Re: [Sidrops] Genart last call review of draft-ietf-sidrops-rpki-tree-validation-02
Warren Kumari <warren@kumari.net> Mon, 06 August 2018 14:19 UTC
Return-Path: <warren@kumari.net>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A84D5128BAC for <sidrops@ietfa.amsl.com>; Mon, 6 Aug 2018 07:19:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.911
X-Spam-Level:
X-Spam-Status: No, score=-1.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=kumari-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZonLlZj1tzlW for <sidrops@ietfa.amsl.com>; Mon, 6 Aug 2018 07:19:51 -0700 (PDT)
Received: from mail-wm0-x243.google.com (mail-wm0-x243.google.com [IPv6:2a00:1450:400c:c09::243]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8060E130E59 for <sidrops@ietf.org>; Mon, 6 Aug 2018 07:19:48 -0700 (PDT)
Received: by mail-wm0-x243.google.com with SMTP id l2-v6so11713870wme.1 for <sidrops@ietf.org>; Mon, 06 Aug 2018 07:19:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kumari-net.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=j+lYwuprQIie40hI3gSKDGmw2Ho4PGJVZF63hoAReEM=; b=tNLPWqQcCDVI8cL4h+4EhqXKYuBUgoq8vZP8XlEFgdluAKGNAQP37NgMRqYkbkwaQA ejVJ1FSYgHrI0FW+Ff+2F1UOVkLmih7lhB4wra1so8ht8L4SgRHnEKlzBIj0kqeKLhAe vBuOywIi0ATy4nXtYnH6BtOUlVR9UVbF8extW7wjuoqo0xO1/OA6oG8gFyfk6Or1vRgN hYWLQXROuVw7xmeF2cmMhY8kR9zTMOc5DJ87dbTSg9rRCIVqcPUpN73MgajQBivzrp18 DoKdJDp1tKuOYWBPsrFtyNw8A8BIAq/7kEGbl+2ZPKCAo+V/3gGTOPDgHC+hOgauNr0h PtsA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=j+lYwuprQIie40hI3gSKDGmw2Ho4PGJVZF63hoAReEM=; b=QW/9iLu0vETH7q+Y9mQMFSRSc9WX5zwcbcq71s3TCCVCQBiMHG323b2jENfslKdez1 QDKVDG/A3K01lDNtQD552/QQc3W/fQl7d7oIuHDcOS2+XEKnz7mZzMchSFojhT1GSyLs 992QofOEV+J+79wNMrYOy5ePxeTg4k4GGaRdeq46wN5SQTbLqIM9uK/8ZCl7HwcZrmX7 cHHnMiBsuOP6FisqPbOwtB4yPiZdokvheNMVKWhd2t6DQKmz1ckIwSikyUoyybR5TKt+ O8cWaMFYi40aDQ4poGHDKn0AYHCF74jt/YCZGC82pdxTDGpAtCUdzHY5MGABrn6yiTNj zjrg==
X-Gm-Message-State: AOUpUlEF9o8hT1x3DfeOGsUpxIAVt2PnjfJY30haVraONE2XkJa1oAB0 1HYOiBD76kE+e9oeK/AqG1xdt2dainXzIolslY5e3Q==
X-Google-Smtp-Source: AAOMgpfJv5M0knWlcGeZWnwmjdGwysVngQfgBKWWqN4VVDHuKiGCeiZF0y4SpSytHtC0s1ZfohSXWkk0KPWLJkM0WN0=
X-Received: by 2002:a1c:87c9:: with SMTP id j192-v6mr11084921wmd.71.1533565186415; Mon, 06 Aug 2018 07:19:46 -0700 (PDT)
MIME-Version: 1.0
References: <153332707807.18413.5304119074828612207@ietfa.amsl.com> <E2FB55BF-696D-40C2-89CC-4758FC10EE7D@nlnetlabs.nl>
In-Reply-To: <E2FB55BF-696D-40C2-89CC-4758FC10EE7D@nlnetlabs.nl>
From: Warren Kumari <warren@kumari.net>
Date: Mon, 06 Aug 2018 10:19:09 -0400
Message-ID: <CAHw9_iJ3JHcUtVSTNr5+sk2bQS_8J6EwzWFxvt-cnpBLW-Bf1A@mail.gmail.com>
To: tim@nlnetlabs.nl
Cc: Linda Dunbar <Linda.dunbar@huawei.com>, General Area Review Team <gen-art@ietf.org>, sidrops@ietf.org, IETF Discuss <ietf@ietf.org>, draft-ietf-sidrops-rpki-tree-validation.all@ietf.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/qLes3nBlmJuCKz6Y1qmSD3v9Q7E>
Subject: Re: [Sidrops] Genart last call review of draft-ietf-sidrops-rpki-tree-validation-02
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Aug 2018 14:19:53 -0000
On Mon, Aug 6, 2018 at 4:17 AM Tim Bruijnzeels <tim@nlnetlabs.nl> wrote: > > Hi Linda, > > We took this to the WG because we wanted a few things out of it: > 1) get feedback and ensure that the algorithm used by our validator is correct (even if it is not the only way to do this) > 2) provide transparency to our users > 3) provide a reference that other Relying Party implementers might find useful > > I believe that these goals were achieved. We received valuable feedback from the WG and had good discussions with other implementers. > > Note that I say ‘we’ because I was involved in this while working at the RIPE NCC. By now I have a new position, and as such I