IETF Logo Mail Archive

Re: [Sidrops] I-D Action: draft-ietf-sidrops-aspa-profile-15.txt

Ties de Kock <tdekock@ripe.net> Thu, 29 June 2023 12:08 UTC

Return-Path: <tdekock@ripe.net>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9E99FC151545 for <sidrops@ietfa.amsl.com>; Thu, 29 Jun 2023 05:08:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ripe.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZwOfoKBLRCZb for <sidrops@ietfa.amsl.com>; Thu, 29 Jun 2023 05:08:37 -0700 (PDT)
Received: from mail-mx-2.ripe.net (mail-mx-2.ripe.net [IPv6:2001:67c:2e8:11::c100:1312]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 82686C14CE2C for <sidrops@ietf.org>; Thu, 29 Jun 2023 05:08:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ripe.net; s=s1-ripe-net; h=To:Subject:Date:Mime-Version:Content-Type:Message-Id:From:CC ; bh=zdBM6Q4bD+QdvLwKtApZH9ZL9OXGD5W5iOF2EAjXUlw=; b=JNjsbSqT8ul29mkCMsdo3Jfn J2kVY7Cx90oy6aTMobaKGgM9it9BYSzI0hRRuDyedc/dRBAxpjEJL1Tr7PiTitElvHtqQ79MI9U8P Fil11TnKuFaKNEAB8DQUUhpLFMUh1tHeXSrH7HhJzqUP8luMi7td85xyYouak3vDeOGYuB/ewDM/r l4++LzQs9TueX0pcMCoIpEnsXiwHz20x7uXwr9iQo3Br8x4efBw4aHbjqrBZP1dgyeoTmr20fRnt3 cdWMj99TGcczNsxoOLBotAFxAwbzLCOPMkBgzIrZPd1kTDPbZGowThx5B6rij1g390kZmXMXRpDha UAE4g+MWpQ==;
Received: from allealle.ripe.net ([2001:67c:2e8:23::c100:170c]:42980) by mail-mx-2.ripe.net with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from <tdekock@ripe.net>) id 1qEqRv-00FbSd-2t; Thu, 29 Jun 2023 12:08:35 +0000
Received: from sslvpn.ipv6.ripe.net ([2001:67c:2e8:9::c100:14e6] helo=smtpclient.apple) by allealle.ripe.net with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from <tdekock@ripe.net>) id 1qEqRv-0004gS-2f; Thu, 29 Jun 2023 12:08:35 +0000
From: Ties de Kock <tdekock@ripe.net>
Message-Id: <0D0D32EA-1F44-4092-A745-D2F7BE60C753@ripe.net>
Content-Type: multipart/alternative; boundary="Apple-Mail=_3A161620-5BCD-41CA-8FBF-B77EC80803D5"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.600.7\))
Date: Thu, 29 Jun 2023 14:08:25 +0200
In-Reply-To: <ZJ1sOuBJUNaF0jgc@theobuehler.org>
To: Theo Buehler <tb@theobuehler.org>, SIDR Operations WG <sidrops@ietf.org>
References: <168621843689.33017.6897451444105786551@ietfa.amsl.com> <ZIGogKIH4Srb8Nxt@snel> <20230628173307.29fefec2@glaurung.nlnetlabs.nl> <ZJxXjg1NNdgVRP50@snel> <20230629115810.1c65c0c8@glaurung.nlnetlabs.nl> <ZJ1sOuBJUNaF0jgc@theobuehler.org>
X-Mailer: Apple Mail (2.3731.600.7)
X-RIPE-Signature: 059faafd1cc22ebb05e1592c815fe1e1beac1a69ce616b84f1f1701cbbce7d63
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/c9fg_q3UI7cNAFCXpI_QiNcCh0I>
Subject: Re: [Sidrops] I-D Action: draft-ietf-sidrops-aspa-profile-15.txt
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Jun 2023 12:08:42 -0000


> On 29 Jun 2023, at 13:34, Theo Buehler <tb@theobuehler.org> wrote:
> 
> On Thu, Jun 29, 2023 at 11:58:10AM +0200, Martin Hoffmann wrote:
>> Job Snijders wrote:
>>> On Wed, Jun 28, 2023 at 05:33:07PM +0200, Martin Hoffmann wrote:
>>> 
>>>> While we are at it, I would like to again raise the suggestion to
>>>> not use a version 1 here but rather stick to 0 and use a different
>>>> content type OID. The older and newer definitions are not
>>>> compatible, so a new OID feels more appropriate than a version
>>>> change.  
>>> 
>>> I can see your argument, but I'm not sure there is clear consensus to
>>> request a fresh content-type OID, and there are counter-arguments too.
>>> 
>>> In the past the ASPA profile definition has been updated without
>>> cranking the version or content-type OID. Some argue we are in a phase
>>> of 'experimentation' (since the internet-draft isn't published as
>>> RFC), where some incompatibility with older revisions of the draft is
>>> to be expected and of no concern.
>> 
>> I’d be okay with leaving the version at 0 and using the current OID as
>> well. The old-format objects will fail to be decoded either way, so it
>> doesn’t really make a difference in practice. Depending on how the
>> parser works, they may be rejected even before you get to the version
>> check, too.
> 
> I am also happy with reusing the OID and leaving the version at 0.
> 
> As an implementor of software targeting end users I don't want to (and
> won't) support anything but the final version.

Unfortunately, that is a luxury that I do not have.

As a developer of repository maintenance and CA software, for the reasons I
stated I can not avoid supporting the intersection of objects in the real worl
and what is upcoming.

I see two local maxima; version 1 (current, interoperable, tested objects) or a
new OID (no structure divergence at the same version). Re-using version 0 with a
different structure leads to complexity, especially since we must support both
simultaneously.

There are also a human factor at play in adding more churn. With the benefit of
hindsight, I would not have invested time in fully implementing this profile
change (I might have supported an MVP, ironically more likely to have mistakes
in version handling). This churn also weakens the case I made to others when
recommending them to move ASPA forward on their roadmaps; the profile is
unstable.

v2.23.0 | Report a Bug | By Email