Re: [Sidrops] feedback on draft-michaelson-rpki-rta

Ben Maddison <benm@workonline.africa> Wed, 30 December 2020 14:48 UTC

Date: Wed, 30 Dec 2020 16:48:36 +0200
From: Ben Maddison <benm@workonline.africa>
To: Job Snijders <job@sobornost.net>
Cc: sidrops@ietf.org
Message-ID: <20201230144836.ytg4u2gobkv4uzqn@benm-laptop>
References: <X+d3+e5Rj/Q7Dchv@bench.sobornost.net> <20201229101412.GA56136@diehard.n-r-g.com> <X+scpsd6kDQ72nLa@bench.sobornost.net> <49a8e314-7b3f-0e8d-6e20-7d055fb1a076@verizon.net> <20201229151639.GD56136@diehard.n-r-g.com> <X+tR06kF3aPZ4+18@bench.sobornost.net>
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="ohsmfggd3g24j2qp"
Content-Disposition: inline
In-Reply-To: <X+tR06kF3aPZ4+18@bench.sobornost.net>
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from localhost (160.119.236.50) by JNXP275CA0017.ZAFP275.PROD.OUTLOOK.COM (2603:1086:0:19::29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3700.27 via Frontend Transport; Wed, 30 Dec 2020 14:48:43 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 889d6706-da9f-4030-ec13-08d8acd2017a
X-MS-TrafficTypeDiagnostic: DB8P190MB0697:
X-Microsoft-Antispam-PRVS: <DB8P190MB06973FAC1F6DA4EAABE487E0C0D70@DB8P190MB0697.EURP190.PROD.OUTLOOK.COM>
X-MS-Oob-TLC-OOBClassifiers: OLM:10000;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: UHmROQk9nxBpzBkgfNp557VUdO6hWLe3iEApsJZfBb2/cHmgm1Qve4n9BgGza09DFoCirKQJEdYZc83lrG7eeW7Y6lpH/3TEO6h9B4HYMOxpNxTmk3EgDEvjmUQ5m7cudnt10tNYsksYEKF1jccS038/oU0IJeIKQlkYbs0e/tnsczn9ltcHrStU0dxOWtGEhp3T9FYGL/xvUBtIPGzU2AOrHsD9cjpQV+NZSN0AL9ojoHxtKPyHNtPLGpEVaQtrlyPGcgTknNdKdIGp+ClvoqGqQ01s5Ynwx64lcnw6AQzEtWTmwktzzqac165i9c+kj6kafrNU75O1+4MgsYwy/fTDmfufxmqh4L9KbkfAmkEUikNkKNywBLTvR2G+wJ3AAoxf541L+MyHSpe39/YtZLrmRvAFq/A5cfPD+Qfz8/Pv5SpipxfnR98R5itEA7RH22cttN+Da/VRpDc/Qw7esg==
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB8P190MB0746.EURP190.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(7916004)(136003)(396003)(376002)(39830400003)(366004)(346002)(2906002)(86362001)(8936002)(6496006)(956004)(44144004)(21480400003)(83380400001)(5660300002)(478600001)(8676002)(6916009)(9686003)(52116002)(6666004)(6486002)(1076003)(33716001)(316002)(4326008)(66556008)(66476007)(186003)(26005)(66946007)(16526019)(46492008)(2700100001); DIR:OUT; SFP:1101;
X-MS-Exchange-AntiSpam-MessageData: biOJfFDkttUIWAGysEZuB2LaZDUa4TVvx9XZ+FkmjV8nIJbULfEdzMPXTImTlhTvwnbH687xd+J5U2XTbo9l+iDasftBfajYhFkDwaUQXsMxO3Hpvswl94B96k6GGgDpwE79bvhLnMLWld6GOOYzI4BO4kdWBuoTJaVo3sy2+ZVCPoXUb1q/6Njh3bziRJTLMrch/aw1aodmr40Y017UsXS+bPT1NXs4ykeEFWO2Ftsqf/62gO9YQ4BGhm/BPc62g/ss/mJNEFwjT/GIjkqGy1xO2cSN5g4eGxnstHnnTubfHt0ekhSzufCcAYprPg3eDt225SIYBfM7dmkuPoC4eijQxQvNU+2BKOvTTNSsyHmrS3A8lRyHrWyXBbvKHyVX3VHPMUbiajx5vE4+MU9n4jHYE+zSJLKT9CEdi9NRL2R+nd5aU2BCOZINMkbWFeQrhjpJ5bS75u731gFBx8Or163WJaJ60rNc7+qkAAwESf3glrtDG/Wm+Dgl9GsstEfyv8WT15ZqoOY0yPcVjVu2ZOBtpIaa8gsA9ZkgpE8wxQp7QE9pd1tpTvCMA3hU8CX5+trNT2FeIAh0hvH634K/vYwi0O3XBKYgDvZEHzgEUXcXUclp/SUIXh+31GWcL/qeH0qqUTzaTf5y9LGhX+U2hyXkGpQYPBGUoSWzxZxWsfconskwb7q60Dt1wf4lfhxLtQe85fx+upqH0FAjUOoqsJF6iMDCMTUYjHVlS92GKqkGgjeVkkfbmNSOk90/yDBc1ClFPf4hN840hmjEShi07rtpHpSobMxxfIR7pidv8+HliM+1NgvvQ5nxjAjHcnK2QiVqIhaZyB/3QRSWnpC3CDjLS0F2mhZALon8B1ZzQzf5GJiqaGX3dzhgv0/aIdPjCcVb8olm6jKCUPUXj0UFHdHMmv0khH5d57yME9Uw+mAWdufUuUDutLYh5BC5cAF9aNz/9O3xTQxe/xb70h4TaAa7qv8AbvUH8XZFIFnpax8nGI17weReFodF3KrM9KLZ
X-OriginatorOrg: workonline.africa
X-MS-Exchange-CrossTenant-AuthSource: DB8P190MB0746.EURP190.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Dec 2020 14:48:43.8906 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: b4e811d5-95e8-453a-b640-0fba8d3b9ef7
X-MS-Exchange-CrossTenant-Network-Message-Id: 889d6706-da9f-4030-ec13-08d8acd2017a
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: GCxjAOVwuVQD9/bi6JETzVvbryOGOtviUgAyiTgwIziiuk115xcKoBgulCM83Zkj796ae3W5cuKjWl39ubJKYA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB8P190MB0697
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/aarOUJ2QeogTVEwAML1TV1TqUwI>
Subject: Re: [Sidrops] feedback on draft-michaelson-rpki-rta
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Dec 2020 14:48:51 -0000

