Re: [Sidrops] proposed, revised text for Section 6

Job Snijders <job@ntt.net> Thu, 07 May 2020 15:46 UTC

Return-Path: <job@instituut.net>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 38C3D3A0A4D for <sidrops@ietfa.amsl.com>; Thu, 7 May 2020 08:46:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.649
X-Spam-Level:
X-Spam-Status: No, score=-1.649 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, UNPARSEABLE_RELAY=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NhwjssyXOzkC for <sidrops@ietfa.amsl.com>; Thu, 7 May 2020 08:46:02 -0700 (PDT)
Received: from mail-wm1-f53.google.com (mail-wm1-f53.google.com [209.85.128.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 097463A0764 for <sidrops@ietf.org>; Thu, 7 May 2020 08:45:56 -0700 (PDT)
Received: by mail-wm1-f53.google.com with SMTP id 188so7086725wmc.2 for <sidrops@ietf.org>; Thu, 07 May 2020 08:45:56 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=axRkW5UMKHB7WyPyPErnLHRa2r3TcY1A2IxmS6TKDl8=; b=pbp+0hMDAwhmalecnYSJLHcYaGzOr7v/7rziqmfacRNtOgExh6Psyf6rixoAbZP3Kp LQ94c7TE86ThRTes9mdHj8wDU/4xxvqckqWvDwvCd9hX1LGmQbOnI644iNng+9tvb6zZ edGI8b1Y7YeVr5ramGTZjAUzriAAO4t8+VgluTN9rP7tvZglEaATwtJ7Fkahs07z5M69 bU7WA1/RVU+WmwqfcIn9gnOJfjmklzv4Bd4L4oqAjkeIAlmgxBqfOpthmLy4DvBEA8gR +h7ZyR9wlRqaoRgyQ6njKNCesmNd1FxFpfUZp5JSGvvLZ5olOYBfFwzoKP0eCrmRCOdb mY6Q==
X-Gm-Message-State: AGi0PuaoZwd4ZvpgOAnoAOU43ibJnrt0uHHcTJi/gqEyKOSejwEFn2D9 HiPvdetb/0wq7yeVlORUafB83g==
X-Google-Smtp-Source: APiQypILnLZlx6JPoc3WrO+Dc+oYzZKf4VfueNgoeQXM8yU6uyG/Csb+83ZraOevv/PZibyfSouKSw==
X-Received: by 2002:a1c:6402:: with SMTP id y2mr11181111wmb.116.1588866354591; Thu, 07 May 2020 08:45:54 -0700 (PDT)
Received: from vurt.meerval.net (vurt.meerval.net. [192.147.168.22]) by smtp.gmail.com with ESMTPSA id h6sm8437839wmf.31.2020.05.07.08.45.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 07 May 2020 08:45:53 -0700 (PDT)
Received: from localhost (vurt.meerval.net [local]) by vurt.meerval.net (OpenSMTPD) with ESMTPA id b4999502; Thu, 7 May 2020 15:45:53 +0000 (UTC)
Date: Thu, 7 May 2020 15:45:52 +0000
From: Job Snijders <job@ntt.net>
To: sidrops@ietf.org
Message-ID: <20200507154552.GD72636@vurt.meerval.net>
References: <557f0928-c7b1-4b8d-b3b6-078733f7ef8a.ref@verizon.net> <557f0928-c7b1-4b8d-b3b6-078733f7ef8a@verizon.net> <1065C1CC-191A-4CFF-A87C-4F1CB165F303@ripe.net> <507640b8-30e7-9f95-e6ed-adba12efb090@verizon.net> <7A134E0C-52E1-4FAD-A4E6-D971EFCDC63E@nlnetlabs.nl> <cc0fb3bc-1ebf-9417-fa60-361cb899b938@verizon.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <cc0fb3bc-1ebf-9417-fa60-361cb899b938@verizon.net>
X-Clacks-Overhead: GNU Terry Pratchett
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/qx7gOgh3zWAQawyrJt3Hreqz8cM>
Subject: Re: [Sidrops] proposed, revised text for Section 6
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 May 2020 15:46:14 -0000

On Thu, May 07, 2020 at 11:38:21AM -0400, Stephen Kent wrote:
> What do we want to do if we encounter two or more .crl files in a
> manifest?  use the first one, ignore any others, and issue a warning?

Which one is the first one? The fileList is an (unordered) sequence of
FileAndHash objects, right?

Shouldn't standard X509 be followed here? Only use the CRL that the .cer
points to? I was under the impression that the CRL exists as part of the
X509 validation, rather than as part of the 'RPKI validation overlay'?

> What do we want to do if the CRLDP in a CA cert does not match the
> file name in the manifest? Issue a warning and use the .crl file from
> the manifest?

The latter option seems counter-intuitive to me.

Kind regards,

Job