Re: [Sidrops] [internet-drafts@ietf.org: New Version Notification for draft-spaghetti-sidrops-cms-signing-time-00.txt]
Ties de Kock <tdekock@ripe.net> Thu, 08 June 2023 13:58 UTC
Return-Path: <tdekock@ripe.net>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 210EFC14CE24 for <sidrops@ietfa.amsl.com>; Thu, 8 Jun 2023 06:58:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ripe.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qj-CndC8sExi for <sidrops@ietfa.amsl.com>; Thu, 8 Jun 2023 06:58:29 -0700 (PDT)
Received: from mail-mx-1.ripe.net (mail-mx-1.ripe.net [IPv6:2001:67c:2e8:11::c100:1311]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 297ABC14F6EC for <sidrops@ietf.org>; Thu, 8 Jun 2023 06:58:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ripe.net; s=s1-ripe-net; h=To:Message-Id:Cc:Date:From:Subject:Mime-Version:Content-Type ; bh=ItHc1vm7EpWUTSrig3pvD3s8lDCf08POo7lwZt79KhM=; b=o9uPSwW5ImFcm0oaaHHEnIAh kHvaDyxR/T3HXIF2FT7JHaFhTmzGJ47xN6YdDM7N1jLhMr4+rHAZgCmZnB0MDVLHX/j5OvaxryQHS tJJaJV3FB3lNolYExPPHh/vlOh4uP1AcV0OCZMDjK0BELUxbaiqwB2BB02iytDpzcA4jGNfgIVNlS vKgwukxzP4pRO42yDhW2IbFhjArRC/kQ0iGeSK30+x5Ienbmis2CVNMqhrscVXketmy19rxPkrVzf 2Lz28QeI/bjsuPvxnoh31fK685fKRFRhcUJK1Sd9chI1Wrma3iZZFQqyY8xJR9uQMyOX96RoN3Ucp VbONrHwkWQ==;
Received: from bufobufo.ripe.net ([2001:67c:2e8:23::c100:170d]:44794) by mail-mx-1.ripe.net with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from <tdekock@ripe.net>) id 1q7G9j-0048rO-1q; Thu, 08 Jun 2023 13:58:27 +0000
Received: from sslvpn.ipv6.ripe.net ([2001:67c:2e8:9::c100:14e6] helo=smtpclient.apple) by bufobufo.ripe.net with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from <tdekock@ripe.net>) id 1q7G9j-00045d-1e; Thu, 08 Jun 2023 13:58:27 +0000
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.600.7\))
From: Ties de Kock <tdekock@ripe.net>
In-Reply-To: <ZIHZAHjur0nMhdVw@snel>
Date: Thu, 08 Jun 2023 15:58:17 +0200
Cc: sidrops@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <CA92E210-9EB6-4834-90D0-F052600CAD55@ripe.net>
References: <ZH/Q+ea0HO542GV3@snel> <710534A0-B529-4609-9845-96BCB9139381@ripe.net> <ZICfBbaLU7u5vzC4@snel> <8036B286-155B-498C-AFDA-5E718082A7B9@ripe.net> <ZIHZAHjur0nMhdVw@snel>
To: Job Snijders <job@fastly.com>
X-Mailer: Apple Mail (2.3731.600.7)
X-RIPE-Signature: 059faafd1cc22ebb05e1592c815fe1e1679c1488db4707d7b127b48f6da492be
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/H0Sw_Heg5V4dgEf4WxA4BBHow50>
Subject: Re: [Sidrops] [internet-drafts@ietf.org: New Version Notification for draft-spaghetti-sidrops-cms-signing-time-00.txt]
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Jun 2023 13:58:33 -0000
Hi Job, > On 8 Jun 2023, at 15:34, Job Snijders <job@fastly.com> wrote: > > On Thu, Jun 08, 2023 at 12:15:24PM +0200, Ties de Kock wrote: >> There is one edge case in this behaviour that a mail from Tom made me >> think off. It is far-fetched, but given that rsync not fetching a file >> likely breaks a repository (and at a publication point that is likely >> to have many updates, so high in the tree), I think it is worth >> considering. > > I think the case you describe is not at all a concern, please read on > for some notes why I think so. > >> It is similar to [0]: Multiple updates for an object per second (most >> likely due to automation) can occur. They can occur in any timestamp >> in the object. > > There is a source of entropy to consider: for Signed Objects the > recommendation is for the filename to be derived from the associated > one-time-use EE certificate's public key (RFC 6481 section 2.2). This > means that if for example for the same prefix multiple ROAs are > added/deleted, multiple different files will be added to the manifest > and removed from the manifest. My understanding is that not all (RIR) CAs are using one-time-use EE certificates. If all CAs used one-time-use EE certificate, things would be