IETF Logo Mail Archive

[Sidrops] Re: Mike Bishop's No Objection on draft-ietf-sidrops-manifest-numbers-08: (with COMMENT)

Tom Harrison <tomh@apnic.net> Tue, 13 January 2026 06:36 UTC

Return-Path: <tomh@apnic.net>
X-Original-To: sidrops@mail2.ietf.org
Delivered-To: sidrops@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id B2F69A6D759E; Mon, 12 Jan 2026 22:36:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (1024-bit key) header.d=apnic.net
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5K6IJT4AUjpq; Mon, 12 Jan 2026 22:36:17 -0800 (PST)
Received: from MEUPR01CU001.outbound.protection.outlook.com (mail-australiasoutheastazon11020102.outbound.protection.outlook.com [52.101.152.102]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 91B7CA6D7594; Mon, 12 Jan 2026 22:36:14 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=JTcpYWyg3Adp0p+yw/EzitJ29+HJq7UQXQ0f4h+X8w+UEQlMHloIMLAMo0AKVkRVn84GfLP83xYp/5O49vbxJOZq6eQ8vu/+YryyI/UOcdwR+9phEXiKsia/yVDCt7YKvZS6mWsKWrSt8hJ0RQpIN/XQHBNA9eMImBuC9eozHJe5Z1lvCHxS83PSxtnyC9Ymv6Yq4xAyvjHy1eDB8E5is9Wk/UnqazWQhDSXf4wiGM42f8QoCQQBvS1N/QzcKlhodgthF9t6oYJudm2JTFd2e4m7VJ/1FASgpXxkixN09Ix9dALG7XugH9mhhFIr+Hyl6q1AGzIo3ahIicLnabKiYQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=kiQmJ4U1gz6DEVZHqt/wP1VXi8ZpwuYETg0LIN38DNw=; b=c9l/ntF0QmAcuOdi0mgjyzrGGg5K71jfTxEtD1MpF1hUlq8ol/+O6SKFkcgP7UyObusZBS4aaIlIp2dCErltdfVlhHg2TkkIq/4/wY1nJExJq1I//I5iVHPo2UupIAe4npNR8gBZ1l1lbl89QkrtRKOZePB4A4lxYFg6n0d/Lt+x7HPXjZNBWDAynU6EI6eXJZzmBFJr2X+MfKR93HYlZRVnAOLV2yIZezRqewgWgI17C0hsUDUtTbT1bHOWolsBwN8tXYA313qAf9yToPWizP5PmPp7fzKsvAbFsN8wKTW5ADDmG0JZh9IhqYmv25g6iBrJNNT3iBZHQqUkiJ3P9A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=apnic.net; dmarc=pass action=none header.from=apnic.net; dkim=pass header.d=apnic.net; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=apnic.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=kiQmJ4U1gz6DEVZHqt/wP1VXi8ZpwuYETg0LIN38DNw=; b=j64u+iQgV0alg0UU5f0P0apnYiLQQOmifZ5ZtttE8lJfMYkWJXOoLkFzWxcuViBCgr8uYl2Ful2t64Xea4xOiffqhsG9TR69JPJ2yjNhAwtR5u+E4GXCvgrJ6pP2zl2gGv3e8YXjXEZCZumZ9N/8Uzrzzwy/FDCjnaoKE2ZJIgE=
Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=apnic.net;
Received: from SYYP282MB0880.AUSP282.PROD.OUTLOOK.COM (2603:10c6:10:bc::12) by SY4P282MB4061.AUSP282.PROD.OUTLOOK.COM (2603:10c6:10:1c4::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9499.6; Tue, 13 Jan 2026 06:36:04 +0000
