IETF Logo Mail Archive

Re: [Sidrops] Requiring Two Implementations - before exit of WGLC

Ties de Kock <tdekock@ripe.net> Fri, 13 October 2023 07:18 UTC

Return-Path: <tdekock@ripe.net>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 63C75C1516E9; Fri, 13 Oct 2023 00:18:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ripe.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CQ4nyE04vz-4; Fri, 13 Oct 2023 00:18:24 -0700 (PDT)
Received: from mail-mx-2.ripe.net (mail-mx-2.ripe.net [IPv6:2001:67c:2e8:11::c100:1312]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F0255C15152C; Fri, 13 Oct 2023 00:18:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ripe.net; s=s1-ripe-net; h=To:Message-Id:Cc:Date:From:Subject:Mime-Version:Content-Type ; bh=q0fn7OeJEPGIJnvi2/DRfaFEmuB9IBqHsyCNDaBHISI=; b=nY/D25qhJe59MZf/M5nVQw1i uwET6z7dkOl10i0RbVDC76h8Cmf6hxvkzbgnGDdvubzxo/eNSTPGKrZQdSX/p0H+iW5UtUWziXSYj Xa1o4l+clSQXFNAO/7FxYIoglQjOo4OSUrou8M9MtU30tFqwp3u5KG2iFTuzdz0IslPt1LvhI20Qk QMFRvtLi0p54PMsUB3x0rHkhoLvZIeRzElRtfgWeb1db9+6h22IZbhq/kx9G7wJi0xNgy6Kc+GFR5 3waNP1P1V6yjfzqyE4t1PV00sF5Az+0v6afqFFVdQJXUnZmy0R14Hhj7ojn8knRlvFt/o+izahkan T3c/WrIKRg==;
Received: from imap-01.ripe.net ([2001:67c:2e8:23::c100:170e]:43412) by mail-mx-2.ripe.net with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384 (Exim 4.96.1) (envelope-from <tdekock@ripe.net>) id 1qrCRC-00144V-0D; Fri, 13 Oct 2023 07:18:22 +0000
Received: from sslvpn.ipv6.ripe.net ([2001:67c:2e8:9::c100:14e6] helo=smtpclient.apple) by imap-01.ripe.net with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96.1) (envelope-from <tdekock@ripe.net>) id 1qrCRB-0024Z4-3B; Fri, 13 Oct 2023 07:18:22 +0000
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3774.100.2.1.4\))
From: Ties de Kock <tdekock@ripe.net>
In-Reply-To: <817DBADA-42AF-4CAC-B8FB-DDBDA564722D@nlnetlabs.nl>
Date: Fri, 13 Oct 2023 09:18:11 +0200
Cc: SIDR Operations WG <sidrops@ietf.org>, "sidrops-ads@ietf.org" <sidrops-ads@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <21DDC19E-900E-4991-A484-9405C4FC014F@ripe.net>
References: <CAL9jLabLfh3PnEtmRmXhsFXgTPHQdhOPr5bWWuSvKUsu-Zy=BQ@mail.gmail.com> <ZL8yOYPQL1z1HSPV@snel> <ZL95cRkffm65WL0c@dhcp-8bfa.meeting.ietf.org> <87pm1tvn2n.wl-morrowc@ops-netman.net> <CAAQiQRfLiRtL81beSVPxtm=5Wo4OhdS-J_1nVsqPc66GYB2baw@mail.gmail.com> <ZSALGNekRUzh9PaM@snel> <2F74A667-57B7-45BD-AB2F-0DAF877E54DC@amazon.com> <817DBADA-42AF-4CAC-B8FB-DDBDA564722D@nlnetlabs.nl>
To: Tim Bruijnzeels <tim@nlnetlabs.nl>
X-Mailer: Apple Mail (2.3774.100.2.1.4)
X-RIPE-Signature: 059faafd1cc22ebb05e1592c815fe1e1870070c84028a80d9131e368827efd7a
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/JyHBfoGt2o562PhRhC7RMTGUokg>
Subject: Re: [Sidrops] Requiring Two Implementations - before exit of WGLC
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Oct 2023 07:18:28 -0000

Hi Tim,

> On 13 Oct 2023, at 09:06, Tim Bruijnzeels <tim@nlnetlabs.nl> wrote:
> 
> Hi all,
> 
> In principle, I agree with the proposal.
> 
> However, I see potential issues that affect my own work on a delegated CA implementation. There are currently two open-source RPKI CA solutions that can act as a "child" CA: Krill and rpkid (by Dragon Research Labs) - there is nothing wrong with the latter, but it's not actively maintained (and yes, I wish it were - the ecosystem needs choice).
> 
> Getting multiple implementations of the child side of possible new standard developments may be hard. Would one child implementation interoperating with another implementation acting as the parent be good enough in this context?

