Re: [Sidrops] feedback on draft-michaelson-rpki-rta

Ben Maddison <benm@workonline.africa> Wed, 30 December 2020 14:48 UTC

Return-Path: <benm@workonline.africa>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2513B3A0BDF for <sidrops@ietfa.amsl.com>; Wed, 30 Dec 2020 06:48:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, MSGID_FROM_MTA_HEADER=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=workonline.africa
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3qqneaftG24T for <sidrops@ietfa.amsl.com>; Wed, 30 Dec 2020 06:48:48 -0800 (PST)
Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-eopbgr70044.outbound.protection.outlook.com [40.107.7.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E39E93A0BDC for <sidrops@ietf.org>; Wed, 30 Dec 2020 06:48:46 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=PxJ8LgZuvJgKWYjFaC47c1LL2ROZ7G8GOHcsE70klCNIVh7kzhRQvCTtnoC2flD2vI1Vg9ZR17CtMmrwB3motyIi70zLQEoE9JLy/PQgq8J5wcGThE1RoVqoYAxuguyGaXGrz+p1qaqg/bybq+/QMD/GMcAvhtx7vUABC7G+6nROWybxkLf78LsbOIFMYHqEx+HkL0hfH+RwpE49CkrZN8SfcjduJBeYZyuOwUgo48nmQOc0DrVAMklREW8i+t8KDRAOtSYHb2+m+zQvf8MqGpMqKIbk6Pn1mmRN5PJnhalho81y6Cx2gIBo1/gxA+y1IOFOHlPuRdt9DU5Br2QRrg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=cYQHAY7+gqEU71B6YejzhI9vo9wFkZFuNi3OHWT8YsE=; b=Dk1zzLbn1LHYnFmBSvyxeOPvBMMiZTetxEaGI6HScNhJrwLcqrx7kecxw/jQdxS4QjLEz6mW9ulrtm6oKkN9I/kNw+wjdFTNnrmkdr+Dbf2hWd9+3M0kjeMY2UhfPEjLUabe9TEnZjfPad7o1DqOPiXKN0AMY+RD9heUtlUuv3hvQbSJaMz5V4s1vqsbBwc9MCUHiAPEF5HabM8nomH+2EmkcP4X+AwBdOjVC5InhAcoLsYyum5S6RIf3xWAWQI26XdPUaMa43cMiYiddN2ip9HQKwFVk9OIvB4lhC/sUu1gw1GN+mYQ3aE1+0nspASJR4GulmPH+A/kMWpjcWCpww==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=workonline.africa; dmarc=pass action=none header.from=workonline.africa; dkim=pass header.d=workonline.africa; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=workonline.africa; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=cYQHAY7+gqEU71B6YejzhI9vo9wFkZFuNi3OHWT8YsE=; b=j/vt3zuC4D92AQisoE5NviILYyU7x615bSVe9cI0owiE15yhDtKbGWoqKJ+bMy3o0sAAJ/gAGgoJXQeHi2Kue+6i601BfeBVq6R+7nD3BOJbg4hlUoUX0if6e5GJk8jyfqm0F0kFY//t3+9zCoFOrpdI8g/tdHg0ilw08Rvex9Q=
Authentication-Results: sobornost.net; dkim=none (message not signed) header.d=none;sobornost.net; dmarc=none action=none header.from=workonline.africa;
Received: from DB8P190MB0746.EURP190.PROD.OUTLOOK.COM (2603:10a6:10:12a::24) by DB8P190MB0697.EURP190.PROD.OUTLOOK.COM (2603:10a6:10:125::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3700.27; Wed, 30 Dec 2020 14:48:44 +0000
Received: from DB8P190MB0746.EURP190.PROD.OUTLOOK.COM ([fe80::a8b1:5eb6:5886:96c2]) by DB8P190MB0746.EURP190.PROD.OUTLOOK.COM ([fe80::a8b1:5eb6:5886:96c2%4]) with mapi id 15.20.3721.020; Wed, 30 Dec 2020 14:48:44 +0000