Received: from SYYP282MB0880.AUSP282.PROD.OUTLOOK.COM ([fe80::7962:e03e:c34e:92bb]) by SYYP282MB0880.AUSP282.PROD.OUTLOOK.COM ([fe80::7962:e03e:c34e:92bb%3]) with mapi id 15.20.9499.005; Tue, 13 Jan 2026 06:36:04 +0000
Date: Tue, 13 Jan 2026 16:36:02 +1000
From: Tom Harrison <tomh@apnic.net>
To: Mike Bishop <mbishop@evequefou.be>
Message-ID: <aWXn0qQf4aJ5RmBs@TomH-498551.lan>
Mail-Followup-To: Mike Bishop <mbishop@evequefou.be>, The IESG <iesg@ietf.org>, draft-ietf-sidrops-manifest-numbers@ietf.org, sidrops-chairs@ietf.org, sidrops@ietf.org, ggx@gigix.net
References: <175572126181.878732.4853602693859362747@dt-datatracker-d8bcd59c-frtgg>
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <175572126181.878732.4853602693859362747@dt-datatracker-d8bcd59c-frtgg>
X-ClientProxiedBy: SY5PR01CA0058.ausprd01.prod.outlook.com (2603:10c6:10:1fc::17) To SYYP282MB0880.AUSP282.PROD.OUTLOOK.COM (2603:10c6:10:bc::12)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: SYYP282MB0880:EE_|SY4P282MB4061:EE_
X-MS-Office365-Filtering-Correlation-Id: e982b46c-28a0-459e-43c6-08de526e0654
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|10070799003|376014|366016;
X-Microsoft-Antispam-Message-Info: lx8rvzW6evxZyNZz9PAsSL0YcZnlW5Omr/jmVOJpLvBYh8v1ytIaDueadVqJIpknytOQ+wK+WQyfxNDriFMNGSJiq7AaOBbaGlaDyRehh8BZKk82ZF+gJZ2xAqybYNXaqkAXF6leDJZ4yRUkZ/IESI8Dx8pmNC8pqINshkVv1h8fzfFQ4DziIywaZVnMhS/R9aTJf3v05wOEWbtY6kqihDNIwmq52pMngfzInF+9pgX2J5yDcuypwfmXCFg3Whb+7tY9sywdwEsQj7hUja9MzN3aDjWvjrWxlJGuMEP1biQUk4eulKkVJ7oR66r9oZtj2/SPHLCTjfi0TwPczT/bKlxHACPE2JQPqG61bGObkGtoFs1Me9JvSIYL/NC4nqTi9c6dhyNfeKIS7Kj/E6SnguOP3okExT31bCOJiUBFYKt3fHkipNYfCmU/z9U4RcnZmcdCt9q8w2LPJldKkw+ZlwMxNiwzqZUBQFcBuXXSnARjketz1jFqiqiFU/o0nnZf7J9JFdn8afJ/VmbdbdQ5aCsbQF4rDosGVNW8T3DBlVUES29QMk2YQFVMW/TaU/Xn46S3Kpjj2gBx6uMVqxeGVKBKqbjmAOJyCi97V5m9lr30+dtL+bUemXm3QAwFnpbsYKDegI3NdcfwXsU7gZ7wiL8fReWJgxgZiy/ZiRYclaFFLN6c890ucxoQObcnzCyEXXfudYomvIg91VCDLGxdLVIEsM44xwimo3lqSlP8Bc5Uzed3/W00vezNwfHkLHpa0quLG+f0g80AW+qiFxvMlj06meQH1C2PVh0fANXLClvztC60kA5ZtaiRsCM565CV9KTCieVKUpyw7/fAZ2GOfdrwhvQIngO+h62ExVBlTAzu8WRLGaPVrQw3CyBvnF8bBWrm2EtB2rcsmnlvfv6ks/cXwBqKYx0GrbM0DRrmxjc0lwaBkPKG0V8ulXkLspvH/jla4m1OQg01stC0jrR3VvLTwnI9v+OTbGIexsaYBzK3k3W/o5zHmv41/gjslipcB98BKZsiLln/Fl+sn5aCQAz75P0qLvIIAEcUMCBETOG5BF4+1FL9rkDieWRF9IAwyiSq7wE267u2lxCYcuAIMegwI+zHniNU92XuwKwYdLQADzLN3bDByLz6WDSXD1iuzWk/35i9vMdnZdekz9QwqiUne6pCu44HwPOgy60279VxMP2PENUBa5jiF53YSCOcLOka/1Q8kP5+OyiJUlUED9d4bSgsClUsAuMPoLWyWp2bfW5yFYRKawzIlQOK02BSYnrIYf2kLw/hy5eGKX6s2Hx7X7Ye/i2VADHYVaJhm7z+7NsMaE+36ID2M7tZpPwvm7kgLm5T8U2BqtPWpPit/sdW2MijkdstrPsCNZdzv0QjaV7LLBGrtS1nwW80Leo1LvMhrf8snps9oOZgZSmXsA==
