IETF Logo Mail Archive

[Sidrops] Re: Call for WG Adoption of draft-snij-sidrops-constraining-rpki-trust-anchors

Tim Bruijnzeels <tbruijnzeels@ripe.net> Tue, 20 January 2026 09:53 UTC

Return-Path: <tbruijnzeels@ripe.net>
X-Original-To: sidrops@mail2.ietf.org
Delivered-To: sidrops@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id C9993AA48BD7 for <sidrops@mail2.ietf.org>; Tue, 20 Jan 2026 01:53:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=ripe.net
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7cqKDmLcCdEo for <sidrops@mail2.ietf.org>; Tue, 20 Jan 2026 01:53:06 -0800 (PST)
Received: from mail-ej1-x631.google.com (mail-ej1-x631.google.com [IPv6:2a00:1450:4864:20::631]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 0FA2CAA48BCD for <sidrops@ietf.org>; Tue, 20 Jan 2026 01:53:05 -0800 (PST)
Received: by mail-ej1-x631.google.com with SMTP id a640c23a62f3a-b87003e998bso1050041566b.1 for <sidrops@ietf.org>; Tue, 20 Jan 2026 01:53:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ripe.net; s=google1; t=1768902785; x=1769507585; darn=ietf.org; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=uNUpqWDbCjqrffKp18oSiEXOdhoq9gpMczHJjKXja/s=; b=mxDiQsrXDpfInL5w45r1Pl30Db9oVarNXuM7dUf0K9S4U8ulQ5oTfk/972pT7rZ3B5 6UphN/N/nChs9+RtcofUI3Ax4QCWoSiy4Tzz+7RNBUNxWLKf2y3SObm8nH2RmQMgM/0r q89Mz0sJP5lBgx5IPg/NdbFU57jHbkrd52hvyDDRg68yQW2Xn9P0z9Db1U3nVMp8uOBx KfFtPRuTLzb52erclAnNpdzsbLZKJc77eJ4eNPMZbFWpggytSxLswuV5UWn8uaza0Ii2 oBg/fjYrykQsbnb7wAVC08b/0CCld4LJFtLniLKK1I1km1BZhXpxMKqOZyMbs3vvSe88 jW5w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1768902785; x=1769507585; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:x-gm-gg:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=uNUpqWDbCjqrffKp18oSiEXOdhoq9gpMczHJjKXja/s=; b=a5h86qGXN9KL9jtTvXmmsUyep4fRYasbXxboEdTCt/odELfcmdZYaSLNz9HcnZYJN1 SO38HHmxqv/MkNjcTj8Fi4EvTfPjnH5dkQqxnNE0mQoMPLdEWY5jMF6jGkFC49UOa+u0 v9+2Ts/nD3iCpuIBh5zytM3nSKZFGW6YhIgjjlrS7N1gl1s2PAOS44CH5huj9pNmVp3s SAgGCG5wOPyU56g7EHZ/b6Pa0D9drQHanZp5aY0QZv2Y8rlWEdPUfbbh14NVveJPofQa ggpr11XIUjB6qFsMSe+9bVl1NICi2szfQn9UFFZ4nVgNPYkWRkG+FTydlkbvPLoT6la7 sHdw==
X-Forwarded-Encrypted: i=1; AJvYcCU3lLRVwBCN2U8xplJTrRtSsyRdKzDGq4yqm+nBum1GBr4u9CRztn9KkZnp+tiz0iDPEdusV7nd@ietf.org
X-Gm-Message-State: AOJu0YwblnAWFFQqbHG2qcMSBzp5omqBSw61PrMje+k8hNO5O05S3+LP hrFV9bXPDBhCJlr4MG8t22OdAPZwbrPsiUv/Lvmfv0ci4G2P3hISigot/1Julu4DMkQ=
X-Gm-Gg: AZuq6aJgkr7GOvMViGc3fPVwGDXYPmcAKruFVS9YeekFlKymiaLKA8Bf3rVN499Ifcm bvBQwTzWYa7v3TkSGID0UvTHxaCVaok0kccQDTkg2nOxXkzwvQ/5IHEvJ76R2vuwRfTZs78FJ9p SR51pbueTgStdd+zDmKPkBj6+NU7jCCsWfUsSvXOIBMx2l2c2uhBQ8hIW928lpEllzzONubHJaZ 0GPB6pvJ/7UWXUjR8eh292vpRasMAknAmoHPFPygsJTURbexHTYhyKp+sIBIJHaYk/aHiyx/Uqr wuRnZ9UsKPpFNJegC+YY3xRdKmlaP+KrV6Xw74aDNtZ7uXT/qZFCKDBidIsqcKNAn/w7OIAJDOD DVkE2abIfzhFvvxOzHkpg4mlULFd+E4Vzr4EaOczbBHEp/QJmaQzxYdqGnyUzDd7rKujOTaVgAc ZgTjRyzF2N9wV/dnTMcqUDce32uzu3u/2jgA9lcVLr+7GAs2F5/R0TsjIs9aSFQr+IrmszG9zTB Yc5n0JUytMsNSANvXcSGOuGlSWO8DVTQwukJQ==
X-Received: by 2002:a17:907:80d:b0:b87:703c:139d with SMTP id a640c23a62f3a-b8793857c5amr1156648866b.3.1768902784642; Tue, 20 Jan 2026 01:53:04 -0800 (PST)
Received: from smtpclient.apple (2a02-a46d-1a37-0-ecee-a44d-9626-7b3.fixed6.kpn.net. [2a02:a46d:1a37:0:ecee:a44d:9626:7b3]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-b879cd85b55sm1272790266b.21.2026.01.20.01.53.03 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 20 Jan 2026 01:53:04 -0800 (PST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3864.300.41.1.7\))
From: Tim Bruijnzeels <tbruijnzeels@ripe.net>
In-Reply-To: <CAC93g0QWpFPbJ68i8v1uQPhBsEHGyj=ZFpSpVNktdK+oRRc=8g@mail.gmail.com>
Date: Tue, 20 Jan 2026 10:52:53 +0100
Content-Transfer-Encoding: quoted-printable
Message-Id: <1D49D5EE-5E24-4CA4-AF0A-6B42056E3BFE@ripe.net>
References: <5C5B8F40-6E19-4082-89C0-3DDC0AB6364A@gigix.net> <cb0ac244-0844-e518-db88-bb85ae39c133@foobar.org> <CAC93g0QWpFPbJ68i8v1uQPhBsEHGyj=ZFpSpVNktdK+oRRc=8g@mail.gmail.com>
To: Tom Strickx <tstrickx=40cloudflare.com@dmarc.ietf.org>
X-Mailer: Apple Mail (2.3864.300.41.1.7)
Message-ID-Hash: H4EFTAUTXR6XTSG6IL72ATXT5RBLWWOZ
X-Message-ID-Hash: H4EFTAUTXR6XTSG6IL72ATXT5RBLWWOZ
X-MailFrom: tbruijnzeels@ripe.net
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-sidrops.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Nick Hilliard <nick@foobar.org>, Luigi Iannone <ggx@gigix.net>, SIDRops IETF <sidrops@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [Sidrops] Re: Call for WG Adoption of draft-snij-sidrops-constraining-rpki-trust-anchors
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/4UW4viR14PbUxt68ELXosjPpRDQ>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Owner: <mailto:sidrops-owner@ietf.org>
List-Post: <mailto:sidrops@ietf.org>
List-Subscribe: <mailto:sidrops-join@ietf.org>
List-Unsubscribe: <mailto:sidrops-leave@ietf.org>

