Re: [Sidrops] trying to limit RP processing variability

Job Snijders <job@ntt.net> Wed, 15 April 2020 10:51 UTC

Return-Path: <job@ntt.net>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3FC643A0AD4 for <sidrops@ietfa.amsl.com>; Wed, 15 Apr 2020 03:51:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KLD88UGj1OB7 for <sidrops@ietfa.amsl.com>; Wed, 15 Apr 2020 03:51:00 -0700 (PDT)
Received: from mail4.sttlwa01.us.to.gin.ntt.net (mail4.sttlwa01.us.to.gin.ntt.net [IPv6:2001:418:3ff:110::40]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D514B3A0AD7 for <sidrops@ietf.org>; Wed, 15 Apr 2020 03:51:00 -0700 (PDT)
Received: from auth1-smtp.messagingengine.com (auth1-smtp.messagingengine.com [66.111.4.227]) by mail4.sttlwa01.us.to.gin.ntt.net (Postfix) with ESMTPSA id BFEDE22011F for <sidrops@ietf.org>; Wed, 15 Apr 2020 10:50:59 +0000 (UTC)
Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailauth.nyi.internal (Postfix) with ESMTP id E110C27C0054 for <sidrops@ietf.org>; Wed, 15 Apr 2020 06:50:52 -0400 (EDT)
Received: from imap1 ([10.202.2.51]) by compute3.internal (MEProxy); Wed, 15 Apr 2020 06:50:52 -0400
X-ME-Sender: <xms:DOeWXsqUAAJIRBrA7PC5ssmvsaMZtauyarEzYOGwaXL5r4z8cP9uZA>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduhedrfeefgddvvdcutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepofgfggfkjghffffhvffutgesthdtre dtreertdenucfhrhhomhepfdflohgsucfunhhijhguvghrshdfuceojhhosgesnhhtthdr nhgvtheqnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomh epjhhosgdomhgvshhmthhprghuthhhphgvrhhsohhnrghlihhthidquddtgeejleduheek gedqvdeffeefkeefvddtqdhjohgspeepnhhtthdrnhgvthesshhosghorhhnohhsthdrnh gvth
X-ME-Proxy: <xmx:DOeWXtXb0ZS_G6JGCUIVMNI921hK7jLyvI29IsCvw3wIP4zVoXj2QQ> <xmx:DOeWXp7BufRULkKwjQl8d1tedgNB91ZCU9MTa_ApsgLv4MiFAjpyYg> <xmx:DOeWXrAGqVK9Pl7bhPkDqGaamSz6zjyGJ5vGD9heWmKDcq2RwQOPAg> <xmx:DOeWXkKt3iarMi2wuoytV-7cZwqDqv1fktjeDUFIuYRcKKTbjCr1tA>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 443A5C200A4; Wed, 15 Apr 2020 06:50:52 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.1.7-1131-g3221b37-fmstable-20200415v1
Mime-Version: 1.0
Message-Id: <974eeeaa-32e6-45b2-860f-6b1408ae14e6@www.fastmail.com>
In-Reply-To: <20200415124611.7af291b1@glaurung.nlnetlabs.nl>
References: <a9448e54-320f-300c-d4f9-d01aca2b6ef4.ref@verizon.net> <a9448e54-320f-300c-d4f9-d01aca2b6ef4@verizon.net> <63c18696-fe3b-c66f-d8ae-fb132f78ee9f@ripe.net> <a0067385-adb8-cadd-3a7f-3a362176d265@verizon.net> <e3bcba98-c664-0c27-850f-137251cc314a@ripe.net> <a1c7b748-6dda-c555-0ab7-3727d34bc672@verizon.net> <20200415124611.7af291b1@glaurung.nlnetlabs.nl>
Date: Wed, 15 Apr 2020 12:50:32 +0200
From: "Job Snijders" <job@ntt.net>
To: sidrops@ietf.org
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/Gn3Y1SiW2EGVxkOoirVwkI8Qpo8>
Subject: Re: [Sidrops] trying to limit RP processing variability
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Apr 2020 10:51:02 -0000

On Wed, Apr 15, 2020, at 12:46, Martin Hoffmann wrote:
> An attacker who can delete files can as easily replace them with
> something else with the same result. So I am not sure the added code
> complexity is worth it.

Agreed. 

fwiw: rpki-client runs as "openrsync -rlt --delete rsync://xxx/repository xxx/repository"

Kind regards,

Job