Re: [Sidrops] feedback on draft-michaelson-rpki-rta

George Michaelson <> Mon, 11 January 2021 22:34 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 0D5453A140D for <>; Mon, 11 Jan 2021 14:34:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id oeVbnpz0F-74 for <>; Mon, 11 Jan 2021 14:34:27 -0800 (PST)
Received: from ( [IPv6:2a00:1450:4864:20::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id ECDC43A140A for <>; Mon, 11 Jan 2021 14:34:26 -0800 (PST)
Received: by with SMTP id u21so738378lja.0 for <>; Mon, 11 Jan 2021 14:34:26 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=ViMJ5tUUtyTN2sRXQUExqmk/X/54oOh2wJ36ZkMvmfo=; b=RxUvjnM3xK0wiYLuKkOY1p9C05RpkF4seHvIBYkdclrNZdYeiU3rN616p2tNwJfMju iQkGjkAEqVt0QqrNfSo5R6l+ZcQXXvszT9KZR4JAmC+l2TgVPsa3Ir90Uxk3vHiGPqvI zA9vwhwen8pDeCoHE+FLqgQAeCBRsMBhOt31zXKijdrhp6PNVTAOJ6BqWj+61KaaQSAW DU90DJF00W6CbAFWpzMkFlkOfiX0455fxW0vpPpTJCgEH2ocYh14SrpHQgjeahPMPoTi hGmXSw+sZPllQh2PPwLcM95mOZdmbsPvB4LOrXDB9XuBzWa0xIdFBzXGcNMC31meXHHo Qrpg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=ViMJ5tUUtyTN2sRXQUExqmk/X/54oOh2wJ36ZkMvmfo=; b=kkgh/o/ORcdwtAwBa05CV82ZD+zS762pc5+SokN0i9nB3wRbVsPlMf+4055aQF7sQk 05SsOFMTkRQD1swXIgXON4UEaY2mTbrE9V9YWwHfzoGEL0U/5CLeUEYE6Q62l+oPrehZ +J8m7Y3uUqyytNi5sucevdiaS7GZK072RJ9PlUep2jFG8lFAK5umSQ8dt+Y78yx+odqO 7ia1ts8PBr9oxdxe/2kln7jRfooay82NJEIXzLgaRUVuGDymfz/0XJvYb9UwwOl9jXjV 2m9eAVrIq4CLELI+6rAWD5h2olBvvfhUR7TL/2tMoQ/7oAAvSQYyWkgDSVP12xP+45lF Jg+Q==
X-Gm-Message-State: AOAM533RfInyQoxf2ihHDcbzadQOn/3paJhhoDKJn480bQL/s4oLmND9 chGSBUNUsX55dJZG/eP4Wz8JGFTVZwkY0FJ7/A0QFRJhezArXQ==
X-Google-Smtp-Source: ABdhPJxwqY4dSECDuEaE2P0wWWbgqd2prJvUI5VcIQLBm96ROmH+4BIZYRMHqqVYFB+OCuGJLhy/yaj3mPIVjzqrJok=
X-Received: by 2002:a05:651c:2049:: with SMTP id t9mr733264ljo.58.1610404464370; Mon, 11 Jan 2021 14:34:24 -0800 (PST)
MIME-Version: 1.0
References: <X+d3+e5Rj/> <> <> <> <> <> <20201230144836.ytg4u2gobkv4uzqn@benm-laptop> <> <>
In-Reply-To: <>
From: George Michaelson <>
Date: Tue, 12 Jan 2021 08:34:13 +1000
Message-ID: <>
To: Stephen Kent <>
Cc: SIDR Operations WG <>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <>
Subject: Re: [Sidrops] feedback on draft-michaelson-rpki-rta
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A list for the SIDR Operations WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 11 Jan 2021 22:34:30 -0000

The use case is to tag other information with INR.

The note Tim made was that the intent of RTA is not limited to secure
routing, not that it is intended to be used for signing without
reference to INR.


On Tue, Jan 12, 2021 at 1:31 AM Stephen Kent
<> wrote:
> Tim,
> You said:
> The use case is intentionally _not_ limited to secure routing and publishing in the RPKI may not be necessary in envisaged cases.
> The CP (RFC 6484) imposes constraints on the set of uses for certs issued under the RPKI (and thus containing the designated policy OID). As noted in the introduction, RPKI certs are "designed exclusively for use in support of validation of claims related to current INR holdings." Using ANY cert containing the OID defined in the CP for a generic set of cases violates the CP. Thus it is inappropriate to publish a spec that uses certs issued under the RPKI (whether published in the repository system or not) for applicatons inconsistent with the CP.
> Steve
> _______________________________________________
> Sidrops mailing list