Re: [Sidrops] nlnet rp and rsync

Randy Bush <randy@psg.com> Mon, 11 May 2020 17:33 UTC

Return-Path: <randy@psg.com>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A66A43A0B47 for <sidrops@ietfa.amsl.com>; Mon, 11 May 2020 10:33:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UQi8xL5Dbjv1 for <sidrops@ietfa.amsl.com>; Mon, 11 May 2020 10:33:24 -0700 (PDT)
Received: from ran.psg.com (ran.psg.com [IPv6:2001:418:8006::18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 71AE83A0854 for <sidrops@ietf.org>; Mon, 11 May 2020 10:33:24 -0700 (PDT)
Received: from localhost ([127.0.0.1] helo=ryuu.rg.net) by ran.psg.com with esmtp (Exim 4.90_1) (envelope-from <randy@psg.com>) id 1jYCIq-0001yN-Uq; Mon, 11 May 2020 17:33:21 +0000
Date: Mon, 11 May 2020 10:33:20 -0700
Message-ID: <m2k11i2x7j.wl-randy@psg.com>
From: Randy Bush <randy@psg.com>
To: Russ Housley <housley@vigilsec.com>
Cc: SIDR Operations WG <sidrops@ietf.org>
In-Reply-To: <FA1358BC-54C0-476B-A8A0-238D2F4EFE74@vigilsec.com>
References: <m2mu6f42ji.wl-randy@psg.com> <B23AED42-5983-4E14-897A-03A51FCDDC42@nlnetlabs.nl> <m2zhae3hrh.wl-randy@psg.com> <20200511123331.5c2d604a@glaurung.nlnetlabs.nl> <73D1F29B-7F54-4022-975C-477B3A9E7CC5@psg.com> <20200511125957.09b5f5e5@glaurung.nlnetlabs.nl> <m2y2py3emb.wl-randy@psg.com> <FA1358BC-54C0-476B-A8A0-238D2F4EFE74@vigilsec.com>
User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/26.3 Mule/6.0 (HANACHIRUSATO)
MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue")
Content-Type: text/plain; charset=US-ASCII
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/63qca-Lp-jFw_UROKsfJZ8BKjSg>
Subject: Re: [Sidrops] nlnet rp and rsync
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 May 2020 17:33:32 -0000

rrdp is more fragile.  e.g. the nlnet labs client (rightly, imiho)
checks the full certificate chain.  if any piece of the chain expires,
is CRLed, ... the client does not go to rsync.  bam!

falling back to rsync is not a 'downgrade' in that the rpki uses an
object, not transport, security model.  well, until the last hop to the
router, and you can see the transport security section from hell in rfc
8210.

the goal in rrdp was to make the rpki more, not less reliable.  we found
the nllnet labs misfeature in the wild when CA data were no longer
fetched.  imiho not good.

randy