IETF Logo Mail Archive

Re: [Sidrops] I-D Action: draft-ietf-sidrops-signed-tal-01.txt

Tom Harrison <tomh@apnic.net> Tue, 17 July 2018 16:59 UTC

Return-Path: <tomh@apnic.net>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B9B70130DBE for <sidrops@ietfa.amsl.com>; Tue, 17 Jul 2018 09:59:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.911
X-Spam-Level:
X-Spam-Status: No, score=-1.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=apnic.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g3mTACPJ1n0C for <sidrops@ietfa.amsl.com>; Tue, 17 Jul 2018 09:58:57 -0700 (PDT)
Received: from APC01-PU1-obe.outbound.protection.outlook.com (mail-pu1apc01on0072.outbound.protection.outlook.com [104.47.126.72]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 08E35124BE5 for <sidrops@ietf.org>; Tue, 17 Jul 2018 09:58:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=apnic.onmicrosoft.com; s=selector1-apnic-net; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=RqXsH20IHbEF+qARh4uUICJGLC+ikr8XeW0CfLW9RBo=; b=JFuT/BSzPuzdjI7cDS0y0Lsn9tmmfr3nGCYtRNakcBt4i5ofZHKEkTTyI1hRe2vxG2n/2t8+w+R69Pa2RQ1e+duZzrPoowhXYgfO/Ro8NYC3k2yfRHpSM8KFZdM61HBEXl/YySscQ+rpuc156UiiXMuZt0I9sXXokBdeHC0wKs8=
Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=tomh@apnic.net;
Received: from localhost (31.133.158.237) by HK2PR0401MB1460.apcprd04.prod.outlook.com (2a01:111:e400:7a08::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.952.18; Tue, 17 Jul 2018 16:58:50 +0000
Date: Tue, 17 Jul 2018 12:58:27 -0400
From: Tom Harrison <tomh@apnic.net>
To: sidrops@ietf.org
Message-ID: <20180717165827.GA14191@tomh-laptop>
Mail-Followup-To: sidrops@ietf.org
References: <152846464123.15396.14579027912013078144@ietfa.amsl.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <152846464123.15396.14579027912013078144@ietfa.amsl.com>
User-Agent: Mutt/1.10.0 (2018-05-17)
X-Originating-IP: [31.133.158.237]
X-ClientProxiedBy: DM5PR13CA0035.namprd13.prod.outlook.com (2603:10b6:3:7b::21) To HK2PR0401MB1460.apcprd04.prod.outlook.com (2a01:111:e400:7a08::26)
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 8e64f7c2-a470-4b98-3823-08d5ec069255
X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989117)(5600053)(711020)(4534165)(4627221)(201703031133081)(201702281549075)(8990107)(2017052603328)(7153060)(7193020); SRVR:HK2PR0401MB1460;
X-Microsoft-Exchange-Diagnostics: 1; HK2PR0401MB1460; 3:1mmeKugtf75UJuyIJNa6udsCN5Kraw0hKtSwVtlbxbq9UCsEm6RqFJCTyDDrz1fEOfyjilXOZW5TYIPW0fTx4Zdhqp1Z3Qg5tWDexxqBsUdP/rRLYenYuEgla/YOgjGGD5z5gV8yZQgeEu99FHklgAv1a/AU6SaUbSA5Q28HSWOkqfvF/w/l3+4dlbwN8gEWc6VocbTTJ79K3tHVp5jtXnkWY9p4kt6cjswiYa8wqPX9jkc/V+XJr1ftJ12Zs+Na; 25:bLstH9ll69aewO8eW3bXBFz6fxGPu1NoF68lH9m11MvcJkVoMGEnw2VLucfsR2iPW6hn3G2q4Mnv7qpKwpC0/gaHJCuXWV/aYrEGZpO/EmwHeslZWkvdt4KaqP9AB/5Xhx52afngPrJ6VrDBqCeDcXwJ3w/4xE3bTsIDKdNz6zSxqihmpBzCXs2rjwnMLyYM7/GL4k684oxVLzT0BO/tFMc5q39nLLiYpU+l4V8f1Xl1H0Z3yMrp3t9KeH63s5QanrwyIgyOJ0iTJ0pNWRqnya3y//NrxNH5//Jux3Ti1ZyrPBGa3tYatIrzz+utYPjPWOJHYEky3FiTgU5/YpAp3A==; 31:BtouBZJCfrYMVQr/VlznWw0fPhfBYBy+GNcHsMf5+y32WS9WdBvkMoLnY58o0Mh9wh33qmJxd1LplPw3NcLrV73w8HB0pBkSgfZJ8lV6KDgeQA09VC7d0rjdAFI4a2sOCi5NKcLG0tMGOE4HXjVllVcZGyitJbpHTeRoBOv3yJttax963e0/1UTBSSOLJAGlYE0lcWI/3nZhlbDsGTv4lqImtK2VK8n4qkCAVtpEnqg=
