[Sidrops] RP handling of RPKI CRL Number extensions - draft-spaghetti-sidrops-rpki-crl-numbers-00

Job Snijders <job@fastly.com> Tue, 21 May 2024 14:01 UTC

Return-Path: <job@fastly.com>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 19D74C1D6215 for <sidrops@ietfa.amsl.com>; Tue, 21 May 2024 07:01:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.094
X-Spam-Level:
X-Spam-Status: No, score=-7.094 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=fastly.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I18spdPqnwjl for <sidrops@ietfa.amsl.com>; Tue, 21 May 2024 07:01:05 -0700 (PDT)
Received: from mail-ed1-x52b.google.com (mail-ed1-x52b.google.com [IPv6:2a00:1450:4864:20::52b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5FBF1C14F6A4 for <sidrops@ietf.org>; Tue, 21 May 2024 07:01:05 -0700 (PDT)
Received: by mail-ed1-x52b.google.com with SMTP id 4fb4d7f45d1cf-57824fa0a8fso818646a12.0 for <sidrops@ietf.org>; Tue, 21 May 2024 07:01:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastly.com; s=google; t=1716300063; x=1716904863; darn=ietf.org; h=content-disposition:mime-version:message-id:subject:to:from:date :from:to:cc:subject:date:message-id:reply-to; bh=IPv4ozvvwNTTQ4q6S2x3ZeCMbnnr7g8j3owYGfh1XO4=; b=wxDEsQgVEjRhSt3OPbdbEpXXXtQ7VuA8NeJL9KXgDFrrW//Q67Z61WnUTWpbRe7dzf lcDm3xID2qbIRuFIDEKIb5WBoxbUlZUINv4wAP6hHquJ+ogJYFXLaJgqR7aKMn48gW4I tZf56uhh5NvHntNppC1FLK082IzpkbC+NNOnw=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1716300063; x=1716904863; h=content-disposition:mime-version:message-id:subject:to:from:date :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=IPv4ozvvwNTTQ4q6S2x3ZeCMbnnr7g8j3owYGfh1XO4=; b=FMTC/0GmC/xyOnF8G2Em/xpNjtowWxglPzsul9S1RwvzxmpKfdjo5nuKFftKfZ6vNH XYkLJhX/MluMmOulNVLJQyig8x2ItL6z9ndB8dcLcQCMSw1GA0UPf9NS7r7EicFePUV1 WoOklcWIxblyOTe67xgya+1edQOJ/4WC9zLO/wk7a1BZ6rhFvIfAcOa7mml1G4Sfwv/N VRj7Pgn60Czbz7qwUuLHx7pDQglKbbfNsXTygZOyUIu+5xDzqWix0E3n9lIR3O7DE38V dtZW4QgBvYz0gnu9YNm8bLYarLbF8GG1R2bVdCSySiSPJ361CYVF3ryDXdck3b5I7q3U BVhA==
X-Gm-Message-State: AOJu0Yy5JFBG+ffKRUJuOylS8X1BVMIQQBy9N+6VAETmTzRhI/V4o6rZ 3WLcBqqPKZCxsbpCjWdg9MbUMoDtt70mx5Ui+4tlApuMBWmQRCqoXrgDwDhOStvj7nNU+4P2jDV jdhTvMljx9D3rgDiqwHRyMD9QryQtHhXapXjS0kuP32bVrMSV1gHlDAe4ziT6p+ctZWvpAJGIC1 fmu5fjKmtgVxj0qeP78WSDsUUq
X-Google-Smtp-Source: AGHT+IHRmde2mz/O4g6BOiGlSL9VseExt0ouZvy+3ib2Tf+mxdgNw1OYzc/hbShBl0JxWm9VlwoCMA==
X-Received: by 2002:a17:906:358b:b0:a5a:12f0:3737 with SMTP id a640c23a62f3a-a5a2d53b19amr2210998566b.10.1716300063139; Tue, 21 May 2024 07:01:03 -0700 (PDT)
Received: from snel ([2a10:3781:276:3:16f6:d8ff:fe47:2eb7]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-a5a8a55f2e8sm930427166b.126.2024.05.21.07.01.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 21 May 2024 07:01:02 -0700 (PDT)
Date: Tue, 21 May 2024 16:01:01 +0200
From: Job Snijders <job@fastly.com>
To: sidrops@ietf.org
Message-ID: <ZkypHdhaVT2lTN0R@snel>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
X-Clacks-Overhead: GNU Terry Pratchett
Message-ID-Hash: ITTEBFKTU7O6Z4I55BMAKFTDIM4CS6OJ
X-Message-ID-Hash: ITTEBFKTU7O6Z4I55BMAKFTDIM4CS6OJ
X-MailFrom: job@fastly.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-sidrops.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [Sidrops] RP handling of RPKI CRL Number extensions - draft-spaghetti-sidrops-rpki-crl-numbers-00
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/D-TY5ODjudygdjovjnrbe_WV78M>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Owner: <mailto:sidrops-owner@ietf.org>
List-Post: <mailto:sidrops@ietf.org>
List-Subscribe: <mailto:sidrops-join@ietf.org>
List-Unsubscribe: <mailto:sidrops-leave@ietf.org>

Dear group,

At the IETF 119 slot for draft-ietf-sidrops-manifest-numbers, Rob
Austein mentioned CRL number values might face a similar 'maxing out'
issue as is being addressed in the RPKI Manifest Numbers internet-draft.

Upon further contemplation, this author list concludes the CRL Number
extension serves no purpose for RPKI Relying Parties, because of the
ordering function Manifest Numbers provide.

We believe these proposed clarifications align with the existing
behaviour of actively maintained RPKI RP implementations.

We ask the chairs for a 10 minute slot at the IETF 120 Vancouver SIDROPS
meeting to discuss this proposal face to face.

Your feedback is most welcome.

Kind regards,

Job


----- Forwarded message from internet-drafts@ietf.org -----

Date: Tue, 21 May 2024 06:45:31 -0700
From: internet-drafts@ietf.org
To: Ben Maddison <benm@workonline.africa>, Job Snijders <job@fastly.com>, Theo
	Buehler <tb@openbsd.org>
Subject: New Version Notification for
	draft-spaghetti-sidrops-rpki-crl-numbers-00.txt

A new version of Internet-Draft
draft-spaghetti-sidrops-rpki-crl-numbers-00.txt has been successfully
submitted by Job Snijders and posted to the
IETF repository.

Name:     draft-spaghetti-sidrops-rpki-crl-numbers
Revision: 00
Title:    Relying Party Handling of Resource Public Key Infrastructure (RPKI) Certificate Revocation List (CRL) Number Extensions
Date:     2024-05-21
Group:    Individual Submission
Pages:    5
URL:      https://www.ietf.org/archive/id/draft-spaghetti-sidrops-rpki-crl-numbers-00.txt
Status:   https://datatracker.ietf.org/doc/draft-spaghetti-sidrops-rpki-crl-numbers/
HTML:     https://www.ietf.org/archive/id/draft-spaghetti-sidrops-rpki-crl-numbers-00.html
HTMLized: https://datatracker.ietf.org/doc/html/draft-spaghetti-sidrops-rpki-crl-numbers


Abstract:

   This document clarifies how Resource Public Key Infrastructure (RPKI)
   Relying Parties (RPs) handle Certificate Revocation List (CRL) Number
   extensions.  This document updates RFC 6487.



The IETF Secretariat



----- End forwarded message -----