Re: [Sidrops] ASPA Validation section in draft-ietf-sidrops-aspa-profile-07
Ties de Kock <tdekock@ripe.net> Thu, 31 March 2022 15:50 UTC
Return-Path: <tdekock@ripe.net>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A14813A0EBD for <sidrops@ietfa.amsl.com>; Thu, 31 Mar 2022 08:50:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.109
X-Spam-Level:
X-Spam-Status: No, score=-2.109 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ripe.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vize7LU-Tm8Q for <sidrops@ietfa.amsl.com>; Thu, 31 Mar 2022 08:50:30 -0700 (PDT)
Received: from mahimahi.ripe.net (mahimahi.ripe.net [IPv6:2001:67c:2e8:11::c100:1372]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 76A673A1C93 for <sidrops@ietf.org>; Thu, 31 Mar 2022 08:49:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ripe.net; s=s1-ripe-net; h=To:Message-Id:Cc:Date:From:Subject:Mime-Version:Content-Type ; bh=19PBt9e5EWBC4sovVaFmHtb4EOihpGoD8F5v8FyvHec=; b=clsp09OHqDMXlmdf1Y4mmwNE gzaz5Qz9y4uyU0N4xnR94NEgf9CTjtfZ8VYNGUPB8mt8UozrXAxrlYeM+QC0OJenqYgNK8sHG5CJe 6b44xKZK2OmXomOGl9iMl64Tb7n1+qcn/EG0mv/sUcC0+yNQmKMCYT8LIFxxTtHDrbbPek/nww0DN j7cyFgDlTLT2y2eer8w1G3bKqh3LKRXh0l9xmrD9nJoajcxwAUMcO//EJ//3RqTqjvcTrL982Y37s OQG6ajP07AcWDmHzPbNTo4jt9w/ucdqt3DLTxzNaqwMgNqIiblbrU2SITGJqU4JbXyUXLFD+S6BBr vvEARLC0dA==;
Received: from allealle.ripe.net ([2001:67c:2e8:23::c100:170c]:54550) by mahimahi.ripe.net with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <tdekock@ripe.net>) id 1nZx3Z-0008bW-T8; Thu, 31 Mar 2022 17:49:53 +0200
Received: from sslvpn.ipv6.ripe.net ([2001:67c:2e8:9::c100:14e6] helo=smtpclient.apple) by allealle.ripe.net with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <tdekock@ripe.net>) id 1nZx3Z-0000qn-Pq; Thu, 31 Mar 2022 15:49:53 +0000
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.80.82.1.1\))
From: Ties de Kock <tdekock@ripe.net>
In-Reply-To: <YkWuagAbTc+7mE77@snel>
Date: Thu, 31 Mar 2022 17:49:53 +0200
Cc: SIDR Operations WG <sidrops@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <22893999-A652-406B-BC02-1E723C798EFC@ripe.net>
References: <E6E5618C-31D1-4555-B848-236511D4D575@ripe.net> <YkWuagAbTc+7mE77@snel>
To: Job Snijders <job@fastly.com>
X-Mailer: Apple Mail (2.3696.80.82.1.1)
X-RIPE-Signature: 059faafd1cc22ebb05e1592c815fe1e1140a35357a027d9284467f25532eb3da
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/BIHNrOUKogHd40xROayH8CYMghM>
Subject: Re: [Sidrops] ASPA Validation section in draft-ietf-sidrops-aspa-profile-07
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Mar 2022 15:50:36 -0000
Hi Job, > On 31 Mar 2022, at 15:36, Job Snijders <job@fastly.com> wrote: > > Hi Ties, > > Thanks for reviewing > > On Thu, Mar 31, 2022 at 02:32:28PM +0200, Ties de Kock wrote: >> I just reviewed a parser/generator for the ASPA object profile, and I >> realised that the ASPA validation section currently only includes a >> single ASPA-specific validation step. I want to propose expanding this >> section. >> >> At a minimum, I would recommend that this section (also) lists checks >> that ensure that: >> >> * The version is 0 > > I think this already is covered in the draft: § 3.1 states "The version > number of the ASProviderAttestation MUST be v0." > > The above type of text triggers RP developers to implement checks like > these: https://github.com/openbsd/src/blob/326af693966ccfc600796f445a88b37549ae3e64/usr.sbin/rpki-client/roa.c#L276-L294 And if you want to be really strict, that clause is redundant as well. The default value must not be present in a DER object, and from 6488#3.l it follows that a non-DER object is invalid. X.690 11.5 Set and sequence components with default value: > The encoding of a set value or sequence value shall not include an encoding for > any component value which is equal to its default value. But my point here is that RPKI software is written by humans and that some level of redundancy helps implementations to be closer to first-time-right. >> * The eContentType and content-type signed attribute contain the >> correct OID. > > I think those aspects are covered through RFC 6488, specially § 2.1.3.1 > > "The eContentType is an OID specifying the type of payload in this > signed object and MUST be specified by the Internet Standards Track > document that defines the object. > >> Please let me know what you think. > > Section 4 of draft-ietf-sidrops-aspa-profile seems to have taken > inspiration from RFC 6493 (GBRs) and RFC 6482 (ROAs)'s section on > validation, by referencing to RFC 6488. This makes for concise text. > > Personally I think there is an advantage to making it very clear the > RPKI signed object template model is followed, rather than (redundantly) > outlining (a subset of) the full decision tree. > > On the other hand, perhaps this type of section historically has > suffered from brevity, and more elaboration is useful? I'm somewhat > undecided. I agree that it is good to be very clear that the RPKI signed object model is followed. That is a key concept to understand when implementing. However, there is a balance between trusting that the reader is aware of implicit information and redundantly outlining processing steps. At this point in time I feel like that there is a benefit to more explicitly list the MUSTs from the other sections of the draft that we expect RPs to check. Kind regards, Ties
- [Sidrops] ASPA Validation section in draft-ietf-s… Ties de Kock
- Re: [Sidrops] ASPA Validation section in draft-ie… Job Snijders
- Re: [Sidrops] ASPA Validation section in draft-ie… Ties de Kock
- Re: [Sidrops] ASPA Validation section in draft-ie… Job Snijders