IETF Logo Mail Archive

Re: [Sidrops] I-D Action: draft-ietf-sidrops-signed-tal-05.txt

Robert Kisteleki <robert@ripe.net> Tue, 28 April 2020 07:43 UTC

Return-Path: <robert@ripe.net>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E993C3A0DCC for <sidrops@ietfa.amsl.com>; Tue, 28 Apr 2020 00:43:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EowkM59vxdIH for <sidrops@ietfa.amsl.com>; Tue, 28 Apr 2020 00:43:23 -0700 (PDT)
Received: from mahimahi.ripe.net (mahimahi.ripe.net [IPv6:2001:67c:2e8:11::c100:1372]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C9BD63A0DCA for <sidrops@ietf.org>; Tue, 28 Apr 2020 00:43:22 -0700 (PDT)
Received: from bufobufo.ripe.net ([193.0.23.13]) by mahimahi.ripe.net with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.3) (envelope-from <robert@ripe.net>) id 1jTKtl-0002ux-En; Tue, 28 Apr 2020 09:43:21 +0200
Received: from sslvpn.ipv6.ripe.net ([2001:67c:2e8:9::c100:14e6] helo=[IPv6:2001:67c:2e8:1200::b29]) by bufobufo.ripe.net with esmtps (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.92.3) (envelope-from <robert@ripe.net>) id 1jTKtl-00022L-BR; Tue, 28 Apr 2020 09:43:21 +0200
To: Christopher Morrow <christopher.morrow@gmail.com>
Cc: SIDR Operations WG <sidrops@ietf.org>
References: <157914534015.22379.11024327123542212494@ietfa.amsl.com> <CAL9jLabyFSP0C1Rq3FY6JkJVbPbm9yG9JuAfMQeZZtEeSb0Dfg@mail.gmail.com> <CAKr6gn11jN5Jb+uTeQerSktE5mE_DH+rSiBeYc90dpJqsAXGig@mail.gmail.com> <920CAE43-E94A-45A1-AD2C-86095F396E96@nlnetlabs.nl> <c0774788-c572-7dd1-8b15-41bee5af16c6@ripe.net> <m2lfodjpfx.wl-randy@psg.com> <CAL9jLabFAh9EKA9yH5VhsLfU8dzU-tRm2GpghtnjL2P=gy2GZg@mail.gmail.com> <m2o8rc60aq.wl-randy@psg.com> <CAKr6gn0UKD16fTNOJJ8njXAkA_z2h=bOyrSMHf7o1wegdvPB3A@mail.gmail.com> <CAL9jLaZCvMLmLskuB66Yo3URKa_Sw5pHuA-EH1_nP8nC3-bzOg@mail.gmail.com>
From: Robert Kisteleki <robert@ripe.net>
Autocrypt: addr=robert@ripe.net; prefer-encrypt=mutual; keydata= xsBNBEzFa6gBCADVASYXBbUF7v1D+Y9XR41SEEMiZUARlUWeP0NrFHZmRRGdR5nM/p6HguUd StIPRmdqMdyLDqBsV8XPVu6lvhcb4+ZFu/V1XFPVyPBH8U6iQ4PdGDeqFlBm3gxoDOGraGw8 bjojvASTz/Wk3ddLPm34Kb6oMI2MclC016UgrPgIj6A1Uu8qQeBDyWrk+OrWUPOUOKM7QhQg cpU4JwuaesthFvqdoPNQJi9QUfn94r14ZNDYmeJlchZiRHWO70Gwoy3ywfAM9Kyi1tx78Qc9 E5ZhGIw9qqlzqa6c6a0qhup2Zh/dhVBJ05jCDN7bUQT5tRiOV2icyX8Dsr4KaWYCsAOVABEB AAHNMVJvYmVydCBLaXN0ZWxla2kgKFJJUEUgTkNDIGtleSkgPHJvYmVydEByaXBlLm5ldD7C wHgEEwECACICGyMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheABQJWUwoeAAoJEC0ZXiKtTC3+ 04UH/jlvSR0esDGFSponUVawru+/QF61KdsNrdH6/Vs2buQvczW2Uh+S6Dic2vr2H0B1YrvL