IETF Logo Mail Archive

Re: [Sidrops] WG Adoption call for draft-harrison-sidrops-manifest-numbers-01 - ENDS 04/15/2024 (April 15 2024)

Ben Maddison <benm@workonline.africa> Thu, 04 April 2024 08:00 UTC

Return-Path: <benm@workonline.africa>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 06199C14F6E2 for <sidrops@ietfa.amsl.com>; Thu, 4 Apr 2024 01:00:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=workonline.africa
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BGNsAgT37eEM for <sidrops@ietfa.amsl.com>; Thu, 4 Apr 2024 00:59:58 -0700 (PDT)
Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-he1eur04on2091.outbound.protection.outlook.com [40.107.7.91]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E33E5C14F6B0 for <sidrops@ietf.org>; Thu, 4 Apr 2024 00:59:54 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=JGDmC+yELW7YaITUGaodYiBTcL6H9rDRmE0g8TzdshhBduXYk/6eLpRndhRxEEwWNz62Ucy4srSHm+iU+uL/+GOm16lq05EWUHF1COALLKhgKdoemVtyhrT/wNXXWiEdTAy511L17TO01OdbMxyDuD+xNTQtNLofJfd4gUKpcQLLauKGLVVOeojVmPXVGqk0yqoWNiHizm5/fObBu4HPv4W7UfO/v/xOVckOC4HPeO6LJm9wPP8ATZzST6pG7fLlLczyDD6/obiYZk6Fop6ehMdJvMbvhPW3vZ8bnCd06eohlMz2qWjaGpL/xZGy0VU2Bet6WFkDOLpRyb09oHhj/g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=JAV0klAbSKiTJWg9xq5eN0lWZazZ0F7jS0og1+HFawA=; b=RjzKUDnDHrfXcPD0tdZpxkUdnNEtUq0KhsBqcXQCRjee0kCgHdbSxmRFl9H8u2eYtmT7OhG3Hm3xtLQZ7Fdc8f39wFTmoiU2LFWNeOSU6iwqH/xW0T9I8eU//QqSGNXEZ/HqeSYxIO5HuUd7FJiiQpSdu7vLOqnzUfCihrktJpAvqDj39sTEeTb6YqZl5QVh73eg7HQ05DxFn1tYgqLx8hserpsRKr7QS9OZhbOJbsgc5194S9VET7sgIPGqEsQPLBcA+h3dmwZpgNuJUoiQh0idRsmR84BgHo5c3Yrz7KdI/NAqnOw9Zua7Wyvd/pPea9bnRvQ8Thy/r0DkShB7kA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=workonline.africa; dmarc=pass action=none header.from=workonline.africa; dkim=pass header.d=workonline.africa; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=workonline.africa; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=JAV0klAbSKiTJWg9xq5eN0lWZazZ0F7jS0og1+HFawA=; b=YnC7v4pPWqLcx/OLBZoheMbs4zoJsQS7lCBAmFWwS+7HnVBFLRwivyKJQY2JOD0Tcaw0yBZrgqb+0cOdc/VR2c3KX61OKyGbQ8pIjJwVtcNBIH+TA8IQ3xMVPJozp2I+RiAyzphNJlibJDIwd3uybPQ+buVlrnBbi2tVho9Zmjk=
Received: from AS8P190MB1078.EURP190.PROD.OUTLOOK.COM (2603:10a6:20b:2e7::13) by AM7P190MB0726.EURP190.PROD.OUTLOOK.COM (2603:10a6:20b:11f::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7409.46; Thu, 4 Apr 2024 07:59:51 +0000
