[Sidrops] Re: Call for WG Adoption of draft-snij-sidrops-constraining-rpki-trust-anchors
Bob Beck <beck@obtuse.com> Tue, 27 January 2026 16:10 UTC
Return-Path: <beck@obtuse.com>
X-Original-To: sidrops@mail2.ietf.org
Delivered-To: sidrops@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id CBDDCADC964C for <sidrops@mail2.ietf.org>; Tue, 27 Jan 2026 08:10:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: 0.835
X-Spam-Level:
X-Spam-Status: No, score=0.835 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HELO_DYNAMIC_IPADDR=1.951, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, RDNS_DYNAMIC=0.982, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (1024-bit key) header.d=obtuse.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IZDYojqCTesM for <sidrops@mail2.ietf.org>; Tue, 27 Jan 2026 08:10:46 -0800 (PST)
Received: from h198-166-139-10.ptr.cidc.telus.com (h198-166-139-10.ptr.cidc.telus.com [198.166.139.10]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 2356AADC963A for <sidrops@ietf.org>; Tue, 27 Jan 2026 08:10:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=obtuse.com; s=20200401; t=1769530239; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=1XfXCeR+Aen4AdxX1AcmbUKRW82iIPGED8bK7+TZuv8=; b=IhodKGUTN3tkZEczaRpVxhDZlyQhUxrq2vSgtoiaoVFqChlwOyD73Uws3jb/2wMuQzlsty T5NKK1LzLT+f2nLp0kYVqXeNUbBGuxug3QI6YBlmPRCMcLCFM5IcaY8XCWLho8kXOUZgXv QFgeZ865oBEqQ+lFV19o73pdCZLStjs=
Received: from smtpclient.apple (<unknown> [192.168.22.124]) by mail.obtuse.com (OpenSMTPD) with ESMTPSA id 2c5ced46 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO); Tue, 27 Jan 2026 09:10:39 -0700 (MST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3826.600.51.1.1\))
From: Bob Beck <beck@obtuse.com>
In-Reply-To: <69149d7c-f362-4335-9648-99da107bc1f1@xt6labs.io>
Date: Tue, 27 Jan 2026 09:10:29 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <B11EA004-234A-4FCF-8DC6-1639C6CA3DBF@obtuse.com>
References: <5C5B8F40-6E19-4082-89C0-3DDC0AB6364A@gigix.net> <69149d7c-f362-4335-9648-99da107bc1f1@xt6labs.io>
To: carlos@xt6labs.io
X-Mailer: Apple Mail (2.3826.600.51.1.1)
Message-ID-Hash: 6DA6UWH55HRCPQKFZJMQGLHCPFI2JGQS
X-Message-ID-Hash: 6DA6UWH55HRCPQKFZJMQGLHCPFI2JGQS
X-MailFrom: beck@obtuse.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-sidrops.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Luigi Iannone <ggx@gigix.net>, SIDRops IETF <sidrops@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [Sidrops] Re: Call for WG Adoption of draft-snij-sidrops-constraining-rpki-trust-anchors
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/f0HgsTLA7n8u9Ol84jwzqZ7OWJE>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Owner: <mailto:sidrops-owner@ietf.org>
List-Post: <mailto:sidrops@ietf.org>
List-Subscribe: <mailto:sidrops-join@ietf.org>
List-Unsubscribe: <mailto:sidrops-leave@ietf.org>
While I believe using the word “constraint” in this confuses the issue, I support adoption. This is no different than the external-to-the-PKI limits to trust that web browsers can put on trusting a certificate today. Codifying that rpki clients can do this to ensure that the expectation that they might, and what the consequences are, is reasonable to do. > On Jan 27, 2026, at 08:07, Carlos Martinez-Cagnazzo <carlos@xt6labs.io> wrote: > > Hi all, > I believe this is valuable work. I support adopting this draft as a WG item. > /Carlos > On 19/1/26 9:46 AM, Luigi Iannone wrote: >> All, >> >> The authors have asked the SIDROPS WG to adopt the document draft-snij-sidrops-constraining-rpki-trust-anchors (https://datatracker.ietf.org/doc/draft-snij-sidrops-constraining-rpki-trust-anchors/) >> >> Title: Constraining RPKI Trust Anchors >> >> Abstract: >> This document describes an approach for Resource Public Key >> Infrastructure (RPKI) Relying Parties (RPs) to impose locally >> configured Constraints on cryptographic products subordinate to Trust >> Anchors (TAs). The ability to constrain a Trust Anchor operator's >> effective signing authority to a limited set of Internet Number >> Resources (INRs) allows Relying Parties to enjoy the potential >> benefits of assuming trust - within a bounded scope. The specified >> approach and configuration format allow RPKI operators to communicate >> efficiently about observations related to Trust Anchor operations. >> >> >> This email formally opens the two weeks Call for Adoption. >> >> If you are supporting adoption, please state so. >> If you have concerns, please detail them. >> >> Please voice your opinion for the SIDROPS WG adoption of this document by 2 February 2026. >> For the SIDROps WG Chairs, >> Luigi >> >> _______________________________________________ >> Sidrops mailing list -- sidrops@ietf.org >> To unsubscribe send an email to sidrops-leave@ietf.org >> > -- > -- > Carlos Martinez-Cagnazzo > XT6Labs.IO > _______________________________________________ > Sidrops mailing list -- sidrops@ietf.org > To unsubscribe send an email to sidrops-leave@ietf.org
- [Sidrops] Call for WG Adoption of draft-snij-sidr… Luigi Iannone
- [Sidrops] Re: Call for WG Adoption of draft-snij-… Nick Hilliard
- [Sidrops] Re: Call for WG Adoption of draft-snij-… Tom Strickx
- [Sidrops] Re: Call for WG Adoption of draft-snij-… Tim Bruijnzeels
- [Sidrops] Re: Call for WG Adoption of draft-snij-… Job Snijders
- [Sidrops] Re: Call for WG Adoption of draft-snij-… John Kristoff
- [Sidrops] Re: Call for WG Adoption of draft-snij-… Tony Tauber
- [Sidrops] Re: Call for WG Adoption of draft-snij-… Tobias Fiebig
- [Sidrops] Re: Call for WG Adoption of draft-snij-… Loganaden Velvindron
- [Sidrops] Re: Call for WG Adoption of draft-snij-… Teun Vink
- [Sidrops] Re: Call for WG Adoption of draft-snij-… Job Snijders
- [Sidrops] Re: Call for WG Adoption of draft-snij-… Marco Marzetti
- [Sidrops] Re: Call for WG Adoption of draft-snij-… Carlos Martinez-Cagnazzo
- [Sidrops] Re: Call for WG Adoption of draft-snij-… Bob Beck
- [Sidrops] Re: Call for WG Adoption of draft-snij-… Carlos Martinez-Cagnazzo
- [Sidrops] Re: Call for WG Adoption of draft-snij-… Luigi Iannone