easier. > Manifests, CRLs, and CA certificates have persistent names: this implies > that a reissued mft/ca/crl overwrites a previously issued mft/ca/crl (to > the same subject) in the publication repository. > > If the CA issues multiple manifests/crls each with the exact same > filesize as the previous one within the same second (all in all a > situation which could be considered misissuance under current > guidelines), the RP indeed might end up using the first issued Manifest, > instead of the second or third one issued that second. > > I don't view this as a problem: after all the manifest /was/ issued. If > a CA issues something, the CA should expect some RPs to end up using it. > > Between the innate entropy in the filenames (new filename means new > transfer), RPs being recommended to use locally cached versions of > objects [RFC 9286] to supplement construction of states, and RPs > periodically (within 10 ~ 60 minutes) resyncing, ending up with the > first (valid) manifest in a 'same second issuance' is no concern to me. The issue is in this type of ordering of events: * Publication {manifest_1, roa_1}, roa_1 is on manifest_1 * repository write starts at this point on timeline * Publication {manifest_2, obj_2} in the same second * Publication {other_file_1, manifest_3} some time later * An RP retrieves {manifest_1, obj_1}, obj_1 is on manifest_1 * repository written to disk at this point on timeline * An RP retrieves {manifest_3, other_file_1}, obj_2 is not fetched but on manifest, failed fetch. w.l.o.g. the same applies for certificates from a child CA. > >> Do we want to consider the time-collision case? Do we want to aim to >> have a deterministic modification time resistant to collisions? > > I have considered it but it seems an unnecessary complication for no > obvious benefit. To me the mod-time / CMS signing-time is just a > monotonically increasing parameter. > > While a CA indeed might (mis?)issue multiple objects for the same > timestamp, ultimately it is incumbent upon the CA/Publisher to present a > set of files in a hierarchy that is internally consistent and moved into > the publication point via an atomic operation. The repository as published is consistent. rsync fails to fetch the new files because it uses the wrong comparison. > The use of CMS signing-time as a means to normalize filesystem last > modified timestamps in order to reduce the burden of initial > synchronization after RRDP to RSYNC failover doesn't change that. > > We've now sent quite some emails back and forth on this topic, but it is > not entirely clear to me what your position on > draft-spaghetti-sidrops-cms-signing-time is, so I'll just ask - is the > proposed approach something you'd be willing to consider implementing? I think standardising on signing-time and removing binary signing time is a reduction in complexity and removes ambiguity in interpretation of RPKI standards. Strong support there. We have implemented equivalent logic (using notBefore, but notBefore==signingtime) for the RIPE NCC CA. But now that these discussions caused us to think more about the edge-cases it makes me uneasy. Very rare issues happen in reality and do have real world effects. If we find an approach without a collision problem, I would recommend implementing it. As is, I do not feel it is safe to have the MUST in section 2.1. Kind regards, Ties
- [Sidrops] [internet-drafts@ietf.org: New Version … Job Snijders
- Re: [Sidrops] [internet-drafts@ietf.org: New Vers… Ties de Kock
- Re: [Sidrops] [internet-drafts@ietf.org: New Vers… Job Snijders
- Re: [Sidrops] [internet-drafts@ietf.org: New Vers… Ties de Kock
- Re: [Sidrops] [internet-drafts@ietf.org: New Vers… Job Snijders
- Re: [Sidrops] [internet-drafts@ietf.org: New Vers… Ties de Kock
- Re: [Sidrops] [internet-drafts@ietf.org: New Vers… Job Snijders
- Re: [Sidrops] [internet-drafts@ietf.org: New Vers… Ties de Kock