Re: [Sidrops] 6486bis: referenced object validation

Tim Bruijnzeels <tim@nlnetlabs.nl> Fri, 04 December 2020 10:44 UTC

Return-Path: <tim@nlnetlabs.nl>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BDADA3A08E5 for <sidrops@ietfa.amsl.com>; Fri, 4 Dec 2020 02:44:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nlnetlabs.nl
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y3Y3lIFFiwlp for <sidrops@ietfa.amsl.com>; Fri, 4 Dec 2020 02:44:23 -0800 (PST)
Received: from outbound.soverin.net (outbound.soverin.net [IPv6:2a01:4f8:fff0:2d:8::215]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 90A913A08DA for <sidrops@ietf.org>; Fri, 4 Dec 2020 02:44:23 -0800 (PST)
Received: from smtp.soverin.net (unknown [10.10.3.24]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by outbound.soverin.net (Postfix) with ESMTPS id 14216600F1; Fri, 4 Dec 2020 10:44:22 +0000 (UTC)
Received: from smtp.soverin.net (smtp.soverin.net [159.69.232.138]) by soverin.net
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=nlnetlabs.nl; s=soverin; t=1607078661; bh=OQDEgNGeQkbS9gccBsGBrfSMTJXHVrfLmtLfnp4W7tE=; h=Subject:From:In-Reply-To:Date:Cc:References:To:From; b=xgH2rESL8BfAHAtnV4XP1srs4+MnBnuSbEeWIT5ZebAohsmrPwBiqS5zA6TDAdyzw eZftmGTrjJQ78VJk7bRvXt5HvX6Gn5NqCnJZs+RyaZ70mScvGZYibKQj3zfmP1FVOA NFWoAtmCgnz+BblqZa2sb2c6OgpO0a4fxHXs60xUcV90tCw9FynAVLpESTLZQP9bAL TvKYlOz/8mbs1rj2SlvswX6EYm78oBUnrrR8Rujf7GW6q3sgscDqvm9E53AkJKdChD FuLnMeSHAuBmeUOnzd8dl+tM2QymbZVtylYKr/LT9sTv8OyPZEQQj+K4nQyTjbopLc f27DWjopmUQ7w==
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.4\))
From: Tim Bruijnzeels <tim@nlnetlabs.nl>
In-Reply-To: <X8oSBlR1pDhX83nH@bench.sobornost.net>
Date: Fri, 4 Dec 2020 11:44:17 +0100
Cc: Martin Hoffmann <martin@opennetlabs.com>, SIDR Operations WG <sidrops@ietf.org>, Ben Maddison <benm=40workonline.africa@dmarc.ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <62CCDADA-E2B5-4354-82E5-995837633307@nlnetlabs.nl>
References: <20201203224213.gnb2nawujxm7a32q@benm-laptop> <20201204111651.4e865d7d@glaurung.nlnetlabs.nl> <X8oSBlR1pDhX83nH@bench.sobornost.net>
To: Job Snijders <job@ntt.net>
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/TU6JxpP0OKNFjVtk9vVThOZeyIE>
Subject: Re: [Sidrops] 6486bis: referenced object validation
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Dec 2020 10:44:26 -0000

Hi Job,

> On 4 Dec 2020, at 11:40, Job Snijders <job@ntt.net> wrote:
> 
> On Fri, Dec 04, 2020 at 11:16:51AM +0100, Martin Hoffmann wrote:
>> Under this approach, the manifest expresses which objects the CA
>> intended to publish. If all the objects listed on the manifest are
>> present with a matching hash, the publication point reflects the
>> intent of the CA and can be processed. If it contains invalid objects,
>> these can be discarded individually.
> 
> Indeed, I believe you've now captured the essence of why manifests
> exists at all. This is what rpki-client & FORT seem to have implemented.

I suggested this in August:
https://mailarchive.ietf.org/arch/msg/sidrops/Mldz5a43kPPotslF9bpNz10rysk/

I think a lot of this could have been avoided if we had this discussion then, but I welcome this now..


> Other than the hashes matching & files being present, additional
> conditions apply: the manifest & EE certificate need to be valid,
> current, latest, correctly encoded, part of the cert chain, CRL present,
> etc.

Indeed

> 
> Kind regards,
> 
> Job
> 
> _______________________________________________
> Sidrops mailing list
> Sidrops@ietf.org
> https://www.ietf.org/mailman/listinfo/sidrops