X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SYYP282MB0880.AUSP282.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(10070799003)(376014)(366016);DIR:OUT;SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 2
X-MS-Exchange-AntiSpam-MessageData-0: n5IZMHPRHFf5vxwGW7AzwvxhO8ZZpyGRxafq1O9kHFVbbLEbg2H8JhLHwj6dt6yr9zRxepjGipo5pxIBcS5aaucNnsVrH8sN/bzXXLXp/w0ljP2LpnVCO86R/wU/NFYh9AR8S7rr3Ct5RsnGNbcbUu5WAyZ1lZf74nXVrAIMLZd9VIsf8Pr9lF+FPg6vKWJv3XYe8SnS9ZvGSdNtb1CEGAIGMhoszIV5f5EKPjh+dbCrr90EO+F272VQ2erC5+TsayFvgzVz7JCrvlnVPUCJ6xbtIPY4VhT0rLQBVNGvKrZUZr45kgpunXQ07lYWbYLX/o/+2iqGA9tQ5bQotbLVhaRBzgwisvTkexr8BdJpn/K+5QPg69m3CxA2XkeyX4lNvAZnJIxXNEaI9n9sBAQutnq/EGXSuVyrMVeJdqnkp1Jb5hoD4772QqXHhODFPhhR6b8Ac3OylFK5oOW2tEegFvKQ65ndhXCSPvTXDM7DLnkfzYXY8tImS8HC8TzpxfXy11E7+D07Af+rUtAJZBGZSV9RnAp5WXbz1XMaESnwBV8ArSdV7OYQ1+WH4nwq0dLI+EYAiZMiOO+NPhskXp6t3U/dOyDVK50rZGIYsGQe5C8s1ESI5tnuWQfqu/D1vS4SVNgOyTVSPQxyJgNDTWRZKksSLUVGKkBzijUhZNweZaLlK3yi6UVssrWGv+fJ0fym8/DkxmE9a2e7kDQpxRI8O+V5c2OsMAVamBHP+B+OWBXcSp40arYWymfxNQ3Jm1Xrt7NzrrO0lcARCKbLx/b1uQmUfDP9B6zWFwKZkyGBO6AW34h/AZo40niuMBhDi4G723ShjbwaUlkg8xBmkoET+rUpWDyn4nEydlIt8NhEC1opSmWuhvd1YV7ge93bnK2Rp/tH67am04ll/YaAuBRtpcbWtzxATDfI4MxIYVw+92nZt5ljX/XDGZJJKQ5tCLXE4+pduEM+DbOJQZ8kKO4HObhIllIrOUZDCKblzWn6Pn8ZmRKsHDya2oIY5rwupjLccPmJMmAC75DT5vgC2VkmCL8QW/rNlYH+uPKuxMpJWh+ck2e9ayYpC7kFFZtHJPCIYnWNgJjXiSSGMqExUS64VgmoqfoZqcFr45WIJmS2ICn7Ul5a/mP6dHc3aYCE6Qgp3tL+hIk38LAQxikbbDQ/pIJ/8Ohje2Py6H2jdMt41fWYIdrHz9hbUnp9UVy6mlCcmE7fmXXVJjm8UQAjUa0wRWqz5dGIxHCEcOiIFIGGFof29INNcWas+6/dbJG3ji6vOCS6dIE4DOZY+bRjK5/X763Q22Iyf79+1NV4IrMnoOsOoSaQQrH3b4qJscRpEycHgpvTmRNqlfC5qYlr/tkhBm2SVSrWjcD7bG6ZGdhB8Okx0OMO8F7r+lq+vfSZXCFq3mDD2X4+rsKtKns1SdSvQgkcpHSdm1EzTJw6ZLnXn6HRcjBty2XjNAAnRckGu9UGfYHZG+lGGZMc7G8IK+eH+XirmAbgsJVQoWJgTVpLaHsIvjBz0vDzCwnh9EQrjolpG2ba/9EZMXcxWw14fUjJjX/gRytJRdwb55PMnxWAABAeU1l8kH6BWMDa0O19T0DqHjvV1n41ia79WOKP2b/0VmSK17g/weDXEIlTZsFW7fOH1oVKfVrHXNI1gU/ay93iK7d9EnLODDgzrzxSexaH2Fs+gkHsOqAS42XAKpDNxmI5pZVoFq5sOjTmBx2OgoWSzd6R7jMzkHQ06K8Oq74h5zSVqKeS1Bez5QutEbDRWIgN17Yp2ExKMAmsMgrwVnMfQQlq7oqQ
X-MS-Exchange-AntiSpam-MessageData-1: dpH2T2QODxs3EQ==
X-OriginatorOrg: apnic.net
