Re: [Sidrops] [WG ADOPTION] Adoption call: draft-timbru-sidrops-publication-server-bcp - ENDS 02/08/2024
Lukas Tribus <lukas@ltri.eu> Wed, 07 February 2024 17:01 UTC
Return-Path: <lukas@ltri.eu>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 46440C14F5EE for <sidrops@ietfa.amsl.com>; Wed, 7 Feb 2024 09:01:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ltri.eu
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yTlYaX4hHfmV for <sidrops@ietfa.amsl.com>; Wed, 7 Feb 2024 09:01:21 -0800 (PST)
Received: from htznr2.ltri.eu (htznr2.ltri.eu [IPv6:2a01:4f8:1c1c:2e98::1]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 124F0C14F683 for <sidrops@ietf.org>; Wed, 7 Feb 2024 09:01:20 -0800 (PST)
DKIM-Signature: a=rsa-sha256; bh=4JIYv17aN/ASvYBnQ9c0zpIYvlvAeJNS0Z9r3oTcQK0=; c=relaxed/relaxed; d=ltri.eu; h=Subject:Subject:Sender:To:To:Cc:From:From:Date:Date:MIME-Version:MIME-Version:Content-Type:Content-Type:Content-Transfer-Encoding:Reply-To:In-Reply-To:In-Reply-To:Message-Id:Message-Id:References:References:Autocrypt:Openpgp; i=@ltri.eu; s=htznr2A; t=1707325277; v=1; x=1707757277; b=Up5uGGpNg4ZwIRWC4E6Us0yw8egxA1nc2oga6SYa0Tg1kK9DxsluGxkP3yxRNVsic8iuFt2a OJiOQ/aoetaLjcGpptoMYehXHS+0cJedAmLNxa/k1ny1/aWIG9fLVDts2c9FuTeWa2x7940Fq8j +YWp0zvOP7gynAkRw1TZoZ8/yMuakFElmnytSIKpHYJw/BU78rFAwF+ivJDK0c34wTt7og8O36E mHXprL+G5877iU7ySmAw86i1HF4oLyjfhx/1/k9W3dU16671YVwIEOOC0vKaoAVyvoZicmbqDdE mn5bV9Pap1jXxZ86Z1qfd38Fst/TY6wDpX9JHQi9efX7Q==
Received: by htznr2.ltri.eu (envelope-sender <lukas@ltri.eu>) with ESMTPS id 1c95d898; Wed, 07 Feb 2024 18:01:17 +0100
Received: by mail-il1-f169.google.com with SMTP id e9e14a558f8ab-363dde86f0bso2267855ab.3 for <sidrops@ietf.org>; Wed, 07 Feb 2024 09:01:17 -0800 (PST)
X-Gm-Message-State: AOJu0YyqCEiDarSxSTObKct/F9BLOIQcseIaxumy9v7kwdAXJAvENRar GzcD8iubrawy9IqK8MeqeRTwIDZn/ijJ0gHOW3SAwUUtJ9hAGGOjPJxKDkrnteDQP7Hcltu+E3m IfSicaMKxeMfqxyCKyfbO4yMkJ2o=
X-Google-Smtp-Source: AGHT+IF4o/USIkX81zmPeYQNYFQFUImW4HUSSFnLB4n8ZMAe95oYk0K3JY64V9CNAl987vCuF9MNtWEd1WEJam/1eCQ=
X-Received: by 2002:a92:4a0f:0:b0:363:c1f9:16f4 with SMTP id m15-20020a924a0f000000b00363c1f916f4mr6624624ilf.28.1707325276877; Wed, 07 Feb 2024 09:01:16 -0800 (PST)
MIME-Version: 1.0
References: <87h6j1kug1.wl-morrowc@ops-netman.net> <B60D7B39-FA81-45AF-BCBD-2784F91B43C3@vigilsec.com> <ZcFNNfrkMFxKf5hN@snel> <BBE2320C-4525-4713-B4AF-3F00ECD4228A@ripe.net> <ZcIuI7lS1OtOW_xT@snel> <EFFA95AA-F07D-490B-BEC3-0446ED2D3AA2@ripe.net> <ZcJmeFCmU9Txsk7M@snel> <ZcJulgLqKapjnvYn@snel>
In-Reply-To: <ZcJulgLqKapjnvYn@snel>
From: Lukas Tribus <lukas@ltri.eu>
Date: Wed, 07 Feb 2024 18:01:04 +0100
X-Gmail-Original-Message-ID: <CACC_My9V8MPQFwkW01Y6B=T-RO5dqb6C0Z21oyTXPVzU9w+ZoQ@mail.gmail.com>
Message-ID: <CACC_My9V8MPQFwkW01Y6B=T-RO5dqb6C0Z21oyTXPVzU9w+ZoQ@mail.gmail.com>
To: IETF SIDRops <sidrops@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/5qSytbTJM2UDcgH9Fc6QEF00vqg>
