA9EhxCL+yz7zpftEU9XqkjEB9j6505tiTpVKYHcmKody4qlEGqEHZa8ZjmRuMvRcFmYq67nwealfumJ0x3LoIKoOhL0ZK/bDKMTogFIK5iDVXdi6AVeeHyvk8kXR7uFn0KmHf6M2w5Pl/TDTHTMa865mQm2L9DVEgKAA2XGlY1y8YVjA4wqT1bBG5JGzTYeqZOOOtajdr2In/7wu5166xpE2t5p7yvQDxNS1pAlS9dcCHCYH4BIcXIIaGcKeVdPMniqLQ+zd4Pu4SUF/0/s1celynOBSY0wJF0oU4TTEn332RjH08PU8XJokFJOQ0If0jliJ+/Ljh0XNTR12QtbA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=0ZirRDRLd17RrICKh8RjU9NglPzn48xTnao7elePa9g=; b=gfbIvTQGOBD4NXQ4vTdemA1/BZXoLSnY7Sw41U/RMbCCFKBhkvQ0pLEpk2Yh1zmaNmgdqR0/aIHNWffRW7U3igJN+ufX05eay2Liv1ibJVCknhmpvMwGC7T6sz396mvMfLKL4JnSO0ekLZPNsXqhBqXhxLABuiOFG66Kf21Wrdg=
Received: from VI1PR07MB4223.eurprd07.prod.outlook.com (2603:10a6:802:66::22) by VI1PR0702MB3822.eurprd07.prod.outlook.com (2603:10a6:803:4::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5164.17; Tue, 12 Apr 2022 13:39:39 +0000
Received: from VI1PR07MB4223.eurprd07.prod.outlook.com ([fe80::a961:6869:27e3:fcca]) by VI1PR07MB4223.eurprd07.prod.outlook.com ([fe80::a961:6869:27e3:fcca%6]) with mapi id 15.20.5164.018; Tue, 12 Apr 2022 13:39:39 +0000
From: Francesca Palombini <francesca.palombini@ericsson.com>
To: Randy Bush <randy@psg.com>, Russ Housley <housley@vigilsec.com>
CC: "art@ietf.org" <art@ietf.org>, "sidrops@ietf.org" <sidrops@ietf.org>, "draft-ietf-sidrops-rpki-has-no-identity.all@ietf.org" <draft-ietf-sidrops-rpki-has-no-identity.all@ietf.org>, Tim Bray <tbray@textuality.com>
Thread-Topic: [art] Artart telechat review of draft-ietf-sidrops-rpki-has-no-identity-05
Thread-Index: AQHYSsPN1wJKgf5kEU6MHa/qeoTfe6zmdO4AgAAgJYCABbnetw==
Date: Tue, 12 Apr 2022 13:39:39 +0000
Message-ID: <VI1PR07MB422339ECD8AF268AB3EF59CC98ED9@VI1PR07MB4223.eurprd07.prod.outlook.com>
References: <164936575713.6320.18195760378286197162@ietfa.amsl.com> <10652A23-5534-423B-B8AC-3320881CA38A@vigilsec.com> <m2tub3i5ws.wl-randy@psg.com>
In-Reply-To: <m2tub3i5ws.wl-randy@psg.com>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: dad3010c-4988-45f7-f58a-08da1c89e45c
x-ms-traffictypediagnostic: VI1PR0702MB3822:EE_
