[Sidrops] Re: [WGLC] draft-ietf-sidrops-rrdp-same-origin-00 - Ends 1/July/2024

Tim Bruijnzeels <tbruijnzeels@ripe.net> Mon, 17 June 2024 07:28 UTC

Return-Path: <tbruijnzeels@ripe.net>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 995C7C1D4CE1 for <sidrops@ietfa.amsl.com>; Mon, 17 Jun 2024 00:28:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.108
X-Spam-Level:
X-Spam-Status: No, score=-7.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ripe.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RsUk9kha3pVi for <sidrops@ietfa.amsl.com>; Mon, 17 Jun 2024 00:28:21 -0700 (PDT)
Received: from mail-ej1-x631.google.com (mail-ej1-x631.google.com [IPv6:2a00:1450:4864:20::631]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 52DD5C14F68F for <sidrops@ietf.org>; Mon, 17 Jun 2024 00:28:21 -0700 (PDT)
Received: by mail-ej1-x631.google.com with SMTP id a640c23a62f3a-a6f177b78dcso514709266b.1 for <sidrops@ietf.org>; Mon, 17 Jun 2024 00:28:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ripe.net; s=google1; t=1718609299; x=1719214099; darn=ietf.org; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=S38qaf79s9V3JKZaNjtpyhjSOsmuj+qc3IaGyjSgCoU=; b=rL3I8Hw2O6/0m7+1dAYh3xjt1eQdX00ukKFvDtDwvmlBxRTE5wBJj22uIt9YxHpnpE KWAjL48cgQnh/bQ2CMJ/PzfgLyXRdRk8ykGj2KHq9YIH+24bSSlL6fFIq9LlL/H62l1W /O9rIBw16JFqILuuqcKWBRDOvCfi6Q9exxgm2AKnd0b4pBhGrjJWZMbmZvem3SK7lLM5 FYxzNI3I4YtcaefTaph/mZyR9u/Zi1fihoqg/lYiCEebtKQiMXn+J7pcrwMd/YJl4eUq ZLiRqU5Yh5qARBgUZIuq61oOtw3/qQK8aT7wW2+SLM7pi9GxEVjQacfDRIvbrZ0fY5mV tinA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1718609299; x=1719214099; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=S38qaf79s9V3JKZaNjtpyhjSOsmuj+qc3IaGyjSgCoU=; b=Ul2NJPQ3XZp2FAhjpnOe2aiTos3HreXqzTiQT2lq4JiiRjUGo2uiFCO9ITCGVSkIPl liRrUl29f192XLnPOmEkwv3CQRa5Tt7oN5QPsNv0RccdOHEFqZMkM1lScf//C7SGYa+O J+HA4tcip4N/k2s9yU/sZkWd5Jdiw4jz6oAqE6UmchDpDcXHPBgwhVziaNg0iEjrJHef xHMgV4iSwCD6wOzxGszSrPP4aHBt4TC8zacnbdHRIsNGZcuSwyC1UZMhvpDM7y0TYVw2 M2GIhGbli1Q7wMHHhJSyOSiz6KY53h8QU02YzqCbw7iMTAv+yhD4xnAtkaluszrvjgia ve9w==
X-Gm-Message-State: AOJu0YxoS7KDCYPoGj5Qu6ZaVM/nkBXf4gGB/0dUGF68AwK4gfKXloVj PCv3CcGVhLRa1hYYftPAy7TZERI7EpECtOc6sflCqxrNSVfrOElKJhAhaG8X3oE=
X-Google-Smtp-Source: AGHT+IGGXrdJm8/rvVP7J2uJXgB96XBqUpjjgkfHtiIpiJthDm69eV0kxhNbjIIbHztdBPLlqqT3bw==
X-Received: by 2002:a17:906:2341:b0:a68:fdfd:8041 with SMTP id a640c23a62f3a-a6f60d3c697mr543582866b.42.1718609298983; Mon, 17 Jun 2024 00:28:18 -0700 (PDT)
Received: from smtpclient.apple ([109.38.159.41]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-a6f56db681fsm486232566b.72.2024.06.17.00.28.18 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 17 Jun 2024 00:28:18 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3774.600.62\))
From: Tim Bruijnzeels <tbruijnzeels@ripe.net>
In-Reply-To: <9E606C18-78F2-408F-8180-A0ED27FBACE8@arrcus.com>
Date: Mon, 17 Jun 2024 09:28:07 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <D84A44EC-6114-4D11-B8A5-C90C7BE1C506@ripe.net>
References: <9E606C18-78F2-408F-8180-A0ED27FBACE8@arrcus.com>
To: Keyur Patel <keyur=40arrcus.com@dmarc.ietf.org>
X-Mailer: Apple Mail (2.3774.600.62)
Message-ID-Hash: IU35AH3ZRVXMHZB52YDNGYSJ36XPNCVX
X-Message-ID-Hash: IU35AH3ZRVXMHZB52YDNGYSJ36XPNCVX
X-MailFrom: tbruijnzeels@ripe.net
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-sidrops.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "sidrops@ietf.org" <sidrops@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [Sidrops] Re: [WGLC] draft-ietf-sidrops-rrdp-same-origin-00 - Ends 1/July/2024
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/fupsK3WnZnn7nvnFP0GEHoijMt4>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Owner: <mailto:sidrops-owner@ietf.org>
List-Post: <mailto:sidrops@ietf.org>
List-Subscribe: <mailto:sidrops-join@ietf.org>
List-Unsubscribe: <mailto:sidrops-leave@ietf.org>

Hi,

I read the document and support adoption.

As a supporting observation - I am not sure that the document needs to mention this, but perhaps… there may be, far-fetched, legitimate use cases for using different URIs or HTTP redirects in certain deployment scenarios. However, we see that none of the repositories need this today and same origin is implemented in RPs. In short, I don’t think the theoretical legitimate use case outweighs the security issue it imposes (as described more eloquently in the document) - repositories should just solve their infrastructure challenges using same origin (and currently reality shows that this is not a problem).

Tim


> On 17 Jun 2024, at 00:12, Keyur Patel <keyur=40arrcus.com@dmarc.ietf.org> wrote:
> 
> Hi Folks,
>  A working group last call has been issued for  “Same-Origin Policy for the RPKI Repository Delta Protocol (RRDP)” https://datatracker.ietf.org/doc/draft-ietf-sidrops-rrdp-same-origin/.
>  Please send your comments to the list. The adoption call will end on July 1, 2024.
> 
> Job please reply indicating whether you’re aware of any relevant IPR that hasn’t been disclosed.
>  Best Regards,
> Chris, Russ & Keyur
> _______________________________________________
> Sidrops mailing list -- sidrops@ietf.org
> To unsubscribe send an email to sidrops-leave@ietf.org