Re: [Sidrops] nlnet rp and rsync

George Michaelson <> Mon, 11 May 2020 22:20 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 940B03A0D67 for <>; Mon, 11 May 2020 15:20:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id Fi7V0LbugGd6 for <>; Mon, 11 May 2020 15:19:59 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4864:20::132]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id B0D823A0D66 for <>; Mon, 11 May 2020 15:19:59 -0700 (PDT)
Received: by with SMTP id i16so10302086ils.12 for <>; Mon, 11 May 2020 15:19:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=5W1rC3ItsYsB4Izp0GRwekkN06DU5ZM6MEoaQzWUo0I=; b=u4eegw2WEDVzys0MvMyRVOzR7m/39yq+rznD1prJHDO9b2oIWsqLcbGT5O7zACNu6a NmRRy63eu68fxXt0Iy03SwKorI6jdknFWlo7OO0u1Dp42ihPew67Wy8q/TKtYvglYZOD SV3w92n76uN+3R+CWBduyn7Xk+FnNPVbd5bKPUSWMBwmRKynKAAzETFCsxiWCmdk0vm1 27iIPI+w3Ebqwib0Seq0tnrkUjurcrNZhGZs61wb1GJY4kSVui2KqDdr42TqPZPkg+0s U14A1f8uCOe6N3hRkwhDIUmyeTqTIWRDjKhQ4QWcev1mJwJrsEgzO/XPxnnUVFmO9+tf JHNg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=5W1rC3ItsYsB4Izp0GRwekkN06DU5ZM6MEoaQzWUo0I=; b=WJPhcVW30ujyiL3KrxNAFuFYoSfW2yOhMqKDcrMeoqSIR1KYX7eroKePB8B026DqkP FD/RclfPaRUuC61pOkV67H9+GRXEpBMsPirVz+ZycBA/S/i7UkLXNgZFwPVqd+6L/mpK 3qAaGSJwHtCV5X3bilfR2b20Kx2CKxuaIyfG1R1sww6TrhtTJCP8E8a6tJ31RwWlMSKB BXjfWdb8UaWV1q7Sr6HWvN1LClqR5xnhZ9GJuas2YEpsK4103UkDljdfVklmzlo6MDWE Sa2R21lhBzVwwzmbir/GxTsbZzUtIAEoZzvg48aeHR0momePPfogaChIYpDYDScLibPX NtLg==
X-Gm-Message-State: AGi0Pub6trkI90EEYG9HKT3EkinYPEmLL8ymYca7Nya4IFmVz5qo1wFG lUi2SlbbDSuizonJU6LpZ7OAhArEiu1yaQWSczzVmFfS
X-Google-Smtp-Source: APiQypJmG5wWd6gdqoRC0ytcIxJetfRsP1fZmX42flVaRM6E1jZpoCFDW/Zd/G1iUD4W7SHZPdmsayYLMJ+svdaA5/c=
X-Received: by 2002:a05:6e02:80e:: with SMTP id u14mr19772623ilm.176.1589235598348; Mon, 11 May 2020 15:19:58 -0700 (PDT)
MIME-Version: 1.0
References: <> <> <> <> <> <> <> <> <>
In-Reply-To: <>
From: George Michaelson <>
Date: Tue, 12 May 2020 08:19:46 +1000
Message-ID: <>
To: Randy Bush <>
Cc: Russ Housley <>, SIDR Operations WG <>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <>
Subject: Re: [Sidrops] nlnet rp and rsync
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A list for the SIDR Operations WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 11 May 2020 22:20:03 -0000

I agree in the current spec, its MTI.

I also believe the intent of the deprecate-rsync draft remains: Remove
this dependency.

If this means we need to discuss the implications of channel security
and TLS on deployment, and specify the certificate chain validation
requirements on publication points and clients, thats what we need to

But, until deprecate-rsync is adopted and published, the current
specification I feel is clear: you must support rsync, both sides of
the equation.

All the discussions on validation clarifications go to 'removing
objects' -What is the nature of transport security failings, if not to
permit removal of objects? And, if an object can be occluded or
removed because of a lack of channel security, what does this mean in
terms of denial of service attacks?


On Tue, May 12, 2020 at 3:33 AM Randy Bush <> wrote:
> rrdp is more fragile.  e.g. the nlnet labs client (rightly, imiho)
> checks the full certificate chain.  if any piece of the chain expires,
> is CRLed, ... the client does not go to rsync.  bam!
> falling back to rsync is not a 'downgrade' in that the rpki uses an
> object, not transport, security model.  well, until the last hop to the
> router, and you can see the transport security section from hell in rfc
> 8210.
> the goal in rrdp was to make the rpki more, not less reliable.  we found
> the nllnet labs misfeature in the wild when CA data were no longer
> fetched.  imiho not good.
> randy
> _______________________________________________
> Sidrops mailing list