Re: [Sidrops] I-D Action: draft-ietf-sidrops-signed-tal-01.txt
Tom Harrison <tomh@apnic.net> Tue, 17 July 2018 16:59 UTC
Return-Path: <tomh@apnic.net>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B9B70130DBE for <sidrops@ietfa.amsl.com>; Tue, 17 Jul 2018 09:59:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.911
X-Spam-Level:
X-Spam-Status: No, score=-1.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=apnic.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g3mTACPJ1n0C for <sidrops@ietfa.amsl.com>; Tue, 17 Jul 2018 09:58:57 -0700 (PDT)
Received: from APC01-PU1-obe.outbound.protection.outlook.com (mail-pu1apc01on0072.outbound.protection.outlook.com [104.47.126.72]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 08E35124BE5 for <sidrops@ietf.org>; Tue, 17 Jul 2018 09:58:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=apnic.onmicrosoft.com; s=selector1-apnic-net; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=RqXsH20IHbEF+qARh4uUICJGLC+ikr8XeW0CfLW9RBo=; b=JFuT/BSzPuzdjI7cDS0y0Lsn9tmmfr3nGCYtRNakcBt4i5ofZHKEkTTyI1hRe2vxG2n/2t8+w+R69Pa2RQ1e+duZzrPoowhXYgfO/Ro8NYC3k2yfRHpSM8KFZdM61HBEXl/YySscQ+rpuc156UiiXMuZt0I9sXXokBdeHC0wKs8=
Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=tomh@apnic.net;
Received: from localhost (31.133.158.237) by HK2PR0401MB1460.apcprd04.prod.outlook.com (2a01:111:e400:7a08::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.952.18; Tue, 17 Jul 2018 16:58:50 +0000
Date: Tue, 17 Jul 2018 12:58:27 -0400
From: Tom Harrison <tomh@apnic.net>
To: sidrops@ietf.org
Message-ID: <20180717165827.GA14191@tomh-laptop>
Mail-Followup-To: sidrops@ietf.org
References: <152846464123.15396.14579027912013078144@ietfa.amsl.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <152846464123.15396.14579027912013078144@ietfa.amsl.com>
User-Agent: Mutt/1.10.0 (2018-05-17)
X-Originating-IP: [31.133.158.237]
X-ClientProxiedBy: DM5PR13CA0035.namprd13.prod.outlook.com (2603:10b6:3:7b::21) To HK2PR0401MB1460.apcprd04.prod.outlook.com (2a01:111:e400:7a08::26)
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 8e64f7c2-a470-4b98-3823-08d5ec069255
X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989117)(5600053)(711020)(4534165)(4627221)(201703031133081)(201702281549075)(8990107)(2017052603328)(7153060)(7193020); SRVR:HK2PR0401MB1460;
X-Microsoft-Exchange-Diagnostics: 1; HK2PR0401MB1460; 3:1mmeKugtf75UJuyIJNa6udsCN5Kraw0hKtSwVtlbxbq9UCsEm6RqFJCTyDDrz1fEOfyjilXOZW5TYIPW0fTx4Zdhqp1Z3Qg5tWDexxqBsUdP/rRLYenYuEgla/YOgjGGD5z5gV8yZQgeEu99FHklgAv1a/AU6SaUbSA5Q28HSWOkqfvF/w/l3+4dlbwN8gEWc6VocbTTJ79K3tHVp5jtXnkWY9p4kt6cjswiYa8wqPX9jkc/V+XJr1ftJ12Zs+Na; 25:bLstH9ll69aewO8eW3bXBFz6fxGPu1NoF68lH9m11MvcJkVoMGEnw2VLucfsR2iPW6hn3G2q4Mnv7qpKwpC0/gaHJCuXWV/aYrEGZpO/EmwHeslZWkvdt4KaqP9AB/5Xhx52afngPrJ6VrDBqCeDcXwJ3w/4xE3bTsIDKdNz6zSxqihmpBzCXs2rjwnMLyYM7/GL4k684oxVLzT0BO/tFMc5q39nLLiYpU+l4V8f1Xl1H0Z3yMrp3t9KeH63s5QanrwyIgyOJ0iTJ0pNWRqnya3y//NrxNH5//Jux3Ti1ZyrPBGa3tYatIrzz+utYPjPWOJHYEky3FiTgU5/YpAp3A==; 31:BtouBZJCfrYMVQr/VlznWw0fPhfBYBy+GNcHsMf5+y32WS9WdBvkMoLnY58o0Mh9wh33qmJxd1LplPw3NcLrV73w8HB0pBkSgfZJ8lV6KDgeQA09VC7d0rjdAFI4a2sOCi5NKcLG0tMGOE4HXjVllVcZGyitJbpHTeRoBOv3yJttax963e0/1UTBSSOLJAGlYE0lcWI/3nZhlbDsGTv4lqImtK2VK8n4qkCAVtpEnqg=
