IETF Logo Mail Archive

Re: [Sidrops] I-D Action: draft-ietf-sidrops-6486bis-06.txt

Tim Bruijnzeels <tim@nlnetlabs.nl> Fri, 24 September 2021 13:07 UTC

Return-Path: <tim@nlnetlabs.nl>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8EB313A27EC for <sidrops@ietfa.amsl.com>; Fri, 24 Sep 2021 06:07:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nlnetlabs.nl
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mVSyYpRclBd4 for <sidrops@ietfa.amsl.com>; Fri, 24 Sep 2021 06:07:27 -0700 (PDT)
Received: from outbound.soverin.net (outbound.soverin.net [IPv6:2a01:4f8:fff0:65::8:228]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 68AAC3A27E8 for <sidrops@ietf.org>; Fri, 24 Sep 2021 06:07:26 -0700 (PDT)
Received: from smtp.soverin.net (unknown [10.10.3.24]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by outbound.soverin.net (Postfix) with ESMTPS id D175B187; Fri, 24 Sep 2021 13:07:23 +0000 (UTC)
Received: from smtp.soverin.net (smtp.soverin.net [159.69.232.138]) by soverin.net
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=nlnetlabs.nl; s=soverin; t=1632488843; bh=fJxzbzC1qzR1UxgxLXqAlHa3giOC6r5wZFNsgY5e6KE=; h=Subject:From:In-Reply-To:Date:Cc:References:To:From; b=RCgY5Towt81JJIsOHzA0Y+ClVGfW433t39Mp72/z2CfJzubg1g6TsWACamrTGXZEJ M50u48V1zWKQKzzqwCPB14GzLn/XU+frFCt5scEJR4AbQHNW4DRziVDVu1O0J5vYs6 EO3n2u+TvjBLL6Ss8D/vC+z2LhhnZkQuqvP9B6rIXtJi1tPD48pr9Vr/ezVAdUQnX+ ZRwsK+9h0SOc7GGoKORXLhyqBrhJCM9mYkdcMjgJzcJc9uqTHIo5Gt5ADm3jd+qM9U womv4/orEgysk+jU/w0nMEjkl4gPZ416gHjF6Qx6phatRbtCtbP39QqdRF5Jp6T9Jp yinRP0Lq6+tgg==
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.120.0.1.13\))
From: Tim Bruijnzeels <tim@nlnetlabs.nl>
In-Reply-To: <2457bdd2-de07-241f-b8e4-87206dabcf16@verizon.net>
Date: Fri, 24 Sep 2021 15:07:20 +0200
Cc: SIDR Operations WG <sidrops@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <28F0ACCE-4D0C-4D80-B4C5-4E8B9D05760F@nlnetlabs.nl>
References: <162730591845.29690.12178353991713962835@ietfa.amsl.com> <2457bdd2-de07-241f-b8e4-87206dabcf16@verizon.net>
To: Stephen Kent <stkent=40verizon.net@dmarc.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/rIVkaLS96MP2dbXr516Kdg35Amc>
Subject: Re: [Sidrops] I-D Action: draft-ietf-sidrops-6486bis-06.txt
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Sep 2021 13:07:33 -0000

Hi,

> On 24 Sep 2021, at 13:54, Stephen Kent <stkent=40verizon.net@dmarc.ietf.org> wrote:
> 
> This version of the ID was published during the last IETF meeting, and has received no comments since then.

Steve, thank you for your perseverance.

I reviewed this once more. My apologies for not responding earlier.

Thank you for clarifying (in -05) that the previous manifest MUST be revoked.

What is still missing, I believe, is similar normative language when it comes to
replacing existing other named files (ROA, certificates etc).

If the working group feels that any replaced (non-CRL) files defined in the
manifest scope MUST also be revoked if they are not expired then I think it
would be good to include a sentence to this effect. Perhaps we could amend the
start of the second paragraph of section 5.2:

CURRENT:
 
   An authority MUST issue a new manifest in conjunction with the
   finalization of changes made to objects in the publication point.

SUGGESTED:

   An authority MUST issue a new manifest in conjunction with the
   finalization of changes made to objects in the publication point.
   If any named objects in the publication point were replaced then
   the authority MUST ensure that the file hash is updated accordingly
   in the new manifest. In addition to this the authority MUST revoke
   the previous object, if it is of a type that can be revoked (i.e. not
   a CRL) and it is not expired.

Note that I made an argument earlier in favour of not revoking objects which
section 6 now says MUST NOT be used anyway. But rather than trying to re-ignite,
I have accepted people want redundancy, I am looking for clarity on all
revocations so we don't end up with different interpretations again in future.

Kind regards,
Tim

> 
> I'd like to initiate WGLC at this time.
> 
> Steve
>> A New Internet-Draft is available from the on-line Internet-Drafts directories.
>> This draft is a work item of the SIDR Operations WG of the IETF.
>> 
>>         Title           : Manifests for the Resource Public Key Infrastructure (RPKI)
>>         Authors         : Rob Austein
>>                           Geoff Huston
>>                           Stephen Kent
>>                           Matt Lepinski
>> 	Filename        : draft-ietf-sidrops-6486bis-06.txt
>> 	Pages           : 17
>> 	Date            : 2021-07-26
>> 
>> Abstract:
>>    This document defines a "manifest" for use in the Resource Public Key
>>    Infrastructure (RPKI).  A manifest is a signed object (file) that
>>    contains a listing of all the signed objects (files) in the
>>    repository publication point (directory) associated with an authority
>>    responsible for publishing in the repository.  For each certificate,
>>    Certificate Revocation List (CRL), or other type of signed objects
>>    issued by the authority that are published at this repository
>>    publication point, the manifest contains both the name of the file
>>    containing the object and a hash of the file content.  Manifests are
>>    intended to enable a relying party (RP) to detect certain forms of
>>    attacks against a repository.  Specifically, if an RP checks a
>>    manifest's contents against the signed objects retrieved from a
>>    repository publication point, then the RP can detect "stale" (valid)
>>    data and deletion of signed objects.
>> 
>> 
>> The IETF datatracker status page for this draft is:
>> https://datatracker.ietf.org/doc/draft-ietf-sidrops-6486bis/
>> 
>> There is also an htmlized version available at:
>> https://datatracker.ietf.org/doc/html/draft-ietf-sidrops-6486bis-06
>> 
>> A diff from the previous version is available at:
>> https://www.ietf.org/rfcdiff?url2=draft-ietf-sidrops-6486bis-06
>> 
>> 
>> Internet-Drafts are also available by anonymous FTP at:
>> ftp://ftp.ietf.org/internet-drafts/
>> 
>> 
>> _______________________________________________
>> Sidrops mailing list
>> Sidrops@ietf.org
>> https://www.ietf.org/mailman/listinfo/sidrops
> 
> 
> _______________________________________________
> Sidrops mailing list
> Sidrops@ietf.org
> https://www.ietf.org/mailman/listinfo/sidrops

v2.23.0 | Report a Bug | By Email