Re: [Sidrops] WG Adoption call for draft-harrison-sidrops-manifest-numbers-01 - ENDS 04/15/2024 (April 15 2024)
Job Snijders <job@fastly.com> Tue, 02 April 2024 16:35 UTC
Return-Path: <job@fastly.com>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 84799C14F708 for <sidrops@ietfa.amsl.com>; Tue, 2 Apr 2024 09:35:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.094
X-Spam-Level:
X-Spam-Status: No, score=-2.094 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=fastly.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZZR8TiEqiNfK for <sidrops@ietfa.amsl.com>; Tue, 2 Apr 2024 09:35:40 -0700 (PDT)
Received: from mail-ej1-x630.google.com (mail-ej1-x630.google.com [IPv6:2a00:1450:4864:20::630]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DD6C2C14F610 for <sidrops@ietf.org>; Tue, 2 Apr 2024 09:35:40 -0700 (PDT)
Received: by mail-ej1-x630.google.com with SMTP id a640c23a62f3a-a4e62f3e63dso301550466b.0 for <sidrops@ietf.org>; Tue, 02 Apr 2024 09:35:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastly.com; s=google; t=1712075739; x=1712680539; darn=ietf.org; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:references:message-id:subject:cc:to:from:date:from:to :cc:subject:date:message-id:reply-to; bh=k/WhDCx1ErtJTIHYY/ZlLUuk3BZKXjRSgNoUw+Cp+7c=; b=aZ+UhbyFC/tCFrGSjkwF5knI6Zgib9n47Q+wJjGM0Ko9K1+KwNVw0YkjwW41YPj+8k OpXfPNPqNwYcLEQ7Cn0FS0Mf98M6ZOSfxj/7xsq7pew8TmZxPCpnXRlc3HtXw1WA8fGd +SxcjVkbiGghjzLC2JnlmAW7DlOvIcfN4l6ZA=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712075739; x=1712680539; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=k/WhDCx1ErtJTIHYY/ZlLUuk3BZKXjRSgNoUw+Cp+7c=; b=LlA5WrjLh7UFp3Jw+blYg0QMqLLmdqoIJUKa5HiHRuA1+/iiQiicjMekYvDx1/IYxr BA3gd+XWekfAAKqEwvcfz6JHEFIm9ytFBgmjUzBFNcdimNDrpN53t1ReqnRT7MPBlgoe Fff+NFOcCQQ4JNFby7byo94k7QsB1gI9HWLDdXVxrNX8snDXUTjmwCvgvcoBCZvBQ7np WaDU+5iCSNM3OGetcfsS88OM5ALRSYUVnaDbewKBB+RzuZcaydE/OC6gk6n41b6Ez07o RBMrDK1jCbQRTsd8FDbYskbVqhj0qDhOfrLr8cRbAoDrozz89uIK9yEPnyN0oWpovAZd r9hw==
X-Forwarded-Encrypted: i=1; AJvYcCVDiNnBAoWSu5FfdJpQrdcLMra4hRVmdtdIJpRg/BUpfFe6SC+XgMwU9j5pHodkqReWtpMDrTvB9Ng3RocZkytC
X-Gm-Message-State: AOJu0Yxe5ip/dUB/WfpksnaCOVF0qZyDK3YwlA7epzXQ4n1MMIWVVrFx qe/Y8dUFxIlux1keLD6T3Vm8A3IYl2uW+NeunTBPe0tn87x96A4Eu+8K5ODlGSO/EJ1tPJ1CweE p
X-Google-Smtp-Source: AGHT+IFynPLvcwVlMMft0rCu1O/en823rqyE6WGfplFwfkBTu6LMdMtK7HQzrpeWctQzS19DbBYzaw==
X-Received: by 2002:a17:906:124d:b0:a4e:1f41:6f76 with SMTP id u13-20020a170906124d00b00a4e1f416f76mr8458866eja.38.1712075738714; Tue, 02 Apr 2024 09:35:38 -0700 (PDT)
Received: from snel ([2a10:3781:276:3:16f6:d8ff:fe47:2eb7]) by smtp.gmail.com with ESMTPSA id h9-20020a1709060f4900b00a472c4b9486sm6705705ejj.84.2024.04.02.09.35.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 02 Apr 2024 09:35:38 -0700 (PDT)
Date: Tue, 02 Apr 2024 18:35:36 +0200
From: Job Snijders <job@fastly.com>
To: Tim Bruijnzeels <tbruijnzeels@ripe.net>
Cc: Keyur Patel <keyur=40arrcus.com@dmarc.ietf.org>, "sidrops@ietf.org" <sidrops@ietf.org>
Message-ID: <Zgwz2HEWQndhRYkg@snel>
References: <4744462D-78D9-45EE-B3A2-06FF329EA87C@arrcus.com> <A77D691F-57BD-4A00-90E6-E61F257B43EB@ripe.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <A77D691F-57BD-4A00-90E6-E61F257B43EB@ripe.net>
X-Clacks-Overhead: GNU Terry Pratchett
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/JgvTy6LhQHwxUix7bqZWtXCJG3M>
Subject: Re: [Sidrops] WG Adoption call for draft-harrison-sidrops-manifest-numbers-01 - ENDS 04/15/2024 (April 15 2024)
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Apr 2024 16:35:44 -0000
