IETF Logo Mail Archive

Re: [Sidrops] HTTPS in TALs

Rob Austein <sra@hactrn.net> Sun, 23 July 2017 18:47 UTC

Return-Path: <sra@hactrn.net>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 92C5013178D for <sidrops@ietfa.amsl.com>; Sun, 23 Jul 2017 11:47:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UnYJAV3OialC for <sidrops@ietfa.amsl.com>; Sun, 23 Jul 2017 11:47:31 -0700 (PDT)
Received: from adrilankha.hactrn.net (adrilankha.hactrn.net [147.28.0.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E9BA913178B for <sidrops@ietf.org>; Sun, 23 Jul 2017 11:47:30 -0700 (PDT)
Received: from minas-ithil.hactrn.net (c-73-47-197-23.hsd1.ma.comcast.net [73.47.197.23]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "nargothrond.hactrn.net", Issuer "Grunchweather Associates" (verified OK)) by adrilankha.hactrn.net (Postfix) with ESMTPS id 85F665C3F for <sidrops@ietf.org>; Sun, 23 Jul 2017 18:47:30 +0000 (UTC)
Received: from minas-ithil.hactrn.net (localhost [IPv6:::1]) by minas-ithil.hactrn.net (Postfix) with ESMTP id 6F85CA32091 for <sidrops@ietf.org>; Sun, 23 Jul 2017 14:47:19 -0400 (EDT)
Date: Sun, 23 Jul 2017 14:47:19 -0400
From: Rob Austein <sra@hactrn.net>
To: sidrops@ietf.org
In-Reply-To: <F3B9CD28-7643-43B9-B210-805687297D9E@ripe.net>
References: <F3B9CD28-7643-43B9-B210-805687297D9E@ripe.net>
User-Agent: Wanderlust/2.15.5 (Almost Unreal) Emacs/22.3 Mule/5.0 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka")
Content-Type: text/plain; charset="US-ASCII"
Message-Id: <20170723184719.6F85CA32091@minas-ithil.hactrn.net>
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/I8OcEEprKwuFCU7qqqTWPed2aDE>
Subject: Re: [Sidrops] HTTPS in TALs
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 23 Jul 2017 18:47:32 -0000

I think we should move from rsync to HTTPS for fetching TALs, yes, so
I think the WG should be doing something of this general nature.

How many stages...I think at this point I would be most comfortable
with making HTTPS mandatory and rsync optional.

My own RP implementation has supported both schemes for years (albeit
only on a development branch until about a year ago).  I don't know
the status of the other RP implementations, but the authors of those
can speak for themselves.

Regarding Job's request that we change format to JSON or XML or ...,
I must respectfully disagree.  The current format was deliberately
chosen to be as simple as possible, no presentation-layer-du-jour
parsing library required.  ASN.1 is enough fun for somebody who has to
implement an RP in an embedded environment, but that is required,
because all of the objects being validated are ASN.1.  Let's please
not add a requirement for another whole parser just for TALs when the
trivial line-oriented thing we have now will suffice.

v2.23.0 | Report a Bug | By Email