Re: [Sidrops] proposed, revised text for Section 6
Stephen Kent <stkent@verizon.net> Thu, 07 May 2020 17:30 UTC
Return-Path: <stkent@verizon.net>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 815F93A0AFA for <sidrops@ietfa.amsl.com>; Thu, 7 May 2020 10:30:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.101
X-Spam-Level:
X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=verizon.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pjpzIjlz_Kft for <sidrops@ietfa.amsl.com>; Thu, 7 May 2020 10:30:50 -0700 (PDT)
Received: from sonic310-14.consmr.mail.bf2.yahoo.com (sonic310-14.consmr.mail.bf2.yahoo.com [74.6.135.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E4AF73A0C40 for <sidrops@ietf.org>; Thu, 7 May 2020 10:30:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=verizon.net; s=a2048; t=1588872635; bh=snxra/TuJ00LWwONV9PtAPlg+ac/su4XGHquIU3r6KI=; h=Subject:To:References:From:Date:In-Reply-To:From:Subject; b=INI3OGvm3RvchkHHhC8NYIj7nqQySth11yP6VoJoGrjcQPyJUEubmFIY962neMCg3AO3C+0ME2dfF7weMDKv5t1tKX0/Ui/sm3TW7iPrswAa0+P5WM18usOUORZwbCWJ1SJepSnGuSg0zdBNRGh3ZCYN+nCa0v9JMWc3dVMdLZYpNxmVRbm3P2loQiF9ATzUt/MjYB/8J8I9yLCifsD4+7v7f1qoCweQPCmqVaZn+K/qnm2D/B+aL8ylbpjtk4IDN04Mn96Yab/aJ4vDHiUJMScE3rVeG29smjW+5854vVSgDxh4SyMPJTw/X+eCWCfhfRaRxJxGn0u+d3RYnSSQ5g==
X-YMail-OSG: cd80R6EVM1nWJT2FXFH69sbhOr1FAoATdIVqmsffSHBgz0jF1tLR9lqqPweqmU1 xc6b730Nt5zlMFHbJOE1N_dV.SxzQz0xRcmt2oLw0TdolP6O2KD0WVquLcvTBwNeQxHp78bk0McT KxnyU5i0jiXqV9x55qi2RWPFIDsDP9XqRyAOj5D7Ex_fTO7SD.Jz4OziEH_wAIOErTbkrNmk4exu N_4vTYjD7pmYmpzPAGRVXs7QFtxc_CJvw9MUCPVvW_qpTM0FBUSkZCcGrWTG75.I9Ar775IyJh.p .js_zG02nIrI87OJJ7kZzbHF6Zb7TCTioxKQEAMc8dof0fWyDrWAZgYUi84a.jmTiyLjfqlE.6BW IoWiKwxXwkU82q7DM68GeBgVDoXm7LlBs2q139tEA.NhiTC6GH_9Bcp8JK6paI_Ig8x2aY..2IeS yoQEeI2HTVV7TKMDpyPM22cnlhmxaIuStOu.ooW8c46llgMX6xnpsIhjV26KhROVzUYoNKCT9rOg SvmPynRDQk1RWXCLClAxzlNlg7d40CyY11.2CtuIX4sMP.D4HUMJ1zQ.JT.3pJIgOiY5w..VNfsu dClxW8kFBGHepNyHxpZuVNdgbvn_o9PoWmabignig3XxC0NQEHPrLLgze.3ozAb_RUwyvizlCUWm TeSEtiyHwVOqQ5sSt5y3pKHUKWVlN7vFXokr8GfbSNGNdKsDURWZaG..rXbWifr4kJIJiuyT0wrk vJ7a0DPH97c1Yb.r1iUhQv2LDVMXQGg_CQ50P9A30.bTH635OJ5p3ekhCHNoQEVWWfjPieNjvJyx PaW7yrnGiFsXD_xZ2h.hZDrwVer4JTIEip30yIawOV9lBzlrPDh1evF6qgoJzZai6FAF0jIXOMjn LZJBvbbSbAW2ZoqlRM5o7eWl1N820Grpow0xEILw_CwY.IFA.iDbnzXWRbYUlPzx0hADMgbd8NTE scpfCbc1djfdJFUxqkRv4X5On8uGf8Hua2yu3dPH_j2ugDtabRDzijJV0zbDfXReVltBodWTOiEz det9aNwwp6z_yPH4F6fWYkQsAYKdTqIbreBQ7soem7tfLz4poPANb0lm1xvbkXpHuRP81wBd6xLg b8IQlwCb3HZXJXrSWvzoD9vRSgGk38PmUr2mHVDUpQpheb4Pzheewqm1Saofl88QhlQmPcy5BJk5 R_5OyTLvokBZy6C4zBtO31WjXP2a_9SN_DkdoNCPSAUYM9PCHm5AWcDBxLS8JJ.5xBCjfaMdwClt YZ5pGdaxiEXpm_qDaoxZf7XkWzaCD9DOlIA6vh.e8Mh_BH1aM3gvO6ctxYIrFU54tU1dhTFRK.BP 2FCapxpumuZbXQx8JfGY2Znlgq4BM0WtOLSFGpJlIa6EOSMmR1TcQc1kdFV7t8zpfQtTFhJNv
Received: from sonic.gate.mail.ne1.yahoo.com by sonic310.consmr.mail.bf2.yahoo.com with HTTP; Thu, 7 May 2020 17:30:35 +0000
Received: by smtp402.mail.bf1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 219d55b25d0b5661cf23e51766119709; Thu, 07 May 2020 17:30:32 +0000 (UTC)
To: sidrops@ietf.org
References: <557f0928-c7b1-4b8d-b3b6-078733f7ef8a.ref@verizon.net> <557f0928-c7b1-4b8d-b3b6-078733f7ef8a@verizon.net> <1065C1CC-191A-4CFF-A87C-4F1CB165F303@ripe.net> <507640b8-30e7-9f95-e6ed-adba12efb090@verizon.net> <7A134E0C-52E1-4FAD-A4E6-D971EFCDC63E@nlnetlabs.nl> <cc0fb3bc-1ebf-9417-fa60-361cb899b938@verizon.net> <20200507154552.GD72636@vurt.meerval.net>