X-MS-TrafficTypeDiagnostic: HK2PR0401MB1460:
X-Microsoft-Exchange-Diagnostics: 1; HK2PR0401MB1460; 20:af90qjrQ2Q4t5bULarlvEl2Qf2T7ayLrkmF0sJVK+TTnaTbW+4hMwatK6hMDDluxutCCj5uLkUWKWOBUa/6dqr8LIVJpaPurKSCob+77s7lpOrCwBSXoAkzzTfDOO9wcHNmxnVhZDiEtwCZBXVU6d95gymttgUPjRbs7t49NmGeQE71OUgsOoeeFCmfk+tnnROJujvxd93co4MaJfIJ+RXxmrsmRJ4TECdvfEkLCeehgXyng0evOhCnUKZpj9JXu; 4:U+IkTs2OD4V4CtQaspuH2Jkg1+EZmNbawYkQdb+h4CSWsDPtq6+WeAXideRVXb7pQCgWVGDl2fUEGU96/s0H+5czEm+SmX22UY9Swu1eibLF0G04fNHtRQLo7dzEzk8CtCJX8hpyDI5rIITXIcYE2vaNxMNSGpJNgVOaZ6IKS2lEKYS4K/8vVSI6LiQSLAErjhHQROAG2Su/+cJQxWsssgtwYDMCGizCRooykvHTphvUlWwZyTsyHmUlq+sKCv688ilFy3JlOV5mFCWh7Ybfxg==
X-Microsoft-Antispam-PRVS: <HK2PR0401MB14601EB13D4E29AFB313E490C05C0@HK2PR0401MB1460.apcprd04.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:;
X-MS-Exchange-SenderADCheck: 1
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040522)(2401047)(8121501046)(5005006)(3231311)(944501410)(52105095)(93006095)(93001095)(10201501046)(3002001)(149027)(150027)(6041310)(20161123564045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(20161123558120)(20161123562045)(6072148)(201708071742011)(7699016); SRVR:HK2PR0401MB1460; BCL:0; PCL:0; RULEID:; SRVR:HK2PR0401MB1460;
X-Forefront-PRVS: 073631BD3D
X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(6069001)(7916004)(366004)(39840400004)(346002)(396003)(136003)(376002)(189003)(199004)(229853002)(6666003)(8676002)(6496006)(33656002)(2906002)(305945005)(8936002)(6916009)(2351001)(7736002)(52116002)(6116002)(3846002)(68736007)(2361001)(47776003)(446003)(81156014)(11346002)(81166006)(478600001)(6486002)(66066001)(23726003)(1076002)(76176011)(33896004)(25786009)(5660300001)(26005)(386003)(486006)(105586002)(9686003)(86362001)(33716001)(106356001)(6246003)(58126008)(50466002)(97736004)(14444005)(16526019)(76506005)(53936002)(186003)(316002)(956004)(476003)(16586007)(18370500001); DIR:OUT; SFP:1101; SCL:1; SRVR:HK2PR0401MB1460; H:localhost; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
Received-SPF: None (protection.outlook.com: apnic.net does not designate permitted sender hosts)