You imply a very robust standard of interoperability here:

  * Two full "production-ready” implementations
  * Implemented by distinct teams

I think requiring implementations beyond single-shot/proof of concept
implementation of objects adds value. The single-shot/proof-of-concept
implementations do not allow others to validate a concept because you can not
integrate it into other systems (e.g. CA output -> continuously fed to a
validator, including various objects).

One example of an issue this chain would have caught before it hit production
would be a recent issue of a RP implementation(s?) generating broken JSON for
specific ASPA objects.

Kind regards,
Ties

> 
> Tim
> 
>> On 13 Oct 2023, at 00:08, Korsbaeck, Fredrik <fkback=40amazon.com@dmarc.ietf.org> wrote:
>> 
>> Hi, 
>> 
>> I think these implementation reports is extremely helpful fwiw, I use them in my day-to-day very often. 
>> 
>> To me, it seems like a sensible development to require running code, so +1 with Job and Ben here. 
>> 
>> /FK
>> 
>> On 2023-10-06, 15:27, "Sidrops on behalf of Job Snijders" <sidrops-bounces@ietf.org <mailto:sidrops-bounces@ietf.org> on behalf of job=40fastly.com@dmarc.ietf.org <mailto:40fastly.com@dmarc.ietf.org>> wrote:
>> 
>> Dear Andrew,
>> 
>> 
>> On Fri, Oct 06, 2023 at 09:18:50AM -0400, Andrew Newton wrote:
>>> On Wed, Oct 4, 2023 at 10:07 PM Chris Morrow <morrowc@ops-netman.net <mailto:morrowc@ops-netman.net>> wrote:
>>>> 
>>>> This conversation sort of fizzled out...
>>>> 
>>>> On Tue, 25 Jul 2023 07:27:45 +0000,
>>>> "Dale W. Carder" <dwcarder@es.net <mailto:dwcarder@es.net>> wrote:
>>>>> 
>>>>> Thus spake Job Snijders (job=40fastly.com@dmarc.ietf.org <mailto:40fastly.com@dmarc.ietf.org>) on Tue, Jul 25, 2023 at 04:23:53AM +0200:
>>>>>> Proposed text:
>>>>>> 
>>>>>> "Before SIDROPS Standards Track internet-drafts can progress to IESG
>>>>>> review, interoperability must be demonstrated between at least two
>>>>>> independent implementations for every aspect of the concepts in the
>>>>>> specification. The chairs may waive this requirement when
>>>>>> interoperability is of no concern (for example if the document is a
>>>>>> BCP, problem statement, or requirements document).
>>> 
>>> This is an interesting proposal, but it seems to conflate bcp,
>>> information, and experimental with standards track. Why are chairs
>>> waiving a requirement for documents that are not subject to the rule?
>> 
>> 
>> Are you suggesting to remove the "(for example .. requirements document)"
>> sentence?
>> 
>> 
>>> It also seems to me that what is being asked for is an
>>> interoperability report, not just implementation status. If so, "every
>>> aspect" should be an enumerated list otherwise judging it is
>>> guesswork. And it might be wise to consider an escape hatch for things
>>> that might be more urgent but would otherwise get hung up on a formal
>>> interoperability report.
>> 
>> 
>> The phrase 'implementation report' is a reference to how the requirement
>> for running code is handled in the IDR working group. A good example of
>> how implementation & interopability are tracked is for example this wiki
>> page: https://wiki.ietf.org/group/idr/implementations/draft-ietf-idr-large-community <https://wiki.ietf.org/group/idr/implementations/draft-ietf-idr-large-community>
>> As part of the implementation report, often a (simple) interopability
>> matrix is produced.
>> 
>> 
>> I'd like the SIDROPS working group to take a similar approach as done
>> here: https://wiki.ietf.org/group/idr/implementations <https://wiki.ietf.org/group/idr/implementations>
>> 
>> 
>> Kind regards,
>> 
>> 
>> Job
>> 
>> 
>> _______________________________________________
>> Sidrops mailing list
>> Sidrops@ietf.org <mailto:Sidrops@ietf.org>
>> https://www.ietf.org/mailman/listinfo/sidrops <https://www.ietf.org/mailman/listinfo/sidrops>
>> 
>> 
>> 
>> _______________________________________________
>> Sidrops mailing list
>> Sidrops@ietf.org
>> https://www.ietf.org/mailman/listinfo/sidrops
> 
> _______________________________________________
> Sidrops mailing list
> Sidrops@ietf.org
> https://www.ietf.org/mailman/listinfo/sidrops

v2.23.0 | Report a Bug | By Email