Re: [Sidrops] Manifest entry filename validation

Stephen Kent <stkent@verizon.net> Mon, 30 November 2020 20:22 UTC

Return-Path: <stkent@verizon.net>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ED10C3A112E for <sidrops@ietfa.amsl.com>; Mon, 30 Nov 2020 12:22:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.101
X-Spam-Level:
X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=verizon.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tf0mS4GMsWCu for <sidrops@ietfa.amsl.com>; Mon, 30 Nov 2020 12:22:02 -0800 (PST)
Received: from sonic301-3.consmr.mail.bf2.yahoo.com (sonic301-3.consmr.mail.bf2.yahoo.com [74.6.129.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 88BFB3A0EF3 for <sidrops@ietf.org>; Mon, 30 Nov 2020 12:22:02 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=verizon.net; s=a2048; t=1606767720; bh=VITjYtTZD0jT6auQdwNzGFg188S0KfJH1gfgEBapwxc=; h=Subject:To:References:From:Date:In-Reply-To:From:Subject; b=OLeKZTQqFpmUElpV+PmK7C5lTMc29vqO2hwOfRTwOmuckeSY7twKXbqrTVgzi8lHTyisvDPQAts86ABoc+hFr0ghE3OfSinsizEp6IQOJDzzBmmAd9wN1TES6h1cxFpS+rGirhWYdaFDFbhncyNvPtnzVPuIGM/0JfS0Fn5zrSt4E5cv8IgNuIwxQpogLwYPAs/e/m0aMNCZdvF9xtmAM42y3/Q62lVVMKuqy6wJFScFEsg+C6xtIj2DHtDfKscJR9l8aHWZZKrVhp2Xtx8DzwW6ltJci+CJMLkMijOvc0tMKOdLSqaL8WcfFG7wWs3jxbsbtsH65i8qb6kFhTCD9g==
X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1606767720; bh=WPFwBjG7euCefCvucIDR5OyXQpxfAOeZzT05QFM3rlc=; h=Subject:To:From:Date:From:Subject; b=Zy2F39Lte8ZDZ/2fEizQkaf3KBojnii3Ml1FO3ummTXAA6Wlg8RGpi11j9R/esyveJM0Yr6P0IigEFGcfn0hcjWXQRWLUh6uS71mCKDIPugmRbd8l+PaknbWzWpHeS0ZcC8ZtRiHeK4GOYsywundCMgjnEh95axn+ukoNrmXSRyr5tuYETNdByBclCJcW3NLGSBI1kUQ7FwF5PpSWgYFjUGxUUmceBEZZYvcX43lqfO5SRKF7rQrYvUjmnTBzNpDa+Ny2PPIwckUmRfxACXojQ5ckcIzkOzOeArCUeIbOQc2p2U50BgatMprehgfIj727/6RpwyObqxmR3SgQCxZ3A==
X-YMail-OSG: HVLMO4gVM1kUuocXoZuIiQOaPUi2_BbsflrBxh7V7nL6D3CsAuTDxb6ynLHcAs_ 9UZfM.aYVgtDI5aCiw1DKGOR5dXKDZbOXYtMY1kxF782lZBW9Y3m9bjn2mnXw6.5E3D2x0H_w.s9 zxL6JLMHHiNA1V3gheBlpKNNSj9UoTbA1kIOX_p0x5APWa6DuLRqgsnrmFeA7hEP9Qh9MoIdAFp4 hyVtum333Mjh4zQoOEDav5ZBTg6o1MX6ZCWhjUeWbmwRWiqsHBCtlW64t9WRPUnoPIDDp1Uh2nzs Mr3rRdlhkGNZ_mE.CewkS9xJJxwHUs.bYPfD6LUlcy79_wG443vlwL0Go3ZgItuPMK4Tk0lr6r4p 7ej9FvmY3w9uHzkxehR41ANAgrWrf477AtRMRN6weaijrdSOLRHw_yx.mmbNBkk0ofVX3SRegCNh lkkNGDEW_xCXhq_BuoV3oI1Oe3hfs_jjrVAnp8k8rwKDnpy.MiWT58PtJ67uI9uFir9iOv9q76ek MI6CQPjRgB_szPOpV3I5EkLAR2q_OqR6SgkKtwFziC0l7l9JGMO4Np.coi3x4J_3Bn5xmWWDmlCi NN2dlkeOmzbo1336ZKVuM7QmcmgVrH1dNZaSnOYqnhjzWKh8rDDY4y5AY.MfvCEMAWtLN5eZRwE2 d7ocJ_hWeBPML2qULdvwSTMR0hrmxZMUKO8k8Bczh2eEU8_tSt8cIwtoXl9hTQlTEyoYk8w6nRu5 iwqiUznjUNCrJHyKAMFBtIUlfPvWRfce5EVfoykpIe8iKDRclX4sLoz28LRPTHRNsudMwO3cX0SA n.uhuieVdWWEI3kRi4KkNNzxRaFw7CTf1v3w5IPidv5dTe0lArH4c8GOXRcrVI7WWKHg.wOPzD3i nx9DikFgVVKFUR8b2c5SYfDylAHl2uOjiUXwBgWJ2bAtcD.AwuIfEWRcmGcX3XJj2A4tkEfoqCyV VrYRCPryK_Wm00slzA6jGn95tUbwm6wfPfO7StxljLjawu3rEaoiPKq5IKeHsGH0P2vWy84VN75J Nuj02ZagMiKRGuN61pdApr1K1fTE6km3_u3i2sDJ4.QS2sXzuIPDNbfIFNaHLRWXOFOWuaUmtmkV FNKD3dAAyisha2atVVU8HZb95XOFr2EnwFTJVz9xKF_3iEzXzOqqhQHze3vVt8_gAWWFI2xl17IY rk.3VjUxHQbTnVMCpj5JXT9N5KDHlr81HAb4M9NWtnZork1QeRMVh3._ePclUU386iFEPrzc7jt_ 5yYCcNANK97FIXIWKIiDdlXzOaoEMJkOMNONrMrwclI1vgG8ZpMwVdzbc11WOLBw5Ey04QrmOZZQ wlKARrta7qCpEbULPFbsTUVpBynTOT1ug.qvGGTn8mAt9s3mHtD_SilRGcGknUh97IgfvCXcTMKj