Re: [Sidrops] trying to limit RP processing variability

Stephen Kent <stkent@verizon.net> Wed, 15 April 2020 11:58 UTC

Return-Path: <stkent@verizon.net>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A5F8F3A0DA2 for <sidrops@ietfa.amsl.com>; Wed, 15 Apr 2020 04:58:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.701
X-Spam-Level:
X-Spam-Status: No, score=-0.701 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=verizon.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dvqjWd8YCQK2 for <sidrops@ietfa.amsl.com>; Wed, 15 Apr 2020 04:58:46 -0700 (PDT)
Received: from sonic301-2.consmr.mail.bf2.yahoo.com (sonic301-2.consmr.mail.bf2.yahoo.com [74.6.129.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6059E3A0D93 for <sidrops@ietf.org>; Wed, 15 Apr 2020 04:58:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=verizon.net; s=a2048; t=1586951925; bh=3qI9XHjqvmVcNpvVdSo2hcsVyflbOS/maKvcMnb7nVE=; h=From:Subject:To:Cc:References:Date:In-Reply-To:From:Subject; b=JwlyUBCmUO1SiMdevZ2MkEYlf1IXyHggEIRy+4AhONLMamOrKXu2xdr5q87lbYmAPcH3nA3rC5MrRpBTLpq8XEXrPpt8otpWd34XvDorcINP/gowehGF6nu0lVWjMzPFECLaMvF1fYxSvgA3+WOK29/F9uL5Yo7drFZ3o5h6iCvdfxattBHyRpEJvRdxwo2rD3iTTa+CguClzNxtPmJXxJAo0Rq4er/dGI5DV91LTFfmUUCytjaM4fv5E8sbS1cfBLIz6zenoQwFbiPGwYB7uVbQqH37n+tOjuvNHzFZMzc/8DctPxTvtYWZsQXa+Jlom0bbu0C346cecWwbR3vcig==
X-YMail-OSG: Kp8nc34VM1nIoqDT9sjkFmGMgmNsFRkd5bf1fKqFssOwFEndNGR_w_O8XdyAYiu uEZcW8p81xA3p69S8Cw9TitnYE.69Khfhd8cLlObnNxbk2oZS8OcjC_o96NOSb1mOKuffJRa4QbK dl..8GvAPrmuwy9eGZJSpfu3uTNVOumnQ0FONzuNv3PgRoIjlgrD_V7cHjpba_n3vkxHW6mBAP80 DfxXyKejKEsNl1tYe8fkitEz5Tz4Thdgv9UTzZe2YHshZZARUk2_6CNJ3PJ2c5VPJfU.wlBgMLEC ZsTP1LuKtbGALGXkyzTmnfWTjqLIkvTGASggIcQrMzS10pdNekyAOt8G8vd5ZV95FBpTQOKJVu8G LPtFcQb2mG8xfcUPtnz1WE93r0TAI3vtLwv4Fvs2g7Im2QUl3Claep0X54KILfnNFqwubuYnPrn7 XnNc4NqmiHBbPrF05tfcpFvWgwzrukaXZ3aFU3z.jGk4uDcK9Ai9LhysKnQadvITXUeWHsJNDYkU ozDsz6VVIjEuA9kLIY8v88eI0v4qxyALhzcCUjpMeTrpZ3aG8RE_fUG.OG7VsllzEN9mnVZuVHNQ .FH2jTLRWlMIRUd9YbB_VFyl5l.cE5hvAYxHWfdsYy48gvvucCzd5Y_.PQbWXZCePEMnHyDXSVfu ONmOhLJgGCKI1Ohr2FKcbXhH0GnMnolmtgqIpDL2OsPgQhWZponlyjtkt5cIqMjZtQ5yFIUZ96uO k7F4akIeRYv883tz4tROxr4HckoYAyV5DOz.GTIHsg7T3pFzhQhMSTiaaobcurH56QdCp8fTmuAt BFwiEOlrszy_jL0M6KOdtM9jqXP_tQDauTgzFxAb2ywZTKm1B_wwVLrjSs3Fzfe9rseDqMb06.QF srepN11z6SlcNu_aPc0kCrn61.jVN25LMcdw1Bq8ZUHhwZtV.09UFt.3AJ7RtpGimhvtp4xr_hGO iskG8vERu5vpXvEZbJdx3fCjof.DR0ZwFmF07_bZnmiBxMHC8CS_ufBklSZwABrVsilIv6JAot.E