X-MS-TrafficTypeDiagnostic: HK2PR0401MB1460:
X-Microsoft-Exchange-Diagnostics: 1; HK2PR0401MB1460; 20:af90qjrQ2Q4t5bULarlvEl2Qf2T7ayLrkmF0sJVK+TTnaTbW+4hMwatK6hMDDluxutCCj5uLkUWKWOBUa/6dqr8LIVJpaPurKSCob+77s7lpOrCwBSXoAkzzTfDOO9wcHNmxnVhZDiEtwCZBXVU6d95gymttgUPjRbs7t49NmGeQE71OUgsOoeeFCmfk+tnnROJujvxd93co4MaJfIJ+RXxmrsmRJ4TECdvfEkLCeehgXyng0evOhCnUKZpj9JXu; 4:U+IkTs2OD4V4CtQaspuH2Jkg1+EZmNbawYkQdb+h4CSWsDPtq6+WeAXideRVXb7pQCgWVGDl2fUEGU96/s0H+5czEm+SmX22UY9Swu1eibLF0G04fNHtRQLo7dzEzk8CtCJX8hpyDI5rIITXIcYE2vaNxMNSGpJNgVOaZ6IKS2lEKYS4K/8vVSI6LiQSLAErjhHQROAG2Su/+cJQxWsssgtwYDMCGizCRooykvHTphvUlWwZyTsyHmUlq+sKCv688ilFy3JlOV5mFCWh7Ybfxg==
X-Microsoft-Antispam-PRVS: <HK2PR0401MB14601EB13D4E29AFB313E490C05C0@HK2PR0401MB1460.apcprd04.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:;
X-MS-Exchange-SenderADCheck: 1
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040522)(2401047)(8121501046)(5005006)(3231311)(944501410)(52105095)(93006095)(93001095)(10201501046)(3002001)(149027)(150027)(6041310)(20161123564045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(20161123558120)(20161123562045)(6072148)(201708071742011)(7699016); SRVR:HK2PR0401MB1460; BCL:0; PCL:0; RULEID:; SRVR:HK2PR0401MB1460;
X-Forefront-PRVS: 073631BD3D
X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(6069001)(7916004)(366004)(39840400004)(346002)(396003)(136003)(376002)(189003)(199004)(229853002)(6666003)(8676002)(6496006)(33656002)(2906002)(305945005)(8936002)(6916009)(2351001)(7736002)(52116002)(6116002)(3846002)(68736007)(2361001)(47776003)(446003)(81156014)(11346002)(81166006)(478600001)(6486002)(66066001)(23726003)(1076002)(76176011)(33896004)(25786009)(5660300001)(26005)(386003)(486006)(105586002)(9686003)(86362001)(33716001)(106356001)(6246003)(58126008)(50466002)(97736004)(14444005)(16526019)(76506005)(53936002)(186003)(316002)(956004)(476003)(16586007)(18370500001); DIR:OUT; SFP:1101; SCL:1; SRVR:HK2PR0401MB1460; H:localhost; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
Received-SPF: None (protection.outlook.com: apnic.net does not designate permitted sender hosts)
X-Microsoft-Exchange-Diagnostics: 1; HK2PR0401MB1460; 23:/pU+pUhqpFdy88pCqOCZ/Hx4IFsHI69R8O2h1RXcTv3KvXbwIWr3BxzQ314XnKqGrpvjAySp+IWwSSbAgSLeDgbbD9UpmtIoYHpRclA0juoxJ1PbVrR8yQbnvckVYuPcaeokPWDoysyaKqln/H2D7Xhyc3kq+ivVqTsK5GKr76zWUwwE7HW0Vzs+CeVgyNvPbjMOBSI4iAyV0d94WwdS+8CuNIcMuqj9E/IQIaKPEF+9SnV0qUbNMH0JwpNlUoLYG3SP56f9Oyojr78HhewKBObUhcl8oYNtRLXm6pelC5FAPGhyvAMSRSe0JjijYIDC86b9BiMv+N7IDw7wT6I4sbIL3ne5MVBUMaq43imK/ttzR9O3Zmq+/32uoIfFsyD5BSF/lkcXdMZR1X13ohGyC8En4Nc8QQGlN6+O0O3lHvfIyu6nDJqD/24gVR4226bO1wxpM0LXs+MSDiNxmiwkec2DAH9SA5zHPKhj5jnMs1GdhTZOw3h03lBYh693Q/xNsFeByEwOZkfzlbhkfKLh7E24ItOqUbvU0iMC+tkiyHWKkBihj