Re: [Sidrops] [sidr] [Technical Errata Reported] RFC6482 (7525)
Russ Housley <housley@vigilsec.com> Wed, 31 May 2023 17:48 UTC
Return-Path: <housley@vigilsec.com>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F3385C14CF15; Wed, 31 May 2023 10:48:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SYwfFQCsT80o; Wed, 31 May 2023 10:48:34 -0700 (PDT)
Received: from mail3.g24.pair.com (mail3.g24.pair.com [66.39.134.11]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 273AAC14CEFA; Wed, 31 May 2023 10:48:34 -0700 (PDT)
Received: from mail3.g24.pair.com (localhost [127.0.0.1]) by mail3.g24.pair.com (Postfix) with ESMTP id F0DC31703B9; Wed, 31 May 2023 13:48:32 -0400 (EDT)
Received: from [192.168.1.161] (unknown [96.241.2.243]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail3.g24.pair.com (Postfix) with ESMTPSA id C792217006F; Wed, 31 May 2023 13:48:32 -0400 (EDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.21\))
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <14822925-681F-44D9-AE5C-3BC00E140674@juniper.net>
Date: Wed, 31 May 2023 13:48:32 -0400
Cc: "sidrops@ietf.org" <sidrops@ietf.org>, Jim Guichard <james.n.guichard@futurewei.com>, IETF SIDR <sidr@ietf.org>, Chris Morrow <morrowc@ops-netman.net>, "sachaboudjema@gmail.com" <sachaboudjema@gmail.com>, Andrew Alston <andrew-ietf@liquid.tech>, "dkong@bbn.com" <dkong@bbn.com>, Steve Kent <kent@alum.mit.edu>
Content-Transfer-Encoding: quoted-printable
Message-Id: <076A2C9F-E41B-477A-A074-CDD3C0FBF0AE@vigilsec.com>
References: <20230526184930.82A2255D5E@rfcpa.amsl.com> <14822925-681F-44D9-AE5C-3BC00E140674@juniper.net>
To: John Scudder <jgs=40juniper.net@dmarc.ietf.org>
X-Mailer: Apple Mail (2.3445.104.21)
X-Scanned-By: mailmunge 3.11 on 66.39.134.11
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/_Pbv8814EE5HQvmMpEYIGDRfvwk>
Subject: Re: [Sidrops] [sidr] [Technical Errata Reported] RFC6482 (7525)
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 May 2023 17:48:38 -0000
John:
I think that the errata author is talking about:
RouteOriginAttestation ::= SEQUENCE {
version [0] INTEGER DEFAULT 0,
asID ASID,
ipAddrBlocks SEQUENCE (SIZE(1..MAX)) OF ROAIPAddressFamily }
ASID ::= INTEGER
ROAIPAddressFamily ::= SEQUENCE {
addressFamily OCTET STRING (SIZE (2..3)),
addresses SEQUENCE (SIZE (1..MAX)) OF ROAIPAddress }
That is, ipAddrBlocks contains one or more ROAIPAddressFamily structures.
I do not think that any implementers have been confused, so I think Hold for Document Update is the right way forward.
Russ
> On May 31, 2023, at 12:21 PM, John Scudder <jgs=40juniper.net@dmarc.ietf.org> wrote:
>
> +sidrops
>
> The substance of the erratum is:
>
> - The sentence "The addresses field represents prefixes as a sequence of type ROAIPAddress” is added at the end of the first paragraph.
>
> This seems like an OK change although not a necessary one. If verified, it’d be as editorial Hold For Document Update. It doesn’t seem like it adds much to the spec, so I’m not inclined to verify it but could be talked into it.
>
> - In the second paragraph:
> - “a ROAIPAddress structure” -> “the ROAIPAddress structure” (“a” becomes “the”)
> - The ROAIPAddress structure changes from a sequence of IPAddress, to a single IPaddress (capitalization sic)
>
> The submitter says this change would align the prose description with the ASN.1. However, I don’t see that — I’m hardly an ASN.1 expert, but on the face of it, this (from Appendix A, also present in Section 3) looks like a sequence, not a singleton. The word “sequence” is right there, in ALL CAPS even.
>
> ROAIPAddress ::= SEQUENCE {
> address IPAddress,
> maxLength INTEGER OPTIONAL }
>
> As far as I can tell, this change is wrong and should be rejected.
>
> I would appreciate a second opinion from someone more conversant with the RFC and associated technology than I am before I reject it.
>
> —John
>
>> On May 26, 2023, at 2:49 PM, RFC Errata System <rfc-editor@rfc-editor.org> wrote:
>>
>>
>> The following errata report has been submitted for RFC6482,
>> "A Profile for Route Origin Authorizations (ROAs)".
>>
>> --------------------------------------
>> You may review the report below and at:
>> https://urldefense.com/v3/__https://www.rfc-editor.org/errata/eid7525__;!!NEt6yMaO-gk!GngQXDPNfl9uVTFUdN8h1LmYMMzXgBRp-NQTdsuPLKBo7KLOI4k9kFTNxaLsmnpNBXUj3GVFEfbA57aSAEPHFg$
>>
>> --------------------------------------
>> Type: Technical
>> Reported by: Sacha Boudjema <sachaboudjema@gmail.com>
>>
>> Section: 3.3
>>
>> Original Text
>> -------------
>> Within the ROAIPAddressFamily structure, addressFamily contains the Address Family Identifier (AFI) of an IP address family. This specification only supports IPv4 and IPv6. Therefore, addressFamily MUST be either 0001 or 0002.
>>
>> Within a ROAIPAddress structure, the addresses field represents prefixes as a sequence of type IPAddress. (See [RFC3779] for more details). If present, the maxLength MUST be an integer ...
>>
>>
>> Corrected Text
>> --------------
>> Within the ROAIPAddressFamily structure, addressFamily contains the Address Family Identifier (AFI) of an IP address family. This specification only supports IPv4 and IPv6. Therefore, addressFamily MUST be either 0001 or 0002. The addresses field represents prefixes as a sequence of type ROAIPAddress.
>>
>> Within the ROAIPAddress structure, the address field represents an IPv4 or IPv6 prefix of type IPaddress (See [RFC3779] for more details). If present, the maxLength MUST be an integer ...
>>
>> Notes
>> -----
>> Original text contradicts does not align with normative ASN.1 schema.
>>
>> Instructions:
>> -------------
>> This erratum is currently posted as "Reported". If necessary, please
>> use "Reply All" to discuss whether it should be verified or
>> rejected. When a decision is reached, the verifying party
>> can log in to change the status and edit the report, if necessary.
>>
>> --------------------------------------
>> RFC6482 (draft-ietf-sidr-roa-format-12)
>> --------------------------------------
>> Title : A Profile for Route Origin Authorizations (ROAs)
>> Publication Date : February 2012
>> Author(s) : M. Lepinski, S. Kent, D. Kong
>> Category : PROPOSED STANDARD
>> Source : Secure Inter-Domain Routing
>> Area : Routing
>> Stream : IETF
>> Verifying Party : IESG
>
> _______________________________________________
> sidr mailing list
> sidr@ietf.org
> https://www.ietf.org/mailman/listinfo/sidr
- Re: [Sidrops] [Technical Errata Reported] RFC6482… John Scudder
- Re: [Sidrops] [sidr] [Technical Errata Reported] … Russ Housley
- Re: [Sidrops] [Technical Errata Reported] RFC6482… Job Snijders