IETF Logo Mail Archive

Re: [Sidrops] I-D Action: draft-ietf-sidrops-rfc6482bis-05.txt

Tim Bruijnzeels <tim@nlnetlabs.nl> Fri, 18 August 2023 10:33 UTC

Return-Path: <tim@nlnetlabs.nl>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 72B6FC151066 for <sidrops@ietfa.amsl.com>; Fri, 18 Aug 2023 03:33:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.806
X-Spam-Level:
X-Spam-Status: No, score=-2.806 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nlnetlabs.nl
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WcBsQuo1KVOs for <sidrops@ietfa.amsl.com>; Fri, 18 Aug 2023 03:33:35 -0700 (PDT)
Received: from dane.soverin.net (dane.soverin.net [IPv6:2a10:de80:1:4092:b9e9:2294:0:1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 85BDCC151071 for <sidrops@ietf.org>; Fri, 18 Aug 2023 03:33:35 -0700 (PDT)
Received: from smtp.soverin.net (c04smtp-lb01.int.sover.in [10.10.4.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by dane.soverin.net (Postfix) with ESMTPS id 4RRyrr2l92z2xF5; Fri, 18 Aug 2023 10:33:32 +0000 (UTC)
Received: from smtp.soverin.net (smtp.soverin.net [10.10.4.100]) by soverin.net (Postfix) with ESMTPSA id 4RRyrq6BsNzFk; Fri, 18 Aug 2023 10:33:31 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=nlnetlabs.nl; s=soverin; t=1692354812; bh=A0oYWlUc8mziBIgesx2wQnXW25hyEiegiimECIM+D18=; h=Subject:From:In-Reply-To:Date:Cc:References:To:From; b=hmMYoXhYg8uekh6bY9SM6IZQNpwX1188aVfGqccFVm0g/8zZYvqqrwk4CRWaE9qa6 nkmo3h00v/iixgS6JWLebRRFImLpUgChtSseOFFF021gJ6istC84MQbMNKC8LwePzl Zc2xm96FgBgTNw3XfE9HA1or4CzaKzx3uZAdY8GuIYi8UQ+b13+OTgx/d/iOgPpX41 BNy1aXA7eNCUnsrpczLACCGBy+mwSA5+2O35cwJhD4TrPbq/TBD03gHWSfGVBSnxv1 pWVo6HHi43s+2kAPHeAh/IqSJRyLOjyu5f3kljoxIYQ5k3jXG1hCY2xcaMHMSsThRG sVO4TLt9BAUtQ==
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.700.6\))
X-Soverin-Authenticated: true
From: Tim Bruijnzeels <tim@nlnetlabs.nl>
In-Reply-To: <ZMuaJjgr+C+vQ6C2@snel>
Date: Fri, 18 Aug 2023 12:33:21 +0200
Cc: sidrops@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <F9D5E26B-8AC4-4112-A6B8-093A9977A894@nlnetlabs.nl>
References: <169059230670.35639.13200727408317055847@ietfa.amsl.com> <306989C1-1F38-4CD7-92E2-851EBEA13856@ripe.net> <20230803074519.j3ieddzolx45gv7s@iolcus> <ZMuaJjgr+C+vQ6C2@snel>
To: Job Snijders <job=40fastly.com@dmarc.ietf.org>
X-CMAE-Score: 0
X-CMAE-Analysis: v=2.4 cv=Hf/SDAI8 c=1 sm=1 tr=0 ts=64df48fc a=kj9zAlcOel0A:10 a=48vgC7mUAAAA:8 a=goI4ZTNksOw07pqj3R0A:9 a=CjuIK1q_8ugA:10 a=w1C3t2QeGrPiZgrLijVG:22
X-Cloudmark-Reporter: CFA3MtIOuApJ6KbbyMXeYQQdTKg=
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/FjuO9L6L7eeRHa8IcovjXtwY9go>
Subject: Re: [Sidrops] I-D Action: draft-ietf-sidrops-rfc6482bis-05.txt
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Aug 2023 10:33:39 -0000

Hi Job, all,

Thank you for adding the canonicalisation. This addresses the concern I raised a while ago (I could not respond earlier because I was enjoying a holiday!).

My remaining question to RP implementers is whether it's clear from this draft that even though CAs SHOULD use the canonical ordering, RPs SHOULD NOT (yet) reject objects that don't. This is implicit in the document because it is not named in section 5 but could be said explicitly.

I suggested a RECOMMENDED earlier, but as long as RPs do not reject, I agree that a SHOULD is more appropriate and facilitates a path where a future update can change this to "MUST" (for CAs wrt ordering and RPs wrt validation).

Tim

> On 3 Aug 2023, at 14:14, Job Snijders <job=40fastly.com@dmarc.ietf.org> wrote:
> 
> On Thu, Aug 03, 2023 at 09:45:19AM +0200, Ben Maddison wrote:
>>> Thanks for the update to the document. This incorporates the outcome
>>> from some discussions in San Francisco in real life.
>>> 
>>> I think that the partial orderings used belong in the main text of
>>> the document.
>> 
>> I tend to agree, but do not have a strong preference. Do others
>> disagree?
> 
> The document indeed is seems more readable by incorporating the
> canonicalization procedure in the ipAddrBlocks section.  This way we
> also get rid of two SHOULDs in what formerly was section 4.3.3,
> simplifying the document structure. Good suggestion, Ties.
> 
> I've uploaded -06 to reflect these changes.
> 
> diff: https://author-tools.ietf.org/iddiff?url2=draft-ietf-sidrops-rfc6482bis-06
> 
> Kind regards,
> 
> Job
> 
> _______________________________________________
> Sidrops mailing list
> Sidrops@ietf.org
> https://www.ietf.org/mailman/listinfo/sidrops

v2.23.0 | Report a Bug | By Email