ozjs16BzXFJe1cqVfnqvXS82io7VxrklNZdJxLo2U8e9Gx5FGXN0PZvIZynyqsI0B1j04vuUYSyk hnSz77vga1CztOvj7VepU6aQNg.r9Prc1rra5WXfX4MW6j9HcmDqQXX1S_qJWwXllTKs4VH7qw38 WrOB2HBGWBI25uaIn46Z6GDyoxv_E6LDJkky1QHNfjZOv_yKZ42soJaGT_yn4h96libn1Rfr.Qn0 YLUrRVjDL20EJy2j1aZ.8u5elgkzHvcIIOkBu3bYlM0ZjZwTvwTmwVF4aGuORJvZrsT56nGcK4Jc ZMN1aSfP1TqSI.S3cb4YaCZAHKPxBeGY8RbWxqZlFjhVKZb1meBT8rImc2_0UQ_d7R7ss1p0faux pgSBBlk5WioRENyYH7QSt4dViTxuDM8HIVx5WFsQGLancaSBznspx4zkhDJsS.9Y8eu2HyBnYa9m khxCbsEvixEeHMF_naxnbjLV4KeCxV2AtNREU3kIv5rOPxGpVQtE5T47Qm_xBiQEGJqgA4rEOj2X 92TXWWUcUUxeyKVYxNzUfZPRQOqo4SFnUCl92nUW32tsexJy_eKqdhjB_kpZBXCOMQRSR1869_Yq q7zES83QFuEBCbQpufSbFUaKRWtJuKOCgNfazyScvGLbk35uoCHM.6jz8QPvTvhe5phPUgIa6e5b XFQnz2dhQ4VPsTJlfiATVD6OT_EH1K8kcltaszw7xczV9q5IjOy1xF11qf539Htd4VAcGSak7pmv dW4lrVAtREnmdoUeifEtsBAXakiN.u9hWXTT3IrVWUtXM4vOU_sPyE9jfd0sgPbrDXku5U2pRPjw BQrXYgRYMFctEqlghg166C.TqQb0Lhg760RVKmtOPegb4B6LAabLwlEppyKqi9Q6qbZYpsmxrWen 9jWxK9Ooh9RbcEhbvILXHfCMg2hr2gpIAqaP12Pum1GIm..s8lbdftvmSjBpiRNG1faHtE_1Pf9R AfdI-
Received: from sonic.gate.mail.ne1.yahoo.com by sonic301.consmr.mail.bf2.yahoo.com with HTTP; Mon, 30 Nov 2020 20:22:00 +0000
Received: by smtp407.mail.bf1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 753383323b60d2750295413440d1b014; Mon, 30 Nov 2020 20:21:58 +0000 (UTC)
To: sidrops@ietf.org
References: <18CC986C-97FA-41F6-A530-F782D3104A31@ripe.net> <73eae8a5-a400-cb45-7fbc-9cc7f79be804@verizon.net> <X7aywnRgq3ubVUBu@bench.sobornost.net> <X7bVOm2uzffEWbMY@bench.sobornost.net> <DB542A6C-A0CB-4F0A-9D15-B06AA3B98875@ripe.net> <X7vQ+ff7yAHYuF3e@bench.sobornost.net> <47A14E7B-89DA-4C9D-AFEF-41F1C1CDC607@ripe.net> <1a26db25-a898-2a19-77c1-70e620def269@verizon.net>
From: Stephen Kent <stkent@verizon.net>
Message-ID: <ab0f06f4-43ff-6d7d-0a8a-0ff51f7f8773@verizon.net>
Date: Mon, 30 Nov 2020 15:21:57 -0500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.5.0
MIME-Version: 1.0
In-Reply-To: <1a26db25-a898-2a19-77c1-70e620def269@verizon.net>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Content-Language: en-US
X-Mailer: WebService/1.1.17111 mail.backend.jedi.jws.acl:role.jedi.acl.token.atz.jws.hermes.aol Apache-HttpAsyncClient/4.1.4 (Java/11.0.8)
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/EBFoyoHphTcBzdIM_OYCTZgx33Q>
Subject: Re: [Sidrops] Manifest entry filename validation
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Nov 2020 20:22:10 -0000

I've seen no responses to Tim's suggestion to create alternate extension 
types for certs used to other purposes, e.g., router certs, so I will 
ask my buddies to issue another version of the ID with the text below. 
Thanks to everyone for their contributions to this additional, 
clarifying text.

Steve
> Section 4.2.2 "Names in FileAndHash objects"
>
> Names that appear in the fileList MUST consist of one or more 
> characters chosen
> from the set a-z, A-Z, 0-9, - (HYPHEN), or _ (UNDERSCORE), followed by 
> a single .
> (DOT), followed by a three-letter extension. The extension MUST be one 
> of those
> enumerated in the "RPKI Repository Naming Scheme" registry maintained 
> by IANA [IANA]
>
> As an example, 'vixxBTS_TVXQ-2pmGOT7.cer' is a valid filename.
>
>
> add the following Normative Reference entry:
>
> [IANA] https://www.iana.org/assignments/rpki/rpki.xhtml#name-schemes