IETF Logo Mail Archive

Re: [Sidrops] Implementation report for draft-ietf-sidrops-signed-tal-12

Ties de Kock <tdekock@ripe.net> Mon, 31 October 2022 15:35 UTC

Return-Path: <tdekock@ripe.net>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5824AC1524DD for <sidrops@ietfa.amsl.com>; Mon, 31 Oct 2022 08:35:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ripe.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5FhkHmXmCKSF for <sidrops@ietfa.amsl.com>; Mon, 31 Oct 2022 08:35:09 -0700 (PDT)
Received: from molamola.ripe.net (molamola.ripe.net [IPv6:2001:67c:2e8:11::c100:1371]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D908AC152578 for <sidrops@ietf.org>; Mon, 31 Oct 2022 08:35:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ripe.net; s=s1-ripe-net; h=To:Message-Id:Cc:Date:From:Subject:Mime-Version:Content-Type ; bh=ZBmzUA3pFv5fJaHQMCTPVdeOvrxVtngpvXwdwr/onls=; b=Gs7Vd97ggAFS4eSpW76g+D4o io2HZZqdsoftb9vMi/fK+Ml9IRi5mJ+EA4YNgGePfIZ2ri6nEtL7cSqSr4wfo5lCuk9HyLqkT+cz/ c6rka5aFzu6m0YIWiwS6GQh9GfMDrfJ++NoYHb+gHCGPpumy9eYPRUH/dF1aYbc+sgKjnuaWrumFT tJpQuv7/w21ukXz3Q4VpdWdYtt+Kugiag0jlpfc9N3jJTvR/eaUZysuEMfsumXZ5tLx320a2+sEjN CmtB8MN4zu8qqgnchoPy4NZDl2kO7sV6S/gnWHnzILddFSQ3cFWFdzSWT+n3v32yZ7t8b7M86plmc cnXAZJMHsA==;
Received: from bufobufo.ripe.net ([2001:67c:2e8:23::c100:170d]:46952) by molamola.ripe.net with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <tdekock@ripe.net>) id 1opWob-0005Te-6C; Mon, 31 Oct 2022 16:35:05 +0100
Received: from sslvpn.ipv6.ripe.net ([2001:67c:2e8:9::c100:14e6] helo=smtpclient.apple) by bufobufo.ripe.net with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from <tdekock@ripe.net>) id 1opWob-0002st-0J; Mon, 31 Oct 2022 15:35:05 +0000
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.200.110.1.12\))
From: Ties de Kock <tdekock@ripe.net>
In-Reply-To: <Y1KjDK4k64UBWra2@snel>
Date: Mon, 31 Oct 2022 16:34:54 +0100
Cc: sidrops@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <DA8789B7-742E-42FB-9B14-9ADA710992AB@ripe.net>
References: <Y1KjDK4k64UBWra2@snel>
To: Job Snijders <job=40fastly.com@dmarc.ietf.org>
X-Mailer: Apple Mail (2.3731.200.110.1.12)
X-RIPE-Signature: 059faafd1cc22ebb05e1592c815fe1e1040d10abbaddcf18b782934be9129e36
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/e1coY-URFBDROpb-osczFIUfj0M>
Subject: Re: [Sidrops] Implementation report for draft-ietf-sidrops-signed-tal-12
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 31 Oct 2022 15:35:14 -0000

Hi Job,

> On 21 Oct 2022, at 15:47, Job Snijders <job=40fastly.com@dmarc.ietf.org> wrote:
> 
> Dear all,
> 
> I implemented draft-ietf-sidrops-signed-tal-12 in OpenBSD's RPKI
> validator. More information about this RP implementation is available
> at: https://www.rpki-client.org/
> 
> The 'Signed TAL' software implementation changeset can be found here:
> https://marc.info/?l=openbsd-tech&m=166635746808783&w=2
> 
> Please add to Section 12 "Implementation Status":
> 
>   Responsible Organization: Job Snijders
>   Location: https://marc.info/?l=openbsd-tech&m=166635746808783&w=2
>   Description: A relying party implementation which can validate TAKs.
>   Level of Maturity: Mature. Trust Anchor operators are encouraged to
>      use rpki-client as part of smoke testing to help ensure high
>      levels of standards compliance when introducing changes, and use
>      rpki-client in a continuous monitoring fashion to help maintain
>      high levels of operational excellence.
>   Coverage: implementation includes all features except TAK acceptance
>      timers.
>   Contact information: Job Snijders <job@fastly.com>
> 
> Feedback:
> 
>   Overall I found the document easy to read and straight-forward to
> implement. Tom Harrison's testbed was very useful in producing the above
> mentioned changeset. I very much appreciate the quick back-and-forths
> which helped resolve bugs on either side.
> 
> Notes to the internet-draft authors:
> 
> 1/ Section 10.2 "TA Compromise" makes no sense to me. I'd like to
>   suggest to remove section 10.2 entirely. There is no such thing as an
>   adversary 'temporarily' being in control of Trust Anchor private key
>   material. Once a TA is discovered to be compromised, this discovery
>   should be widely announced (NANOG, RIPE Routing-WG, SIDROPS, etc);
>   and the community immediately should get to work to remove all TALs
>   pointing to the compromised TA (both in RP implementations, as well
>   in operating systems that bundle RPKI roots in a generic fashion such
>   as Debian/Ubuntu/OpenBSD/etc). However, organisation of responses to
>   TA compromise are out-of-scope for the signed-tal internet-draft.

I think that an analysis and discussion of the additional risk introduced by
automated transition between certificates is very much needed.

Operational choices after loss of posession, or loss of control of a key is a
separate discussion.

> 2/ Section 10.3: s/can be complementary/are complementary/
> 
> 3/ Section 11 lacks a Media Type registration. See RSC for an example:
>   https://datatracker.ietf.org/doc/html/draft-ietf-sidrops-rpki-rsc#section-10.5
> 
> 4/ Section 10.1 should also mention certified destruction of
>   previously-current keypair materials.

I would object to the word _certified_ being added here. This will end in
control frameworks, while all _implementations_ of certified destruction that I
have read about have certified drawbacks.

> 5/ Section 9 states "can only be relied on once a majority of RPs
>   support it". I don't believe concepts like 'herd immunity' apply in
>   this case, for example in the case of OpenBSD or Debian (where RPKI
>   roots are available to the system operator as non-RP-specific
>   manner); only the packager of the RPKI roots needs to be able to
>   support, and all Debian/OpenBSD users subsequently benefit from that
>   support being downstream. In other words, there are benefits to TAK
>   even if only a very small percentage of RPs support it.

There are two use-cases for TAK. There is the signalling out of band of usage of
a new key, and automated transitioning between keys. For the latter, support
from the majority of running RP instances is needed.

I think your position is about the out of band distribution?

Kind regards,
Ties
> 
> Kind regards,
> 
> Job
> 
> _______________________________________________
> Sidrops mailing list
> Sidrops@ietf.org
> https://www.ietf.org/mailman/listinfo/sidrops

v2.23.0 | Report a Bug | By Email