Re: [Sidrops] I-D Action: draft-ietf-sidrops-aspa-profile-15.txt
Ties de Kock <tdekock@ripe.net> Thu, 29 June 2023 10:15 UTC
Return-Path: <tdekock@ripe.net>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2F98BC151534 for <sidrops@ietfa.amsl.com>; Thu, 29 Jun 2023 03:15:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.097
X-Spam-Level:
X-Spam-Status: No, score=-7.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ripe.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vEVCBTYOVkXF for <sidrops@ietfa.amsl.com>; Thu, 29 Jun 2023 03:14:59 -0700 (PDT)
Received: from mail-mx-2.ripe.net (mail-mx-2.ripe.net [IPv6:2001:67c:2e8:11::c100:1312]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CDE22C15153E for <sidrops@ietf.org>; Thu, 29 Jun 2023 03:14:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ripe.net; s=s1-ripe-net; h=To:Message-Id:Cc:Date:From:Subject:Mime-Version:Content-Type ; bh=VbuowLPL9/gsZqXZaTcUEn2fl8hMW8nXwz9LgCbO8O4=; b=iCCUlgKaSEhE+0mHLd8EAcKO VfGZAmxIGcsRYisggpmSCG1vHoX3onZXzX3OHc7PRlpNy3jdivYhQKECzOG/D+MHEFsk0Sz5CO1Gf H1kEgbH/O9j6WCFqtDuh4ge/Sau9UtFApkmxNosSBzPnVm8UAS6zEinHJHPi9wA8d0/wTxd+a9NyM DPIeMZ7gJsgssDf5/ur4B6QBMG9DxYmrQPUG48EsFhNiU0E5Q8BM1s87BmlQLzRvlufRfZA3ZrExR 9RMXxXaLg3/aN/52jMJKFa12i3+24R+oOu0FuosXDleqRkhH14Tp37frKzd497+M0p/Gm616FKka3 518PG20EXA==;
Received: from bufobufo.ripe.net ([2001:67c:2e8:23::c100:170d]:55148) by mail-mx-2.ripe.net with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from <tdekock@ripe.net>) id 1qEofw-00FZ5n-1c; Thu, 29 Jun 2023 10:14:56 +0000
Received: from sslvpn.ipv6.ripe.net ([2001:67c:2e8:9::c100:14e6] helo=smtpclient.apple) by bufobufo.ripe.net with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from <tdekock@ripe.net>) id 1qEofw-0002w9-1O; Thu, 29 Jun 2023 10:14:56 +0000
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.600.7\))
From: Ties de Kock <tdekock@ripe.net>
In-Reply-To: <20230629115810.1c65c0c8@glaurung.nlnetlabs.nl>
Date: Thu, 29 Jun 2023 12:14:46 +0200
Cc: Job Snijders <job=40fastly.com@dmarc.ietf.org>, sidrops@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <4301BB4A-F87D-423E-94CC-C8B3037DA232@ripe.net>
References: <168621843689.33017.6897451444105786551@ietfa.amsl.com> <ZIGogKIH4Srb8Nxt@snel> <20230628173307.29fefec2@glaurung.nlnetlabs.nl> <ZJxXjg1NNdgVRP50@snel> <20230629115810.1c65c0c8@glaurung.nlnetlabs.nl>
To: Martin Hoffmann <martin@nlnetlabs.nl>
X-Mailer: Apple Mail (2.3731.600.7)
X-RIPE-Signature: 059faafd1cc22ebb05e1592c815fe1e1b1ab7697484862ca96776762ab940bba
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/BYuzej-pesx8nb4UOwBbPQRuvMM>
Subject: Re: [Sidrops] I-D Action: draft-ietf-sidrops-aspa-profile-15.txt
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Jun 2023 10:15:04 -0000
Hi all, > On 29 Jun 2023, at 11:58, Martin Hoffmann <martin@nlnetlabs.nl> wrote: > > Job Snijders wrote: >> On Wed, Jun 28, 2023 at 05:33:07PM +0200, Martin Hoffmann wrote: >> >>> While we are at it, I would like to again raise the suggestion to >>> not use a version 1 here but rather stick to 0 and use a different >>> content type OID. The older and newer definitions are not >>> compatible, so a new OID feels more appropriate than a version >>> change. >> >> I can see your argument, but I'm not sure there is clear consensus to >> request a fresh content-type OID, and there are counter-arguments too. >> >> In the past the ASPA profile definition has been updated without >> cranking the version or content-type OID. Some argue we are in a phase >> of 'experimentation' (since the internet-draft isn't published as >> RFC), where some incompatibility with older revisions of the draft is >> to be expected and of no concern. > > I’d be okay with leaving the version at 0 and using the current OID as > well. The old-format objects will fail to be decoded either way, so it > doesn’t really make a difference in practice. Depending on how the > parser works, they may be rejected even before you get to the version > check, too. A benefit of a separate version is a cleaner way