X-MS-Exchange-CrossTenant-Network-Message-Id: e982b46c-28a0-459e-43c6-08de526e0654
X-MS-Exchange-CrossTenant-AuthSource: SYYP282MB0880.AUSP282.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 13 Jan 2026 06:36:04.0214 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 127d8d0d-7ccf-473d-ab09-6e44ad752ded
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: YfWKH1iQjLQLpQYsc0G4g+d9Df87sFAH0jzc5OAt7TgxphV5EH0klzgbO5H5DDUB
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SY4P282MB4061
Message-ID-Hash: LSC6IZB3DCPTFGN7DVUKXDEQ2ZQ6HHBW
X-Message-ID-Hash: LSC6IZB3DCPTFGN7DVUKXDEQ2ZQ6HHBW
X-MailFrom: tomh@apnic.net
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-sidrops.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: The IESG <iesg@ietf.org>, draft-ietf-sidrops-manifest-numbers@ietf.org, sidrops-chairs@ietf.org, sidrops@ietf.org, ggx@gigix.net
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [Sidrops] Re: Mike Bishop's No Objection on draft-ietf-sidrops-manifest-numbers-08: (with COMMENT)
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/FHlUrRCoVq07seGmiTmJ3_lDkTE>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Owner: <mailto:sidrops-owner@ietf.org>
List-Post: <mailto:sidrops@ietf.org>
List-Subscribe: <mailto:sidrops-join@ietf.org>
List-Unsubscribe: <mailto:sidrops-leave@ietf.org>

Hi Mike,

Thanks for your review.

On Wed, Aug 20, 2025 at 01:21:01PM -0700, Mike Bishop via Datatracker wrote:
> With regard to the SHOULD NOT change filenames, I will note that one
> common versioning approach in some areas is to give every version a
> unique filename which will never change (immutable), such that all
> prior versions can be retrieved if needed. Thus, I can conceive of a
> CA that chooses to change the filename with each new manifest, such
> that the old manifests remain available for comparison purposes. If
> the filename is no longer considered a security mechanism, it's
> unclear that this deployment pattern needs to be discouraged.

On this topic, all known CA implementations use stable filenames for
manifests, and most follow the guidance in
https://www.rfc-editor.org/rfc/rfc6481.html#section-2.2 about using a
value derived from the public key of the CA.  We think that the chance
of there being a CA using an alternative approach is sufficiently low
that it's not necessary to expand on this point in the document.

-Tom

v2.39.1 | Report a Bug | By Email | System Status