Re: [Sidrops] mft version field issue (Was: I-D Action: draft-ietf-sidrops-6486bis-05.txt)
Job Snijders <job@fastly.com> Sat, 10 July 2021 18:16 UTC
Return-Path: <job@fastly.com>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B94D23A1199 for <sidrops@ietfa.amsl.com>; Sat, 10 Jul 2021 11:16:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.499
X-Spam-Level:
X-Spam-Status: No, score=-1.499 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_SBL=0.5, URIBL_SBL_A=0.1] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=fastly.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vgvnrakRWLD1 for <sidrops@ietfa.amsl.com>; Sat, 10 Jul 2021 11:16:25 -0700 (PDT)
Received: from mail-ej1-x630.google.com (mail-ej1-x630.google.com [IPv6:2a00:1450:4864:20::630]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 49FA93A1196 for <sidrops@ietf.org>; Sat, 10 Jul 2021 11:16:25 -0700 (PDT)
Received: by mail-ej1-x630.google.com with SMTP id bg14so23321219ejb.9 for <sidrops@ietf.org>; Sat, 10 Jul 2021 11:16:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastly.com; s=google; h=date:from:to:cc:subject:message-id:mime-version:content-disposition; bh=x+9YNh3LbYZF7yIJESURMB11O2h2rjq05njPO4PJs94=; b=Bf25zhhukhBG/GWWv5go5a/gS/ENi5PlXTUuvInA5Q8vqTiQvArvu4BEGO3AELaK/L 7Xv7H4kn9wda02MF0UYuGTlLPoc7h6btRnV+MXUnHZ4dzeffXoO5k/rF8QwqVenRKuNv 6l+OLhgJBF58nmFJQdCP24VSeqs9k3xlpA1ZA=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:mime-version :content-disposition; bh=x+9YNh3LbYZF7yIJESURMB11O2h2rjq05njPO4PJs94=; b=JYujR2RRMB29tgEhHA7Clxw2T6Uvpeog/1NgOHPI0E8xo5LQx9ZBnssR4rbe+syDpB vwZsaKpLPgGkjRL1Kt7bIrJuiiERxYkz+JI54eGdwugHsvg+cfBirRhpjzwY5NWgrUcv rl/kAETdEtazWWG3TXXfIm0vwJkBt5H8AVUf2DcyxJ6kf2PLbIpxgLf/Vb2WRLJnBqVx Ni1EBqhe7Gal38T5jK//U+P3Y+4/odF+gQyNbVO6mmvNd4z1pW/eIApPJ4srbBwsnL6t s6DTYp30galW66EOgeW4ldmnlZl9XS1QuO6zspaceRpkCmbQ5OA2yZnpeXdlwD1KurfI 0Wmw==
X-Gm-Message-State: AOAM532DI0Iwrv/KSwydqUcwas+u+QfSCTlmdXwn5w7x3dYLSS7/FJv+ ZCVPh0z4REiYieFcuiwEpo2f4w==
X-Google-Smtp-Source: ABdhPJybpaRbc7m1nTuDpW2O1ZQjRWpE3mjy/v4HQaAC0zMJaaTHCkS9fE0S59tL3oHJhQ38p6uP+A==
X-Received: by 2002:a17:907:7212:: with SMTP id dr18mr45005145ejc.552.1625940978629; Sat, 10 Jul 2021 11:16:18 -0700 (PDT)
Received: from snel (mieli.sobornost.net. [45.138.228.4]) by smtp.gmail.com with ESMTPSA id co21sm5139803edb.24.2021.07.10.11.16.17 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 10 Jul 2021 11:16:18 -0700 (PDT)
Date: Sat, 10 Jul 2021 20:15:46 +0200
From: Job Snijders <job@fastly.com>
To: Russ Housley <housley@vigilsec.com>
Cc: Stephen Kent <stkent@verizon.net>, sidrops@ietf.org
Message-ID: <YOnj0sIs8ecU7uCG@snel>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
X-Clacks-Overhead: GNU Terry Pratchett
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/lz26P5FkMLcNql0yuVer0Z3fDqg>
Subject: Re: [Sidrops] mft version field issue (Was: I-D Action: draft-ietf-sidrops-6486bis-05.txt)
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 10 Jul 2021 18:16:30 -0000
(spinning off a new thread)
On Sat, Jul 10, 2021 at 12:01:32PM -0400, Russ Housley wrote:
>
> The point of the version field is to help know what to do when you
> stumble.
I'm starting to suspect that: RFC 6486 section 4.4
"MUST check version of the rpkiManifest is 0"
... should've been along the lines of:
"MUST be set to version 0, and MUST be ignored when validating"
I checked a few RPs and it seems that most RPs will consider a Manifest
invalid if it contains a version field, because of the 4.4 language.
At this point in time the 'version' field in Manifests is not usable as
a transition mechanism towards anything.
If people want to use it, first an RFC should be published detailing how
RPs should treat the 'version' field in the Manifest eContent, after
which in subsequent publications we can start using the 'version' for
some purpose.
Kind regards,
Job
- Re: [Sidrops] mft version field issue (Was: I-D A… Job Snijders
- Re: [Sidrops] mft version field issue (Was: I-D A… Job Snijders
- Re: [Sidrops] mft version field issue (Was: I-D A… Stephen Kent
- Re: [Sidrops] mft version field issue (Was: I-D A… Russ Housley
- Re: [Sidrops] mft version field issue (Was: I-D A… Job Snijders
- Re: [Sidrops] mft version field issue (Was: I-D A… Russ Housley