IETF Logo Mail Archive

Re: [Sidrops] draft-ietf-sidrops-rpki-has-no-identity-00

Job Snijders <job@fastly.com> Tue, 11 May 2021 16:18 UTC

Return-Path: <job@fastly.com>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 45F9F3A1D11 for <sidrops@ietfa.amsl.com>; Tue, 11 May 2021 09:18:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=fastly.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2Q7WIaIYlDO8 for <sidrops@ietfa.amsl.com>; Tue, 11 May 2021 09:18:50 -0700 (PDT)
Received: from mail-ej1-x62d.google.com (mail-ej1-x62d.google.com [IPv6:2a00:1450:4864:20::62d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D8CB93A1C8C for <sidrops@ietf.org>; Tue, 11 May 2021 09:18:49 -0700 (PDT)
Received: by mail-ej1-x62d.google.com with SMTP id t4so30700092ejo.0 for <sidrops@ietf.org>; Tue, 11 May 2021 09:18:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastly.com; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=iStTgO94h/HCeVxnae3mF4Thl1yqou3bpxytl4ElKBI=; b=T0W3zdIUDMq4YZdCzJiOxM4sT1P556nV18WyfV2Q54r6Iiil40SUwUwTMEb5lGSx9T igP93BwNO02+rNa7adwtGzV6F29tnchXmylIgfk1XifNRMUEtODAoUf0FMRjZU0x5hUG DOUrIqelK+cSyl/BTkIE237YCmkQAjmafYZlg=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=iStTgO94h/HCeVxnae3mF4Thl1yqou3bpxytl4ElKBI=; b=kJkFvudcefFc8VY44Zs7MqkvjPH/NCGFJj97dSBwPK8DIXUHKrQNZXayUV2Z+699gY yZCD5engAG05BDJGuWPlkBmRfGFTaIH0sgb/BTDumcm921M4sudozV+l7epy/2osea8C l1boFAS82YpCZKYcNki05j1Pj8L1XLvF+GGwT7Uu7f+qP7SIdSnh49T++wPlrbflN9G+ cAwZmKi2plyzGur/c/b0HG3gLFqG8UYqvaHwyJctsqqSQsV/9q7tIaXVcpdJVpBWqEfI 2mVzzpzVEalHtRQ1kvGjjBT0pYoIzcQhfCQi2El3aDunEzs9mINO6Zzp7TPvReCfRut1 65Gw==
X-Gm-Message-State: AOAM533rjsKrpisOuQiM4TCfwxWYEXkVx8z6KJlnr7m85n5oMb74p7FU cm2S9tWNLa8Px3cqNqieFQnujoKnv1nZBw==
X-Google-Smtp-Source: ABdhPJwQjGAAo4FXShkEUadbWi0KfSDwKw1C71Pe3m1Eqoz1N6oIpb52n4Piz+MKvYVfYYcCcggpkQ==
X-Received: by 2002:a17:906:80cd:: with SMTP id a13mr32353786ejx.109.1620749926876; Tue, 11 May 2021 09:18:46 -0700 (PDT)
Received: from snel ([2a10:3781:276:0:21e:c2ff:fefb:f388]) by smtp.gmail.com with ESMTPSA id y22sm11907975eje.26.2021.05.11.09.18.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 11 May 2021 09:18:46 -0700 (PDT)
Date: Tue, 11 May 2021 18:18:44 +0200
From: Job Snijders <job@fastly.com>
To: Randy Bush <randy@psg.com>
Cc: SIDR Operations WG <sidrops@ietf.org>
Message-ID: <YJquZHroFpMyk9mY@snel>
References: <m2k0o6uqot.wl-randy@psg.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <m2k0o6uqot.wl-randy@psg.com>
X-Clacks-Overhead: GNU Terry Pratchett
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/qiYN6neMQka5X7ai1fxpfVk9DIQ>
Subject: Re: [Sidrops] draft-ietf-sidrops-rpki-has-no-identity-00
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 May 2021 16:18:54 -0000

Dear Randy & Russ,

On Mon, May 10, 2021 at 04:14:42PM -0700, Randy Bush wrote:
> hi folk,
> 
> what do i need to work on here before whining about wglc?  some solid
> constructive wg reviewers would be great.

The current -00 title might distract from the substance of the memo.

Perhaps: "Clarification on Opaqueness of Resource Public Key Infrastructure (RPKI) Identifiers"

Most of the document's content don't appear accessible to newcomers to
the RPKI, it reads as if a lot of prior knowledge is required. The
'Discussion' section is somewhat hard to follow. For example, perhaps
'large operations' might be better as 'large corporations' or
'organizations'? 

The RFC 6480 and RFC 7382 references are useful, but overshadowed by a
(to me) somewhat confusing story about sushi and taco.

The 'Security' section appears to contain some useful clarifications.

> If so, how does one determine if the signature on the real world
> document is still valid?

Would the EE certificates contained in the signed objects not
be periodically validated, including the applicable CRLs?

I would suggest to keep the document in the queue, and enrich it based
on some field experience with RSC. it shouldn't be too long before the
first tests can be conducted with RSC objects.

Kind regards,

Job

v2.23.0 | Report a Bug | By Email