Re: [Sidrops] what to do when the CRL is hosed?

Oleg Muravskiy <oleg@ripe.net> Wed, 26 February 2020 08:28 UTC

Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 13.0 \(3608.60.0.2.5\))
From: Oleg Muravskiy <oleg@ripe.net>
In-Reply-To: <CAKr6gn2wJg1DYBOm6Ccn3ChggVB9Srhw2oEF76OZ_kLcPMsYcw@mail.gmail.com>
Date: Wed, 26 Feb 2020 09:28:33 +0100
Content-Transfer-Encoding: quoted-printable
Message-Id: <766BF90A-C42B-47B3-B62E-C429E48BBBD7@ripe.net>
References: <20200224151532.GD19221@vurt.meerval.net> <20200224211531.GB60925@vurt.meerval.net> <20200225090338.10464b1a@glaurung.nlnetlabs.nl> <9cc3a6a5-f9c8-23df-588e-48dee5db62d4@verizon.net> <CAKr6gn2wJg1DYBOm6Ccn3ChggVB9Srhw2oEF76OZ_kLcPMsYcw@mail.gmail.com>
To: SIDR Operations WG <sidrops@ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/V6o2peGoVtEX9ERy0DlNw5eAPUQ>
Subject: Re: [Sidrops] what to do when the CRL is hosed?
Precedence: list

I tend to agree with Steve and George that manifests could not replace CRLs. And while the rfc5280/section-6.3 only demands to fetch the (time-wise) valid CRL and does not specify what to do if that isn’t possible, my interpretation of this section is that the validator should not accept/ignore a CRL past its validity period.

With regard to manifests, the number of inconsistencies between the content of a manifest and a repository, the absence of rules of how to handle these inconsistencies, and as a result, the complexity of processing manifests during validation is much higher than the complexity of processing the CRL. I would rather get rid of manifests after fully transitioning to RRDP than putting more responsibilities on manifests.

But this is of course me as a software developer speaking. The decision should be made by operators.

Oleg

[Sidrops] what to do when the CRL is hosed? Job Snijders
Re: [Sidrops] what to do when the CRL is hosed? Job Snijders
Re: [Sidrops] what to do when the CRL is hosed? Job Snijders
Re: [Sidrops] what to do when the CRL is hosed? Jared Mauch
Re: [Sidrops] what to do when the CRL is hosed? Francisco Javier Moreno Arana
Re: [Sidrops] what to do when the CRL is hosed? Ben Maddison
Re: [Sidrops] what to do when the CRL is hosed? Job Snijders
Re: [Sidrops] what to do when the CRL is hosed? Martin Hoffmann
Re: [Sidrops] what to do when the CRL is hosed? Stephen Kent
Re: [Sidrops] what to do when the CRL is hosed? George Michaelson
Re: [Sidrops] what to do when the CRL is hosed? Louis Poinsignon
Re: [Sidrops] what to do when the CRL is hosed? Job Snijders
Re: [Sidrops] what to do when the CRL is hosed? Christopher Morrow
Re: [Sidrops] what to do when the CRL is hosed? George Michaelson
Re: [Sidrops] what to do when the CRL is hosed? Jared Mauch
Re: [Sidrops] what to do when the CRL is hosed? Randy Bush
Re: [Sidrops] what to do when the CRL is hosed? Di Ma
Re: [Sidrops] what to do when the CRL is hosed? Oleg Muravskiy
Re: [Sidrops] what to do when the CRL is hosed? Tim Bruijnzeels
Re: [Sidrops] what to do when the CRL is hosed? Robert Kisteleki
Re: [Sidrops] what to do when the CRL is hosed? Stephen Kent
Re: [Sidrops] what to do when the CRL is hosed? Job Snijders
Re: [Sidrops] what to do when the CRL is hosed? Stephen Kent
Re: [Sidrops] what to do when the CRL is hosed? Robert Kisteleki
Re: [Sidrops] what to do when the CRL is hosed? Tim Bruijnzeels
Re: [Sidrops] what to do when the CRL is hosed? Tim Bruijnzeels
Re: [Sidrops] what to do when the CRL is hosed? Nathalie Trenaman
Re: [Sidrops] what to do when the CRL is hosed? Claudio Jeker
Re: [Sidrops] what to do when the CRL is hosed? Stephen Kent
Re: [Sidrops] what to do when the CRL is hosed? Stephen Kent
Re: [Sidrops] what to do when the CRL is hosed? Robert Kisteleki
Re: [Sidrops] what to do when the CRL is hosed? Job Snijders
Re: [Sidrops] what to do when the CRL is hosed? Rob Austein
Re: [Sidrops] what to do when the CRL is hosed? Tim Bruijnzeels
Re: [Sidrops] what to do when the CRL is hosed? Job Snijders
Re: [Sidrops] what to do when the CRL is hosed? Tim Bruijnzeels
Re: [Sidrops] what to do when the CRL is hosed? Tim Bruijnzeels
Re: [Sidrops] what to do when the CRL is hosed? Martin Hoffmann
Re: [Sidrops] what to do when the CRL is hosed? Job Snijders
Re: [Sidrops] what to do when the CRL is hosed? Oleg Muravskiy
Re: [Sidrops] what to do when the CRL is hosed? Stephen Kent
Re: [Sidrops] what to do when the CRL is hosed? Stephen Kent
Re: [Sidrops] what to do when the CRL is hosed? Stephen Kent
Re: [Sidrops] what to do when the CRL is hosed? Job Snijders
Re: [Sidrops] what to do when the CRL is hosed? Job Snijders
Re: [Sidrops] what to do when the CRL is hosed? Stephen Kent
Re: [Sidrops] what to do when the CRL is hosed? Christopher Morrow
Re: [Sidrops] what to do when the CRL is hosed? George Michaelson
Re: [Sidrops] what to do when the CRL is hosed? Di Ma
Re: [Sidrops] what to do when the CRL is hosed? Christopher Morrow
Re: [Sidrops] what to do when the CRL is hosed? Christopher Morrow
Re: [Sidrops] what to do when the CRL is hosed? Robert Kisteleki
Re: [Sidrops] what to do when the CRL is hosed? Robert Kisteleki
Re: [Sidrops] what to do when the CRL is hosed? Martin Hoffmann
Re: [Sidrops] what to do when the CRL is hosed? Claudio Jeker
Re: [Sidrops] what to do when the CRL is hosed? Job Snijders
Re: [Sidrops] what to do when the CRL is hosed? Christopher Morrow
Re: [Sidrops] what to do when the CRL is hosed? Jay Borkenhagen
Re: [Sidrops] what to do when the CRL is hosed? Randy Bush
Re: [Sidrops] what to do when the CRL is hosed? Lukas Tribus
Re: [Sidrops] what to do when the CRL is hosed? Randy Bush
Re: [Sidrops] what to do when the CRL is hosed? Martin Hoffmann
Re: [Sidrops] what to do when the CRL is hosed? Lukas Tribus
Re: [Sidrops] what to do when the CRL is hosed? Tim Bruijnzeels
Re: [Sidrops] what to do when the CRL is hosed? Robert Kisteleki
Re: [Sidrops] what to do when the CRL is hosed? Martin Hoffmann
Re: [Sidrops] what to do when the CRL is hosed? Stephen Kent
Re: [Sidrops] what to do when the CRL is hosed? Randy Bush