to support both profiles. There is a nice natural experiment in this on how long it takes people to switch to compliant implementations. > > I’m a bit worried with having version 1 in a newly published > standard. It’ll be the only one that does that and it is very easy to > miss because it really is just a single digit in the text below the > grammar. Ask me how I know ... We have a number of test cases by now. The objects I use for interop testing are currently in [0] (unfortunately the URL will not be stable after merging this). By now we have covered quite a few variations :) A benefit of a separate version is a cleaner way to support both profiles. There is a nice natural experiment in this on how long it takes people to switch to compliant implementations of CAs. https://github.com/RIPE-NCC/rpki-commons/tree/feature/aspa-profile-15/src/test/resources/interop/aspa If we move back to version 0, let’s do that with a new OID… As a repository operator we parse _all_ objects in repositories for some consistency checks, having multiple structures for the same version complicates things more. Kind regards, Ties
- [Sidrops] I-D Action: draft-ietf-sidrops-aspa-pro… internet-drafts
- Re: [Sidrops] I-D Action: draft-ietf-sidrops-aspa… Job Snijders
- Re: [Sidrops] I-D Action: draft-ietf-sidrops-aspa… Martin Hoffmann
- Re: [Sidrops] I-D Action: draft-ietf-sidrops-aspa… Job Snijders
- Re: [Sidrops] I-D Action: draft-ietf-sidrops-aspa… Russ Housley
- Re: [Sidrops] I-D Action: draft-ietf-sidrops-aspa… Ties de Kock
- Re: [Sidrops] I-D Action: draft-ietf-sidrops-aspa… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] I-D Action: draft-ietf-sidrops-aspa… Claudio Jeker
- Re: [Sidrops] I-D Action: draft-ietf-sidrops-aspa… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] I-D Action: draft-ietf-sidrops-aspa… Russ Housley
- Re: [Sidrops] I-D Action: draft-ietf-sidrops-aspa… Martin Hoffmann
- Re: [Sidrops] I-D Action: draft-ietf-sidrops-aspa… Russ Housley
- Re: [Sidrops] I-D Action: draft-ietf-sidrops-aspa… Martin Hoffmann
- Re: [Sidrops] I-D Action: draft-ietf-sidrops-aspa… Job Snijders
- Re: [Sidrops] I-D Action: draft-ietf-sidrops-aspa… Ties de Kock
- Re: [Sidrops] I-D Action: draft-ietf-sidrops-aspa… Russ Housley
- Re: [Sidrops] I-D Action: draft-ietf-sidrops-aspa… Russ Housley
- Re: [Sidrops] I-D Action: draft-ietf-sidrops-aspa… Job Snijders
- Re: [Sidrops] I-D Action: draft-ietf-sidrops-aspa… Ties de Kock
- Re: [Sidrops] I-D Action: draft-ietf-sidrops-aspa… Tim Bruijnzeels
- Re: [Sidrops] I-D Action: draft-ietf-sidrops-aspa… Tom Harrison
- Re: [Sidrops] I-D Action: draft-ietf-sidrops-aspa… Job Snijders
- Re: [Sidrops] I-D Action: draft-ietf-sidrops-aspa… Ties de Kock
- Re: [Sidrops] I-D Action: draft-ietf-sidrops-aspa… Job Snijders
- Re: [Sidrops] I-D Action: draft-ietf-sidrops-aspa… Job Snijders
- Re: [Sidrops] I-D Action: draft-ietf-sidrops-aspa… Russ Housley
- Re: [Sidrops] I-D Action: draft-ietf-sidrops-aspa… Di Ma
- Re: [Sidrops] I-D Action: draft-ietf-sidrops-aspa… Ties de Kock
- Re: [Sidrops] I-D Action: draft-ietf-sidrops-aspa… Martin Hoffmann
- Re: [Sidrops] I-D Action: draft-ietf-sidrops-aspa… Job Snijders
- Re: [Sidrops] I-D Action: draft-ietf-sidrops-aspa… Martin Hoffmann
- Re: [Sidrops] I-D Action: draft-ietf-sidrops-aspa… Ties de Kock
- Re: [Sidrops] I-D Action: draft-ietf-sidrops-aspa… Job Snijders
- Re: [Sidrops] I-D Action: draft-ietf-sidrops-aspa… Job Snijders
- Re: [Sidrops] I-D Action: draft-ietf-sidrops-aspa… Ties de Kock
- Re: [Sidrops] I-D Action: draft-ietf-sidrops-aspa… Ties de Kock
- Re: [Sidrops] I-D Action: draft-ietf-sidrops-aspa… Theo Buehler
- Re: [Sidrops] I-D Action: draft-ietf-sidrops-aspa… Ties de Kock
- Re: [Sidrops] I-D Action: draft-ietf-sidrops-aspa… Russ Housley
- Re: [Sidrops] I-D Action: draft-ietf-sidrops-aspa… Martin Hoffmann
- Re: [Sidrops] I-D Action: draft-ietf-sidrops-aspa… Job Snijders
- Re: [Sidrops] I-D Action: draft-ietf-sidrops-aspa… Russ Housley
- Re: [Sidrops] I-D Action: draft-ietf-sidrops-aspa… Martin Hoffmann