IETF Logo Mail Archive

Re: [Sidrops] I-D Action: draft-ietf-sidrops-cms-signing-time-03.txt

Job Snijders <job@fastly.com> Thu, 18 January 2024 22:03 UTC

Return-Path: <job@fastly.com>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4CD84C14F61A for <sidrops@ietfa.amsl.com>; Thu, 18 Jan 2024 14:03:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.103
X-Spam-Level:
X-Spam-Status: No, score=-2.103 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=fastly.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id StSntDCNXwwQ for <sidrops@ietfa.amsl.com>; Thu, 18 Jan 2024 14:03:36 -0800 (PST)
Received: from mail-ed1-x52a.google.com (mail-ed1-x52a.google.com [IPv6:2a00:1450:4864:20::52a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8B77FC14F6BA for <sidrops@ietf.org>; Thu, 18 Jan 2024 14:03:25 -0800 (PST)
Received: by mail-ed1-x52a.google.com with SMTP id 4fb4d7f45d1cf-55790581457so97458a12.3 for <sidrops@ietf.org>; Thu, 18 Jan 2024 14:03:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastly.com; s=google; t=1705615403; x=1706220203; darn=ietf.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=OKCFI0QQszVOlDrZ0ATkCVxH5vY4kY1l+bON3jGZMuc=; b=R8z1GrSKnrXXyBzw1ACI0WcLTgBSDZTSVexWJXiocXQWiEQPxCjjdJpNvJhY0XW84V 7KwZ0ONd2ww0H5qnjLBPjHrHDMu9prkP7o5hJvznMXWc4Op9+n7RWIv5BWKzYSPKvqOv FYN1xHsYlyYtb49BxJjxPX9r0zqNOy74qYLGM=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1705615403; x=1706220203; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=OKCFI0QQszVOlDrZ0ATkCVxH5vY4kY1l+bON3jGZMuc=; b=NrHBN6iVZs+viAHWsb3sBffQmV9Cv4d0L0AKMAU3H7FCqjg18JSeiy1TDI0TdWhEE6 v5Js6AdUIZWz5i6ecwfFzRaPznC+onXQX7DQmHO1Isd+LIfO/0OKr9QLPR3jDJGAV5gF 8lGdE9FKclaWxWtbXSe60BzDY0ryTjIpEVieK3lMS0UZ6RgFbkv38ukIs68MCh5Glgod WCbDTnC56BIDRoICHuLhBG69XeswVWu8a0Bsn+8rycaUrBeh+xp/Wd2T0bsRvlDMr4/y vRxDTkOf612Es2IGkOqJZsyMI7grl1DCwO49g4NTgp0irx38IEEdpWPwJ2scwLcIe7uS /mJQ==
X-Gm-Message-State: AOJu0Yw6ZvDwJrTg4m8WV0YR0CtDcBDc1x8v7joJKeKSCTwU8gTJdoLu OOehRv7XXEXaDjlhVKylkWafXudlAY1exNDSrnztMshNIW9tmj/VQYFYEaDVN2OfG0js/flZPR+ EJ2Xr0D8l33HQFrLHRnpxFBa2kPwq9r6VC1V/bXhg11u0yj066wjdG9JU1ylP5xuxvT2kKzATOE J50sVINOQ7L/6THKwbhJN6Jw==
X-Google-Smtp-Source: AGHT+IFn0sVyGhkhY+XIqvSik1HfSzk56fII2NEahcq2rfGelWvJB7fcPDVUJC3mwGVN4Ub7ORE5Bg==
X-Received: by 2002:a05:6402:3588:b0:55a:2f50:53f3 with SMTP id y8-20020a056402358800b0055a2f5053f3mr783844edc.38.1705615403436; Thu, 18 Jan 2024 14:03:23 -0800 (PST)
Received: from snel ([2a10:3781:276:3:16f6:d8ff:fe47:2eb7]) by smtp.gmail.com with ESMTPSA id s15-20020aa7c54f000000b00559dfe96a18sm2499864edr.87.2024.01.18.14.03.22 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Jan 2024 14:03:23 -0800 (PST)
Date: Thu, 18 Jan 2024 23:03:21 +0100
From: Job Snijders <job@fastly.com>
To: sidrops@ietf.org
Message-ID: <ZamgKc5PTJPDcISD@snel>
References: <170561454824.54895.360140302624981870@ietfa.amsl.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <170561454824.54895.360140302624981870@ietfa.amsl.com>
X-Clacks-Overhead: GNU Terry Pratchett
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/Weda3lccb7UP03NUQHaWurCf__8>
Subject: Re: [Sidrops] I-D Action: draft-ietf-sidrops-cms-signing-time-03.txt
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Jan 2024 22:03:40 -0000

Dear all,

Another pass was made over the text to improve the structure of the
document and complete the surgery updates to RFC 6488. The
"Implementation Status" section was also updated.

Many thanks to everyone who reviewed the document this week!

As indicated, the authors would like to move towards WGLC.

Kind regards,

Job

On Thu, Jan 18, 2024 at 01:49:08PM -0800, internet-drafts@ietf.org wrote:
> Internet-Draft draft-ietf-sidrops-cms-signing-time-03.txt is now available. It
> is a work item of the SIDR Operations (SIDROPS) WG of the IETF.
> 
>    Title:   On the use of the CMS signing-time attribute in RPKI Signed Objects
>    Authors: Job Snijders
>             Tom Harrison
>    Name:    draft-ietf-sidrops-cms-signing-time-03.txt
>    Pages:   12
>    Dates:   2024-01-18
> 
> Abstract:
> 
>    In the Resource Public Key Infrastructure (RPKI), Signed Objects are
>    defined as Cryptographic Message Syntax (CMS) protected content types
>    by way of a standard template (RFC 6488).  That template includes an
>    optional CMS signing-time attribute, representing the purported time
>    at which the object was signed by its issuer.  At the time when the
>    standard template was defined, rsync was the only distribution
>    mechanism for RPKI repositories.
> 
>    Since the publication of the standard template, a new, additional
>    protocol for distribution of RPKI repositories has been developed:
>    the RPKI Repository Delta Protocol (RRDP).  While RPKI repository
>    operators must provide rsync service, RRDP is typically deployed
>    alongside it as well, and preferred by default by most Relying Party
>    (RP) implementations.  However, RP implementations also support
>    fallback to rsync in the event of problems with the RRDP service.  As
>    deployment experience with RRDP has increased, the usefulness of
>    optimizing switchovers by RPs from one mechanism to the other has
>    become apparent.
> 
>    This document describes how Publishers and RPs can use the CMS
>    signing-time attribute to minimize the burden of switching over from
>    RRDP to rsync.  Additionally, this document updates RFC 6488 by
>    mandating the presence of the CMS signing-time attribute and
>    disallowing the use of the binary-signing-time attribute.
> 
> The IETF datatracker status page for this Internet-Draft is:
> https://datatracker.ietf.org/doc/draft-ietf-sidrops-cms-signing-time/
> 
> There is also an HTMLized version available at:
> https://datatracker.ietf.org/doc/html/draft-ietf-sidrops-cms-signing-time-03
> 
> A diff from the previous version is available at:
> https://author-tools.ietf.org/iddiff?url2=draft-ietf-sidrops-cms-signing-time-03
> 
> Internet-Drafts are also available by rsync at:
> rsync.ietf.org::internet-drafts
> 
> 
> _______________________________________________
> Sidrops mailing list
> Sidrops@ietf.org
> https://www.ietf.org/mailman/listinfo/sidrops

v2.23.0 | Report a Bug | By Email