IETF Logo Mail Archive

Re: [Sidrops] I-D Action: draft-ietf-sidrops-https-tal-05.txt

Tim Bruijnzeels <tim@nlnetlabs.nl> Wed, 17 October 2018 08:07 UTC

Return-Path: <tim@nlnetlabs.nl>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 522BC130DC2 for <sidrops@ietfa.amsl.com>; Wed, 17 Oct 2018 01:07:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.121
X-Spam-Level:
X-Spam-Status: No, score=-1.121 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_NEUTRAL=0.779, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nlnetlabs-nl.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MaDzqsaRIaQ7 for <sidrops@ietfa.amsl.com>; Wed, 17 Oct 2018 01:07:03 -0700 (PDT)
Received: from mail-ed1-x52b.google.com (mail-ed1-x52b.google.com [IPv6:2a00:1450:4864:20::52b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1C764130934 for <sidrops@ietf.org>; Wed, 17 Oct 2018 01:07:03 -0700 (PDT)
Received: by mail-ed1-x52b.google.com with SMTP id l14-v6so14975608edq.0 for <sidrops@ietf.org>; Wed, 17 Oct 2018 01:07:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nlnetlabs-nl.20150623.gappssmtp.com; s=20150623; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=BRPHGQyTrhsAUFCHH7zSVMVXX7xan0sr/BCsmel6Vd8=; b=Eu1r+/1LcH6+SXtKxaM2p2vqqoQ1bgIlycgl7sixY9QtfOytly7saKJAiOO4Zi0lAH 1VziIzlMBVc1zim9cekyUiHm+9fNZ1WSsIDtCKv0nzhQ8afsh0J07WEbpqo3N045DElY sxsz1b4nZsgZfmqx1WJ5WIOvkWaizFvNGVkBQWq614UvCuHS4pBDAzNv7ziNhdX/MZgd UTDqXTvdk5okZIOtzZS+510OL0GdHSLtk6SQ7cG6e8nhvqX8IF/DII2MMcOi0V66JGXP 7TzTKVMmOzECTCzCha8f+QMHTOgUM0n7yG0aberg9zYTuYxzawnQD59I+TW+oP4Xu7ru XNJQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=BRPHGQyTrhsAUFCHH7zSVMVXX7xan0sr/BCsmel6Vd8=; b=dnTC9AuJgtFNOiBl15ekjP7/ERRazpAIs0fRqAXF1NDekTyHeBL01yMeuPvk2DsgHL mnMgJOLgsNsnAaDWSWifRnd6WTZW5i6RsVA2kCQn/7S2H/cFGfka2QYBZGyvK16lY7sK 2V6UHLC7OwHP7xmRQkFwfOiaOlXa8GzP5l4BZ3JuL53sitbvD2tQ1YCTvkgbLvE/7v3g X1bduBVzrCNt08V3ufZj3DQf9awjmEf5LpCW8viZEUgj8WyrJKY0jUG5g8u1IVnmrlo/ cQ1u/USYNXe2eS4dTHTZib5bKgx3W9tQSFE0g2B6IlKrw69Qq7F5yu1LETfwJ+bGzmXM HloQ==
X-Gm-Message-State: ABuFfojbCekCg9qDvQW8d7xnPK7D6qEK+2InF54UuZ1g9m7FUSva2m9v rHt9HWrV9yX8bCYpvqBKMg0PbprrVVs=
X-Google-Smtp-Source: ACcGV62pMvlRtt2jabIs2+Jd3oTJgE2q0K/sE73nJ3NNRI4c6KpkxMV57PD+3kX2b8VFh2cbZHxz7Q==
X-Received: by 2002:a50:9f63:: with SMTP id b90-v6mr34592020edf.218.1539763621596; Wed, 17 Oct 2018 01:07:01 -0700 (PDT)
Received: from ?IPv6:2001:67c:64:42:a52e:7aab:9310:9a3? ([2001:67c:64:42:a52e:7aab:9310:9a3]) by smtp.gmail.com with ESMTPSA id 18-v6sm6333969edt.34.2018.10.17.01.07.00 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 17 Oct 2018 01:07:00 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 12.0 \(3445.100.39\))
From: Tim Bruijnzeels <tim@nlnetlabs.nl>
In-Reply-To: <CAKr6gn1SejDbZwFG4mSs-XKiwzZLQ+0c8AY65kiQ-Y0o2nk8XA@mail.gmail.com>
Date: Wed, 17 Oct 2018 10:06:58 +0200
Cc: Job Snijders <job@ntt.net>, SIDR Operations WG <sidrops@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <125B578D-B8B7-4A7B-91E5-3CFDE29967CB@nlnetlabs.nl>
References: <153925494724.11328.7326464820425639379@ietfa.amsl.com> <D9837A46-79FF-4702-AAF0-E892D6689C07@nlnetlabs.nl> <CACWOCC_j-Un5VFAmW10diynYFz_GX2tgzBaY1c-gEzDo=C19Qw@mail.gmail.com> <CAKr6gn1SejDbZwFG4mSs-XKiwzZLQ+0c8AY65kiQ-Y0o2nk8XA@mail.gmail.com>
To: George Michaelson <ggm@algebras.org>
X-Mailer: Apple Mail (2.3445.100.39)
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/fZ-jkN-uWqeiDT_Sl2rpKT5iZB0>
Subject: Re: [Sidrops] I-D Action: draft-ietf-sidrops-https-tal-05.txt
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Oct 2018 08:07:05 -0000