Received: from AS8P190MB1078.EURP190.PROD.OUTLOOK.COM ([fe80::54d8:19ba:d5d4:bccf]) by AS8P190MB1078.EURP190.PROD.OUTLOOK.COM ([fe80::54d8:19ba:d5d4:bccf%3]) with mapi id 15.20.7452.019; Thu, 4 Apr 2024 07:59:51 +0000
Date: Thu, 04 Apr 2024 09:59:44 +0200
From: Ben Maddison <benm@workonline.africa>
To: Tim Bruijnzeels <tbruijnzeels@ripe.net>
Cc: Job Snijders <job=40fastly.com@dmarc.ietf.org>, Keyur Patel <keyur=40arrcus.com@dmarc.ietf.org>, "sidrops@ietf.org" <sidrops@ietf.org>
Message-ID: <5s7qgnqcjedmlb4xoqdi3uxty3hmf2qobu4iznk5wmnjzo76ns@wopfk2xn7f7k>
References: <4744462D-78D9-45EE-B3A2-06FF329EA87C@arrcus.com> <A77D691F-57BD-4A00-90E6-E61F257B43EB@ripe.net> <Zgwz2HEWQndhRYkg@snel> <182ECD97-788C-4BC4-9FF6-355DFE11DF5E@ripe.net>
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="dvvp2gm5osnafne4"
Content-Disposition: inline
In-Reply-To: <182ECD97-788C-4BC4-9FF6-355DFE11DF5E@ripe.net>
X-ClientProxiedBy: CT2P275CA0133.ZAFP275.PROD.OUTLOOK.COM (2603:1086:100:21::14) To AS8P190MB1078.EURP190.PROD.OUTLOOK.COM (2603:10a6:20b:2e7::13)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: AS8P190MB1078:EE_|AM7P190MB0726:EE_
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: FqQJz62BZOkGSaAxZl0nNvxxO6dgr0Zk/PGbgzHyRrLflGGkCmsMUzX8XOYjZa/A8DpqwjocmnJXOJyazyLnQ6X/2stGK0XTFYIds8NIAS5/XBFinDGs/NQvjlTs80nfodVpBdy1k+CW/NKgQuXwz5K/dKeTxBgN4/wMfWtNf495pgqVv5IRUYucmkui4O6stoxH+bS5EN3IJccRhLBkpTV5Rls3ZQQwyULWrJkd9baSc2OqRpPekLahSYG8HBYLrKgT00Tqm3hbchXHkvAxdrv6rvOlKjdEEnpkvhK4YyeCYHEJYGI1LfGeRNcHIR36IUF11lref1iGLFFYaawQzxogwBATzN07kfmavDsXd37ciE/Lc6GTKQO9wgkJb9Lg+rx/26KJVIu3X5nq+tqEP9eoRgkjo7hxcNvh4yZswIyQnGRFVzolM/fHxhBnajXNQzVNHVNnyD2cayT8b/hvAKya4Te6GXnAeIvf6U7xa7cXtQKRiy+MxP4ncUT0X2Lc8+p/t1v/beVOcEnOTw2kByzQQ5t7ern9oblYFJc89BJo1Cl90L21HumNzPESA9PJw4JrMCtQrQAyTbgKjpLc+DuEu2Ae8G04c4xLiL6l97aavD6ykckA9Ulzxq1lW8yOCoYJR3aF/vSVT3NZ3y9otg5OSw1otSZ2Vi7kkCQtbEk=
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AS8P190MB1078.EURP190.