Date: Wed, 30 Dec 2020 16:48:36 +0200
From: Ben Maddison <benm@workonline.africa>
To: Job Snijders <job@sobornost.net>
Cc: sidrops@ietf.org
Message-ID: <20201230144836.ytg4u2gobkv4uzqn@benm-laptop>
References: <X+d3+e5Rj/Q7Dchv@bench.sobornost.net> <20201229101412.GA56136@diehard.n-r-g.com> <X+scpsd6kDQ72nLa@bench.sobornost.net> <49a8e314-7b3f-0e8d-6e20-7d055fb1a076@verizon.net> <20201229151639.GD56136@diehard.n-r-g.com> <X+tR06kF3aPZ4+18@bench.sobornost.net>
Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="ohsmfggd3g24j2qp"
Content-Disposition: inline
In-Reply-To: <X+tR06kF3aPZ4+18@bench.sobornost.net>
X-Originating-IP: [160.119.236.50]
X-ClientProxiedBy: JNXP275CA0017.ZAFP275.PROD.OUTLOOK.COM (2603:1086:0:19::29) To DB8P190MB0746.EURP190.PROD.OUTLOOK.COM (2603:10a6:10:12a::24)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from localhost (160.119.236.50) by JNXP275CA0017.ZAFP275.PROD.OUTLOOK.COM (2603:1086:0:19::29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3700.27 via Frontend Transport; Wed, 30 Dec 2020 14:48:43 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 889d6706-da9f-4030-ec13-08d8acd2017a
X-MS-TrafficTypeDiagnostic: DB8P190MB0697:
X-Microsoft-Antispam-PRVS: <DB8P190MB06973FAC1F6DA4EAABE487E0C0D70@DB8P190MB0697.EURP190.PROD.OUTLOOK.COM>
X-MS-Oob-TLC-OOBClassifiers: OLM:10000;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: UHmROQk9nxBpzBkgfNp557VUdO6hWLe3iEApsJZfBb2/cHmgm1Qve4n9BgGza09DFoCirKQJEdYZc83lrG7eeW7Y6lpH/3TEO6h9B4HYMOxpNxTmk3EgDEvjmUQ5m7cudnt10tNYsksYEKF1jccS038/oU0IJeIKQlkYbs0e/tnsczn9ltcHrStU0dxOWtGEhp3T9FYGL/xvUBtIPGzU2AOrHsD9cjpQV+NZSN0AL9ojoHxtKPyHNtPLGpEVaQtrlyPGcgTknNdKdIGp+ClvoqGqQ01s5Ynwx64lcnw6AQzEtWTmwktzzqac165i9c+kj6kafrNU75O1+4MgsYwy/fTDmfufxmqh4L9KbkfAmkEUikNkKNywBLTvR2G+wJ3AAoxf541L+MyHSpe39/YtZLrmRvAFq/A5cfPD+Qfz8/Pv5SpipxfnR98R5itEA7RH22cttN+Da/VRpDc/Qw7esg==
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB8P190MB0746.EURP190.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(7916004)(136003)(396003)(376002)(39830400003)(366004)(346002)(2906002)(86362001)(8936002)(6496006)(956004)(44144004)(21480400003)(83380400001)(5660300002)(478600001)(8676002)(6916009)(9686003)(52116002)(6666004)(6486002)(1076003)(33716001)(316002)(4326008)(66556008)(66476007)(186003)(26005)(66946007)(16526019)(46492008)(2700100001); DIR:OUT; SFP:1101;