X-Microsoft-Exchange-Diagnostics: 1; HK2PR0401MB1460; 23:/pU+pUhqpFdy88pCqOCZ/Hx4IFsHI69R8O2h1RXcTv3KvXbwIWr3BxzQ314XnKqGrpvjAySp+IWwSSbAgSLeDgbbD9UpmtIoYHpRclA0juoxJ1PbVrR8yQbnvckVYuPcaeokPWDoysyaKqln/H2D7Xhyc3kq+ivVqTsK5GKr76zWUwwE7HW0Vzs+CeVgyNvPbjMOBSI4iAyV0d94WwdS+8CuNIcMuqj9E/IQIaKPEF+9SnV0qUbNMH0JwpNlUoLYG3SP56f9Oyojr78HhewKBObUhcl8oYNtRLXm6pelC5FAPGhyvAMSRSe0JjijYIDC86b9BiMv+N7IDw7wT6I4sbIL3ne5MVBUMaq43imK/ttzR9O3Zmq+/32uoIfFsyD5BSF/lkcXdMZR1X13ohGyC8En4Nc8QQGlN6+O0O3lHvfIyu6nDJqD/24gVR4226bO1wxpM0LXs+MSDiNxmiwkec2DAH9SA5zHPKhj5jnMs1GdhTZOw3h03lBYh693Q/xNsFeByEwOZkfzlbhkfKLh7E24ItOqUbvU0iMC+tkiyHWKkBihj5dM1TidB/sbRR0RIWgPUMPcy+E8Q7vbw/9A9KKpoHjlwApaofpTiZin8K4fs6nNzNGI2utdcp3Rzkf+7dVCZOEst3W0W1yZ/GYzcK5vDkgPzeZ84Rh3+fXDSbjSm483UtVVp+7ybW3E2VU/aAnbAB95ULxaoMnAjzAWEeQmYiUg8H0BkVonuINjLWLSBNArvJzqOOmWlUH01UE15CEjtFWEHaJHWRmiNWIg3xeqRVtcyF/3hR/yyTc1RQ20VO4jeLBYNg5QNRSXphoSjnmi7HWu/Trd2bpLPUzE06jyeItMBYBkyMlnnCcjKZh/ZxlAnC1+NzGeeNzfYu7v/BWomVDZPIyvOlxGvkPCJAsV7V5NoDWmESorH0Tm3dstho1I+H1FDZkV6wdYLstlKWR6ZU8PliOK+sScWZAcZ/hCN5neNl02qeIuRqdwydxweFAy4V7BapJsu3iK5hN66N+2co3bw0WzJnxuEzqVfme/bzKTpw41s7bktiqhPtIdCmfDoHBZCcgOIHCZduvtpss5qdikQ30QU3qzCp7w0JfNAjOVbpAhcdK0v1NBoFucvgTX2m9zDWY30AGsJ+RuVm7fQLrVM23TVjeem779k6tg9CKeqEuHkBZkzbCBTB76CT8yLZK2SEnHPjHn62yF7QbX8L38gr+1hherNIW7HTYR77yiB08bf6Wl3svvbcKbulJFesD9HFfc7+gJeqR/Fb+d+AnOmSAKA6pwqy3ddo++2QvZVHhLkm6vV+b63ORqLb0mRFWUQAUM2NgzJ7vTQzaZFP/nQntxA8hzMO5T4Q==
X-Microsoft-Antispam-Message-Info: Ryvefs+ln9JitrOol1cEfLsPsCe4kytueem2FdvwtLD1lBys1i/umVk0J5f6yWjunt12RuMkViR7l1/J8jglU0/JyIqe2H9S3yeaWeuT/cGwKlNRqgSioWAFxludKD06b3fNjCvnnF01aAmkBmW34z+VEFxfgEQ2TegtdPYC+o1NfFMDrVqCGEJ7PQtVs3kzhWLPiB601qrWj5lCZ9ExIXh3rBT9Sdifgl2C0vpDlvSbKJ02cihDoC5xnVctRcv5fwN8RsNBLyApQo1944214031jZ5K0x15sN+DLbSwp9U+hQXxEs9xT7sY6o8En7D0R5Xm1Ms4nx/q6fIzAMKx3tZOviY56A6qWYndhWWq0ec=
X-Microsoft-Exchange-Diagnostics: 1; HK2PR0401MB1460; 6:OJIsUcHOKDbWmpbtnRya6XRVRq/gx6USzAUoSozSSuUC+pd2aXaYfdVmJomCr7Ht3m2pukC0FBqoGKVtN9mPcExUqxOEldBtbz+mJYeYNfndTeMZt+eQFu3B3ljo287AnDbkx5vD3SJINjf6o/vCcVn6WzrOzac7wiWn851pKDPjFv34QZdfOHHla6RspEvhuBv6vVqvrOSbX66RuBZ516uqFX9laeJaQE58pGAovp65qmMGNqzIkhS21zVU+dcsl9CtvwW4yGp1WtSUmmt/Dn3U+wlfpL5bhcAse+2LNo9itQDP+25MxS4apZLAH/QdJPSCEODLfllO5a8IJixrAfaud6GrmJ01oyvjaelk/sUm+mmkIYMKkRd609haG2wVufv76eYkxATIlvg60mQ/dhZDD2+of/RlT19jH725FTTbRa74pSfOpHmjSt+yLIip7SUE5S8I7B0pvlIbXmP3gg==; 5:ciGMagdUM2EWby4CpYppkGxP70i7Qj73F3OfZ4UCvaWnDy7AcAbO4Ib0gCsTK6hjzV9kz3zeR2Q6FqviJvBiWe7ndDbygfAhra9mT/bW/LGCRgA1f3x3g3lDJvG1ElgM4jvhJSP8X1ozy9DiANdQIfeVksxWi+02VOE9qfUvJK0=; 24:PRTle79JumTnoOIzZGjLHh+jMacECdbxh9P6xOKhnsEaPqB7hrsqHSfxbMa3bV/MHnk7wqsZASq2x8Fjc1uwRv/cEaVTfW5vQNf5ytybX0w=
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-Microsoft-Exchange-Diagnostics: 1; HK2PR0401MB1460; 7:1vHl/Nwl5LoFArvJw6Ixq8vk81UtqLNHclw5Tdi2W6V/7ibOkADQWtkS94b98OydJ0Rg+jaiMwyThCiYJ6vv/cPorNyBPSpNobMltA4/zXFSVy6LKphgy1uoainmabnsGJ1HNCVc6qpENntaEv6Sxcs0YhQ4SHWY8VcnWPO4u9CY3d4wMe5lNs1JY5FyzsZ43+Xv8x76FTWtiwGra5HIfGhodvHm1vSfERDkUEhNqPNt8OxbNPK6rORLS5rXbn9W
X-OriginatorOrg: apnic.net
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Jul 2018 16:58:50.6341 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 8e64f7c2-a470-4b98-3823-08d5ec069255
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 127d8d0d-7ccf-473d-ab09-6e44ad752ded