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230031)(366007)(1800799015)(376005); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: xZvT0rmsxzBcuxa28BsSMW+JOFR7+7q2Cx7lW4xnaaqPl7e4HOcu5UUL3M+7VmQs5M9TiM/LrshewwmmSvhNdIrEr0pl017Urf6X7Zs5WFo38+SlMxytZweEDdtG5MMNnGV1tMhf+WDhALuSSWbyu9hGY4Y1neU4Qb9ocKkllWqar+gBz4DdUrHjqfBG2WzIufGEygBf3C5uEVsFkhTD9z+bxiNwzVAxKVNkfYo1l1Rn9ArjCECYoFch7TnXF+vdIBHWnkTZPHGQ+WdIyIO0BkwoipvHcCOnz31+8CuoVdVsG+FkeKWWNi7FVxNiDd9LAJ9L0RHpon78Fwpmm5J44Lhn9UBuXIFJKp55wEvVnKJvUBnL3mm/bHFXMmotKJ21hKknxMSJLiqjBdrPAlKcN3gyCDNbWEJwbcxe/U/TNSyLfJuMx/VB7D4+auEfg925FACUKr1l+ECsaSfTowcy87sdrF1dDcObUJN4DZ/XeQqeB6pIrL+VngQP4VclBhMTpXc9VMJliCr5pFZ3Y6fdl+Bpy08TnvozKOW5NzSzpoEyk5U+5UHuRdf1RfrWCcNpQ8CpsEOH+qCDH2ZSrwmQs4qyXZknyY+CF29+f5/Cts+FDxwrwC3auudMMJq7RriphzPNQIhWpUHfC4yCYMfEfCwRy/qa4NHObaemxqZuVhNfaIMFBzREZWJs3SY+uCRodBKor5FnIPXc2YmjwA1ufrcoT4qFkr/KQB1VW1avmYrFfZR+sZbqUAMJ1jk4wn2HkteErDn1xmBovL6bbGhfKG6THf5c0iz6dxF9kroVFQuoz+/F8wFsk/8zgBwDgz7LErm8Nf2Ryd+pClFV45guebj9LGsIBmidnZaWUILr4EmdQN9uOHqkaOR3FImHMcl3oNMw90+jzO2G1SjcRqPtoMDdZV7FPScW7EJ1hVJSfL3Zs6x/hTZYaCGCGJzpfcpIs1ChrzPBrlkv/rms+AFcMnDqOlo3Xn2cVk+xE+s+BQFY6e1g9GA8EYV0TSGF7Txc0IdjRvIpqAo/8E0723Yb6GRvcKi2vn3cAYzLDiWrpRw8jm2OpNPeVXJvMVIVAKCVz7ZVm3L0oRZT4NrMSNWbab0uPfgVw8QEqSxLR0D191aRL1n7U5TkxlHYeh17Xvr9FELyt7dEFVosQfI8d5shclBYWxvQOaKQ5bba15sYcfVk4elu6TuBNGd6M1BM+pV9N4VGygVAplCYclupkWMCVhfZR0i8MYFp4tGzhUfUHYoVM6D7roa9lIcAVZUHd/s0/VEjS1MXZKpMKDPvZKMNgTPqdMqEmGQYksb1bTw9xOR/gpPhsqum2dXg0r45ehtj7fjNzmAvMn3/PUDBVmW5dYPSQTOlgUE3hc6a6vOitrdXYFcMYOzg+CJvHqpCUzMm5D+Zx0/YX1buQiiJ41cy09xsI8Kj1fZQy2E5+mGsFKIwhO4ziMPzhqHamrN2xO7U/4V5K32cFZkbGRPg7AvUo6y/KeRrZEBUPYpVMraBpG8m4nz5s+BXkgb9XKPs9rdANJqxG5niD0HRiNYkUsCoZE44/+oRMcnlEIEdtw9+gPxn3k5Mlq6Yz/8ptuS/vkPht6AeFOi4qyDKz6URFvJggAYSERJ9sRg0L0BTKxzFIYVVPx8llUVPQBVXj7zwmSz6
X-OriginatorOrg: workonline.africa
X-MS-Exchange-CrossTenant-Network-Message-Id: 005960f7-2f2d-4d0b-ebfa-08dc547d34a6
X-MS-Exchange-CrossTenant-AuthSource: AS8P190MB1078.EURP190.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Apr 2024 07:59:51.3516 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: b4e811d5-95e8-453a-b640-0fba8d3b9ef7
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: ioYyRz2U12vXtG0+W3Ay8WbLLRBdptGkc4AWE8mKr7n1HSkoIu+aWNspfVTcr7PgbRxmaj56xMKCt37vbYrYIQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM7P190MB0726
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/5C2sCrfUoe4PVqGrFzQbG48xA6U>
Subject: Re: [Sidrops] WG Adoption call for draft-harrison-sidrops-manifest-numbers-01 - ENDS 04/15/2024 (April 15 2024)
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Apr 2024 08:00:04 -0000

