IETF Logo Mail Archive

Re: [Sidrops] adopt draft-ymbk-sidrops-rpki-has-no-identity please

George Michaelson <ggm@algebras.org> Wed, 24 March 2021 02:22 UTC

Return-Path: <ggm@algebras.org>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D55B13A1D93 for <sidrops@ietfa.amsl.com>; Tue, 23 Mar 2021 19:22:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=algebras-org.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FHLLD12HpeH5 for <sidrops@ietfa.amsl.com>; Tue, 23 Mar 2021 19:22:43 -0700 (PDT)
Received: from mail-lj1-x22a.google.com (mail-lj1-x22a.google.com [IPv6:2a00:1450:4864:20::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1DEDD3A1D95 for <sidrops@ietf.org>; Tue, 23 Mar 2021 19:22:43 -0700 (PDT)
Received: by mail-lj1-x22a.google.com with SMTP id z25so28225061lja.3 for <sidrops@ietf.org>; Tue, 23 Mar 2021 19:22:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=algebras-org.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=KvK9+yrL75aSDMjWNqOl6A7myqy07E/BmF505a0xsAw=; b=yUXpCnzFxJn1S5Ag8VXImgEDpvBnJ497p48uzTQ5g0Av7nSXDAEf7RlSPZh2fA+On8 EOljrt/jjXOYgbSxzhhQ2FQSKQ6RVc1V2Kpfp+rPAx7OgXABsw4ztF/oy7kSLp6J9uKW zkP2h8zMm0qmtd8qD+FlDyv8rwzy3a/kyj1mMbPI7hK5MdqyiAAqzIKB9+6reidU3wcd QKlV1rEC3eE88TIUdU+Le28YOA0ydCUv4kAxoBydV726hVDBq6943Dzwug75CaNVm9Os DM5Y+kUlmwb/v0pIJEPou+Y9EWY93/KSKrg42LSJnVQz4VUmD1DwuZpUykZL7XOuYLA/ KNlw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=KvK9+yrL75aSDMjWNqOl6A7myqy07E/BmF505a0xsAw=; b=QlTBducE39YR8OvzytpRSs18SbIiNbhexHcpR93w6FXDrff20aGZEWLB6nkyutU91d RoqvqUrQiA0fUkcRdemwtbfFBYz8TKB8d7gu65k5z07tk1WK+xayY6d+M37eSMxxuDN0 Ga21BX4aLUd/baJsIrepexvGpPcYDtOtBJuN51b1Us+wVYaUH/ZxO1JE0nhRDJrXZPF4 3svmDC0bed56M1tUOBnpiDnFzzlj/0VooleZ7t8vDyNqa6woQCkZE68MbppqWOIbFBO9 JLiNqSQeTj3/tXZgIIxJcUdo9PYf0KbqhqopxVOdXbulRaxQI/7DjseCL2a25xi8znJ2 eu6Q==
X-Gm-Message-State: AOAM531HWWh4tzqGETgb/dFzsShJiKzhrkHWaX1BXFsXyW7yZ3Jn58YO IvH6Fogj7NLkdX/hLk/6boPk2Z7hAlQs/iuPW52kUAkHvr8=
X-Google-Smtp-Source: ABdhPJx/OVFK3Mfi02rK32wY8suZLr1fOS1Kmh449LVqGUgOopoq3vpsUErLxJOe2rHPyKsil8ZcGAeKQ1F0EIRQnD8=
X-Received: by 2002:a2e:964e:: with SMTP id z14mr543075ljh.333.1616552560562; Tue, 23 Mar 2021 19:22:40 -0700 (PDT)
MIME-Version: 1.0
References: <m2ft0sgwfy.wl-randy@psg.com> <alpine.DEB.2.20.2103231615441.21528@uplift.swm.pp.se> <m2pmzpz41r.wl-randy@psg.com>
In-Reply-To: <m2pmzpz41r.wl-randy@psg.com>
From: George Michaelson <ggm@algebras.org>
Date: Wed, 24 Mar 2021 12:22:28 +1000
Message-ID: <CAKr6gn2BWm0ZwuqwLc=g7FXgqbt0eqJ3tWJW7BzP=vEn6qCEcA@mail.gmail.com>
To: Randy Bush <randy@psg.com>
Cc: Mikael Abrahamsson <swmike@swm.pp.se>, SIDR Operations WG <sidrops@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/d2g_yWBduGgBNnQoyNWbwljuZ0E>
Subject: Re: [Sidrops] adopt draft-ymbk-sidrops-rpki-has-no-identity please
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Mar 2021 02:22:48 -0000

On Wed, Mar 24, 2021 at 12:19 PM Randy Bush <randy@psg.com> wrote:
>
> > When someone asks me to put a string into a webserver file or into my
> > DNS zone file to "prove" I have administration access, they don't want
> > to identify me, they just want me to prove I already have access to
> > the resource at the "business end" of it.
>
> usually because dns is the purpose of the exercise
>
> > RSC is the same thing, I prove I can create ROAs and/or RSCs
>
> as sra would say, you can demonstrate that the same unknown attacker
> can create objects.

The attacker has access to private keys behind the specific INR. We
have bigger problems than the one here, Surely?

(or, can you show me the attack vector, which does not imply loss of
privacy over a public-private keypair?)

v2.23.0 | Report a Bug | By Email