Dear Tim, WG, On Tue, Apr 02, 2024 at 01:45:59PM +0200, Tim Bruijnzeels wrote: > I support adoption and discussion. > > I understand the issue this seeks to address for TA manifests. I am > not 100% convinced yet that the name change is the most desirable way > to achieve this. Perhaps it is. An alternative thought would be to > allow resetting the manifest number to a low value (or well: 1, but > RPs may not see it if another update follows shortly after) in case > the number has exceeded some extremely large value (like 2 to the > power of 159 ~ 19 octets and 8 bits…). I am not sure yet that this is > better either but I am just putting it out here as a thought. Yup, Tom's deck on slide 5 also suggested 'Use serial number arithmetic to facilitate rollover' as a possible strategy: https://datatracker.ietf.org/meeting/119/materials/slides-119-sidrops-manifest-number-handling-02 Thank you for sharing your thoughts, I think it is good to discuss and document our choices in the SIDROPS mailing list archives. I think there are three compelling reasons not to use serial number arithmetic in this particular context: 1) The algorithm presented by RFC 1982 ("Serial Number Arithmetic") has a significant shortcoming: there are sequence numbers for which comparison is undefined. A potential solution is to use signed two's complement binary arithmetic operations to workaround this shortfall, this implies serial numbers of a bit-length matching the machine's integer sizes (usually 32 or 64 bit), but in the RPKI we're dealing with 159-bit serials... I consider arithmetic operations on a number space this large an unwelcome complication to be avoided if possible. 2) As you (Tim) point out: "RPs may not see it if another update follows shortly after". Indeed, depending on all RPs seeing the initiation and subsequent steps of the arithmetic trick seems fragile to me. RFC 1982 section 7 states: "If this [red: a decrease] must be done, then take special care to verify that ALL servers have correctly succeeded in following the primary server's serial number changes, at each step." The type of verification RFC 1982 refers to is not possible in the RPKI, as a CA can't query RPs whether they have correctly succeeded in following the manifest's serial number changes. 3) Speaking from my own experience with the rpki-client implementation, the code paths which open a previously cached manifest and a purported new manifest along side each other, adequately validate & compare these two objects, and finally select one of the two; - already today - are amongst the most complicated pieces of code we have to maintain. I am very hesitant to add more complications (such as outlined above in reason 1) to this part of the code base beyond what's already there. My gut feeling is that 'filename change effectively results in serial numer reset' is easier to implement and easier to explain, than a RFC1982-based approach; having said that, I do recognize it certainly is not the only possible approach. Kind regards, Job
- [Sidrops] WG Adoption call for draft-harrison-sid… Keyur Patel
- Re: [Sidrops] WG Adoption call for draft-harrison… Geoff Huston
- Re: [Sidrops] WG Adoption call for draft-harrison… Job Snijders
- Re: [Sidrops] WG Adoption call for draft-harrison… Tim Bruijnzeels
- Re: [Sidrops] WG Adoption call for draft-harrison… Tim Bruijnzeels
- Re: [Sidrops] WG Adoption call for draft-harrison… Ben Maddison
- Re: [Sidrops] WG Adoption call for draft-harrison… Martin Hoffmann
- Re: [Sidrops] WG Adoption call for draft-harrison… Rob Austein
- Re: [Sidrops] WG Adoption call for draft-harrison… Tom Strickx
- Re: [Sidrops] WG Adoption call for draft-harrison… Russ Housley
- Re: [Sidrops] WG Adoption call for draft-harrison… Theo Buehler