Re: [Sidrops] rev 4 (corrected CRLDP source changes, thanks to Tim)

Stephen Kent <stkent@verizon.net> Wed, 13 May 2020 16:12 UTC

Return-Path: <stkent@verizon.net>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2D4CF3A0A29 for <sidrops@ietfa.amsl.com>; Wed, 13 May 2020 09:12:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.101
X-Spam-Level:
X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=verizon.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UYUJQi0PWSln for <sidrops@ietfa.amsl.com>; Wed, 13 May 2020 09:12:54 -0700 (PDT)
Received: from sonic313-13.consmr.mail.bf2.yahoo.com (sonic313-13.consmr.mail.bf2.yahoo.com [74.6.133.123]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AACBF3A1086 for <sidrops@ietf.org>; Wed, 13 May 2020 09:12:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=verizon.net; s=a2048; t=1589386322; bh=4sQNkYNmWh/pEAnxGJjUoiuYvCwCemejrWaD5FHqe2A=; h=Subject:To:References:From:Date:In-Reply-To:From:Subject; b=HJtKbQ1QV8Gmq3/VLZkoHQAlD4R4H0zE2kaQNkSc1d8SaoK9fEwECjvNwEaFDUkBLdsShw4ufxGtZc9uBN82M5M9GiI0HZtRFJpDXuS/0q2YP2AeCAYG08eem9/qilCD0TCYuUWGwyzWzNY5ooj3JEHaoeueHmjvUp+Kb4/KdNg3nFePMobyCqLyUlhddX0JCzY6k8HYPojLk11FgzEqwfNEeiJ6RmRSSdrMSvqKwjZCJWJ0EmUnHMY6oO9HS37DfeaFou62SrDz8ojJDQ1ZRcNFmTN9bRTlJrinm3E1ZQNhSDiC0ViUwV2Wmknvf5MB2D/jncYWiamgGHUhAbZWLQ==
X-YMail-OSG: _x6lXIUVM1nj4xngmvYiHFBA9qcs4UML3UkT7kFPe87drOdDJTJ.2cdyuK0xCY1 vYZgBJUxmZ_7K7BBxOeCvtGxUQtd2vL7_vBnsQw9SZ7hVpiO3lL4nzjIHjT6bF84SxvEYMksoU4J cavs9.PO4A_88VG9C5yQ9wJM90SaO6iqUP0bvr6Q.JosOHo_PG0D6bUoT9EN2daC2uKPnCinmUjF XvkXymFrN6mrnoxN1ILXHpdb67zh.5DhYwh38gsjDB9P_SI7ICRf4YgM2P4Mhuwr9tS0GeyA4mID 7.H0MnnKTRqbPD_.7vPBmWmZYE4Q9swXSV1Oi5bEW0eYevEyYxxhBKeYOsJ1z4Fh9drBC0NAklYB i8jncYP3R8FyuJdYhCEUwmX7kOwMNlbXhgvqfJDkyAUZQiuvIHngKMbqxdOwnvX1rr2MBNYdKJWM 6_uxSWyfzTDcktkBhqZWhfiG96kE4WTSjuoKYU23mU5OskY1UeeQqnRONrHJIBIY6O3G4_zAt44C xbrHEq0j8V9mhZBaHWbgLAE9Fxq46noGUeOp.urCz_O1WLlRVorIkaUJdXpZWzoL4CS6tYFdET6H 7ALoHwctRpRcx6gwSzz.z8fEcr4gO1oWbvtXIvvRksbEw.jWlBesIg79Us9Qke__uQWNFfKZLb9y Yt68U.J5skrXE3t5VHzPIm_ki.gE9emrbZZU_fTKEjS9aQjc2Ry6jXvhr4BFrPjlor0ydYYDc8Yb 6UpaSKkK33aNu.CfPCUjIJUw88wF2.ROJn_d1Tu7lytakJIEleQk5Z1cokL_1mQeH8i8.AnhTxCQ 7msB9pnQGkWZptowxWePW1tJEVjVRMr.2W6F84VXkE0.mXBRsh143_Sc30wI55uDTLg2tv.h8PPr EcJ7ef4rj6oiNifpMmOErONcYfR6fX_f1FJUOgN_f1iSXB3a1Ws9r_ePwOHmMR5tf0xiD2BzE4.L HenfLBemlCaGewAo6qw.3TMx3TE46F.4o0jaoMeGEVFE20ezTMR4ABcZwmzfB2sr_OEQom4SCK.F KSa4HiVMn52j_PsJrPOnZFhFLi0JsvsqfnLonYdTHTBLYcehpVBt3sCEDkdcEV..TJ3U_fBb8aCz WSjcwKjJ8OVolOBYuZtCdPWbCavLFAqdDRb09hJTHFSX9liANVdek0LrnfN4467MRGGQ6w7xBWsp 40DTML8vX.eFLIhslrFF55j5Yq_hFjAl9kWDrDwrVL73CBSnwuyytD6nVN88mf7qABjxU5k4Fozr ZVWHVERl0EAt10XZLm72yVYr.tXwYTEp7cD8uG1GcH8X8ite4yVm0GLP4jVhSMXi_QAgbLzpeE5l 95.ePg2S9eaAv_qplJy273GV2.1Y_wrVcRT2Eaa2Kqov10VS4ZOZy1ealZREQtZB9ftCcrUybOkt Inc1NS_3jan8Gdet_QJcgyIibG5bI9zIvjHv8OSM.Wk3t2dMvTa.aWeYqefp2Eg--
