IETF Logo Mail Archive

Re: [Sidrops] WGLC - draft-ietf-sidrops-rfc6482bis - ENDS: July 17, 2023 (07/17/2023)

Christopher Morrow <christopher.morrow@gmail.com> Sun, 23 July 2023 01:25 UTC

Return-Path: <christopher.morrow@gmail.com>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BBEB5C15107D; Sat, 22 Jul 2023 18:25:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.098
X-Spam-Level:
X-Spam-Status: No, score=-7.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UDlI17GU-P00; Sat, 22 Jul 2023 18:25:56 -0700 (PDT)
Received: from mail-ua1-x930.google.com (mail-ua1-x930.google.com [IPv6:2607:f8b0:4864:20::930]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EE4DAC151079; Sat, 22 Jul 2023 18:25:55 -0700 (PDT)
Received: by mail-ua1-x930.google.com with SMTP id a1e0cc1a2514c-79a0b4c6314so369895241.1; Sat, 22 Jul 2023 18:25:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1690075554; x=1690680354; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=LrCspkNWUdOiZYpHHx6ELCXh97rMHRkWaCcGWd7if8s=; b=VKInDbf0+vRqEUQH3jI4kKWFnMVByP3FeyiTJlLop7iHljsxNLxpkfNcTniFqvqRd4 Z7Fpb2HLxjWx/Qiin0eA5bHDj7NTo49yX3/zUCytk1UlCTKiKk2CQk8v6Dd3pF0sKGTl bVZoll13YWR1wI5fs5wlpsX+ja0st12lSVX1sebkx8aXhQRHLPeqc5reUpGW4GQWiDb4 Xepc4SrqXWe5Q4p30LUT+8KSb67bqGSI7RQ3B+PeItDar5Zo50761oc7CinznjxjLSYX w1wb2k+GjDLKeCA+f4csd87VTH751Bz5Q5oR3m65P1gupsZPU+nAfB3ifgvSWXI/XSPW pErg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1690075554; x=1690680354; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=LrCspkNWUdOiZYpHHx6ELCXh97rMHRkWaCcGWd7if8s=; b=KAIpiJSZt/+76V8ect8/5D97cZ7Mh7rQEgCo+GgVFEyye2KhERmkC9q0AtJjAonts1 wdsAyGlJFe7HVOsTBbV0CtZVdtPsdQ6nJ00rtO7LfgGMiS3Ocx0ZZw+O6UyLF0bEHp2/ VefDdCdMOmlnkt1P79WfQZ0ZC/zt/eRW2utD6aqFcbBvDOly/3zzI6gggPC1Cs5Kb4RJ H8DHJ3a+Dpvv3O3OpDac2HYBK1D/ln7/2/lS82Iq7fukLl5Au+lm8Ef440Ywg/zLY3Pz JiplJuDl8a6NMkPDecZ6cJxnyO9gL2yUfRZr+z2tKN95K90ykhjLKvcncpL4rdk8tp87 YSDw==
X-Gm-Message-State: ABy/qLZ3c36kq40/FxKoTrXjvXbona4/ew75evXT9ApXzgh/vnRjiKAe ybdUeGHobbAESQ7xWD6vjC/2Ca0eNeMFrwPFf98=
X-Google-Smtp-Source: APBJJlHsIEpUc39exw1BfHiN3XsPuUAigU+dTsMDslXu09vlLDKc7PQs1ad1sgZNOwyIp9nNE5YQT3Z9vq4T6K8jpVA=
X-Received: by 2002:a1f:3d8f:0:b0:481:4505:9fe1 with SMTP id k137-20020a1f3d8f000000b0048145059fe1mr1952297vka.5.1690075554548; Sat, 22 Jul 2023 18:25:54 -0700 (PDT)
MIME-Version: 1.0
References: <CAL9jLaZC0x-JyEU2UvZxedDupUZ1_XzYVuFUnqkoD9Tq-r_9Lg@mail.gmail.com> <CAL9jLaZBXgCNgnwONMq3-djvSniRBpU2U3wjGk1_rKJ4fRe+bg@mail.gmail.com> <ZJvlPr5CKgzgexYv@theobuehler.org> <ZJvrCQKxnwWKTp/y@snel> <CAL9jLaYztNAuyrE+Fm4BJ+YEeUaLXKtrheeQNG5ushmn2K+-5g@mail.gmail.com> <B6CA486C-C78E-460C-A8E8-9F633EED2D09@ripe.net> <CAL9jLabiR0DXhj42M7znNDD=KeMWQin-yO4NoOmD2sKDbqjwfQ@mail.gmail.com> <FF4D3669-8FEF-4D34-812D-4E33D760FD0F@nlnetlabs.nl>
In-Reply-To: <FF4D3669-8FEF-4D34-812D-4E33D760FD0F@nlnetlabs.nl>
From: Christopher Morrow <christopher.morrow@gmail.com>
Date: Sat, 22 Jul 2023 18:25:43 -0700
Message-ID: <CAL9jLab_-ZnwCOAdfGNK-45D7s+X5HsYRKmZb-ry6xTV-sinFw@mail.gmail.com>
To: Tim Bruijnzeels <tim@nlnetlabs.nl>
Cc: Ties de Kock <tdekock@ripe.net>, Job Snijders <job@fastly.com>, Theo Buehler <tb@theobuehler.org>, sidrops-ads@ietf.org, SIDR Operations WG <sidrops@ietf.org>, SIDROps Chairs <sidrops-chairs@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/TE36r0EKTBIaco7PVk2zM-um-QM>
Subject: Re: [Sidrops] WGLC - draft-ietf-sidrops-rfc6482bis - ENDS: July 17, 2023 (07/17/2023)
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 23 Jul 2023 01:25:57 -0000