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HK2PR0401MB1460
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/tgN6B3qqDn2cp9qGpuvYLw4AkIc>
Subject: Re: [Sidrops] I-D Action: draft-ietf-sidrops-signed-tal-01.txt
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Jul 2018 16:59:01 -0000
On Fri, Jun 08, 2018 at 06:30:41AM -0700, internet-drafts@ietf.org wrote: > A New Internet-Draft is available from the on-line Internet-Drafts directories. > This draft is a work item of the SIDR Operations WG of the IETF. > > Title : RPKI signed object for TAL > Authors : Tim Bruijnzeels > Carlos Martinez > Filename : draft-ietf-sidrops-signed-tal-01.txt > Pages : 12 > Date : 2018-06-08 I've updated our proof-of-concept to match the new draft. Some questions and minor suggestions: In section 3, there is: The ASN.1 syntax for the Signed TAL eContent defined in Section 3.2. (This is the payload that specifies the AS being authorized to originate routes as well as the prefixes to which the AS may originate routes.) The text in parentheses looks to be a cut-and-paste from the ROA profile document (RFC 6482). In section 4, there is "[t]his EE certificate MUST have a 'notAfter' time that reflects the intended time that this Signed TAL will be published", which on its face implies that the 'notAfter' should be set to the time when the object is first published. Changing it to "reflects the intended time [or duration] for which this signed TAL will be published" should make things clearer. The SubjectPublicKeyInfo in the TAL structure has the type IA5String. Is there some reason not to use the 'raw' SubjectPublicKeyInfo type from RFC 5280? Since activationTime is not needed for an in-protocol reason at the moment, it would be good to add a note to the draft that it's there to prompt discussion/feedback about future dating. On future dating more generally, I think it's a good idea, since it allows for in-band signalling about the rollover and would (hopefully) encourage a wider set of users to test the new tree before it becomes the 'official' tree. -Tom
- Re: [Sidrops] I-D Action: draft-ietf-sidrops-sign… Di Ma
- Re: [Sidrops] I-D Action: draft-ietf-sidrops-sign… Tim Bruijnzeels
- Re: [Sidrops] I-D Action: draft-ietf-sidrops-sign… Tim Bruijnzeels
- [Sidrops] I-D Action: draft-ietf-sidrops-signed-t… internet-drafts
- Re: [Sidrops] I-D Action: draft-ietf-sidrops-sign… Di Ma
- Re: [Sidrops] I-D Action: draft-ietf-sidrops-sign… Tom Harrison
- Re: [Sidrops] I-D Action: draft-ietf-sidrops-sign… Tim Bruijnzeels
- Re: [Sidrops] I-D Action: draft-ietf-sidrops-sign… Christopher Morrow
- Re: [Sidrops] I-D Action: draft-ietf-sidrops-sign… Tim Bruijnzeels
- Re: [Sidrops] I-D Action: draft-ietf-sidrops-sign… Christopher Morrow
- Re: [Sidrops] I-D Action: draft-ietf-sidrops-sign… Tim Bruijnzeels