Re: [Sidrops] [WG ADOPTION] Adoption call: draft-timbru-sidrops-publication-server-bcp - ENDS 02/08/2024

Job Snijders <job@fastly.com> Mon, 05 February 2024 21:03 UTC

Return-Path: <job@fastly.com>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 28165C14F6B7 for <sidrops@ietfa.amsl.com>; Mon, 5 Feb 2024 13:03:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=fastly.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TDKvf6uMkEfh for <sidrops@ietfa.amsl.com>; Mon, 5 Feb 2024 13:03:53 -0800 (PST)
Received: from mail-ed1-x534.google.com (mail-ed1-x534.google.com [IPv6:2a00:1450:4864:20::534]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 818A4C14F69E for <sidrops@ietf.org>; Mon, 5 Feb 2024 13:03:53 -0800 (PST)
Received: by mail-ed1-x534.google.com with SMTP id 4fb4d7f45d1cf-55790581457so6842451a12.3 for <sidrops@ietf.org>; Mon, 05 Feb 2024 13:03:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastly.com; s=google; t=1707167032; x=1707771832; darn=ietf.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=Wyqnhzb2bYJfEMKHscydmJAoSw9ynvBkln24T3OyAxA=; b=ac6ab76+TngDaqKsTAjIajZvCUEos2ZFL1rhWrpfRQfoxik7WA3bmLc60y9XjZ8k+4 liAUfQU9dVt0YF6SeBFdRvyreCrfrhhXfHckEQb7RrM2gVoWIOEfxXUzCGTRqZ1za0nb 6i9WZhxXwn6iujlHqIMAFCRbSl/Dn4ILmBGNw=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1707167032; x=1707771832; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=Wyqnhzb2bYJfEMKHscydmJAoSw9ynvBkln24T3OyAxA=; b=Lu3SLE50MHu+5dApP9vXsvFKx7MvRyA7GOyUNax3zKFgf7JnguDnqexznoUi3PvM1o ZWgKviesydMbg1Saj+xLpxcrQRt6Otm87325WVG5Xwb3xXMU56R2T2TcVwOyyJEpG2n0 V7/2icVAbsJyLIRt6PjUENhkNfSV9z1zn6ivT5IHsD+F2RyL2xcX4YfPHZNe7edT1132 BOy/eXsn7f8b46vjflOOtHKmwLnPR6e8GePFSK4jFpGdagpojMJnGv9pQZ0WswDFWRBU uuY89fPI62kAAH1TUlMU5F4LCISZLKiKEVM2Fs6CZ5wi/4l8JslyLiiyBGXDf+n0KF6m qnUQ==
X-Gm-Message-State: AOJu0Yx5zvleT6Idqgi1NLEUS6YnS9oCWyMJfLaomv5Wh/nYPuNL5Y// S4ULXITzjT9Mh8HS2Kr5rkh5GFpLS1NKkFG5b7zGyH/8qtQ3GyAuOpBXttpoCtc=
X-Google-Smtp-Source: AGHT+IHnaG6Tn4knzmbIcU/aAkBYGCp4cTK02C2dI9XjxmRlrVlT4O0aX/PhfN+i3i72zfjLy0n3og==
X-Received: by 2002:a17:906:ccd9:b0:a35:3ce3:c490 with SMTP id ot25-20020a170906ccd900b00a353ce3c490mr413849ejb.6.1707167031729; Mon, 05 Feb 2024 13:03:51 -0800 (PST)
X-Forwarded-Encrypted: i=0; AJvYcCUCOzKDK4FJwd7EyJAs4yvpnV6uPFjEQQYiNku+eAwNUQ7tsSnuEkfLFq/9l6qkO9NSnN0ApvfNGWsGG/TTuFGffVK3llM+ik4fSyQWWPGQnKAaom0trnKFc3IXPdWQ8NLtllfsmwwaWTguxuDsHDr8xPC9goyaF7Av46h/28mj
Received: from snel ([2a10:3781:276:3:16f6:d8ff:fe47:2eb7]) by smtp.gmail.com with ESMTPSA id dc11-20020a170906c7cb00b00a36ffe7656esm249116ejb.198.2024.02.05.13.03.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 05 Feb 2024 13:03:51 -0800 (PST)
Date: Mon, 05 Feb 2024 22:03:49 +0100
From: Job Snijders <job@fastly.com>
To: Russ Housley <housley@vigilsec.com>
Cc: IETF SIDRops <sidrops@ietf.org>, IETF SIDRops Chairs <sidrops-chairs@ietf.org>, sidrops-ads@ietf.org, Keyur Patel <keyur@arrcus.com>
Message-ID: <ZcFNNfrkMFxKf5hN@snel>
References: <87h6j1kug1.wl-morrowc@ops-netman.net> <B60D7B39-FA81-45AF-BCBD-2784F91B43C3@vigilsec.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <B60D7B39-FA81-45AF-BCBD-2784F91B43C3@vigilsec.com>
X-Clacks-Overhead: GNU Terry Pratchett
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/G9xpLWz3Mm92ypkJsyP_bzD5G9Y>
Subject: Re: [Sidrops] [WG ADOPTION] Adoption call: draft-timbru-sidrops-publication-server-bcp - ENDS 02/08/2024
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Feb 2024 21:03:57 -0000

