Re: [Sidrops] Adam Roach's No Objection on draft-ietf-sidrops-lta-use-cases-05: (with COMMENT)

Adam Roach <adam@nostrum.com> Tue, 30 April 2019 16:27 UTC

Return-Path: <adam@nostrum.com>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 98082120317 for <sidrops@ietfa.amsl.com>; Tue, 30 Apr 2019 09:27:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.68
X-Spam-Level:
X-Spam-Status: No, score=-1.68 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, T_SPF_HELO_PERMERROR=0.01, T_SPF_PERMERROR=0.01] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=nostrum.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uRCAzU7U2D7j for <sidrops@ietfa.amsl.com>; Tue, 30 Apr 2019 09:27:34 -0700 (PDT)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AA82D120319 for <sidrops@ietf.org>; Tue, 30 Apr 2019 09:27:33 -0700 (PDT)
Received: from MacBook-Pro.roach.at (99-152-146-228.lightspeed.dllstx.sbcglobal.net [99.152.146.228]) (authenticated bits=0) by nostrum.com (8.15.2/8.15.2) with ESMTPSA id x3UGRT6I048756 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Tue, 30 Apr 2019 11:27:31 -0500 (CDT) (envelope-from adam@nostrum.com)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=nostrum.com; s=default; t=1556641652; bh=cSndnKczwUyQHWOM2SXDY5rkiovAnfIQal0RpePxRZQ=; h=Subject:To:Cc:References:From:Date:In-Reply-To; b=H2plLRs2ULTeVDE3jPygrKsaYa+sLYYguzvlSSTW33LJB4kpG2OjrSsB7kuy711Pq kD8eJ8HnZh0D/hx4/XJSrBBuf74FmeNWL3w0FClNwleBGRI+irDqr8cN6v0MBwsfls wVHqhRI7DrImGh8KsvPLBjym+WOE/CbfBgFs1lDk=
X-Authentication-Warning: raven.nostrum.com: Host 99-152-146-228.lightspeed.dllstx.sbcglobal.net [99.152.146.228] claimed to be MacBook-Pro.roach.at
To: Randy Bush <randy@psg.com>, Barry Leiba <barryleiba@computer.org>
Cc: Chris Morrow <morrowc@ops-netman.net>, sidrops@ietf.org, draft-ietf-sidrops-lta-use-cases@ietf.org, The IESG <iesg@ietf.org>, sidrops-chairs@ietf.org
References: <155659678989.12846.6228625087288154485.idtracker@ietfa.amsl.com> <CALaySJJJ8xgj=xYSG16rYrN0Vf96pJsvxP6sYAZO4A0ABEzHPA@mail.gmail.com> <m2r29j796p.wl-randy@psg.com>
From: Adam Roach <adam@nostrum.com>
Message-ID: <2dfbc782-b88a-5488-2fd7-71751b91ac36@nostrum.com>
Date: Tue, 30 Apr 2019 11:27:24 -0500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:60.0) Gecko/20100101 Thunderbird/60.6.1
MIME-Version: 1.0
In-Reply-To: <m2r29j796p.wl-randy@psg.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/vhGJJ-Kx31p9sVY4ANYE1AuiYR0>
Subject: Re: [Sidrops] Adam Roach's No Objection on draft-ietf-sidrops-lta-use-cases-05: (with COMMENT)
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Apr 2019 16:27:43 -0000

This seems like an even better resolution to the problem. Thanks, Randy.

/a

On 4/30/19 11:24 AM, Randy Bush wrote:
>>> Please consider adding the boilerplate specified in RFC 8174.
>> Or, alternatively (and my preference), re-word that brief paragraph in
>> the Security Considerations so that it doesn't use "MUST".  I find
>> "Hence they MUST be implemented to assure the local constraint." hard
>> to understand anyway, so re-wording might help.
> as mirja kühlewind pointed out, that paragraph was a bungle.  how about
>
> 6.  Security Considerations
>
>     Though the above use cases are all constrained to local contexts,
>     they violate the model of a single Global RPKI, albeit to meet real
>     operational needs.  Hence the result must be able to be validated as
>     if the changed data were part of the validatable Global RPKI while
>     including the local context, perhaps with the addition of trust
>     anchors or authenticatable patching of trust.
>
>     Modification 'recipes' may lack authentication.  E.g., if
>     modifications to the tree are passed around a la SLURM files, see
>     [RFC8416], what was object security becomes, at best, transport
>     security, or authentication by other trust domains such as PGP.
>
> randy
>