[Sidrops] Re: [WGLC] draft-ietf-sidrops-rrdp-same-origin-00 - Ends 1/July/2024

Ties de Kock <tdekock@ripe.net> Mon, 17 June 2024 16:33 UTC

Return-Path: <tdekock@ripe.net>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C86A8C151089 for <sidrops@ietfa.amsl.com>; Mon, 17 Jun 2024 09:33:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.106
X-Spam-Level:
X-Spam-Status: No, score=-7.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ripe.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bRNRFQhHmL7Z for <sidrops@ietfa.amsl.com>; Mon, 17 Jun 2024 09:33:00 -0700 (PDT)
Received: from mail-ej1-x629.google.com (mail-ej1-x629.google.com [IPv6:2a00:1450:4864:20::629]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 40F62C151092 for <sidrops@ietf.org>; Mon, 17 Jun 2024 09:33:00 -0700 (PDT)
Received: by mail-ej1-x629.google.com with SMTP id a640c23a62f3a-a6e43dad8ecso790507766b.1 for <sidrops@ietf.org>; Mon, 17 Jun 2024 09:33:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ripe.net; s=google1; t=1718641978; x=1719246778; darn=ietf.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=DALnocYDczRKPc0HHc4u7WMKnwgb2Q7rOcfIX1hClKI=; b=ooemi1eCK2eHGHLD9Mg08VBKpZIiw8A1mvBtK7fhw7SdIF4VrfRfQjmH/e/eRdMzqA 4rEnHChmuM+YN68fBWvVARhvVMJ/bnQyoVMXeCz2SPXVT9b0BhA372Q9OEAj7U5f7ALS hoVEquNrTV52KuuQwBLwCNuKcJ6j+zvwb+8E5SWeYYEHyoALd2GDoeTarlkxoRG6O5Y5 JhEIMsE6wpuCtc9ppdpVwNE9j75OEq72y25mfozM+iiBB9DyHYP3FsgVFj42nFbKcTuI nKJ6FG4yfghaiIxKyncAp4HMoCEJaqn+ZZ3JluSWLCsqYAOTrczUXKd6ZYRvJV8cEje0 WBtQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1718641978; x=1719246778; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=DALnocYDczRKPc0HHc4u7WMKnwgb2Q7rOcfIX1hClKI=; b=t5t1wtzb0QGv1Bhv4GcWHhrafVwMXvpziTlKlxW1jozujKUrKnxU5Av4GHX9I+eaQS iFCMT+a+80Y8L5E2UMlshmdKcf/nSYpKsuzYikcSKX6MZcAPfm04AIOzqyXLWH53reUA Q216Jremyr4XX+qA8ncraDjNP+LWu3iOjf135S7C1DTi0hRG1K09RXWTl0wKIfrCspEr p89Ub89Xer+kjMs6Tw00Cxm9C7tBjxNAHrdaEFmnJQTIUiJXujZMtCkubcUWZ7eBTnbT Z+hcMpas4DXSaTupTa4hw0Z5gOSoaurqBb6kjUAc4mXWQiaCkvRiJVXh1uuVXOkgetY1 IQlg==
X-Forwarded-Encrypted: i=1; AJvYcCUwEc7uo5bQG9PVwYa/kc/WVxF2nzPnNL+nupznIBdfojuCAYMuI5CV6FWZOhjxTDHeeLF9O2HwHQS3xpftFLj6
X-Gm-Message-State: AOJu0YwTiWqYW6g4wSkHQtZhxmz9Pgn85rza0Pm88RmK3QDdZYRhYzrW fuAETXhgwKSJXANLD7R59Z+jRs9W0Hi/DXADb99eHfRsocWyD7UFKaUKoG7uEEVuZ8n44CwLHkE HydZl82saSzhXFioF8aPerEjmbjKlqC5wKsUtBQ==
X-Google-Smtp-Source: AGHT+IEYWZiZEKXjpdL7Zd4yD6LeziwIcSWv9p9tU75k/z/SXWi0IJTIvcWuCiLomE4jJ/nUoNkU/At7PKQUYgaEI5Q=
X-Received: by 2002:a17:906:5947:b0:a62:49ae:cd7b with SMTP id a640c23a62f3a-a6f950365f7mr9475466b.24.1718641978119; Mon, 17 Jun 2024 09:32:58 -0700 (PDT)
MIME-Version: 1.0
References: <9E606C18-78F2-408F-8180-A0ED27FBACE8@arrcus.com> <ZnAZHaLuBUyL3u_N@theobuehler.org>
In-Reply-To: <ZnAZHaLuBUyL3u_N@theobuehler.org>
From: Ties de Kock <tdekock@ripe.net>
Date: Mon, 17 Jun 2024 18:32:47 +0200
Message-ID: <CANPYmgj7ZXFMWxye1vDZN9fF8PTfbfse1XAyKtuUx86xQNOyYQ@mail.gmail.com>
To: Theo Buehler <tb@theobuehler.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: YMSJUAC4A7VXJYCQSK5K6KNOO4GU75AJ
X-Message-ID-Hash: YMSJUAC4A7VXJYCQSK5K6KNOO4GU75AJ
X-MailFrom: tdekock@ripe.net
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-sidrops.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Keyur Patel <keyur=40arrcus.com@dmarc.ietf.org>, "sidrops@ietf.org" <sidrops@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [Sidrops] Re: [WGLC] draft-ietf-sidrops-rrdp-same-origin-00 - Ends 1/July/2024
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/Fg_-JGhS3riG-rLOYjlA8wVwork>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Owner: <mailto:sidrops-owner@ietf.org>
List-Post: <mailto:sidrops@ietf.org>
List-Subscribe: <mailto:sidrops-join@ietf.org>
List-Unsubscribe: <mailto:sidrops-leave@ietf.org>

I have re-read the draft and support publication.

The issue (and variations of it) described in the draft are current and easy to
execute. This draft makes it significantly more difficult to overload RRDP
endpoints or RPs.

Kind regards,
Ties

On Mon, 17 Jun 2024 at 13:08, Theo Buehler <tb@theobuehler.org> wrote:
>
> > A working group last call has been issued for  “Same-Origin Policy for the RPKI Repository Delta Protocol (RRDP)” https://datatracker.ietf.org/doc/draft-ietf-sidrops-rrdp-same-origin/.
>
> I have re-read the document and support publication.
>
> It is already implemented in the widely used RRDP clients and it is
> important to make future implementers aware of this problem.
>
> _______________________________________________
> Sidrops mailing list -- sidrops@ietf.org
> To unsubscribe send an email to sidrops-leave@ietf.org