x-microsoft-antispam-prvs: <VI1PR0702MB38227919A47E00087EFB95B098ED9@VI1PR0702MB3822.eurprd07.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: QKfzr0gdAyaODjksC6VFuYba0xYX4CWjVHd0qKtIidoluG8kdmw881fXIqzPDVjauk56sV8eWtB3QlN+FkR34Mqiw6mEE7xDTuL5GhNlt9tODxNxf5RzgfiFNbA2RBpK8c+hmvalK/Kdo9MmCT+48GbBvisLsCpgFr07Hif/KotDqcePtbRYU7AAWme1X1pHz5LuL4/W5TLJmb8c6nrED+dAWRVNm8ZkXCQp8endZsOUszu1i9rbsF/2QaSQ4bIzd5i1RxfKSBHlHKb5RrHiSPPHh0Y9Q3fVITlmHV3AewGyLLxMs3yzSNvD5LG7/ixiO7uPvZAyijh049C4uLtPc5VciJ6r/GkMAXILmhHBt31BYTMqNEuvgqZXEJxRQ4rT7v2jhXPb/12Sbb08Ugj0veC9NdqYjWs6OR4jJtdRZddR8prwx0idfKaDyeFM4hur3kmdnQa8+UKZPnBVQLi26ToO7rk2h82Skz2j4iqolQvUtPsgRaxVseTRHE51HHMhOmstvMOixjCLNiIrj1uhUxvp8KqqafroiD1KDcAy5ETXyCmKBwSR93LWYL24tnTLBS0e3LsXzUnD4LjC6D7RhH8hHqiyx43K+q/J8TBod4U2udxHNAZPOYVG0TiE7VV6qdshrXjt9kG5khdpYzfXGDNw2j3mmSlrEHFNVyMu85MqJLDcNKr8O/WI8zIdGSYhJXoDRKflQSMcSuGfXvGdfrxY8R+KMrlkOLgbC2nO/MFMPrILt1hMjE1OrdTnj/MDI2al14FgwRncqJmwV96KOXG46QMXVA4ss5E8mkAXGtSiHDss5lpN0nO2e+jLlNbPWVclKe+aN2zyTW9EspB3Vg==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:VI1PR07MB4223.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(4636009)(366004)(82960400001)(8936002)(33656002)(52536014)(110136005)(122000001)(38100700002)(54906003)(166002)(9686003)(83380400001)(44832011)(2906002)(71200400001)(53546011)(186003)(55016003)(966005)(7696005)(38070700005)(66946007)(66556008)(76116006)(66476007)(4326008)(66446008)(64756008)(86362001)(8676002)(5660300002)(91956017)(316002)(508600001)(6506007); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 2
x-ms-exchange-antispam-messagedata-0: =?Windows-1252?Q?VVEPOSwQOgNT5fvG+JG6rEgZJeumck3VMAjGHOT3/HLKm/XgqwJv/oZz?= =?Windows-1252?Q?zTlehJ7FdqSlTUzZaWqtZ1TWYRQuF8aBPvxVBp/ACyvcbK8BbfghxsF9?= =?Windows-1252?Q?9QBqSKGNtUYZWY22HTtrc8k0AxIzU0tsRNXkDf8QtoISmjDLJMvKeYGl?= =?Windows-1252?Q?8qAe+yTWJtcCWARNFBuv6AitEYJUXPJxOQkFmTgWLluf/b1fy7LboFjF?= =?Windows-1252?Q?8hQVXRGXHJRaIAQvyFBvC+7X5ON74umnz3Z9YZg/28jCIA9sJqgzImsu?= =?Windows-1252?Q?rBoCbqikVAC8Xybyyb6/uWw14bbGQvoL6EcRDsZbofzTQBnJXLdG6ilr?= =?Windows-1252?Q?XMUe2M7UVEsHo6NXfBYOfXEGWwBRcc6bVuYLUSV3/yTlJPK9iDE2dGfg?= =?Windows-1252?Q?vZQ3XPsEKwyNZcOXNAwljqXPyu3EtQd2Z4eR/QfE/5BP7m60/udsAJn6?= =?Windows-1252?Q?MsNUoGow38QBAqXH/QOm1TjAdK/Roe6a3Ec7aGXeXkT5dv8e/UAKU8FE?= =?Windows-1252?Q?pdA1LelDNhZtmEEuzFbULiacjYb6kJzkwiep/OI+xkybUa/WA+jK4ziC?= =?Windows-1252?Q?q8C80OwoJRLgNwb2u06tAMMOqzGf5wA7993ePXYgFnc/AMepNL/AB8o1?= =?Windows-1252?Q?lZas0ldIhFXdC2haRgo43yyyuKW3ShJy3PCGZGYl4xGN8ckI2gORzTVB?= =?Windows-1252?Q?GRILJ/HSL8vmlM1TMwaoUIy32Y/6d6zB1oAyQRWHDy1RbQsuIVENRYI0?= =?Windows-1252?Q?IeUUfPtizGXV7/2l94T0RWws7ZT1Haf+eap5urevIIodGiU+9xFe/oxN?= =?Windows-1252?Q?qODiQVEPz8yo+iEyMSMvNgh6KL9J6frfX8rTrmKOC0q8FeCiQ3gXNgzh?