F2XpL2WJUHBUDLTA7dYTslvnHpyZrR8Sfb+h+wJ8OynxEC5wMKxfYNx2fMSk5EIU5mRjMaYg X/VkssDcoQAznNwVVYeqHYUJDMcrJhAYh44VHO208VwjPjHUDRlC+BoMGjHJnWDOAstlES8j 0r3adj2MqIHdDEjSdEx1+rbV0iZlgcDbYDex3qulOYlcZL+PJvGHzD6CkNBa8SbSN7cO0yqR OJ2sgobITOJ0GbRIbIvkUe1Iqw717CuQV/u822dFISDYOAhGYmfWGJWmkezOwE0ETMVrqAEI AKazZ2Agrv0nNFPWV69l6fEout/FaqWfyAG5V414l4yr+qVShUYzS+txA2vC+ouHvdORZ/JG xwKf6HE+YvvWS+Oa+b6h+GZfA3G43XGpQlxXrFK019TeMjhHqWprZALL4w2k6TatYT1ZW369 rORtwSgtn5ZC4uNcpZeDQddQvCjyYoknqlZqAFf1pssuGPTE8GvhrZGEp52dALYYoDIf7y/z 8fCAcy72rhMhQV02rPB49UxOEh2FZJhST0743tuMtFemBkp06B/Mcx54QT0muG8zj19oMDG3 AAaGjNP6B3qzR6F8VczR/qVhQzRvNMr8A6+y/ew/x4+48P+O/4n/I50AEQEAAcLAXwQYAQIA CQIbDAUCVlMKHgAKCRAtGV4irUwt/mvlB/sFID7mlsWAS66UyrI+tGs4Xfl59vvhRRZ4ZKiR 8VEbWbLKh/b9SoYcKt9SLEfVxJE5ebWPgIIvUSdLS6f4n9uAJteDZ4w/AVfp5a6jbfvMm7JP AMW4HtnZ3YbNevRgXdGVXN+bTLZzXoVijOKu+xHDBRNaUswaG3glrDJfUGkPQtCXFn6m6Pdw dW1/ShzwQgfuE/NXa83jhJ175P+NoQ2KG7934vu2MZdrtIqPibKuaGWMPG0L5YzPotK9ONmd taJMnuk92qqZ6S9JPwRZmogRW/sX54XvGg6RzNpdHS5C+iN01tCNJTRTlOJ1X73+RrGokvKc dp6fdfc4PHHhpcMd
Organization: RIPE NCC
Message-ID: <d8767cb6-0d10-ae6d-2404-6bbb38f8a637@ripe.net>
Date: Tue, 28 Apr 2020 09:43:20 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:68.0) Gecko/20100101 Thunderbird/68.7.0
MIME-Version: 1.0
In-Reply-To: <CAL9jLaZCvMLmLskuB66Yo3URKa_Sw5pHuA-EH1_nP8nC3-bzOg@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-GB
Content-Transfer-Encoding: 8bit
X-ACL-Warn: Delaying message
X-RIPE-Signature: 72e00e6d7601fa19264e98abc238a27430154ace0e242ea15b0e120909ebc398
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/u5rytdz5FSjTBuPhFvdElLuVDsg>
Subject: Re: [Sidrops] I-D Action: draft-ietf-sidrops-signed-tal-05.txt
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Apr 2020 07:43:24 -0000

> The cost to 1 and 2 seem to be: "orgX could fall off the internet,
> they'll learn their lesson or not...:("
> I'd argue that the 'in software updates with clear warnings to the
> updater' is probably safest here,
> despite my sre friends screaming about 'automate all the things' :)

The middle-ground solution was also described: the sw can detect the TAL
change (for example by periodically comparing its local version with the
officially published one) and whine if there's a difference. This lets
all kinds of bells going off even in the absence of auto-update (of the
software). And to keep SREs happy :) it can have an option to just
auto-update when there's a change.

Cheers,
Robert

v2.40.4 | Report a Bug | By Email | System Status