IETF Logo Mail Archive

Re: [Sidrops] Document on HTTPS on TALs (update to RFC7730) - seeking adoption

"Roque Gagliano (rogaglia)" <rogaglia@cisco.com> Thu, 07 December 2017 11:37 UTC

Return-Path: <rogaglia@cisco.com>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4C79D1287A5 for <sidrops@ietfa.amsl.com>; Thu, 7 Dec 2017 03:37:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.52
X-Spam-Level:
X-Spam-Status: No, score=-14.52 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id slk3eG-6wJbU for <sidrops@ietfa.amsl.com>; Thu, 7 Dec 2017 03:37:42 -0800 (PST)
Received: from alln-iport-6.cisco.com (alln-iport-6.cisco.com [173.37.142.93]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E22E5129408 for <sidrops@ietf.org>; Thu, 7 Dec 2017 03:37:41 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=6340; q=dns/txt; s=iport; t=1512646661; x=1513856261; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=BDEzsWAtxZKuHcHhtKyRLml9KEvjlUZMxbHrF+tDlto=; b=mUEMRT4ukLap+qZDrNiip03Ym9cjs4vN07Hl4DzYvvUtaS9Ke/HOCcos YEnJAS9veoX/aGvGj+4jCS+ZEUCdMjJ+ir2IWYklA/NG/ZXD1EkeA3QOb 0qRWXhNvOzRMLivDMX39aPPGzzzq69aoTTRIF5kkNirSEe9Q4P/l7p3Tx Y=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0DfAgArJyla/5FdJa1dGQEBAQEBAQEBAQEBAQcBAQEBAYM+ZnInB4N7mR2BVyaXHYIBChgLhElPAhqFPUIVAQEBAQEBAQEBayiFIgEBAQECAQEBGwYROgsQAgEIEQMBAgECAiYCAgIlCxUICAIEDgWKHwgQqACCJ4pYAQEBAQEBAQEBAQEBAQEBAQEBAQEBGAWBD4JFggqBVoFpKQuCd4FJgyBPgn4xghIgBYhfmiICh3aNJYIWhhGLNYpAgkWJJwIRGQGBOgE1I4FPbxU6KgGBfoJSDBCBZ3gBhz4sgQWBFQEBAQ
X-IronPort-AV: E=Sophos;i="5.45,372,1508803200"; d="scan'208";a="40954801"
Received: from rcdn-core-9.cisco.com ([173.37.93.145]) by alln-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 07 Dec 2017 11:37:40 +0000
Received: from XCH-RTP-013.cisco.com (xch-rtp-013.cisco.com [64.101.220.153]) by rcdn-core-9.cisco.com (8.14.5/8.14.5) with ESMTP id vB7BbdPf011540 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 7 Dec 2017 11:37:39 GMT
Received: from xch-rtp-011.cisco.com (64.101.220.151) by XCH-RTP-013.cisco.com (64.101.220.153) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Thu, 7 Dec 2017 06:37:38 -0500
Received: from xch-rtp-011.cisco.com ([64.101.220.151]) by XCH-RTP-011.cisco.com ([64.101.220.151]) with mapi id 15.00.1320.000; Thu, 7 Dec 2017 06:37:38 -0500
From: "Roque Gagliano (rogaglia)" <rogaglia@cisco.com>
To: Tim Bruijnzeels <tim@ripe.net>
CC: "sidrops@ietf.org" <sidrops@ietf.org>
Thread-Topic: [Sidrops] Document on HTTPS on TALs (update to RFC7730) - seeking adoption
Thread-Index: AQHTbs5kZfQ1pDjfNk6F/uX9XSbmLqM37maAgAAnXoA=
Date: Thu, 07 Dec 2017 11:37:38 +0000
Message-ID: <1F0086D3-A2C4-4329-8A1C-8338FAE5ECC9@cisco.com>
References: <a1ca5abc5f21482caa634126e99c123a@XCH-RTP-011.cisco.com> <782CCC97-4BA2-4EF0-9B99-F0D17AE10D86@ripe.net>
In-Reply-To: <782CCC97-4BA2-4EF0-9B99-F0D17AE10D86@ripe.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/f.27.0.171010
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.228.220.45]
Content-Type: text/plain; charset="utf-8"
Content-ID: <6EF952F318FB624F8E9B72D5DFF951B7@emea.cisco.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/6azgTwZ3zEDEZLUuk-cgoY6P0v8>
Subject: Re: [Sidrops] Document on HTTPS on TALs (update to RFC7730) - seeking adoption
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Dec 2017 11:37:44 -0000

I support adoption with this change.