Received: from sonic.gate.mail.ne1.yahoo.com by sonic313.consmr.mail.bf2.yahoo.com with HTTP; Wed, 13 May 2020 16:12:02 +0000
Received: by smtp403.mail.bf1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 61c4d041b28c72b3a64eb8a8cd8ec437; Wed, 13 May 2020 16:11:57 +0000 (UTC)
To: "sidrops@ietf.org" <sidrops@ietf.org>
References: <be9450ba-fe9c-465f-98a2-919772b3b32a.ref@verizon.net> <be9450ba-fe9c-465f-98a2-919772b3b32a@verizon.net> <20200512211314.4C2CD20156DBC4@minas-ithil.hactrn.net> <73b88326-d537-93eb-b0d0-a0a82507081c@verizon.net> <m2imh0x750.wl-randy@psg.com>
From: Stephen Kent <stkent@verizon.net>
Message-ID: <076ad9b0-ea5d-47a4-52f7-8b913dc6c1ae@verizon.net>
Date: Wed, 13 May 2020 12:11:56 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:68.0) Gecko/20100101 Thunderbird/68.8.0
MIME-Version: 1.0
In-Reply-To: <m2imh0x750.wl-randy@psg.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Content-Language: en-US
X-Mailer: WebService/1.1.15904 hermes Apache-HttpAsyncClient/4.1.4 (Java/11.0.6)
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/kzQWyXLs068wrv4kYW8nIfCWe1Y>
Subject: Re: [Sidrops] rev 4 (corrected CRLDP source changes, thanks to Tim)
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 May 2020 16:12:55 -0000

Guys,
>> I will revise the text describing how to handle this case, based on WG
>> consensus. Your approach is very robust, but also complex. Since there
>> should be only one CRL in the manifest, and since Tim says that no
>> RPKI CA generates more than??? one, I tend to favor a simple
>> requirement here, but ...
> indeed no ca SHOULD push more than one CRL.  but i do not think i would
> recommend not defending against it.
>
> randy

I think we all agree that the revised Section 6 text needs to 
accommodate the possibility that a manifest will list more than one CRL, 
even though this OUGHT NOT happen (see RFC 6919). The only question?? is 
how hard do we require an RP to work if it encounters more than one CRL. 
I prefer a simple approach to selecting one, and a mandatory warning. 
Rob has offered a more sophisticated, and complex approach, based on his 
working RP code.

I await a consensus from the WG.

Steve