Re: [Sidrops] what to do when the CRL is hosed?
Job Snijders <job@ntt.net> Tue, 24 March 2020 16:09 UTC
Return-Path: <job@ntt.net>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4A8D33A0C92 for <sidrops@ietfa.amsl.com>; Tue, 24 Mar 2020 09:09:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uYYb-6GPlQja for <sidrops@ietfa.amsl.com>; Tue, 24 Mar 2020 09:09:47 -0700 (PDT)
Received: from mail4.dllstx09.us.to.gin.ntt.net (mail4.dllstx09.us.to.gin.ntt.net [128.241.192.26]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0CF713A0D45 for <sidrops@ietf.org>; Tue, 24 Mar 2020 09:09:41 -0700 (PDT)
Received: from auth2-smtp.messagingengine.com (auth2-smtp.messagingengine.com [66.111.4.228]) by mail4.dllstx09.us.to.gin.ntt.net (Postfix) with ESMTPSA id 17261EE013C; Tue, 24 Mar 2020 16:09:41 +0000 (UTC)
Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailauth.nyi.internal (Postfix) with ESMTP id 937E827C0058; Tue, 24 Mar 2020 12:09:39 -0400 (EDT)
Received: from imap1 ([10.202.2.51]) by compute3.internal (MEProxy); Tue, 24 Mar 2020 12:09:39 -0400
X-ME-Sender: <xms:wzB6XtZNBxmuaTSKtw9qXkjC4l7elCjgc_yyPIcdC36EPH7p53E2sA>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedugedrudehuddgheegucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepofgfggfkjghffffhvffutgfgsehtqhertderreejnecuhfhrohhmpedflfho sgcuufhnihhjuggvrhhsfdcuoehjohgssehnthhtrdhnvghtqeenucevlhhushhtvghruf hiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehjohgsodhmvghsmhhtphgruhht hhhpvghrshhonhgrlhhithihqddutdegjeeludehkeegqddvfeeffeekfedvtddqjhhosg eppehnthhtrdhnvghtsehsohgsohhrnhhoshhtrdhnvght
X-ME-Proxy: <xmx:wzB6Xjm4b3mqeD5xp3ogrSE5ubNe99VEIOz0-bw0G4hE40uN6AXaaA> <xmx:wzB6XmIDE9eqU-5QHe9nrv-SrZ4z6f2_R82iPZyICEsbqd2nXOT1Aw> <xmx:wzB6XtLGL3wdm_V4tF-lvSjARZMeo8HdxQmpX45Re5J-8laNMzJ2Ig> <xmx:wzB6Xl1yKudM9KKcxu6zMlxanf-CIDSMyDnZq0PF7J4DGzeNj9Fpeungvlg>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 16585C200A4; Tue, 24 Mar 2020 12:09:39 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.1.7-1021-g152deaf-fmstable-20200319v1
Mime-Version: 1.0
Message-Id: <d1273db3-272e-46ec-906f-1cd9c8e603ff@www.fastmail.com>
In-Reply-To: <3DE1004F-00BA-4A2F-AED2-D0900B4EF84E@ripe.net>
References: <9cc3a6a5-f9c8-23df-588e-48dee5db62d4@verizon.net> <3B7006DE-5366-47E7-9CD6-AF392F9ED0CC@nlnetlabs.nl> <6602d1a7-ecbf-73a0-21d8-1254fb2aff97@verizon.net> <253D1ED7-52D8-4A00-9D69-095E61D09C9F@nlnetlabs.nl> <db920115-e188-700f-ceb2-08cd2996046a@verizon.net> <3a683da4-42f9-28c6-f0dd-4d11d3c67857@ripe.net> <4fe26a30-4a08-41a5-be7f-0c5997230d0a@www.fastmail.com> <3B072025-68C5-4E62-9466-5122D483F691@nlnetlabs.nl> <20200324135828.GG60268@vurt.meerval.net> <20200324152009.6e6a2c3f@glaurung.nlnetlabs.nl> <20200324151101.GH60268@vurt.meerval.net> <3DE1004F-00BA-4A2F-AED2-D0900B4EF84E@ripe.net>
Date: Tue, 24 Mar 2020 17:08:29 +0100
From: Job Snijders <job@ntt.net>
To: Oleg Muravskiy <oleg@ripe.net>
Cc: SIDR Operations WG <sidrops@ietf.org>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/b-26FQnZwvVRllWDF7pfgIKNA9Q>
Subject: Re: [Sidrops] what to do when the CRL is hosed?