5dM1TidB/sbRR0RIWgPUMPcy+E8Q7vbw/9A9KKpoHjlwApaofpTiZin8K4fs6nNzNGI2utdcp3Rzkf+7dVCZOEst3W0W1yZ/GYzcK5vDkgPzeZ84Rh3+fXDSbjSm483UtVVp+7ybW3E2VU/aAnbAB95ULxaoMnAjzAWEeQmYiUg8H0BkVonuINjLWLSBNArvJzqOOmWlUH01UE15CEjtFWEHaJHWRmiNWIg3xeqRVtcyF/3hR/yyTc1RQ20VO4jeLBYNg5QNRSXphoSjnmi7HWu/Trd2bpLPUzE06jyeItMBYBkyMlnnCcjKZh/ZxlAnC1+NzGeeNzfYu7v/BWomVDZPIyvOlxGvkPCJAsV7V5NoDWmESorH0Tm3dstho1I+H1FDZkV6wdYLstlKWR6ZU8PliOK+sScWZAcZ/hCN5neNl02qeIuRqdwydxweFAy4V7BapJsu3iK5hN66N+2co3bw0WzJnxuEzqVfme/bzKTpw41s7bktiqhPtIdCmfDoHBZCcgOIHCZduvtpss5qdikQ30QU3qzCp7w0JfNAjOVbpAhcdK0v1NBoFucvgTX2m9zDWY30AGsJ+RuVm7fQLrVM23TVjeem779k6tg9CKeqEuHkBZkzbCBTB76CT8yLZK2SEnHPjHn62yF7QbX8L38gr+1hherNIW7HTYR77yiB08bf6Wl3svvbcKbulJFesD9HFfc7+gJeqR/Fb+d+AnOmSAKA6pwqy3ddo++2QvZVHhLkm6vV+b63ORqLb0mRFWUQAUM2NgzJ7vTQzaZFP/nQntxA8hzMO5T4Q==
X-Microsoft-Antispam-Message-Info: Ryvefs+ln9JitrOol1cEfLsPsCe4kytueem2FdvwtLD1lBys1i/umVk0J5f6yWjunt12RuMkViR7l1/J8jglU0/JyIqe2H9S3yeaWeuT/cGwKlNRqgSioWAFxludKD06b3fNjCvnnF01aAmkBmW34z+VEFxfgEQ2TegtdPYC+o1NfFMDrVqCGEJ7PQtVs3kzhWLPiB601qrWj5lCZ9ExIXh3rBT9Sdifgl2C0vpDlvSbKJ02cihDoC5xnVctRcv5fwN8RsNBLyApQo1944214031jZ5K0x15sN+DLbSwp9U+hQXxEs9xT7sY6o8En7D0R5Xm1Ms4nx/q6fIzAMKx3tZOviY56A6qWYndhWWq0ec=
X-Microsoft-Exchange-Diagnostics: 1; HK2PR0401MB1460; 6:OJIsUcHOKDbWmpbtnRya6XRVRq/gx6USzAUoSozSSuUC+pd2aXaYfdVmJomCr7Ht3m2pukC0FBqoGKVtN9mPcExUqxOEldBtbz+mJYeYNfndTeMZt+eQFu3B3ljo287AnDbkx5vD3SJINjf6o/vCcVn6WzrOzac7wiWn851pKDPjFv34QZdfOHHla6RspEvhuBv6vVqvrOSbX66RuBZ516uqFX9laeJaQE58pGAovp65qmMGNqzIkhS21zVU+dcsl9CtvwW4yGp1WtSUmmt/Dn3U+wlfpL5bhcAse+2LNo9itQDP+25MxS4apZLAH/QdJPSCEODLfllO5a8IJixrAfaud6GrmJ01oyvjaelk/sUm+mmkIYMKkRd609haG2wVufv76eYkxATIlvg60mQ/dhZDD2+of/RlT19jH725FTTbRa74pSfOpHmjSt+yLIip7SUE5S8I7B0pvlIbXmP3gg==; 5:ciGMagdUM2EWby4CpYppkGxP70i7Qj73F3OfZ4UCvaWnDy7AcAbO4Ib0gCsTK6hjzV9kz3zeR2Q6FqviJvBiWe7ndDbygfAhra9mT/bW/LGCRgA1f3x3g3lDJvG1ElgM4jvhJSP8X1ozy9DiANdQIfeVksxWi+02VOE9qfUvJK0=; 24:PRTle79JumTnoOIzZGjLHh+jMacECdbxh9P6xOKhnsEaPqB7hrsqHSfxbMa3bV/MHnk7wqsZASq2x8Fjc1uwRv/cEaVTfW5vQNf5ytybX0w=
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-Microsoft-Exchange-Diagnostics: 1; HK2PR0401MB1460; 7:1vHl/Nwl5LoFArvJw6Ixq8vk81UtqLNHclw5Tdi2W6V/7ibOkADQWtkS94b98OydJ0Rg+jaiMwyThCiYJ6vv/cPorNyBPSpNobMltA4/zXFSVy6LKphgy1uoainmabnsGJ1HNCVc6qpENntaEv6Sxcs0YhQ4SHWY8VcnWPO4u9CY3d4wMe5lNs1JY5FyzsZ43+Xv8x76FTWtiwGra5HIfGhodvHm1vSfERDkUEhNqPNt8OxbNPK6rORLS5rXbn9W
X-OriginatorOrg: apnic.net
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Jul 2018 16:58:50.6341 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 8e64f7c2-a470-4b98-3823-08d5ec069255
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 127d8d0d-7ccf-473d-ab09-6e44ad752ded
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HK2PR0401MB1460
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/tgN6B3qqDn2cp9qGpuvYLw4AkIc>
Subject: Re: [Sidrops] I-D Action: draft-ietf-sidrops-signed-tal-01.txt
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Jul 2018 16:59:01 -0000

