IETF Logo Mail Archive

Re: [Sidrops] I-D Action: draft-ietf-sidrops-rpki-rsc-07.txt

Job Snijders <job@fastly.com> Mon, 23 May 2022 19:16 UTC

Return-Path: <job@fastly.com>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7887EC15AE07 for <sidrops@ietfa.amsl.com>; Mon, 23 May 2022 12:16:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=fastly.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fAZFslwjvUsU for <sidrops@ietfa.amsl.com>; Mon, 23 May 2022 12:16:28 -0700 (PDT)
Received: from mail-ej1-x62e.google.com (mail-ej1-x62e.google.com [IPv6:2a00:1450:4864:20::62e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D3B75C15AE05 for <sidrops@ietf.org>; Mon, 23 May 2022 12:16:28 -0700 (PDT)
Received: by mail-ej1-x62e.google.com with SMTP id jx22so17410271ejb.12 for <sidrops@ietf.org>; Mon, 23 May 2022 12:16:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastly.com; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=c9EMoYNw/sdYYz4TwamQRFGjrJzuilvXRAd7UNCf9fU=; b=ZTYBHa6ZCZhMhaxJV6Of114xVYd0sdo7G8jymsskqzhn+n2E0ZEMUcKO9muRE37QPR 0cbuB2voXj10xTesNtVTuKpD6WbBPw83DldvdhNO9/rz7f0zBCtvZmpaEzb0JtyGtTA3 8cskDrUF/dVk454ZvkWDa/ghy/LuYNIGUYzKk=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=c9EMoYNw/sdYYz4TwamQRFGjrJzuilvXRAd7UNCf9fU=; b=HBcWCpl6WBCKfle50j+Y5BWsVBaIIuv3ycVqZv2O5Yk33sx/PdxVU8hS5jUL/o9UVL 1iQr4LpaZViBsCRHl7cZfUbsuI3drgXrY7X5TYHZX++/LS2ussFhs00eJHyR5hvU6aoW GXWGUzbPuTsulPASG8uJYKPNxjxb+13SwGKYb+abGI/ifqZ0wz8Co1wC7Ps/OUopGlSG M4L6KteMBXzQwICyOJt16Fgf2Rz9S6aJi6pMf4eRvYz25Hw+HQ+mj08S6KPY6aumDo1B DMwwXNTUtKPY7veY+vFrx9XHKhxWQXVo3JYFGa92b+tERYyHB4DtBBICa66kJFw0NkXV tAqA==
X-Gm-Message-State: AOAM530fQdYID2UI0ZvFR0oz0fud/OLB5BWEFXZxKvCcY83dofIVVdca 3hm+xKSHqVIgzG+l95OYyrDdDw==
X-Google-Smtp-Source: ABdhPJzOH2Z/+yXoHbXnaDWpGP0lEDitpZG506pZOsmqL8yfmUZCzyYhMUYDmzkEvLGDHKLc5ODAWw==
X-Received: by 2002:a17:907:3e1b:b0:6fe:e1a4:a331 with SMTP id hp27-20020a1709073e1b00b006fee1a4a331mr6001604ejc.72.1653333387029; Mon, 23 May 2022 12:16:27 -0700 (PDT)
Received: from snel ([2a10:3781:276:2:16f6:d8ff:fe47:2eb7]) by smtp.gmail.com with ESMTPSA id cw12-20020a170906c78c00b006fec3b388edsm2530710ejb.95.2022.05.23.12.16.26 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 23 May 2022 12:16:26 -0700 (PDT)
Date: Mon, 23 May 2022 21:16:24 +0200
From: Job Snijders <job@fastly.com>
To: George Michaelson <ggm@algebras.org>
Cc: Russ Housley <housley@vigilsec.com>, Ben Maddison <benm@workonline.africa>, Randy Bush <randy@psg.com>, SIDR Operations WG <sidrops@ietf.org>
Message-ID: <YovdiIzWJ1Cw3QUO@snel>
References: <YoZ/bsYUeHpCW3Mc@snel> <D55CE24C-36E2-4976-84BB-BDB19E0E2CC2@vigilsec.com> <DB9P190MB10839201BF38E8D1BCD485BBC0D09@DB9P190MB1083.EURP190.PROD.OUTLOOK.COM> <3BDB58DF-0431-4676-9606-611C129A4B0B@vigilsec.com> <m2o7ztfe4d.wl-randy@psg.com> <20220520012253.zu4abj7kotvg3m3z@benm-laptop> <80AD7E72-1F42-4314-B0A8-69819904F2EB@vigilsec.com> <20220520135826.23h6eaurre7zvqxs@benm-laptop> <17C2DA7E-A5CB-49EE-8148-FB223A12D992@vigilsec.com> <CAKr6gn1vcma0=2v4k9i+i6C3Z4odx5A=vn+yFVQZJVkFicZwRA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CAKr6gn1vcma0=2v4k9i+i6C3Z4odx5A=vn+yFVQZJVkFicZwRA@mail.gmail.com>
X-Clacks-Overhead: GNU Terry Pratchett
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/tKCUj0MAVXlYv_UH9LOPkuxhIlU>
Subject: Re: [Sidrops] I-D Action: draft-ietf-sidrops-rpki-rsc-07.txt
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 May 2022 19:16:32 -0000