Dear all,

On Fri, Jan 26, 2024 at 02:55:55PM -0500, Russ Housley wrote:
> <no_hats>
> 
> I this the WG should adopt this document.

I am of the same opinion.

In a previous message on this topic, Di Ma seemed to suggest that it
would be mighty helpful to have a guide capturing operational lessons
learned in recent years for the publication side of the house, and I
concur. Let's blamelessly look back at all 'RPKI incidents' in the last
few years and see if there were lessons learned to distribute via this
proposed BCP.

In some sections the document repeats what's already specified in
Standards Tracks RFCs, but I don't necessarily see that as a bad: the
proposed BCP is well positioned to elaborate on what might happen if the
suggestions in original specifications are not followed.

Some suggestions for draft-timbru-sidrops-publication-server-bcp-02:

- Make a recommendation to Publishers to not regenerate RRDP content for
  every request, nor regenerate previous RRDP deltas when creating a new
  snapshot. This might help implementers of RRDP publication software
  perceive and treat older RRDP content as immutable. See
  https://datatracker.ietf.org/doc/draft-spaghetti-sidrops-rrdp-desynchronization/
  for more details about mutations in previously published RRDP content.

- Section 6 could perhaps (in addition to the phrase 'consistent')
  describe the desired outcome using the phrase 'atomic'. I think within
  our community we often describe the cause of 'failed fetches' as the
  repository being updated in a non-atomic fashion. 

- The draft might benefit from a "Recommended Reading" section (in
  addition to the Glossary) to help the reader understand the context.

- The proposed BCP could perhaps include a section on "Monitoring
  Publication Points", because I am not sure all stakeholders are aware
  that it's massively beneficial to deploy multiple instances of
  different RPKI Cache implementations at a given publication point, and
  have monitoring software compare various entrypoint permutations:
    - rsync only
    - rrdp first, rsync second
    - rrdp snapshot only
    - rrdp only (following deltas)
  The above of course for multiple distinct implementations and versions
  of implementations.

- Continuing in context of the previous suggestion - especially at the
  RIR-level - publication point operators should strive to support all
  commonly deployed validator implementations (within reason) by making
  those part of smoketests before deployment. No big website got big by
  *only* testing with Internet Explorer. I imagine Publication Point
  operators want to be compatible with a wide range of potential RP
  implementations, so testing with a wide range is helpful to help find
  the lowest common denominator: if one RP implementation is stricter
  than other RP implementations, the Publication Point adhering to the
  higher standard helps all deployed clients.

- Perhaps also a section about common hosting problems: if you offer
  your publication point over IPv6, make sure that port 443 + 873 are
  open on IPv6. Monitor the validity of TLS HTTPS certificates (for both
  address families).

- Perhaps a note could be added about temporarily disabling RRDP being a
  viable option to conserve bandwidth in (rare) scenarios where the
  Publication Point operator's network is congested. In low-bandwidth
  scenarios rsync performs far better than RRDP (a particular race
  condition in RRDP is avoided, rsync synchronization trivially is
  resumed). Notwithstanding that both PP and RP side of the house would
  do well to implement bandwidth conservation strategies such as
  implementation of HTTP content encoding compression. I do think it is
  helpful to remind interested readers that ultimately the objective is
  to /somehow/ serve RPKI data (be it via RRDP or RSYNC) in a timely
  fashion.

Tiny tiny nits:

- s/Certificate Authorities/Certification Authorities/
- s/next update time/nextUpdate time/
- s/Unique Hostname/Distinct Hostname/I

Kind regards,

Job