= =?Windows-1252?Q?XhctkUEQT1Ib3mwhxYPEFlNAWLJcSy6MaD8ddMa/9nnCxqUtl3xpIEUi?= =?Windows-1252?Q?cXwpBmIgOV2UyHjX9qRaMxFHS8egl8HWrSu9fStMONMhw6Jwb1yZUAbR?= =?Windows-1252?Q?OISJb0ZkNtQ//eQVKEiMdBcyxW6U2NBcXOEUR3XAG4m3jbz8T0es2TP+?= =?Windows-1252?Q?i52GRCPbJ9lOmuDM+dyPA6DudAHo022N0qrlim1sKPjQk79mIZ859FuV?= =?Windows-1252?Q?77/m6GfG8aGpKP6BG+FtfycRoYd0rM0NQK0kCQuNGamlOaqMsE0bP3qr?= =?Windows-1252?Q?4PnSu1KFooQX8kiFIyXjv8azIFEidXqng1nBB5bhgVD7yXycVQYSPycO?= =?Windows-1252?Q?+3Q26/Rh0DJOJ4aYlJL++jC6LkTGMXSTju3wByLIL3+x0C7Xol8eJIdt?= =?Windows-1252?Q?C8xNk9BF4WyGa1xZnJSl8W8fXcTsGnhS1nNdkykUsOZ6QyXwgfdzv8Zv?= =?Windows-1252?Q?QoIzsEIBIZJHQq6KTHCcmHIQ1mhQBxW0VIG5/Vh3LRgzJ0a/t+Iz7iwj?= =?Windows-1252?Q?5NvFsykCos//m02R9EVwSRbmt7OciFZd0JsMiPcjqDgh7YXNKD+INLex?= =?Windows-1252?Q?Cl+lR4b62uACbISNfBWnKo++RSOTo0mXxCAyjTucEVASIxbSDtQym3Mn?= =?Windows-1252?Q?L+hW0jgWRAlzkvgIrutH+sLXnPBMKqHyWbGOzutjHu13zAgk/OPdA5fU?= =?Windows-1252?Q?3tB0Gm4NHSrO16NfKDnnekh1TB0QFfQ+nDExWjIu5GHonI+mtNtdLZ9m?= =?Windows-1252?Q?39x2Clcpu6ZhNdelrN80vNm32LDWnY0xw5+aa4uDMU8O2xkVzE0beaWN?= =?Windows-1252?Q?A1fVy2rmEz5M/BM87I1ej4VOhNEi24tuPzI+jmn9Qc5+9+49HOalb13J?= =?Windows-1252?Q?5DXWYO4Q4OrNpPsCO8cqGkts+vqCkFqk0Z7KDzIZi8B4xQieqJKQY8hj?= =?Windows-1252?Q?GEJ+yXMFo7f51yrIi3A5DC93MSFEhz1/WeWtKZJnUCqef+FwFg3WiBkH?= =?Windows-1252?Q?hHs0Pbbn?=
x-ms-exchange-antispam-messagedata-1: ymbMeZ/capT2R43IonrK+oRHsGtziMUMExDmRJUW/7DXfIbx0NjaXx9kXQU9Kos7KJjs6htDcdyXKg==
Content-Type: multipart/alternative; boundary="_000_VI1PR07MB422339ECD8AF268AB3EF59CC98ED9VI1PR07MB4223eurp_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: VI1PR07MB4223.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: dad3010c-4988-45f7-f58a-08da1c89e45c
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Apr 2022 13:39:39.0772 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: SRNfEU/PSXNiKxK4+myZBRxKdYXt0yXnabVRBhcek1UMT7Ck9flu0ERuyQ2T4gSEc2MbQnvoAorCoadOdOO8zouC4yocxHPu6TMwCpYKmPPocooYfJO6iSGARJknOr5Q
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0702MB3822
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/4BmoYL6PQUpI6NeUKsSJHFR7v1Y>
X-Mailman-Approved-At: Tue, 12 Apr 2022 06:55:53 -0700
Subject: Re: [Sidrops] [art] Artart telechat review of draft-ietf-sidrops-rpki-has-no-identity-05
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Apr 2022 13:39:50 -0000

