IETF Logo Mail Archive

[Sidrops] ASPA Validation section in draft-ietf-sidrops-aspa-profile-07

Ties de Kock <tdekock@ripe.net> Thu, 31 March 2022 12:33 UTC

Return-Path: <tdekock@ripe.net>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5774F3A12E7 for <sidrops@ietfa.amsl.com>; Thu, 31 Mar 2022 05:33:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.109
X-Spam-Level:
X-Spam-Status: No, score=-2.109 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ripe.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9TErF38CyRhe for <sidrops@ietfa.amsl.com>; Thu, 31 Mar 2022 05:33:11 -0700 (PDT)
Received: from molamola.ripe.net (molamola.ripe.net [IPv6:2001:67c:2e8:11::c100:1371]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 70B5D3A10C7 for <sidrops@ietf.org>; Thu, 31 Mar 2022 05:32:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ripe.net; s=s1-ripe-net; h=To:Date:Message-Id:Subject:Mime-Version:Content-Type:From:CC ; bh=NWQGixGGhtiC63G4ClEpmoBP7V2cqyRqoYo6UFCEUO8=; b=s/7RT+E86DvF38ZDv6kNyzht s95j2Zhg4sg4u9DIng/B08D+hPdgDpIVc7ATmYQ+vkYoRlOKOG/t+0qACmk99wJvorx0qxkUBDBY7 CVKaFof3rStJ3ti+YRQFVyU42YR6SCe/lX9ZxMldMb1+5HKeHja0T0fQIzdVbPJc/mnGjsZ6ZOoos c9qMSDpYflyJk2RQJbRmV7ftP+ScEEXBLRtRpF4ExQHWWvF3VU3nSF8f97gyF/spH8RLxpi/pCDxD s0/w1lVV2oPv72LqDgb70EVPeX/rOpKrnJQNX9rtsutkOXrcu3jRQaIv5sVN8hYYTMIxq6bZdIpUt A0aK86SnTQ==;
Received: from allealle.ripe.net ([2001:67c:2e8:23::c100:170c]:56400) by molamola.ripe.net with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <tdekock@ripe.net>) id 1nZtyX-0002ZL-9d for sidrops@ietf.org; Thu, 31 Mar 2022 14:32:29 +0200
Received: from sslvpn.ipv6.ripe.net ([2001:67c:2e8:9::c100:14e6] helo=smtpclient.apple) by allealle.ripe.net with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <tdekock@ripe.net>) id 1nZtyX-00056D-6K for sidrops@ietf.org; Thu, 31 Mar 2022 12:32:29 +0000
From: Ties de Kock <tdekock@ripe.net>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.80.82.1.1\))
Message-Id: <E6E5618C-31D1-4555-B848-236511D4D575@ripe.net>
Date: Thu, 31 Mar 2022 14:32:28 +0200
To: SIDR Operations WG <sidrops@ietf.org>
X-Mailer: Apple Mail (2.3696.80.82.1.1)
X-RIPE-Signature: 059faafd1cc22ebb05e1592c815fe1e1631e58697e8cecab26a724c1cd5b95f7
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/cWuXs-FPodiMWQuVrd1K1SMbxBo>
Subject: [Sidrops] ASPA Validation section in draft-ietf-sidrops-aspa-profile-07
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Mar 2022 12:33:17 -0000

Hi all,

I just reviewed a parser/generator for the ASPA object profile, and I realised
that the ASPA validation section currently only includes a single ASPA-specific
validation step. I want to propose expanding this section.

At a minimum, I would recommend that this section (also) lists checks that ensure that:
  * The version is 0
  * The eContentType and content-type signed attribute contain the correct OID.

Please let me know what you think.

Kind regards,

Ties

v2.8.7 | Report a Bug | By Email