Re: [Sidrops] feedback on draft-michaelson-rpki-rta

Stephen Kent <stkent@verizon.net> Mon, 11 January 2021 15:31 UTC

To: sidrops@ietf.org
References: <X+d3+e5Rj/Q7Dchv@bench.sobornost.net> <20201229101412.GA56136@diehard.n-r-g.com> <X+scpsd6kDQ72nLa@bench.sobornost.net> <49a8e314-7b3f-0e8d-6e20-7d055fb1a076@verizon.net> <20201229151639.GD56136@diehard.n-r-g.com> <X+tR06kF3aPZ4+18@bench.sobornost.net> <20201230144836.ytg4u2gobkv4uzqn@benm-laptop> <3BA339C3-EADC-449E-B5B2-7A4880E16EDA@nlnetlabs.nl>
From: Stephen Kent <stkent@verizon.net>
Message-ID: <523f7597-7de9-d8db-f9d0-eb3b9b08f5ed@verizon.net>
Date: Mon, 11 Jan 2021 10:31:21 -0500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.6.0
MIME-Version: 1.0
In-Reply-To: <3BA339C3-EADC-449E-B5B2-7A4880E16EDA@nlnetlabs.nl>
Content-Type: multipart/alternative; boundary="------------3EAFF5FD4A13FC928DED92AC"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/O3YT7zdwQHBPZPt2siTGB_6xocY>
Subject: Re: [Sidrops] feedback on draft-michaelson-rpki-rta
Precedence: list

Tim,

You said:

    The use case is intentionally*_not_ limited to secure routing*  and publishing in the RPKI may not be necessary in envisaged cases.

The CP (RFC 6484) imposes constraints on the set of uses for certs 
issued under the RPKI (and thus containing the designated policy OID). 
As noted in the introduction, RPKI certs are "designed exclusively for 
use in support of validation of claims related to current INR holdings." 
Using ANY cert containing the OID defined in the CP for ageneric set of 
cases violates the CP. Thus it is inappropriate to publish a spec that 
uses certs issued under the RPKI (whether published in the repository 
system or not) for applicatons inconsistent with the CP.

Steve

[Sidrops] feedback on draft-michaelson-rpki-rta Job Snijders
Re: [Sidrops] feedback on draft-michaelson-rpki-r… Claudio Jeker
Re: [Sidrops] feedback on draft-michaelson-rpki-r… Job Snijders
Re: [Sidrops] feedback on draft-michaelson-rpki-r… Stephen Kent
Re: [Sidrops] feedback on draft-michaelson-rpki-r… Claudio Jeker
Re: [Sidrops] feedback on draft-michaelson-rpki-r… Job Snijders
Re: [Sidrops] feedback on draft-michaelson-rpki-r… Stephen Kent
Re: [Sidrops] feedback on draft-michaelson-rpki-r… Ben Maddison
Re: [Sidrops] feedback on draft-michaelson-rpki-r… Tim Bruijnzeels
Re: [Sidrops] feedback on draft-michaelson-rpki-r… Korsback, Fredrik
Re: [Sidrops] feedback on draft-michaelson-rpki-r… Tim Bruijnzeels
Re: [Sidrops] feedback on draft-michaelson-rpki-r… Stephen Kent
Re: [Sidrops] feedback on draft-michaelson-rpki-r… George Michaelson
Re: [Sidrops] feedback on draft-michaelson-rpki-r… Ben Maddison
Re: [Sidrops] feedback on draft-michaelson-rpki-r… Martin Hoffmann
Re: [Sidrops] feedback on draft-michaelson-rpki-r… Job Snijders
Re: [Sidrops] feedback on draft-michaelson-rpki-r… George Michaelson
Re: [Sidrops] feedback on draft-michaelson-rpki-r… Job Snijders
Re: [Sidrops] feedback on draft-michaelson-rpki-r… Job Snijders
Re: [Sidrops] feedback on draft-michaelson-rpki-r… Martin Hoffmann
Re: [Sidrops] feedback on draft-michaelson-rpki-r… Di Ma