Re: [Sidrops] what to do when the CRL is hosed?
Lukas Tribus <lists@ltri.eu> Thu, 02 April 2020 23:05 UTC
Return-Path: <lists@ltri.eu>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C9C6B3A1BCB for <sidrops@ietfa.amsl.com>; Thu, 2 Apr 2020 16:05:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.233
X-Spam-Level:
X-Spam-Status: No, score=-1.233 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_SOFTFAIL=0.665, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P9Yj-HUA5hTL for <sidrops@ietfa.amsl.com>; Thu, 2 Apr 2020 16:05:17 -0700 (PDT)
Received: from smtp-relay2.web-server.biz (smtp-relay2.web-server.biz [137.74.38.202]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 74EF73A1BC8 for <sidrops@ietf.org>; Thu, 2 Apr 2020 16:05:17 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by smtp-relay2.web-server.biz (Postfix) with ESMTP id 93AA71C91F for <sidrops@ietf.org>; Fri, 3 Apr 2020 01:05:15 +0200 (CEST)
Received: from smtp-relay2.web-server.biz ([137.74.38.202]) by localhost (smtp-relay2.web-server.biz [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pNW9D3Kg3JKR for <sidrops@ietf.org>; Fri, 3 Apr 2020 01:05:13 +0200 (CEST)
Received: from mail5.web-server.biz (www5.web-server.biz [185.181.105.105]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp-relay2.web-server.biz (Postfix) with ESMTPS id 2C3DB1CA00 for <sidrops@ietf.org>; Fri, 3 Apr 2020 01:05:13 +0200 (CEST)
Received: from mail-il1-f180.google.com (mail-il1-f180.google.com [209.85.166.180]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail5.web-server.biz (Postfix) with ESMTPSA id 5E30847C77 for <sidrops@ietf.org>; Thu, 2 Apr 2020 23:05:07 +0000 (UTC)
Received: by mail-il1-f180.google.com with SMTP id j9so5408812ilr.7 for <sidrops@ietf.org>; Thu, 02 Apr 2020 16:05:07 -0700 (PDT)
X-Gm-Message-State: AGi0PuYwgSz4fCwiuLg5k+Pyuxcw7F/hT3LAfjW5VUNWhrhrbFSqO0q3 E3hnTlSKe3tr8By0zRr7RjeQQKdd8PVFnV20I8A=
X-Google-Smtp-Source: APiQypLOO3Ydqc/r81rGXCMnaAZHMc1akLBEq7FRxVPShK9r+DLnJ1HBwjXYoEMK5HEep2b/EOXEhmXKCpmsjY9cb94=
X-Received: by 2002:a05:6e02:54e:: with SMTP id i14mr6149983ils.166.1585868706596; Thu, 02 Apr 2020 16:05:06 -0700 (PDT)
MIME-Version: 1.0
References: <20200224151532.GD19221@vurt.meerval.net> <20200224211531.GB60925@vurt.meerval.net> <20200225090338.10464b1a@glaurung.nlnetlabs.nl> <9cc3a6a5-f9c8-23df-588e-48dee5db62d4@verizon.net> <3B7006DE-5366-47E7-9CD6-AF392F9ED0CC@nlnetlabs.nl> <6602d1a7-ecbf-73a0-21d8-1254fb2aff97@verizon.net> <20200226173935.GE72144@vurt.meerval.net> <2db8d19a-6f91-d2fc-36c3-65742ba77e6c@ripe.net> <8B09B96B-432C-4190-9DE0-DC2004AAFCC2@nlnetlabs.nl> <CC64461D-4F34-4367-AD9D-D42B2A476363@ripe.net> <75140927-0b8b-07ab-ad2e-952e32256df1@verizon.net> <24198.20355.168888.506246@oz.mt.att.com>
In-Reply-To: <24198.20355.168888.506246@oz.mt.att.com>
From: Lukas Tribus <lists@ltri.eu>
Date: Fri, 03 Apr 2020 01:04:55 +0200
X-Gmail-Original-Message-ID: <CACC_My-g7bU7FYHiy+3j=HfXBp4+ZEWA96aGOaptROtLg8CSUg@mail.gmail.com>
Message-ID: <CACC_My-g7bU7FYHiy+3j=HfXBp4+ZEWA96aGOaptROtLg8CSUg@mail.gmail.com>
To: Jay Borkenhagen <jayb@braeburn.org>
Cc: sidrops@ietf.org
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/vmZJ9eV-rhnfTUyWlsd0DnyFscs>
Subject: Re: [Sidrops] what to do when the CRL is hosed?
