Re: [Sidrops] what to do when the CRL is hosed?

George Michaelson <> Wed, 26 February 2020 00:24 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id D3B373A096A for <>; Tue, 25 Feb 2020 16:24:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id VRWsVaoKmBxy for <>; Tue, 25 Feb 2020 16:24:02 -0800 (PST)
Received: from ( [IPv6:2607:f8b0:4864:20::132]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 3F4CE3A0967 for <>; Tue, 25 Feb 2020 16:24:02 -0800 (PST)
Received: by with SMTP id p8so794773iln.12 for <>; Tue, 25 Feb 2020 16:24:01 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=UM6OfXIKUz/s1555DuAckJ3dImdpwrvVMgIGEXhsDHg=; b=gySvRNgi2D1hGoffWrrQaEpLY5NKQdfQRfBBV2hjYCFXABsT93kdLuyyFKiX5aBFWL 405xhRhHEyDONiv8MQ2MZlzCoaGyxlstKe+vI0a6lumEo0AqtdJiHbhLCszxde1ZfTlR qyBXhuQ0lZby2dmVupOMD7yj7OEFJPOTDdiXvhq05Se3N7TY3AYJtNgNCToHrVeoTCd2 kpcl0H7tOhQn8Vino03CIiAGLvUp9kJ1+SY2/49cUucDHSMf0EV/Eu6/if3y/bh2UzGp Qm261PfYe37TE3LzmWF9e1qZTc8mE+G2oCyzzRp9Gr0rdfQ1DxwdkvY62lJf06F/j9kk gRjA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=UM6OfXIKUz/s1555DuAckJ3dImdpwrvVMgIGEXhsDHg=; b=ObKsmQ6Opp2gN882uHdzMeiE0GfUSbZXHp6vOheJ2C+JqN+HmBR0yPjMxkvBsHoNsy pN4nEvxqzT7uv/otxKZPWKAbaDMFnrKQKtoXkRVGjQI/Fzb3FDXVPelgm75BojMB2xTi TuRzgLvRqQji7dnoS7ohQ7drEphRLeq1+9JPxfv6yy6Q5vAqPw9FKeKNGlPG9LQ9TAjH SQ2dFj1qtr5Sr4VJuxPQvXyiubTKADkrqH323mKY6igoa0csYXyUEnawk3/Du90b+wK0 D4HsHRDpzn+ONHcTEF+nvq8sgEYbc24ksoV8GhI4Wu140B0QHARlC76KyFUlFEomdyZl KIRQ==
X-Gm-Message-State: APjAAAVgyxLDbCGpHwSt17nRBCSYYaryOQ6d3jfRhK5JLUtkfIpab37+ meZsCpQ1RbxVO5Jfxi3FGXd6OpuJz9WJFxqfO8sntEPH
X-Google-Smtp-Source: APXvYqyU5l3obXpVUjeu+kSYyOnRwoMnD4RQbDPHEBIt296w4uXhssNrPEIbae+QxWDWlh3TcFRFkG6yTbtAbcVBJHk=
X-Received: by 2002:a92:5d88:: with SMTP id e8mr1409007ilg.106.1582676641326; Tue, 25 Feb 2020 16:24:01 -0800 (PST)
MIME-Version: 1.0
References: <> <> <> <>
In-Reply-To: <>
From: George Michaelson <>
Date: Wed, 26 Feb 2020 10:23:50 +1000
Message-ID: <>
To: Stephen Kent <>
Cc: SIDR Operations WG <>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <>
Subject: Re: [Sidrops] what to do when the CRL is hosed?
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A list for the SIDR Operations WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 26 Feb 2020 00:24:04 -0000

I believe while I may use sloppier language, in broad intent agree
with Steve.  There is information in a CRL which is not expressed in a
manifest. We added manifests to our system, we did not deprecate or
replace CRLs.

We did not design this PKI with intent to make CRL optional or
unnecessary, and the Manifest as I understand my recollections, was to
provide a statement of what MUST be seen, not to exclude any other
things existing, or to repudiate things. it is not "complete" as I
understand it, it is only a statement of things which should not be
missing. There can be other things. it is entirely possible
publication of the manifest is asynchronous to other publication
events, (large flat repositories) and so will not reflect fetch state,
but future manifest state will.

It is a mechanism to show if intermediates are attempting to hide
things. It is not a categorical statement that other things are
invalid or valid, because they can be cryptographically valid, not
expired, but repudiated by a CRL which you are not seeing.

If you cannot see a CRL which you are told should exist, to assume the
CRL doesn't matter feels extremely unwise. I may have mistakenly
published entirely cryptographically valid things which do not now
inform my intent, and I have tried to repudiate, and you cannot see
that repudiation and now interpret states of routing in ways which do
not reflect my true intent.