Roque


 

On 07/12/17 10:17, "Tim Bruijnzeels" <tim@ripe.net> wrote:

    Hi Roque, WG,
    
    As I said I believe that you’re right and it should say “obsoletes”.
    
    Co-chairs, can you initiate a call for adoption on this?
    
    I am happy to change “updates” to “obsoletes” when adopted.
    
    Tim
    
    
    
    
    > On 6 Dec 2017, at 21:11, Roque Gagliano (rogaglia) <rogaglia@cisco.com> wrote:
    > 
    > Hi Tim,
    > 
    > IMHO, If it replaces rather than complements, it should be obsoletes.
    > 
    > I guess there is a formal definition somewhere.
    > 
    > Roque
    > 
    > 
    > 
    > 
    > Sent from my Samsung Galaxy smartphone.
    > 
    > -------- Original message --------
    > From: Tim Bruijnzeels <tim@ripe.net>
    > Date: 11/30/17 14:39 (GMT+01:00)
    > To: "Roque Gagliano (rogaglia)" <rogaglia@cisco.com>
    > Cc: sidrops@ietf.org
    > Subject: Re: [Sidrops] Document on HTTPS on TALs (update to RFC7730) - seeking adoption
    > 
    > 
    > > On 30 Nov 2017, at 14:31, Roque Gagliano (rogaglia) <rogaglia@cisco.com> wrote:
    > > 
    > > Hi Tim,
    > > 
    > > Not sure I understand why you are “updates” RFC 7730 and not “obsoletes” RFC7730. Could you please elaborate on this decision?
    > 
    > I believe you’re right and it should indeed say ‘obsoletes’ - as in replaces - rather than updates (parts) of it. That said, most of the text is a straight copy of the text in 7730.
    > 
    > Tim
    > 
    > 
    > > 
    > > Regards,
    > > Roque
    > > 
    > > 
    > > On 30/11/17 14:02, "Sidrops on behalf of Tim Bruijnzeels" <sidrops-bounces@ietf.org on behalf of tim@ripe.net> wrote:
    > > 
    > >    Dear working group,
    > > 
    > >    As discussed at IETF99, and in informal talks with some of you, we would like to update the TAL format (RFC7730) to allow HTTPS.
    > > 
    > >    I worked with George Michaelson on an update. Because RFC7730 contains quite a few references to ‘rsync’ we felt that a new document updating 7730 would be more readable and appropriate then document updating many small bits of text. The -00 version of this document is here: https://tools.ietf.org/id/draft-tbruijnzeels-sidrops-https-tal-00.txt
    > > 
    > >    We would like to ask the co-chairs to make a call to the working group for adoption.
    > > 
    > >    In short this update will allow the use of HTTPS instead of, or in addition to, rsync on TALs. Other than that it contains a section on TLS verification similar to the one that is included in the delta protocol (RFC8182) - essentially saying that TLS verification is done on a best effort basis - and warnings should be uttered in case of issues - but because the TA certificate can still be validated cryptographically it MUST still be downloaded. Note that it is a matter of local policy whether an RP chooses to use different locations if they are present, but we may want to add some text here recommending the use of HTTPS URIs that have no TLS verification issues over ones that do - at this point I am not sure that this is needed, or would need to be normative text, but I think it would be good to have some discussion on this.
    > > 
    > >    For the record, I am not sure what is customary in these cases of relatively small updates to existing standards. But, I tried to approach the other authors of RFC7730 (George is already one of them) and ask them whether they want to remain authors on this new document. Geoff Huston indicated that he does not need to be on the list, but has no objections to us doing this work. I have not seen responses from Sam Weiler or Stephen Kent - it is also possible that they missed my message. In any case we have no objections if they do wish to stay on as authors, but for now they are not on the list of the document linked above.
    > > 
    > >    Kind regards,
    > > 
    > >    Tim 
    > > 
    > > 
    > > 
    > > 
    > >    _______________________________________________
    > >    Sidrops mailing list
    > >    Sidrops@ietf.org
    > >    https://www.ietf.org/mailman/listinfo/sidrops
    > > 
    > > 
    > > _______________________________________________
    > > Sidrops mailing list
    > > Sidrops@ietf.org
    > > https://www.ietf.org/mailman/listinfo/sidrops
    > 
    > _______________________________________________
    > Sidrops mailing list
    > Sidrops@ietf.org
    > https://www.ietf.org/mailman/listinfo/sidrops

v2.23.0 | Report a Bug | By Email