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Apr 2020 23:05:19 -0000
Hello, On Thu, 2 Apr 2020 at 22:48, Jay Borkenhagen <jayb@braeburn.org> wrote: > No network operators want to specify any 'local policy' on their RP > instances to control under which conditions an RPKI object would be > accepted. Some network operators in this WG have voiced strong > opinions about how such acceptance should be decided, but that's not > because they want the ability to exert local policy there. Such > opinions are all toward the goal we share of all implementations > reliably creating a correct/consistent VRP set. > > > I encourage feedback from other network operators on this one simple > point. Hopefully we all see this 'local policy' matter the same way, > and the WG can turn its attention to consistent handling of the corner > cases. As a network operator, and without commenting on low-level aspects, I expect (TL;DR: all the good and none of the bad stuff please): - all RP's to produce the same VRP sets, given the same input (otherwise we slow down detection of bugs, misconfigurations and attacks), I suggest to NOT implement different code paths and local policy exceptions. - the end-result of rsync vs RRDP to be the same, in every case, under every attack scenario - no MITM attacks possible that lead to incomplete VRP sets (with the supported retrieval methods, which still includes rsync) I wanna be able to run different RP's in my network, without my routers behaving differently based on whether they are currently considering RP implementation A or RP implementation B. I also expect some outages of RPKI infrastructure in the coming years, just as we had outages in the past and just like other ecosystems have (DNS, DNSSEC, TLS, etc). I consider that acceptable and realistic, realizing that there are some scenarios where this will not only cause NOTFOUNDs, but also false-positive INVALIDs. That's really bad, but it also will be very rare (losing a subset of ROAs at IRR level). But I would strongly encourage not to weaken or simplify the checks that are in place, despite being aware that hosting the repository is hard (atomic updates and all). Maybe we could come up with some best practices documentation about setup, maintenance of a repository (BCP?) for repository operators. I would like for the ecosystem to stay extendable if someday we want to add something other than ROA to it, and I would still like it to be cryptographically reliable and consistent in that (and every other) case. I know it's not that black and white, I realize I am grossly oversimplifying. But if I think about TLS or the WebPKI in general, lax rules, simplifications and fallbacks always turned out to be a bad idea in the end. lukas
- [Sidrops] what to do when the CRL is hosed? Job Snijders
- Re: [Sidrops] what to do when the CRL is hosed? Job Snijders
- Re: [Sidrops] what to do when the CRL is hosed? Job Snijders
- Re: [Sidrops] what to do when the CRL is hosed? Jared Mauch
- Re: [Sidrops] what to do when the CRL is hosed? Francisco Javier Moreno Arana
- Re: [Sidrops] what to do when the CRL is hosed? Ben Maddison
- Re: [Sidrops] what to do when the CRL is hosed? Job Snijders
- Re: [Sidrops] what to do when the CRL is hosed? Martin Hoffmann
- Re: [Sidrops] what to do when the CRL is hosed? Stephen Kent
- Re: [Sidrops] what to do when the CRL is hosed? George Michaelson
- Re: [Sidrops] what to do when the CRL is hosed? Louis Poinsignon
- Re: [Sidrops] what to do when the CRL is hosed? Job Snijders
- Re: [Sidrops] what to do when the CRL is hosed? Christopher Morrow