RlIedH1TXpXe_W.0RGA2Octxs0vpEp0mis_TQLpXDJg94pSG9hVUyRoQRIZ_vGOMxxhXdZvUHyhu JJfUxo6N3wj198mwRlX74XwYxNDwwXf0t7z9phUVHsqv8dk6xx8SSgWkY_FMHXv_yA_NPaazNysy SEXMsj7k5aSuYuPTQuNS0al1xhf6ZDEjsh9ypV1Dx.OPtwqe1fCjNCwqgvJWH95canaRqbOGNOOv Zk.vQ7jVEca0_6IVeJbnhwdgxdhLBCxCc3dPlLGTThiG5st..m2lrYz1tqaiV_OcMjVeaIuU9zpt k.yPc6w1yul4esticJZ0lObglCSlDSjzQZu.jn2ZPpeESl6On82KkG.GS6mUdDXObt8fk8jxEX7k ZdOCP8RxR96_ajMkqKr3l7NJiGpdQYHHA73TMSg--
Received: from sonic.gate.mail.ne1.yahoo.com by sonic301.consmr.mail.bf2.yahoo.com with HTTP; Wed, 15 Apr 2020 11:58:45 +0000
Received: by smtp414.mail.bf1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 4c7651a8d6af5efaa3f3b62c16fb5663; Wed, 15 Apr 2020 11:58:39 +0000 (UTC)
From: Stephen Kent <stkent@verizon.net>
To: Martin Hoffmann <martin@opennetlabs.com>
Cc: Robert Kisteleki <robert@ripe.net>, "sidrops@ietf.org" <sidrops@ietf.org>
References: <a9448e54-320f-300c-d4f9-d01aca2b6ef4.ref@verizon.net> <a9448e54-320f-300c-d4f9-d01aca2b6ef4@verizon.net> <63c18696-fe3b-c66f-d8ae-fb132f78ee9f@ripe.net> <a0067385-adb8-cadd-3a7f-3a362176d265@verizon.net> <e3bcba98-c664-0c27-850f-137251cc314a@ripe.net> <a1c7b748-6dda-c555-0ab7-3727d34bc672@verizon.net> <20200415124611.7af291b1@glaurung.nlnetlabs.nl>
Message-ID: <cb8fb522-69b0-80aa-134b-771fbe1ea534@verizon.net>
Date: Wed, 15 Apr 2020 07:58:39 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:68.0) Gecko/20100101 Thunderbird/68.7.0
MIME-Version: 1.0
In-Reply-To: <20200415124611.7af291b1@glaurung.nlnetlabs.nl>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Content-Language: en-US
X-Mailer: WebService/1.1.15651 hermes Apache-HttpAsyncClient/4.1.4 (Java/11.0.6)
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/sZcX0vwKY08pKFbCbiswqD0wXnM>
Subject: Re: [Sidrops] trying to limit RP processing variability
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Apr 2020 11:58:49 -0000

Martin,
> ...
> An attacker who can delete files can as easily replace them with
> something else with the same result. So I am not sure the added code
> complexity is worth it.

If an attacker deletes files and replaces them with older versions or 
completely different files, and there is a current manifest, then the 
effect is nil, i.e., the older versions or different files will be 
ignored. If there is not a current manifest, then we are precisely in 
the territory that we all agree needs to be explored.

Steve