Subject: Re: [Sidrops] [WG ADOPTION] Adoption call: draft-timbru-sidrops-publication-server-bcp - ENDS 02/08/2024
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Feb 2024 17:01:26 -0000
On Tue, 6 Feb 2024 at 18:38, Job Snijders <job=40fastly.com@dmarc.ietf.org> wrote: > > Dear all, > > On the topic of the publication best practises, it might be good to > strongly recommend that RRDP notification file, delta files, and > snapshot file all be hosted on the same FQDN. But, AFAIK, the RRDP > specification doesn't actually require this. > > This 'same origin' check was added back in 2021 to rpki-client to guard > against notification files pointing to giant files on open source > mirrors or towards other people's (large) RRDP snapshots. > > Since 2021, the global RPKI publication ecosystem appears to naturally > comply with this informal expectation, as in, the check doesn't appear > to cause friction. Maybe only slightly related, but any thoughts on using multiple CDN's ? In a TAL file we specify a https and a rsync destination, can multiple https destinations be specified? Like: https://rpki.ripecdn1.net/ta/ripe-ncc-ta.cer https://rpki.ripecdn2.net/ta/ripe-ncc-ta.cer https://rpki.ripecdn3.net/ta/ripe-ncc-ta.cer rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer I'd guess that using one FQDN/TLD per CDN would be simpler (cheaper) to implement (for the PP) as opposed to a "same FQDN/TLD multi-CDN" setup, but it sounds like it would not actually work today? Thanks, Lukas
- [Sidrops] [WG ADOPTION] Adoption call: draft-timb… Chris Morrow
- Re: [Sidrops] [WG ADOPTION] Adoption call: draft-… Tim Bruijnzeels
- Re: [Sidrops] [WG ADOPTION] Adoption call: draft-… Russ Housley
- Re: [Sidrops] [WG ADOPTION] Adoption call: draft-… Di Ma
- Re: [Sidrops] [WG ADOPTION] Adoption call: draft-… Job Snijders
- Re: [Sidrops] [WG ADOPTION] Adoption call: draft-… Ties de Kock
- Re: [Sidrops] [WG ADOPTION] Adoption call: draft-… Hollyman, Michael
- Re: [Sidrops] [WG ADOPTION] Adoption call: draft-… Job Snijders
- Re: [Sidrops] [WG ADOPTION] Adoption call: draft-… Job Snijders
- Re: [Sidrops] [WG ADOPTION] Adoption call: draft-… Tim Bruijnzeels
- Re: [Sidrops] [WG ADOPTION] Adoption call: draft-… Job Snijders
- Re: [Sidrops] [WG ADOPTION] Adoption call: draft-… Tim Bruijnzeels
- Re: [Sidrops] [WG ADOPTION] Adoption call: draft-… Job Snijders
- Re: [Sidrops] [WG ADOPTION] Adoption call: draft-… Lukas Tribus
- Re: [Sidrops] [WG ADOPTION] Adoption call: draft-… Ties de Kock
- Re: [Sidrops] [WG ADOPTION] Adoption call: draft-… Job Snijders
- Re: [Sidrops] [WG ADOPTION] Adoption call: draft-… Ties de Kock
- Re: [Sidrops] [WG ADOPTION] Adoption call: draft-… Claudio Jeker
- Re: [Sidrops] [WG ADOPTION] Adoption call: draft-… Tim Bruijnzeels
- [Sidrops] Re: [WG ADOPTION] Adoption call: draft-… Job Snijders
- [Sidrops] Re: [WG ADOPTION] Adoption call: draft-… Tim Bruijnzeels
- [Sidrops] Re: [WG ADOPTION] Adoption call: draft-… Christopher Morrow