- Re: [Sidrops] what to do when the CRL is hosed? George Michaelson
- Re: [Sidrops] what to do when the CRL is hosed? Jared Mauch
- Re: [Sidrops] what to do when the CRL is hosed? Randy Bush
- Re: [Sidrops] what to do when the CRL is hosed? Di Ma
- Re: [Sidrops] what to do when the CRL is hosed? Oleg Muravskiy
- Re: [Sidrops] what to do when the CRL is hosed? Tim Bruijnzeels
- Re: [Sidrops] what to do when the CRL is hosed? Robert Kisteleki
- Re: [Sidrops] what to do when the CRL is hosed? Stephen Kent
- Re: [Sidrops] what to do when the CRL is hosed? Job Snijders
- Re: [Sidrops] what to do when the CRL is hosed? Stephen Kent
- Re: [Sidrops] what to do when the CRL is hosed? Robert Kisteleki
- Re: [Sidrops] what to do when the CRL is hosed? Tim Bruijnzeels
- Re: [Sidrops] what to do when the CRL is hosed? Tim Bruijnzeels
- Re: [Sidrops] what to do when the CRL is hosed? Nathalie Trenaman
- Re: [Sidrops] what to do when the CRL is hosed? Claudio Jeker
- Re: [Sidrops] what to do when the CRL is hosed? Stephen Kent
- Re: [Sidrops] what to do when the CRL is hosed? Stephen Kent
- Re: [Sidrops] what to do when the CRL is hosed? Robert Kisteleki
- Re: [Sidrops] what to do when the CRL is hosed? Job Snijders
- Re: [Sidrops] what to do when the CRL is hosed? Rob Austein
- Re: [Sidrops] what to do when the CRL is hosed? Tim Bruijnzeels
- Re: [Sidrops] what to do when the CRL is hosed? Job Snijders
- Re: [Sidrops] what to do when the CRL is hosed? Tim Bruijnzeels
- Re: [Sidrops] what to do when the CRL is hosed? Tim Bruijnzeels
- Re: [Sidrops] what to do when the CRL is hosed? Martin Hoffmann
- Re: [Sidrops] what to do when the CRL is hosed? Job Snijders
- Re: [Sidrops] what to do when the CRL is hosed? Oleg Muravskiy
- Re: [Sidrops] what to do when the CRL is hosed? Stephen Kent
- Re: [Sidrops] what to do when the CRL is hosed? Stephen Kent
- Re: [Sidrops] what to do when the CRL is hosed? Stephen Kent
- Re: [Sidrops] what to do when the CRL is hosed? Job Snijders
- Re: [Sidrops] what to do when the CRL is hosed? Job Snijders
- Re: [Sidrops] what to do when the CRL is hosed? Stephen Kent
- Re: [Sidrops] what to do when the CRL is hosed? Christopher Morrow
- Re: [Sidrops] what to do when the CRL is hosed? George Michaelson
- Re: [Sidrops] what to do when the CRL is hosed? Di Ma
- Re: [Sidrops] what to do when the CRL is hosed? Christopher Morrow
- Re: [Sidrops] what to do when the CRL is hosed? Christopher Morrow
- Re: [Sidrops] what to do when the CRL is hosed? Robert Kisteleki
- Re: [Sidrops] what to do when the CRL is hosed? Robert Kisteleki
- Re: [Sidrops] what to do when the CRL is hosed? Martin Hoffmann
- Re: [Sidrops] what to do when the CRL is hosed? Claudio Jeker
- Re: [Sidrops] what to do when the CRL is hosed? Job Snijders
- Re: [Sidrops] what to do when the CRL is hosed? Christopher Morrow
- Re: [Sidrops] what to do when the CRL is hosed? Jay Borkenhagen
- Re: [Sidrops] what to do when the CRL is hosed? Randy Bush
- Re: [Sidrops] what to do when the CRL is hosed? Lukas Tribus
- Re: [Sidrops] what to do when the CRL is hosed? Randy Bush
- Re: [Sidrops] what to do when the CRL is hosed? Martin Hoffmann
- Re: [Sidrops] what to do when the CRL is hosed? Lukas Tribus
- Re: [Sidrops] what to do when the CRL is hosed? Tim Bruijnzeels
- Re: [Sidrops] what to do when the CRL is hosed? Robert Kisteleki
- Re: [Sidrops] what to do when the CRL is hosed? Martin Hoffmann
- Re: [Sidrops] what to do when the CRL is hosed? Stephen Kent
- Re: [Sidrops] what to do when the CRL is hosed? Randy Bush