On 12/29, Job Snijders wrote:
> On Tue, Dec 29, 2020 at 04:16:39PM +0100, Claudio Jeker wrote:
> > Up until now all objects only had a single EE cert and a single SID and
> > all the linking done with the SKI was a 1-to-1 mapping resulting in a
> > simple tree structure with the trust anchor as root.
> > This draft allows for multiple EE certs and so multiple paths up to the
> > trust anchors. This makes handling RTA a lot more complex than any other
> > object under RPKI. It also results in a lot more failure conditions since
> > there are more EE certs involved in the validation process.
> 
> <snip/>
> 
> It is possible the RTA authors forsee use cases where the 'multiple
> signatures' offers irreplaceable value, I'm not sure.

FWIW, all the use cases that I have in mind for RTA need only a single
signer.
I have been trying to think of some creative uses that can't be solved
by separate objects, and I can't think of any.

Thus, if this change can speed up implementation then I'm all for it.

Cheers,

Ben

Attachment: signature.asc

[Sidrops] feedback on draft-michaelson-rpki-rta Job Snijders
Re: [Sidrops] feedback on draft-michaelson-rpki-r… Claudio Jeker
Re: [Sidrops] feedback on draft-michaelson-rpki-r… Job Snijders
Re: [Sidrops] feedback on draft-michaelson-rpki-r… Stephen Kent
Re: [Sidrops] feedback on draft-michaelson-rpki-r… Claudio Jeker
Re: [Sidrops] feedback on draft-michaelson-rpki-r… Job Snijders
Re: [Sidrops] feedback on draft-michaelson-rpki-r… Stephen Kent
Re: [Sidrops] feedback on draft-michaelson-rpki-r… Ben Maddison
Re: [Sidrops] feedback on draft-michaelson-rpki-r… Tim Bruijnzeels
Re: [Sidrops] feedback on draft-michaelson-rpki-r… Korsback, Fredrik
Re: [Sidrops] feedback on draft-michaelson-rpki-r… Tim Bruijnzeels
Re: [Sidrops] feedback on draft-michaelson-rpki-r… Stephen Kent
Re: [Sidrops] feedback on draft-michaelson-rpki-r… George Michaelson
Re: [Sidrops] feedback on draft-michaelson-rpki-r… Ben Maddison
Re: [Sidrops] feedback on draft-michaelson-rpki-r… Martin Hoffmann
Re: [Sidrops] feedback on draft-michaelson-rpki-r… Job Snijders
Re: [Sidrops] feedback on draft-michaelson-rpki-r… George Michaelson
Re: [Sidrops] feedback on draft-michaelson-rpki-r… Job Snijders
Re: [Sidrops] feedback on draft-michaelson-rpki-r… Job Snijders
Re: [Sidrops] feedback on draft-michaelson-rpki-r… Martin Hoffmann
Re: [Sidrops] feedback on draft-michaelson-rpki-r… Di Ma

Re: [Sidrops] feedback on draft-michaelson-rpki-rta

Attachment: signature.asc