don’t mind removing myself from the author list possibly in favour of someone who is going to be involved in the future of this particular implementation. Personally really I don’t mind very much whether this document becomes an RFC or not, it already served its main purposes #1 and #2, but it seems a relatively small remaining step to do and ensure #3 -> i.e. have a description of one implementation that others may find useful. This is listed as an Informational document - from RFC2026, Section 4.2.2: An "Informational" specification is published for the general information of the Internet community, and does not represent an Internet community consensus or recommendation. The Informational designation is intended to provide for the timely publication of a very broad range of responsible informational documents from many sources, subject only to editorial considerations and to verification that there has been adequate coordination with the standards process (see section 4.2.3). I believe that having this sort of document, which describes how an implementation is, er, implemented is useful to the community - we have many "theoretical" type document, having more "and this is how it actually got implemented / works" seems well within the Informational series, and Ops Area mandate. W > Having it as an RFC rather than an expired draft, bundled with the software, will make it easier to find and it shows that others reviewed the document for clarity and correctness. > > That said, it takes a lot of work and process from us, and everyone else. And by definition this is a moving target. The implementation will change (in fact v3 is just (about to be) released), and then the RFC is outdated. So, I will not opt for this full (informational) RFC path again for future implementations I am involved in. It would be nice if there were a more light-weight document track that could be used for this though! We really benefitted from the feedback and users have said that they like the transparency. > > Kind regards, > > Tim Bruijnzeels > > > > > > On 3 Aug 2018, at 22:11, Linda Dunbar <Linda.dunbar@huawei.com> wrote: > > > > Reviewer: Linda Dunbar > > Review result: Ready > > > > I am the assigned Gen-ART reviewer for this draft. The General Area > > Review Team (Gen-ART) reviews all IETF documents being processed > > by the IESG for the IETF Chair. Please treat these comments just > > like any other last call comments. > > > > For more information, please see the FAQ at > > > > <https://trac.ietf.org/trac/gen/wiki/GenArtfaq>. > > > > Document: draft-ietf-sidrops-rpki-tree-validation-02 > > Reviewer: Linda Dunbar > > Review Date: 2018-08-03 > > IETF LC End Date: 2018-08-10 > > IESG Telechat date: Not scheduled for a telechat > > > > Summary: > > This draft describes one sample implementation of validating the content of > > RPKI certificate Tree. The description is clear, especially clearly described > > which section of RFC6487 are based for its implementation. > > > > Major issues: > > None. > > > > Minor issues: > > None. > > > > Nits/editorial comments: > > Section 9.1. the Hash Collisions is more of design in-complete instead of > > "Security Considerations". So is the section 9.2 In addition, why the > > implementation description has to be an RFC? clog up the RFCs > > > -- I don't think the execution is relevant when it was obviously a bad idea in the first place. This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants. ---maf
- Re: [Sidrops] Genart last call review of draft-ie… Randy Bush
- Re: [Sidrops] Genart last call review of draft-ie… Tim Bruijnzeels
- Re: [Sidrops] Genart last call review of draft-ie… Warren Kumari
- Re: [Sidrops] Genart last call review of draft-ie… Rob Austein