Dear all,

I'm slightly puzzled with the feedback and not entirely sure how to
proceed. I'll try to summarize my understanding so far and re-iterate
the direction the authors are trying to navigate towards.

I believe the ASN.1 module serves mainly two purposes: on the one hand
it is a reference for programmers on what possible permutations might
exist, and another use is to autogenerate code (through macros or an
ASN.1 compiler) for use in signer/validator implementation.

With the above in mind, it seems prudent to codify as many constraints
as possible in the ASN.1 module itself, rather than through 'decorative'
(normative) text in the elaboration on what the ASN.1 notation means.

An example of what I mean with 'decorative text' is RFC 8209 section
3.1.3.5 which states "the 'inherit' element MUST NOT be specified."). I
think constraints expressed through ASN.1 are somewhat stronger than
what can be expressed in text for human consumption.

Context:
========

The draft-ietf-sidrops-rpki-rsc-06 spec did not accomodate encoding of
inheritance and RDI (which seems accepted by this working group). Then
some implementers asked for RSC to be more 'on the wire'-compatible with
existing 3779 encoder/decoder higher level libcrypto functions, which
they argued makes implementation easier. The result of these discussions
was -07.

The -07 spec offers improved compatibility with existing 3779 functions,
and still prohibits inheritance & RDI, and also removes the SAFI byte as
the concept of SAFI seems not applicable to RSC. To the authors this
seemed the best of all worlds: the voices displeased with -06 indicated
contentment, and existing and new implementers would be able to use the
RSC ASN.1 module from which it is clear what the constraints are.

But now, Russ, Randy, and George voice a concern about the SAFI octet!

To me it seems somewhat internally inconsistent to prohibit RDI &
inheritance - but not the SAFI octet. Anyone encoding a SAFI octet in
RSC eContent is creating a malformed object, subsequently a decode
failure seems the preferred and expected outcome. Right?

Status update on running code: I believe there are three implementations
known to adhere to the -07 format: a development version of OpenBSD
rpki-client, Ben Maddison's rpkimancer, and Tom Harrison's RSC demo. 

options:

    1) revert back to -06 wireformat (3 implementations exist)
    2) keep document as-is (3 implementations exist for -07)
    3) permit SAFI byte to exist in the ASN.1 notation, add decorative
       text that presence of SAFI octet MUST trigger failure.
    4) ??? something I didn't think of ???

Feedback welcome!

Kind regards,

Job

v2.23.0 | Report a Bug | By Email