X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?biOJfFDkttUIWAGysEZuB2LaZDUa4TVvx9XZ+FkmjV8nIJbULfEdzMPXTImT?= =?us-ascii?Q?lhTvwnbH687xd+J5U2XTbo9l+iDasftBfajYhFkDwaUQXsMxO3Hpvswl94B9?= =?us-ascii?Q?6k6GGgDpwE79bvhLnMLWld6GOOYzI4BO4kdWBuoTJaVo3sy2+ZVCPoXUb1q/?= =?us-ascii?Q?6Njh3bziRJTLMrch/aw1aodmr40Y017UsXS+bPT1NXs4ykeEFWO2Ftsqf/62?= =?us-ascii?Q?gO9YQ4BGhm/BPc62g/ss/mJNEFwjT/GIjkqGy1xO2cSN5g4eGxnstHnnTubf?= =?us-ascii?Q?Ht0ekhSzufCcAYprPg3eDt225SIYBfM7dmkuPoC4eijQxQvNU+2BKOvTTNSs?= =?us-ascii?Q?yHmrS3A8lRyHrWyXBbvKHyVX3VHPMUbiajx5vE4+MU9n4jHYE+zSJLKT9CEd?= =?us-ascii?Q?i9NRL2R+nd5aU2BCOZINMkbWFeQrhjpJ5bS75u731gFBx8Or163WJaJ60rNc?= =?us-ascii?Q?7+qkAAwESf3glrtDG/Wm+Dgl9GsstEfyv8WT15ZqoOY0yPcVjVu2ZOBtpIaa?= =?us-ascii?Q?8gsA9ZkgpE8wxQp7QE9pd1tpTvCMA3hU8CX5+trNT2FeIAh0hvH634K/vYwi?= =?us-ascii?Q?0O3XBKYgDvZEHzgEUXcXUclp/SUIXh+31GWcL/qeH0qqUTzaTf5y9LGhX+U2?= =?us-ascii?Q?hyXkGpQYPBGUoSWzxZxWsfconskwb7q60Dt1wf4lfhxLtQe85fx+upqH0FAj?= =?us-ascii?Q?UOoqsJF6iMDCMTUYjHVlS92GKqkGgjeVkkfbmNSOk90/yDBc1ClFPf4hN840?= =?us-ascii?Q?hmjEShi07rtpHpSobMxxfIR7pidv8+HliM+1NgvvQ5nxjAjHcnK2QiVqIhaZ?= =?us-ascii?Q?yB/3QRSWnpC3CDjLS0F2mhZALon8B1ZzQzf5GJiqaGX3dzhgv0/aIdPjCcVb?= =?us-ascii?Q?8olm6jKCUPUXj0UFHdHMmv0khH5d57yME9Uw+mAWdufUuUDutLYh5BC5cAF9?= =?us-ascii?Q?aNz/9O3xTQxe/xb70h4TaAa7qv8AbvUH8XZFIFnpax8nGI17weReFodF3KrM?= =?us-ascii?Q?9KLZ?=
X-OriginatorOrg: workonline.africa
X-MS-Exchange-CrossTenant-AuthSource: DB8P190MB0746.EURP190.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Dec 2020 14:48:43.8906 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: b4e811d5-95e8-453a-b640-0fba8d3b9ef7
X-MS-Exchange-CrossTenant-Network-Message-Id: 889d6706-da9f-4030-ec13-08d8acd2017a
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: GCxjAOVwuVQD9/bi6JETzVvbryOGOtviUgAyiTgwIziiuk115xcKoBgulCM83Zkj796ae3W5cuKjWl39ubJKYA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB8P190MB0697
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/aarOUJ2QeogTVEwAML1TV1TqUwI>
Subject: Re: [Sidrops] feedback on draft-michaelson-rpki-rta
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Dec 2020 14:48:51 -0000

On 12/29, Job Snijders wrote:
> On Tue, Dec 29, 2020 at 04:16:39PM +0100, Claudio Jeker wrote:
> > Up until now all objects only had a single EE cert and a single SID and
> > all the linking done with the SKI was a 1-to-1 mapping resulting in a
> > simple tree structure with the trust anchor as root.
> > This draft allows for multiple EE certs and so multiple paths up to the
> > trust anchors. This makes handling RTA a lot more complex than any other
> > object under RPKI. It also results in a lot more failure conditions since
> > there are more EE certs involved in the validation process.
> 
> <snip/>
> 
> It is possible the RTA authors forsee use cases where the 'multiple
> signatures' offers irreplaceable value, I'm not sure.

FWIW, all the use cases that I have in mind for RTA need only a single
signer.
I have been trying to think of some creative uses that can't be solved
by separate objects, and I can't think of any.

Thus, if this change can speed up implementation then I'm all for it.

Cheers,

Ben