IETF Logo Mail Archive

Re: [Sidrops] I-D Action: draft-ietf-sidrops-6486bis-06.txt

Tim Bruijnzeels <tim@nlnetlabs.nl> Wed, 06 October 2021 06:52 UTC

Return-Path: <tim@nlnetlabs.nl>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 27E2A3A150D for <sidrops@ietfa.amsl.com>; Tue, 5 Oct 2021 23:52:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nlnetlabs.nl
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HQHRf6SNxg4t for <sidrops@ietfa.amsl.com>; Tue, 5 Oct 2021 23:52:39 -0700 (PDT)
Received: from outbound.soverin.net (outbound.soverin.net [116.202.126.228]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 612C93A0FD7 for <sidrops@ietf.org>; Tue, 5 Oct 2021 23:52:38 -0700 (PDT)
Received: from smtp.soverin.net (unknown [10.10.3.28]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by outbound.soverin.net (Postfix) with ESMTPS id 0E82124C; Wed, 6 Oct 2021 06:52:33 +0000 (UTC)
Received: from smtp.soverin.net (smtp.soverin.net [159.69.232.142]) by soverin.net
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=nlnetlabs.nl; s=soverin; t=1633503151; bh=QeBNNO+0r+dc3w6Hzzp2xbaq82v5cgeCFq1djorvQvw=; h=Subject:From:In-Reply-To:Date:Cc:References:To:From; b=Iv6SlXvxECgVq3dVlZGjC+21bDW3euD89KU+TDnW0DcMU+W+DGP1HJZqV7GJHXDBV QA/6808mcrQ/skw+OHqWWORehI5AgFrdCJcuctCrIQa89l0hBIoJtGVN0L8t3Mpm7S UTGqkgbXMQ0Em6bRD8fDPKpXdGG9Hw5zIo2OuU9924JOTarAYEF/4dAGraEVUKdV1z zRo6mt7CsuTj63IiVEvYtvgEQxNlxePfa8NMeE7X1lFpfIhfyyoJyG6wdtaYaoyCNk UH9JJQrmYy8gVU/4VYN8vsYY1Wkpe+DbpN+pt8NpUKSNxcSPmBA8kryqSz0yOgzUoW gF1wMSxIgQ1kw==
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.120.0.1.13\))
From: Tim Bruijnzeels <tim@nlnetlabs.nl>
In-Reply-To: <AF18F2E7-D16D-4352-8D2C-E9B6D2DE9271@vigilsec.com>
Date: Wed, 06 Oct 2021 08:52:28 +0200
Cc: Ben Maddison <benm@workonline.africa>, SIDR Operations WG <sidrops@ietf.org>, Steve Kent <stephen.kent@verizon.net>
Content-Transfer-Encoding: quoted-printable
Message-Id: <4E8ED276-A8A2-42FC-B0ED-9BB1EEB0C0BF@nlnetlabs.nl>
References: <162730591845.29690.12178353991713962835@ietfa.amsl.com> <2457bdd2-de07-241f-b8e4-87206dabcf16@verizon.net> <28F0ACCE-4D0C-4D80-B4C5-4E8B9D05760F@nlnetlabs.nl> <51acd845-d937-34a1-359b-7379b45e3fe3@verizon.net> <49e73d37-6d26-7715-da60-c2411020d595@verizon.net> <20210930171302.m7b5utqceotecooc@benm-laptop> <B2E57F08-CA61-4713-BFAE-6D36B20EA1D2@vigilsec.com> <20210930205213.kzwpn3e4ft3q33a6@benm-laptop> <F32DADF2-48C1-4CE7-AC4F-5ADB01C0C224@vigilsec.com> <F069C65C-2BD2-4DD7-9CDB-96DBAA122CD1@nlnetlabs.nl> <AF18F2E7-D16D-4352-8D2C-E9B6D2DE9271@vigilsec.com>
To: Russ Housley <housley@vigilsec.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/8XcHjRcLaAPynv80pauCO_5kSDQ>
Subject: Re: [Sidrops] I-D Action: draft-ietf-sidrops-6486bis-06.txt
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Oct 2021 06:52:46 -0000

Russ (and Ben):

> On 1 Oct 2021, at 21:30, Russ Housley <housley@vigilsec.com> wrote:
> 
> 
> 
>> On Oct 1, 2021, at 2:47 AM, Tim Bruijnzeels <tim@nlnetlabs.nl> wrote:
>> 
>> Hi,
>> 
>> I saw this:
>> 
>>> On 30 Sep 2021, at 23:11, Russ Housley <housley@vigilsec.com> wrote:
>>> 
>>>    version        [0] INTEGER DEFAULT 0,
>> 
>> This is how it was done, and also what the e.g. the ROA profile uses.
>> 
>> However, reading the ASPA profile I came across another way, like:
>> 
>>    version        [0] VERSION DEFAULT v0,
>> 
>>    VERSION ::= INTEGER { v0(0) }
>> 
>> 
>> This does not change the profile really afaik, but I believe this
>> explicitly limits the available options of 'version' to just 'v0',
>> i.e. an INTEGER with value 0. So, this may be a bit better in that
>> regard.
> 
> 
> Tim:
> 
> These produce the same bits on the wire.  The difference is that the various versions have names ifor each of the integer version values. In that case, the name is "v0".
> 
> When v1 gets defined, the definition needs to be expanded to:
> 
>   VERSION ::= INTEGER { v0(0), v1(1) }
> 
> For example, RFC 5652 has:
> 
>  CMSVersion ::= INTEGER  { v0(0), v1(1), v2(2), v3(3), v4(4), v5(5) }

Indeed, I did not mean to suggest that the encoding would be different, just that the set is limited.

So, if there is a version change it would have to be expanded, but presumably other properties would change as well - e.g. we would no longer insist on the value being 0 in validation. So I am not sure that this is an issue.

In any case, I do not have any preference for one or the other but I noticed that it's different between manifests and the proposed ASPA profile. Plain 'INTEGER' is perfectly fine by me as well, but that does make me wonder whether the ASPA profile should just use that as well.

Tim



> 
> 
> Russ

v2.23.0 | Report a Bug | By Email