Re: [Sidrops] what to do when the CRL is hosed?

Stephen Kent <stkent@verizon.net> Tue, 24 March 2020 15:41 UTC

To: Tim Bruijnzeels <tim@nlnetlabs.nl>
Cc: SIDR Operations WG <sidrops@ietf.org>
References: <20200224151532.GD19221@vurt.meerval.net> <20200224211531.GB60925@vurt.meerval.net> <20200225090338.10464b1a@glaurung.nlnetlabs.nl> <9cc3a6a5-f9c8-23df-588e-48dee5db62d4@verizon.net> <3B7006DE-5366-47E7-9CD6-AF392F9ED0CC@nlnetlabs.nl> <6602d1a7-ecbf-73a0-21d8-1254fb2aff97@verizon.net> <253D1ED7-52D8-4A00-9D69-095E61D09C9F@nlnetlabs.nl> <db920115-e188-700f-ceb2-08cd2996046a@verizon.net> <BBE92EA7-5017-462B-A071-2F0F72F2C06D@nlnetlabs.nl> <9860FAC3-5473-42EE-B2DC-BBBEF3E1A2FB@nlnetlabs.nl>
From: Stephen Kent <stkent@verizon.net>
Message-ID: <01560d7d-6378-eadd-0cc5-476a429cc3eb@verizon.net>
Date: Tue, 24 Mar 2020 11:41:04 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:68.0) Gecko/20100101 Thunderbird/68.6.0
MIME-Version: 1.0
In-Reply-To: <9860FAC3-5473-42EE-B2DC-BBBEF3E1A2FB@nlnetlabs.nl>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/A59jrNNDsa-pibkllKoKg1MxAdk>
Subject: Re: [Sidrops] what to do when the CRL is hosed?
Precedence: list

Tim,
>
> One more thought.. specifically on this:
>
>>> redundancy is often beneficial in security systems. it helps prevent a single error from having terrible consequences.
>
> It's the same engine that signs both CRLs and MFTs. I believe that this increases the chance of bugs in signing, and orchestration of publication. And a failure in any of these cases can lead to bad results.

Any bugs in the software that manages MFTs and CRLs is of concern. If 
one cannot manage to do both jobs correctly then maybe one ought not be 
running an RPKI CA.

Steve

[Sidrops] what to do when the CRL is hosed? Job Snijders
Re: [Sidrops] what to do when the CRL is hosed? Job Snijders
Re: [Sidrops] what to do when the CRL is hosed? Job Snijders
Re: [Sidrops] what to do when the CRL is hosed? Jared Mauch
Re: [Sidrops] what to do when the CRL is hosed? Francisco Javier Moreno Arana
Re: [Sidrops] what to do when the CRL is hosed? Ben Maddison
Re: [Sidrops] what to do when the CRL is hosed? Job Snijders
Re: [Sidrops] what to do when the CRL is hosed? Martin Hoffmann
Re: [Sidrops] what to do when the CRL is hosed? Stephen Kent
Re: [Sidrops] what to do when the CRL is hosed? George Michaelson
Re: [Sidrops] what to do when the CRL is hosed? Louis Poinsignon
Re: [Sidrops] what to do when the CRL is hosed? Job Snijders
Re: [Sidrops] what to do when the CRL is hosed? Christopher Morrow
Re: [Sidrops] what to do when the CRL is hosed? George Michaelson
Re: [Sidrops] what to do when the CRL is hosed? Jared Mauch
Re: [Sidrops] what to do when the CRL is hosed? Randy Bush
Re: [Sidrops] what to do when the CRL is hosed? Di Ma
Re: [Sidrops] what to do when the CRL is hosed? Oleg Muravskiy
Re: [Sidrops] what to do when the CRL is hosed? Tim Bruijnzeels
Re: [Sidrops] what to do when the CRL is hosed? Robert Kisteleki
Re: [Sidrops] what to do when the CRL is hosed? Stephen Kent
Re: [Sidrops] what to do when the CRL is hosed? Job Snijders
Re: [Sidrops] what to do when the CRL is hosed? Stephen Kent
Re: [Sidrops] what to do when the CRL is hosed? Robert Kisteleki
Re: [Sidrops] what to do when the CRL is hosed? Tim Bruijnzeels
Re: [Sidrops] what to do when the CRL is hosed? Tim Bruijnzeels
Re: [Sidrops] what to do when the CRL is hosed? Nathalie Trenaman
Re: [Sidrops] what to do when the CRL is hosed? Claudio Jeker
Re: [Sidrops] what to do when the CRL is hosed? Stephen Kent
Re: [Sidrops] what to do when the CRL is hosed? Stephen Kent
Re: [Sidrops] what to do when the CRL is hosed? Robert Kisteleki
Re: [Sidrops] what to do when the CRL is hosed? Job Snijders
Re: [Sidrops] what to do when the CRL is hosed? Rob Austein
Re: [Sidrops] what to do when the CRL is hosed? Tim Bruijnzeels
Re: [Sidrops] what to do when the CRL is hosed? Job Snijders
Re: [Sidrops] what to do when the CRL is hosed? Tim Bruijnzeels
Re: [Sidrops] what to do when the CRL is hosed? Tim Bruijnzeels
Re: [Sidrops] what to do when the CRL is hosed? Martin Hoffmann
Re: [Sidrops] what to do when the CRL is hosed? Job Snijders
Re: [Sidrops] what to do when the CRL is hosed? Oleg Muravskiy
Re: [Sidrops] what to do when the CRL is hosed? Stephen Kent
Re: [Sidrops] what to do when the CRL is hosed? Stephen Kent
Re: [Sidrops] what to do when the CRL is hosed? Stephen Kent
Re: [Sidrops] what to do when the CRL is hosed? Job Snijders
Re: [Sidrops] what to do when the CRL is hosed? Job Snijders
Re: [Sidrops] what to do when the CRL is hosed? Stephen Kent
Re: [Sidrops] what to do when the CRL is hosed? Christopher Morrow
Re: [Sidrops] what to do when the CRL is hosed? George Michaelson
Re: [Sidrops] what to do when the CRL is hosed? Di Ma
Re: [Sidrops] what to do when the CRL is hosed? Christopher Morrow
Re: [Sidrops] what to do when the CRL is hosed? Christopher Morrow
Re: [Sidrops] what to do when the CRL is hosed? Robert Kisteleki
Re: [Sidrops] what to do when the CRL is hosed? Robert Kisteleki
Re: [Sidrops] what to do when the CRL is hosed? Martin Hoffmann
Re: [Sidrops] what to do when the CRL is hosed? Claudio Jeker
Re: [Sidrops] what to do when the CRL is hosed? Job Snijders
Re: [Sidrops] what to do when the CRL is hosed? Christopher Morrow
Re: [Sidrops] what to do when the CRL is hosed? Jay Borkenhagen
Re: [Sidrops] what to do when the CRL is hosed? Randy Bush
Re: [Sidrops] what to do when the CRL is hosed? Lukas Tribus
Re: [Sidrops] what to do when the CRL is hosed? Randy Bush
Re: [Sidrops] what to do when the CRL is hosed? Martin Hoffmann
Re: [Sidrops] what to do when the CRL is hosed? Lukas Tribus
Re: [Sidrops] what to do when the CRL is hosed? Tim Bruijnzeels
Re: [Sidrops] what to do when the CRL is hosed? Robert Kisteleki
Re: [Sidrops] what to do when the CRL is hosed? Martin Hoffmann
Re: [Sidrops] what to do when the CRL is hosed? Stephen Kent
Re: [Sidrops] what to do when the CRL is hosed? Randy Bush