Re: [Sidrops] 6486bis: referenced object validation

Job Snijders <job@ntt.net> Fri, 04 December 2020 14:37 UTC

Return-Path: <job@ntt.net>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6B6C53A0BE7 for <sidrops@ietfa.amsl.com>; Fri, 4 Dec 2020 06:37:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h48JNLRGGNEq for <sidrops@ietfa.amsl.com>; Fri, 4 Dec 2020 06:37:27 -0800 (PST)
Received: from mail4.dllstx09.us.to.gin.ntt.net (mail4.dllstx09.us.to.gin.ntt.net [IPv6:2001:418:3ff:5::192:26]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0CB533A0BD4 for <sidrops@ietf.org>; Fri, 4 Dec 2020 06:37:26 -0800 (PST)
Received: from bench.sobornost.net (mieli.sobornost.net [45.138.228.4]) by mail4.dllstx09.us.to.gin.ntt.net (Postfix) with ESMTPSA id 9EF91EE007D; Fri, 4 Dec 2020 14:37:24 +0000 (UTC)
Received: from localhost (bench.sobornost.net [local]) by bench.sobornost.net (OpenSMTPD) with ESMTPA id 455543c1; Fri, 4 Dec 2020 14:37:21 +0000 (UTC)
Date: Fri, 04 Dec 2020 14:37:21 +0000
From: Job Snijders <job@ntt.net>
To: Benno Overeinder <benno@nlnetlabs.nl>
Cc: Tim Bruijnzeels <tim@nlnetlabs.nl>, SIDR Operations WG <sidrops@ietf.org>, Martin Hoffmann <martin@opennetlabs.com>, Ben Maddison <benm=40workonline.africa@dmarc.ietf.org>
Message-ID: <X8pJoTEUDwpE6iIi@bench.sobornost.net>
References: <20201203224213.gnb2nawujxm7a32q@benm-laptop> <20201204111651.4e865d7d@glaurung.nlnetlabs.nl> <X8oSBlR1pDhX83nH@bench.sobornost.net> <62CCDADA-E2B5-4354-82E5-995837633307@nlnetlabs.nl> <X8on7A4R63HYUnpz@bench.sobornost.net> <d518f9de-850c-ad10-49a5-1eee4c85fa6b@NLnetLabs.nl>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <d518f9de-850c-ad10-49a5-1eee4c85fa6b@NLnetLabs.nl>
X-Clacks-Overhead: GNU Terry Pratchett
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/nAp9fE6_Rs9zs-ivLuvPA8b9FGo>
Subject: Re: [Sidrops] 6486bis: referenced object validation
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Dec 2020 14:37:28 -0000

On Fri, Dec 04, 2020 at 02:13:40PM +0100, Benno Overeinder wrote:
> Not looking back, but looking ahead, I want to focus on how we solve
> issues and discuss them in sidrops.  And indeed, if there is an
> impasse, organise a virtual meeting and discuss the matter to make
> progress.

Yes, I took it as a sign of convergent thinking. Progress indeed.

However, my question remains, looking forward, what can be done
differently in the future?

Some suggestions from my side:

    - SIDROPS must require multiple implementations before sending an
      Internet-Draft towards the IESG. To meet this requirement,
      Implementers should write an implementation report and share it
      with the group, at least detailing the behavior for each normative
      term.

    - Please listen to operators who report (hard to troubleshoot, hard
      to explain) network outages which resulted from RPKI processing.
      RPKI ROV is supposed to be an incrementally deployable 'fail open'
      mechanism.

    - Implementers should more often share/construct the actual X.509
      files rather than attempting to document the hypothetical states
      of the RPKI in natural language (avoid English or Dutch). We can
      all load X.509 files into our implementations, set currenttime to
      the test case at hand, and discuss results.

    - Implementers should feel empowered to make improvements to their
      software (for the benefit of their users), especially if there is
      perceived ambiguity in RFC texts. An implementer doesn't need the
      blessing of the whole IETF before making a change.

    - Sometimes RFCs are wrong, or worse: the then-WG kicked the ball
      down the road and state 'up to the implementer' (aka 'local
      policy'); in which case the implementer will have to weigh the
      advantages of perceived 'RFC compliance' vs the effects of the
      behavior in the BGP Default-Free Zone. See the previous point.

    - The RPKI is a system that has been deployed on the Internet, this
      sometimes means operators need to quickly deploy fixes to address
      ongoing issues. Time is of the essence when it comes to security
      or reliability issues. So 'code first, RFC later', which goes well
      with point 1: 'implementations first, then publish RFC'.

You mentioned some kind of testbed, indeed it would be wonderful if we
can easily reproduce states of the RPKI and allow implementers to
provide annotations on why software (versions) behaves in a certain
way. The December 1st, 2020 case is definitely one I'd add to the
testbed archive.

> > The real goal is to keep the network running, where in this context
> > our role is to create software for network operators for them to
> > securely validate the wishes of the Internet number resource
> > holders.
> 
> Agree to that!
> 
> Let's keep the good spirit of collaboration and learning together.

For sure!

Kind regards,

Job