IETF Logo Mail Archive

Re: [Sidrops] [internet-drafts@ietf.org: New Version Notification for draft-spaghetti-sidrops-cms-signing-time-00.txt]

Ties de Kock <tdekock@ripe.net> Thu, 08 June 2023 13:58 UTC

Return-Path: <tdekock@ripe.net>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 210EFC14CE24 for <sidrops@ietfa.amsl.com>; Thu, 8 Jun 2023 06:58:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ripe.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qj-CndC8sExi for <sidrops@ietfa.amsl.com>; Thu, 8 Jun 2023 06:58:29 -0700 (PDT)
Received: from mail-mx-1.ripe.net (mail-mx-1.ripe.net [IPv6:2001:67c:2e8:11::c100:1311]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 297ABC14F6EC for <sidrops@ietf.org>; Thu, 8 Jun 2023 06:58:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ripe.net; s=s1-ripe-net; h=To:Message-Id:Cc:Date:From:Subject:Mime-Version:Content-Type ; bh=ItHc1vm7EpWUTSrig3pvD3s8lDCf08POo7lwZt79KhM=; b=o9uPSwW5ImFcm0oaaHHEnIAh kHvaDyxR/T3HXIF2FT7JHaFhTmzGJ47xN6YdDM7N1jLhMr4+rHAZgCmZnB0MDVLHX/j5OvaxryQHS tJJaJV3FB3lNolYExPPHh/vlOh4uP1AcV0OCZMDjK0BELUxbaiqwB2BB02iytDpzcA4jGNfgIVNlS vKgwukxzP4pRO42yDhW2IbFhjArRC/kQ0iGeSK30+x5Ienbmis2CVNMqhrscVXketmy19rxPkrVzf 2Lz28QeI/bjsuPvxnoh31fK685fKRFRhcUJK1Sd9chI1Wrma3iZZFQqyY8xJR9uQMyOX96RoN3Ucp VbONrHwkWQ==;
Received: from bufobufo.ripe.net ([2001:67c:2e8:23::c100:170d]:44794) by mail-mx-1.ripe.net with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from <tdekock@ripe.net>) id 1q7G9j-0048rO-1q; Thu, 08 Jun 2023 13:58:27 +0000
Received: from sslvpn.ipv6.ripe.net ([2001:67c:2e8:9::c100:14e6] helo=smtpclient.apple) by bufobufo.ripe.net with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from <tdekock@ripe.net>) id 1q7G9j-00045d-1e; Thu, 08 Jun 2023 13:58:27 +0000
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.600.7\))
From: Ties de Kock <tdekock@ripe.net>
In-Reply-To: <ZIHZAHjur0nMhdVw@snel>
Date: Thu, 08 Jun 2023 15:58:17 +0200
Cc: sidrops@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <CA92E210-9EB6-4834-90D0-F052600CAD55@ripe.net>
References: <ZH/Q+ea0HO542GV3@snel> <710534A0-B529-4609-9845-96BCB9139381@ripe.net> <ZICfBbaLU7u5vzC4@snel> <8036B286-155B-498C-AFDA-5E718082A7B9@ripe.net> <ZIHZAHjur0nMhdVw@snel>
To: Job Snijders <job@fastly.com>
X-Mailer: Apple Mail (2.3731.600.7)
X-RIPE-Signature: 059faafd1cc22ebb05e1592c815fe1e1679c1488db4707d7b127b48f6da492be
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/H0Sw_Heg5V4dgEf4WxA4BBHow50>
Subject: Re: [Sidrops] [internet-drafts@ietf.org: New Version Notification for draft-spaghetti-sidrops-cms-signing-time-00.txt]
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Jun 2023 13:58:33 -0000