On Sat, Jul 22, 2023 at 11:41 AM Tim Bruijnzeels <tim@nlnetlabs.nl> wrote:
>
> Hi
>
> > On 21 Jul 2023, at 22:56, Christopher Morrow <christopher.morrow@gmail.com> wrote:
> >
> >>
> >> All ROA’s are republished “regularly” (on average a yearly cycle).
> >>
> >> However to get this implemented you would need the installed base of CA software
> >> to be updated, then wait for this rollover to happen. If I recall there was nor
> >> threat being mitigated here --- I would not do a flag day "to practice" if this
> >> is for aesthetic reasons.
> >
> > seems fair, yes I agree you'd want to delay until all publishers were updated.
> > that's a relatively small field of software and actually a relatively
> > small field of users.
> >
> > This is some of the same argument about making v6 changes ~15 yrs
> > back: "vast install base!!"
> > :)
> >
> > My point in bringing this up was REALLY:
> >  1) if this is causing code complexity and possible mishandling of
> > data we should fix it sooner rather than later.
> >  2) if there is nothing here but 'ugh I need to test this so I have
> > to sort both before compares!' - ok, cool... err, that's light duty as
> > a problem
> >
> > Ties sounds like they say: "Meh, there is not a PROBLEM, just a
> > nice-to-have perhaps"
>
> As a CA implementer... I have no objection to adding ordering when encoding in a future release if it helps some RP implementations.
>
> But I will need a better description of what order to use. I get that RFC 3779 orders by start addresses and puts IPv4 before IPv6. But in this case, there can be multiple prefixes with the same start address, e.g. if both 10.0.0.0/20 and 10.0.0.0/24 are present. It needs to be clear what the tiebreaker is (shorter prefix first or last?).
>

understood.

> >> Also, I like order, but is it a 'nice to have' (makes testing and such
> >> simpler) or:
> >> "boy for reason x, y, z this is actually important there's a ton of
> >> complex code to
> >>  handle this unordered list and the tech-debit over time would be
> >> nice to clean up!"
> >>
> >>
> >> In my implementation this check _caused_ additional complexity because of the
> >> check that had to be implemented.
> >
> > :) ok.
> >
> > So, 1 person says: "meh, not important".
>
>
> I think it's out of scope for this -bis.
>

oh sure, I did something I often do (and have yet to learn NOT to do)
I asked a question and ended up conflating 2 things :(
sorry about that.

> Or well... there could be a RECOMMENDED or KINDLY ASKED ;) to order, but if the objective would be to start rejecting unordered ROAs then this is a breaking change. That needs a clearly formulated plan - even if, in this case, we may be able to avoid a version increase because the actual object encoding is not changed. I don't think we can do this as part of the LC of this document. Perhaps a separate document would work, or LC is cancelled for now, and we take the time to discuss.
>
> Speaking for myself on the time to discuss... I had a few moments to reply today, but I won't have time to really think this all through until late August.
>
>
> Tim

v2.23.0 | Report a Bug | By Email