From: Stephen Kent <stkent@verizon.net>
Message-ID: <3493e056-c5cf-3e66-b141-03ad24eb0e43@verizon.net>
Date: Thu, 07 May 2020 13:30:31 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:68.0) Gecko/20100101 Thunderbird/68.8.0
MIME-Version: 1.0
In-Reply-To: <20200507154552.GD72636@vurt.meerval.net>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Content-Language: en-US
X-Mailer: WebService/1.1.15756 hermes Apache-HttpAsyncClient/4.1.4 (Java/11.0.6)
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/_paxSJI9hiI99cSY9FsUjx6-BWg>
Subject: Re: [Sidrops] proposed, revised text for Section 6
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 May 2020 17:30:53 -0000
Job, > On Thu, May 07, 2020 at 11:38:21AM -0400, Stephen Kent wrote: >> What do we want to do if we encounter two or more .crl files in a >> manifest? use the first one, ignore any others, and issue a warning? > Which one is the first one? The fileList is an (unordered) sequence of > FileAndHash objects, right? The ASN.1 for fileList is a SEQUENCE. In ASN.1 terms, this means it is ordered. A SET is used to represent an unordered collection of data items. So there is no ambiguity about ordering of files here. > Shouldn't standard X509 be followed here? Only use the CRL that the .cer > points to? I was under the impression that the CRL exists as part of the > X509 validation, rather than as part of the 'RPKI validation overlay'? This document focuses on how to use a manifest to decide which files at a pub point are to be processed, which is why I thought about the issue of multiple CRLs from that perspective. But, I agree that we ought to rely first on the CRL identified by the the CRLDP in the CA cert, and then confirm that the manifest includes that file. If we adopt that approach, the ordering or .crl files in a manifestwill not be relevant. Steve
- [Sidrops] proposed, revised text for Section 6 Stephen Kent
- Re: [Sidrops] proposed, revised text for Section 6 George Michaelson
- Re: [Sidrops] proposed, revised text for Section 6 Randy Bush
- Re: [Sidrops] proposed, revised text for Section 6 Job Snijders
- Re: [Sidrops] proposed, revised text for Section 6 Stephen Kent
- Re: [Sidrops] proposed, revised text for Section 6 Stephen Kent
- Re: [Sidrops] proposed, revised text for Section 6 Job Snijders
- Re: [Sidrops] proposed, revised text for Section 6 Randy Bush
- Re: [Sidrops] proposed, revised text for Section 6 Stephen Kent
- Re: [Sidrops] proposed, revised text for Section 6 Stephen Kent
- Re: [Sidrops] proposed, revised text for Section 6 Oleg Muravskiy
- Re: [Sidrops] proposed, revised text for Section 6 Jay Borkenhagen
- Re: [Sidrops] proposed, revised text for Section 6 Stephen Kent
- Re: [Sidrops] proposed, revised text for Section 6 Stephen Kent
- Re: [Sidrops] proposed, revised text for Section 6 Randy Bush
- Re: [Sidrops] proposed, revised text for Section 6 Tim Bruijnzeels
- Re: [Sidrops] proposed, revised text for Section 6 Tim Bruijnzeels
- Re: [Sidrops] proposed, revised text for Section 6 Stephen Kent
- Re: [Sidrops] proposed, revised text for Section 6 Job Snijders
- Re: [Sidrops] proposed, revised text for Section 6 Stephen Kent
- Re: [Sidrops] proposed, revised text for Section 6 Oleg Muravskiy