Re: [Sidrops] Signed Object signed with Ed25519 (RFC 8419 proof-of-concept)

Job Snijders <> Mon, 04 September 2023 12:03 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 49F12C1519A1 for <>; Mon, 4 Sep 2023 05:03:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id XAyiSazBlf9X for <>; Mon, 4 Sep 2023 05:03:44 -0700 (PDT)
Received: from ( [IPv6:2a00:1450:4864:20::232]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by (Postfix) with ESMTPS id 9847DC15199A for <>; Mon, 4 Sep 2023 05:03:44 -0700 (PDT)
Received: by with SMTP id 38308e7fff4ca-2b9c907bc68so20285441fa.2 for <>; Mon, 04 Sep 2023 05:03:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=google; t=1693829022; x=1694433822;; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:references:message-id:subject:cc:to:from:date:from:to :cc:subject:date:message-id:reply-to; bh=HyIjJ0mQ+kJxHG9SLDvTEdII2G2m/hdOwPun6VpbuLo=; b=vx8tHqKQ+EbmRercfGiuKenmeDfwCx1TsqYC0svUIbsDfFG4U8zXMnj2A05bPQcwi3 2ooRS5XVIOK18RaJCpamPiIgGmbe2CyziG8bO46QxEBbfseXAkBcxmDxyGr3xafJqn+j lhaAr/AiShMcF4zACbvx/WQqw6lvzPbRLTl8s=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20221208; t=1693829022; x=1694433822; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=HyIjJ0mQ+kJxHG9SLDvTEdII2G2m/hdOwPun6VpbuLo=; b=IxACWoO7gHiYdg/67th7D21tI3jOTDRuyZ6OUl0DOYfuhGMwpfm9iqA+5vs7Lz+tSw 985MCsqihJwmPkH4sesfx+R0VgZAKnCDhpM5cwv3C+Y2Ro2AzACS0LK6QAnIiiIoA23u +bxey8QHgyUGMOU/LUebozVzlSLDcN0eSryjbwqS5WgXd3KQkqTJTg57bQRmRCL72KX/ dWAYLeA0ardpmAxuE9bQXkgTQ83V3Zsz7UqSaYznyK0T7MiVWWDE0NcAqlTIhYXCQ/QC mE1iwy4y77Nh1oebbiOZtEGK93rf1vvA2wLOlHLjPTUT5n0qHJevfYbFkO8h6DIbHpzB 7Q7w==
X-Gm-Message-State: AOJu0YypZ59fMAqZZVlgPTgkWfIKEaAfuug8jIrMwYVxCOkNXaIgSXMM Pxk68R4LQy47es8A+Q7rygS+3PeEhEBlrkGXo7bhmQ==
X-Google-Smtp-Source: AGHT+IFPHjVl54xQfxP0ebEo9g4H7OqlWC5FxEChOUxBFbYBvdWyDLzcAVsxJn4VT/csCtK7aRUw3A==
X-Received: by 2002:a2e:a310:0:b0:2bd:1908:4433 with SMTP id l16-20020a2ea310000000b002bd19084433mr5916100lje.50.1693829022271; Mon, 04 Sep 2023 05:03:42 -0700 (PDT)
Received: from snel ([2a10:3781:276:3:16f6:d8ff:fe47:2eb7]) by with ESMTPSA id k13-20020a17090646cd00b00997e00e78e6sm6047502ejs.112.2023. (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 Sep 2023 05:03:41 -0700 (PDT)
Date: Mon, 04 Sep 2023 14:03:40 +0200
From: Job Snijders <>
To: Ties de Kock <>
Message-ID: <ZPXHnPS+6xj9WPlL@snel>
References: <ZPS/VK+6Q8a4dHgA@snel> <> <ZPW+682GaAFXymLo@snel> <>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <>
X-Clacks-Overhead: GNU Terry Pratchett
Archived-At: <>
Subject: Re: [Sidrops] Signed Object signed with Ed25519 (RFC 8419 proof-of-concept)
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A list for the SIDR Operations WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 04 Sep 2023 12:03:48 -0000

On Mon, Sep 04, 2023 at 01:51:12PM +0200, Ties de Kock wrote:
> > ps. Your test object threw errors: 'RSYNC://' != 'Rsync://' in the SIA.
> > <secp256k1.asa>
> Seems like this was a conscious change in our test code in 2020. Isn’t the
> scheme case-insensitive?

Perhaps, but the canonical form is lower-case, and (up until encountering your
test object) lower-case seems to be the only form used in the wild.

Since rpki-client 7.0 (April 2021) the caRepository URI is expected to
be an exact match of the start of the URI of rpkiManifest, as the
Manifest must be inside the caRepository. This was implemented as a
case-sensitive check.

Kind regards,