Hi,


> On 12 Oct 2018, at 08:53, George Michaelson <ggm@algebras.org> wrote:
> 
> We need to deploy processes for TAL and repository fetch and
> synchronisation which can move to CDN. As it stands, the design of the
> repository fetch systems is heading to single points of failure
> because Rsync is a very poor fit for anycast distribution (no
> commercial entities I know of are offering it as a service, where all
> of them offer HTTP(S) as a matter of course)
> 
> Please can we close on this draft, because its the simple, obvious
> change to permit the TAL to be formally distributed by scaleable
> mechanisms, and helps point a way out of what I feel is a major
> operational design flaw.
> 
> The comments section has potential for people who are trapped behind
> legal disclaimer issues. I understand some of you feel paying
> attention to this is wrong, but it does not (to my mind) directly harm
> the overall intend of the proposal to adopt HTTP(S) as a
> carrier/transport to the data.

I doubt very much that this will address the issues that ARIN sees, but one can hope.

But I see value in having comments when handling test TALs, and when TA key rolls become a thing (update on this coming in a few days). Having some comments as a hint to what / which key this TAL is about is helpful - I do not like guessing this from URIs or file names. This is mainly serving RP software developers in deciding which TALs to bundle, and people doing research. I understand that normal operators will most likely never see the TAL.

On the other side, I do not see any clear harm. Ignoring a bunch of lines starting with ‘#’ is trivial and RP software needs to be updated anyway to handle the ‘https’ case.

All this being said, I do not want this to block progress on the main effort here which is to include https on TALs.

Tim


> 
> (speaking as a co-author)
> 
> -George
> On Fri, Oct 12, 2018 at 12:33 AM Job Snijders <job@ntt.net> wrote:
>> 
>> Hi,
>> 
>> The comment character will *maybe* help unblock some distribution issues that some are facing in the North American region.
>> 
>> Kind regards,
>> 
>> Job
>> 
>> On Thu, Oct 11, 2018 at 19:59 Tim Bruijnzeels <tim@nlnetlabs.nl> wrote:
>>> 
>>> Dear WG,
>>> 
>>> I asked for last call on a previous version of this document back in April, but it got stuck somehow
>>> 
>>> However, this version -05 now includes an optional comments section at the start of the TAL file, which was suggested to me off list. The idea is that this section can be used to provide some additional information to operators.
>>> 
>>> I want to ask the WG to consider first. If there are no major concerns then I will ask the co-chairs to initiate last call.
>>> 
>>> Kind regards,
>>> 
>>> Tim
>>> 
>>> 
>>> 
>>> 
>>>> On 11 Oct 2018, at 12:49, internet-drafts@ietf.org wrote:
>>>> 
>>>> 
>>>> A New Internet-Draft is available from the on-line Internet-Drafts directories.
>>>> This draft is a work item of the SIDR Operations WG of the IETF.
>>>> 
>>>>     Title           : Resource Public Key Infrastructure (RPKI) Trust Anchor Locator
>>>>     Authors         : Geoff Huston
>>>>                       Samuel Weiler
>>>>                       George Michaelson
>>>>                       Stephen Kent
>>>>                       Tim Bruijnzeels
>>>>     Filename        : draft-ietf-sidrops-https-tal-05.txt
>>>>     Pages           : 10
>>>>     Date            : 2018-10-11
>>>> 
>>>> Abstract:
>>>> This document defines a Trust Anchor Locator (TAL) for the Resource
>>>> Public Key Infrastructure (RPKI).  This document obsoletes RFC 7730
>>>> by adding support for HTTPS URIs in a TAL.
>>>> 
>>>> 
>>>> The IETF datatracker status page for this draft is:
>>>> https://datatracker.ietf.org/doc/draft-ietf-sidrops-https-tal/
>>>> 
>>>> There are also htmlized versions available at:
>>>> https://tools.ietf.org/html/draft-ietf-sidrops-https-tal-05
>>>> https://datatracker.ietf.org/doc/html/draft-ietf-sidrops-https-tal-05
>>>> 
>>>> A diff from the previous version is available at:
>>>> https://www.ietf.org/rfcdiff?url2=draft-ietf-sidrops-https-tal-05
>>>> 
>>>> 
>>>> Please note that it may take a couple of minutes from the time of submission
>>>> until the htmlized version and diff are available at tools.ietf.org.
>>>> 
>>>> Internet-Drafts are also available by anonymous FTP at:
>>>> ftp://ftp.ietf.org/internet-drafts/
>>>> 
>>>> _______________________________________________
>>>> Sidrops mailing list
>>>> Sidrops@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/sidrops
>>> 
>>> _______________________________________________
>>> Sidrops mailing list
>>> Sidrops@ietf.org
>>> https://www.ietf.org/mailman/listinfo/sidrops
>> 
>> _______________________________________________
>> Sidrops mailing list
>> Sidrops@ietf.org
>> https://www.ietf.org/mailman/listinfo/sidrops
> 
> _______________________________________________
> Sidrops mailing list
> Sidrops@ietf.org
> https://www.ietf.org/mailman/listinfo/sidrops

v2.23.0 | Report a Bug | By Email