I agree that this needs discussing and I support adopting it for that.

I understand the need. I have some issues with trust put into the inputs of the constraints. The RIRs have a responsibility here. As presented at the last IETF the RIRs are committed to give better, signed, inputs with regards to resources managed under each RIR. This is still in its early stages. An updated document incorporating feedback is in the making. It may well turn out that that effort can serve as validatable input to the approach outlined in this document. It may also be that ultimately that effort removes the need for this, but only time and discussion will tell. So, in the meantime I think it's good to discuss this approach.

Kind Regards

Tim

(RIPE NCC)



> On 20 Jan 2026, at 09:28, Tom Strickx <tstrickx=40cloudflare.com@dmarc.ietf.org> wrote:
> 
> I agree with Nick, this is a longstanding problem that needs to be addressed, and this draft is working in the right direction.
> -- 
> Tom Strickx
> Principal Network Engineer
> AS13335 - Cloudflare
> 
> 
> On Mon, Jan 19, 2026 at 12:51 PM Nick Hilliard <nick@foobar.org> wrote:
> Luigi Iannone wrote on 19/01/2026 12:46:
> > Please voice your opinion for the SIDROPS WG adoption of this document 
> > by 2 February 2026.
> 
> I think it's worth working on this. There is an operational problem here 
> which needs a solution.
> 
> Nick
> 
> _______________________________________________
> Sidrops mailing list -- sidrops@ietf.org
> To unsubscribe send an email to sidrops-leave@ietf.org
> _______________________________________________
> Sidrops mailing list -- sidrops@ietf.org
> To unsubscribe send an email to sidrops-leave@ietf.org

v2.39.1 | Report a Bug | By Email | System Status