Hi all,

I support this adoption.

Some thoughts on the conversation so far...

On 04/03, Tim Bruijnzeels wrote:
> Hi,
> 
> > On 2 Apr 2024, at 18:35, Job Snijders <job=40fastly.com@dmarc.ietf.org> wrote:
> > 
> > Dear Tim, WG,
> > 
> > On Tue, Apr 02, 2024 at 01:45:59PM +0200, Tim Bruijnzeels wrote:
> >
> > [snip]
> >
> > Thank you for sharing your thoughts, I think it is good to discuss and
> > document our choices in the SIDROPS mailing list archives. I think there
> > are three compelling reasons not to use serial number arithmetic in this
> > particular context:
> > 
> > 1) The algorithm presented by RFC 1982 ("Serial Number Arithmetic") has
> >   a significant shortcoming: there are sequence numbers for which
> >   comparison is undefined. A potential solution is to use signed two's
> >   complement binary arithmetic operations to workaround this shortfall,
> >   this implies serial numbers of a bit-length matching the machine's
> >   integer sizes (usually 32 or 64 bit), but in the RPKI we're dealing
> >   with 159-bit serials... I consider arithmetic operations on a number
> >   space this large an unwelcome complication to be avoided if possible.
> > 
> > 2) As you (Tim) point out: "RPs may not see it if another update follows
> >   shortly after". Indeed, depending on all RPs seeing the initiation
> >   and subsequent steps of the arithmetic trick seems fragile to me. 
> > 
> >   RFC 1982 section 7 states:
> > 
> >      "If this [red: a decrease] must be done, then take special care to
> >       verify that ALL servers have correctly succeeded in following the
> >       primary server's serial number changes, at each step."
> > 
> >   The type of verification RFC 1982 refers to is not possible in the
> >   RPKI, as a CA can't query RPs whether they have correctly succeeded
> >   in following the manifest's serial number changes.
> 
> Yeah, sure, but we could still think about a reset to a low number if the
> number exceeded large some number. This being applicable to TA manifest
> they are typically not republished frequently. E.g. a TA could only be allowed
> to reset after a manifest has been out there for a while, like days or weeks,
> or even months.
> 
> If this is to be more generally applicable to CAs (rather than forcing them
> to do the key rollover mentioned) then this is probably not possible.

I'm not inclined to special-case TAs unless we absolutely have to.

Making the assumption in 2024 that TAs won't begin republishing daily in
2025 also seems fragile to me.

> > 3) Speaking from my own experience with the rpki-client implementation,
> >   the code paths which open a previously cached manifest and a
> >   purported new manifest along side each other, adequately validate &
> >   compare these two objects, and finally select one of the two;
> >   - already today - are amongst the most complicated pieces of code we
> >   have to maintain. I am very hesitant to add more complications (such
> >   as outlined above in reason 1) to this part of the code base beyond
> >   what's already there.
> > 
> > My gut feeling is that 'filename change effectively results in serial
> > numer reset' is easier to implement and easier to explain, than a
> > RFC1982-based approach; having said that, I do recognize it certainly is
> > not the only possible approach.
> 
> Ok, my concern is not blocking. If this is the way that current RP implementers
> want to go that is fine by me (other RP implementers, opinions?).
> 
> But just to explain where my dislike of names comes from:
> 
> I don’t implement an RP today, but I was part of the team that implemented
> one many years ago (see RFC 8488). This implementation intentionally separated
> RPKI object fetching and validation, and did not rely on names. (and later
> versions of that software also used asynchronous fetching of objects to prevent
> blocking validation on bad repos). The reason for not relying on names was
> that this would help to make validation URI and transport agnostic - allowing
> for different mechanisms and possibly even mirroring in future.
> 
> Using names as an identifier in the way this I-D proposes complicates that
> approach a bit. Then again, it seems that all other RP implementations just
> use names as stable identifiers. So, this probable is not an issue to them.

Having some identifier for signed objects that it stable across key and
content changes is valuable for the purposes of tracking structural
changes to the system over time.

The fact that all we have for this purpose today is an rsync URI is less
than ideal, but we knew that already! I don't think this document is the
place to patch that shortcoming.

My initial reaction on first reading the draft was "ick, that seems like
a bit of a smell", but on reflection, I tend to agree that it's probably
the right approach.

Cheers,

Ben

v2.23.0 | Report a Bug | By Email