Hi Job,

> On 8 Jun 2023, at 15:34, Job Snijders <job@fastly.com> wrote:
> 
> On Thu, Jun 08, 2023 at 12:15:24PM +0200, Ties de Kock wrote:
>> There is one edge case in this behaviour that a mail from Tom made me
>> think off. It is far-fetched, but given that rsync not fetching a file
>> likely breaks a repository (and at a publication point that is likely
>> to have many updates, so high in the tree), I think it is worth
>> considering.
> 
> I think the case you describe is not at all a concern, please read on
> for some notes why I think so.
> 
>> It is similar to [0]: Multiple updates for an object per second (most
>> likely due to automation) can occur. They can occur in any timestamp
>> in the object.
> 
> There is a source of entropy to consider: for Signed Objects the
> recommendation is for the filename to be derived from the associated
> one-time-use EE certificate's public key (RFC 6481 section 2.2). This
> means that if for example for the same prefix multiple ROAs are
> added/deleted, multiple different files will be added to the manifest
> and removed from the manifest.

My understanding is that not all (RIR) CAs are using one-time-use EE
certificates. If all CAs used one-time-use EE certificate, things would be
easier.

> Manifests, CRLs, and CA certificates have persistent names: this implies
> that a reissued mft/ca/crl overwrites a previously issued mft/ca/crl (to
> the same subject) in the publication repository.
> 
> If the CA issues multiple manifests/crls each with the exact same
> filesize as the previous one within the same second (all in all a
> situation which could be considered misissuance under current
> guidelines), the RP indeed might end up using the first issued Manifest,
> instead of the second or third one issued that second.
> 
> I don't view this as a problem: after all the manifest /was/ issued. If
> a CA issues something, the CA should expect some RPs to end up using it.
> 
> Between the innate entropy in the filenames (new filename means new
> transfer), RPs being recommended to use locally cached versions of
> objects [RFC 9286] to supplement construction of states, and RPs
> periodically (within 10 ~ 60 minutes) resyncing, ending up with the
> first (valid) manifest in a 'same second issuance' is no concern to me.

The issue is in this type of ordering of events:
  * Publication {manifest_1, roa_1}, roa_1 is on manifest_1
  * repository write starts at this point on timeline
  * Publication {manifest_2, obj_2} in the same second
  * Publication {other_file_1, manifest_3} some time later
  * An RP retrieves {manifest_1, obj_1}, obj_1 is on manifest_1

  * repository written to disk at this point on timeline
  * An RP retrieves {manifest_3, other_file_1}, obj_2 is not fetched but on manifest, failed fetch.

w.l.o.g. the same applies for certificates from a child CA.

> 
>> Do we want to consider the time-collision case? Do we want to aim to
>> have a deterministic modification time resistant to collisions?
> 
> I have considered it but it seems an unnecessary complication for no
> obvious benefit. To me the mod-time / CMS signing-time is just a
> monotonically increasing parameter.
> 
> While a CA indeed might (mis?)issue multiple objects for the same
> timestamp, ultimately it is incumbent upon the CA/Publisher to present a
> set of files in a hierarchy that is internally consistent and moved into
> the publication point via an atomic operation.

The repository as published is consistent. rsync fails to fetch the new files
because it uses the wrong comparison.

> The use of CMS signing-time as a means to normalize filesystem last
> modified timestamps in order to reduce the burden of initial
> synchronization after RRDP to RSYNC failover doesn't change that.
> 
> We've now sent quite some emails back and forth on this topic, but it is
> not entirely clear to me what your position on
> draft-spaghetti-sidrops-cms-signing-time is, so I'll just ask - is the
> proposed approach something you'd be willing to consider implementing?


I think standardising on signing-time and removing binary signing time is a
reduction in complexity and removes ambiguity in interpretation of RPKI
standards. Strong support there.

We have implemented equivalent logic (using notBefore, but notBefore==signingtime)
for the RIPE NCC CA. But now that these discussions caused us to think more
about the edge-cases it makes me uneasy. Very rare issues happen in reality and
do have real world effects.

If we find an approach without a collision problem, I would recommend
implementing it. As is, I do not feel it is safe to have the MUST in section
2.1.

Kind regards,
Ties

v2.23.0 | Report a Bug | By Email