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Mar 2020 16:10:07 -0000
Dear Oleg, On Tue, Mar 24, 2020, at 16:36, Oleg Muravskiy wrote: > Your examples so far have showed that continuing with incomplete set of > ROAs after a withhold/manipulation on ROA objects might create > dangerous situation. > > Are there scenarios where withholding / making invalid a certificate, > for example, leads to a similar danger? > > I wonder if this is specific to ROA objects only, and whether we should > treat them differently. If it is, then we could “ignore” all published > ROAs at the specific publication point, but continue validation to > child certificates and their sub-trees. Good question. My intuition is that it is not entirely relevant what the file type is. My examples are indeed all ROA and CRL specific as the consequences are easier to demonstrate using the real Internet BGP tables in examples. Treating ROAs differently than other types of files referenced in manifests may lead to pain somewhere down the road when it is discovered that these problems in fact didn't just apply to only ROAs or CRLs. If there happens to be a file type (now or in the future) where proceeding to extract data from subtrees is a safe choice to make, I think /that/ should be be the exception after it has proven to be a safe choice to do so. The RPKI data does not lend itself for some kind of Solomon-Reed error correction. Manifests allow us to discover that /something/ is missing, but we have no idea /what/ is missing. If we don't know /what/ is missing, all bets are off. It is hard for me to imagine a scenario where the publication point's own ROAs are hosed but it'll still be safe to continue attempting to extract data from non-ROA objects from child certs / sub trees. Should at some point there be 'business rule' interdependencies between various object types that may exist in the RPKI, and exceptions were made for ROAs but not for other file types - I suspect the complexity of the decision tree will become insurmountable. Kind regards, Job
- [Sidrops] what to do when the CRL is hosed? Job Snijders
- Re: [Sidrops] what to do when the CRL is hosed? Job Snijders
- Re: [Sidrops] what to do when the CRL is hosed? Job Snijders
- Re: [Sidrops] what to do when the CRL is hosed? Jared Mauch
- Re: [Sidrops] what to do when the CRL is hosed? Francisco Javier Moreno Arana
- Re: [Sidrops] what to do when the CRL is hosed? Ben Maddison
- Re: [Sidrops] what to do when the CRL is hosed? Job Snijders
- Re: [Sidrops] what to do when the CRL is hosed? Martin Hoffmann
- Re: [Sidrops] what to do when the CRL is hosed? Stephen Kent
- Re: [Sidrops] what to do when the CRL is hosed? George Michaelson
- Re: [Sidrops] what to do when the CRL is hosed? Louis Poinsignon
- Re: [Sidrops] what to do when the CRL is hosed? Job Snijders
- Re: [Sidrops] what to do when the CRL is hosed? Christopher Morrow
- Re: [Sidrops] what to do when the CRL is hosed? George Michaelson
- Re: [Sidrops] what to do when the CRL is hosed? Jared Mauch
- Re: [Sidrops] what to do when the CRL is hosed? Randy Bush
- Re: [Sidrops] what to do when the CRL is hosed? Di Ma
- Re: [Sidrops] what to do when the CRL is hosed? Oleg Muravskiy