On Fri, Jun 08, 2018 at 06:30:41AM -0700, internet-drafts@ietf.org wrote:
> A New Internet-Draft is available from the on-line Internet-Drafts directories.
> This draft is a work item of the SIDR Operations WG of the IETF.
> 
>         Title           : RPKI signed object for TAL
>         Authors         : Tim Bruijnzeels
>                           Carlos Martinez
>         Filename        : draft-ietf-sidrops-signed-tal-01.txt
>         Pages           : 12
>         Date            : 2018-06-08

I've updated our proof-of-concept to match the new draft.  Some
questions and minor suggestions:

In section 3, there is:

   The ASN.1 syntax for the Signed TAL eContent defined in
   Section 3.2.  (This is the payload that specifies the AS being
   authorized to originate routes as well as the prefixes to which
   the AS may originate routes.)

The text in parentheses looks to be a cut-and-paste from the ROA
profile document (RFC 6482).

In section 4, there is "[t]his EE certificate MUST have a 'notAfter'
time that reflects the intended time that this Signed TAL will be
published", which on its face implies that the 'notAfter' should be
set to the time when the object is first published.  Changing it to
"reflects the intended time [or duration] for which this signed TAL
will be published" should make things clearer.

The SubjectPublicKeyInfo in the TAL structure has the type IA5String.
Is there some reason not to use the 'raw' SubjectPublicKeyInfo type
from RFC 5280?

Since activationTime is not needed for an in-protocol reason at the
moment, it would be good to add a note to the draft that it's there to
prompt discussion/feedback about future dating.

On future dating more generally, I think it's a good idea, since it
allows for in-band signalling about the rollover and would (hopefully)
encourage a wider set of users to test the new tree before it becomes
the 'official' tree.

-Tom

v2.23.0 | Report a Bug | By Email