Tim: many thanks for this review. Randy, Russ: thanks for taking Tim’s comments into account. Very minor – I personally would vote for “The RPKI is for Authorization” to “To Summarize”, since that gives a better hint of the section content.

I balloted DISCUSS on the document because I have a question about the chosen track for the document, but I expect to remove the block after a short discussion about it.

Francesca

From: art <art-bounces@ietf.org> on behalf of Randy Bush <randy@psg.com>
Date: Saturday, 9 April 2022 at 00:10
To: Russ Housley <housley@vigilsec.com>
Cc: art@ietf.org <art@ietf.org>rg>, sidrops@ietf.org <sidrops@ietf.org>rg>, draft-ietf-sidrops-rpki-has-no-identity.all@ietf.org <draft-ietf-sidrops-rpki-has-no-identity.all@ietf.org>rg>, Tim Bray <tbray@textuality.com>om>, Last Call <last-call@ietf.org>
Subject: Re: [art] Artart telechat review of draft-ietf-sidrops-rpki-has-no-identity-05
tim and russ:

>> It seems obvious that the WG needs to develop consensus whether or
>> not a document such as this, which essentially says "REALLY don't do
>> what this other RFC says not to", is a useful and appropriate
>> tool. If no such consensus exists we can stop reviewing revisions and
>> save time.

as it passed wglc and is in ietf last call, is it not safe to presume
this is the case?  i confuse easily.  what am i missing here?

the last time chasing this woozle around the tree, i thought we made
pretty clear that, sad to say, history has shown it is indeed needed.

>> - In section 2, the title "The Bottom Line" doesn¢t seem appropriate.
>> Could this be expressed a little less figuratively?
>
> I am not really sure what section title works better.  How about:
>
>        The RPKI is for Authorization

how about "To Summarize?"

>> - In section 2, the phrase "If it tried to do so, aside from the
>>   liability, it would end in a world of complexity with no proof of
>>   termination, as X.400 learned." leaves me blank. If we assume that
>>   this is likely to make sense to others likely to read this,
>>   disregard this.
>
> How about we drop the end of the sentence?

the X.400 ref was dropped the other day per murray kucherawy's review.

>> - In section 2, the two MUST assertions in successive paragraphs are
>>   a little puzzling. Is the second a proper subset of the first
>>   (looks like it to me)?  If so, does it need to exist? Maybe it's
>>   trying to be an example, in which case it should say "e.g." instead
>>   of "i.e."  If it's really an "i.e.", i.e. a restatement of the
>>   first MUST, then why does the first MUST need to exist?  Also, I
>>   found the second MUST hard to understand (reminder: not an expert
>>   in this domain, feel free to disregard.)
>
> I suggest that we merge the two paragraphs:
>
>    PKI operations MUST NOT be performed with RPKI certificates other
>    than exactly as described, and for the purposes described, in
>    [RFC6480].  That is, RPKI-based credentials of INRs MUST NOT be
>    used to authenticate real-world documents or transactions without some
>    formal external authentication of the INR and the authority for the actually
>    anonymous INR holder to authenticate the particular document or
>    transaction.
>
> Hopefully this make it clear that he second MUST NOT is talking about
> an example of the first one.

to quote a grandchild, whatever.

unless an AD requests otherwise, let's hold publishing a revision for a
while.

randy

_______________________________________________
art mailing list
art@ietf.org
https://www.ietf.org/mailman/listinfo/art

v2.8.7 | Report a Bug | By Email