- Re: [Sidrops] what to do when the CRL is hosed? Tim Bruijnzeels
- Re: [Sidrops] what to do when the CRL is hosed? Robert Kisteleki
- Re: [Sidrops] what to do when the CRL is hosed? Stephen Kent
- Re: [Sidrops] what to do when the CRL is hosed? Job Snijders
- Re: [Sidrops] what to do when the CRL is hosed? Stephen Kent
- Re: [Sidrops] what to do when the CRL is hosed? Robert Kisteleki
- Re: [Sidrops] what to do when the CRL is hosed? Tim Bruijnzeels
- Re: [Sidrops] what to do when the CRL is hosed? Tim Bruijnzeels
- Re: [Sidrops] what to do when the CRL is hosed? Nathalie Trenaman
- Re: [Sidrops] what to do when the CRL is hosed? Claudio Jeker
- Re: [Sidrops] what to do when the CRL is hosed? Stephen Kent
- Re: [Sidrops] what to do when the CRL is hosed? Stephen Kent
- Re: [Sidrops] what to do when the CRL is hosed? Robert Kisteleki
- Re: [Sidrops] what to do when the CRL is hosed? Job Snijders
- Re: [Sidrops] what to do when the CRL is hosed? Rob Austein
- Re: [Sidrops] what to do when the CRL is hosed? Tim Bruijnzeels
- Re: [Sidrops] what to do when the CRL is hosed? Job Snijders
- Re: [Sidrops] what to do when the CRL is hosed? Tim Bruijnzeels
- Re: [Sidrops] what to do when the CRL is hosed? Tim Bruijnzeels
- Re: [Sidrops] what to do when the CRL is hosed? Martin Hoffmann
- Re: [Sidrops] what to do when the CRL is hosed? Job Snijders
- Re: [Sidrops] what to do when the CRL is hosed? Oleg Muravskiy
- Re: [Sidrops] what to do when the CRL is hosed? Stephen Kent
- Re: [Sidrops] what to do when the CRL is hosed? Stephen Kent
- Re: [Sidrops] what to do when the CRL is hosed? Stephen Kent
- Re: [Sidrops] what to do when the CRL is hosed? Job Snijders
- Re: [Sidrops] what to do when the CRL is hosed? Job Snijders
- Re: [Sidrops] what to do when the CRL is hosed? Stephen Kent
- Re: [Sidrops] what to do when the CRL is hosed? Christopher Morrow
- Re: [Sidrops] what to do when the CRL is hosed? George Michaelson
- Re: [Sidrops] what to do when the CRL is hosed? Di Ma
- Re: [Sidrops] what to do when the CRL is hosed? Christopher Morrow
- Re: [Sidrops] what to do when the CRL is hosed? Christopher Morrow
- Re: [Sidrops] what to do when the CRL is hosed? Robert Kisteleki
- Re: [Sidrops] what to do when the CRL is hosed? Robert Kisteleki
- Re: [Sidrops] what to do when the CRL is hosed? Martin Hoffmann
- Re: [Sidrops] what to do when the CRL is hosed? Claudio Jeker
- Re: [Sidrops] what to do when the CRL is hosed? Job Snijders
- Re: [Sidrops] what to do when the CRL is hosed? Christopher Morrow
- Re: [Sidrops] what to do when the CRL is hosed? Jay Borkenhagen
- Re: [Sidrops] what to do when the CRL is hosed? Randy Bush
- Re: [Sidrops] what to do when the CRL is hosed? Lukas Tribus
- Re: [Sidrops] what to do when the CRL is hosed? Randy Bush
- Re: [Sidrops] what to do when the CRL is hosed? Martin Hoffmann
- Re: [Sidrops] what to do when the CRL is hosed? Lukas Tribus
- Re: [Sidrops] what to do when the CRL is hosed? Tim Bruijnzeels
- Re: [Sidrops] what to do when the CRL is hosed? Robert Kisteleki
- Re: [Sidrops] what to do when the CRL is hosed? Martin Hoffmann
- Re: [Sidrops] what to do when the CRL is hosed? Stephen Kent
- Re: [Sidrops] what to do when the CRL is hosed? Randy Bush