Re: [Sidrops] proposed, revised text for Section 6

Jay Borkenhagen <> Wed, 06 May 2020 19:46 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id A0E093A0AC7 for <>; Wed, 6 May 2020 12:46:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.649
X-Spam-Status: No, score=-1.649 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=no autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id rAbnFghZQcnO for <>; Wed, 6 May 2020 12:46:38 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 1191E3A0AC2 for <>; Wed, 6 May 2020 12:46:38 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 89F0437D50 for <>; Wed, 6 May 2020 19:46:37 +0000 (UTC)
Received: by (Postfix, from userid 1000) id 54F9856412FC; Wed, 6 May 2020 15:46:37 -0400 (EDT)
X-Mailer: emacs 25.2.2 (via feedmail 11-beta-1 I); VM 8.2.0b under 25.2.2 (x86_64-pc-linux-gnu)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <>
Date: Wed, 06 May 2020 15:46:35 -0400
From: Jay Borkenhagen <>
To: SIDR Operations WG <>
In-Reply-To: <>
References: <> <> <> <> <> <>
Reply-To: Jay Borkenhagen <>
X-GPG-Fingerprint: DDDB 542E D988 94D0 82D3 D198 7DED 6648 2308 D3C0
Archived-At: <>
Subject: Re: [Sidrops] proposed, revised text for Section 6
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A list for the SIDR Operations WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 06 May 2020 19:46:40 -0000

Stephen Kent writes:
 > These are all valid questions. The WG needs to decide if per-RP 
 > variance, based on fetch timing, local cache failure, etc. meets the 
 > goal of uniform RP processing of RPKI data. I am agnostic on this point.

Recently I had attempted to gauge if there was WG consensus along
these lines:

   Each validation run of each RP MUST generate the same set of
   Validated ROA Payloads (VRPs) when presented with identical input,
   using unexpired records from the most recent successful retrieval
   to deal only with complete failure to retrieve from a PP.

Now I have come around to agree with Job's perspective that coarse
behavior like 'rsync --delete' is not what RPs should do.

An RP should not assume that objects missing in any PP retrieval are
the fault of the responsible CA.  The objects could be missing due to
fault of the CA, problems reaching the PP, or other potential causes,
and the RP cannot know which one it was.  If the RP's cached objects
can fill in the gaps, that's great.

Thus I now feel the straw proposal I offered above is too restrictive.
I would still want different RP implementations to be 'deterministic'
such that they produce the same VRPs, but only when operating on an
identical local cache (including an empty cache as one important case).


						Jay B.