Re: [Sidrops] [WGLC] draft-ietf-sidrops-rp - ENDS: Mar 7, 2019

Di Ma <madi@rpstir.net> Mon, 25 March 2019 11:48 UTC

Return-Path: <madi@rpstir.net>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 26E84120403; Mon, 25 Mar 2019 04:48:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hXTnL0267OWa; Mon, 25 Mar 2019 04:48:41 -0700 (PDT)
Received: from out20-51.mail.aliyun.com (out20-51.mail.aliyun.com [115.124.20.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8DEC2120401; Mon, 25 Mar 2019 04:48:37 -0700 (PDT)
X-Alimail-AntiSpam: AC=CONTINUE; BC=0.0745794|-1; CH=green; DM=||false|; FP=0|0|0|0|0|-1|-1|-1; HT=e02c03307; MF=madi@rpstir.net; NM=1; PH=DS; RN=4; RT=4; SR=0; TI=SMTPD_---.ECVqTi2_1553514507;
Received: from dhcp-89aa.meeting.ietf.org(mailfrom:madi@rpstir.net fp:SMTPD_---.ECVqTi2_1553514507) by smtp.aliyun-inc.com(10.147.37.28); Mon, 25 Mar 2019 19:48:32 +0800
Content-Type: text/plain; charset=gb2312
Mime-Version: 1.0 (Mac OS X Mail 12.2 \(3445.102.3\))
From: Di Ma <madi@rpstir.net>
In-Reply-To: <E9997496-1709-4B79-9911-3E88CE8D7B1A@ripe.net>
Date: Mon, 25 Mar 2019 12:48:18 +0100
Cc: sidrops@ietf.org, sidrops-chairs@ietf.org, sidrops-ads@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <760F2043-C7DD-4CAF-8BA0-027769BA90D7@rpstir.net>
References: <yj9ozhpt51ug.wl-morrowc@ops-netman.net> <E9997496-1709-4B79-9911-3E88CE8D7B1A@ripe.net>
To: Oleg Muravskiy <oleg@ripe.net>
X-Mailer: Apple Mail (2.3445.102.3)
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/w4uTimyWu3spWGupnVFjLXwj8U4>
Subject: Re: [Sidrops] [WGLC] draft-ietf-sidrops-rp - ENDS: Mar 7, 2019
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Mar 2019 11:48:45 -0000

Oleg,


> 在 2019年3月24日,18:11,Oleg Muravskiy <oleg@ripe.net> 写道:
> 
> Here are my comments on this document. Most of them I already submitted back in 2016 (https://mailarchive.ietf.org/arch/msg/sidr/ThyvBuWdCnv2t9u86sOjwdV4xKc), and authors seem to agreed to update the document, but that didn’t happen:

Thanks very much for your detailed review. 

And sorry for forgetting taking your feedback into updating. 
 
> 
> 
>> 3.2.  Certificate Path Validation
>> 
>>   In the RPKI, issuer can only assign and/or allocate public INRs
>>   belong to it,
> 
> 
> Assignment / allocation of INRs does not happen in RPKI.


Yes, it is not an accurate description, which I see an unnecessary statement by far.

I will cross it out. 

> 
> 
>> 3.3.  CRL Processing
>> 
>>   The CRL processing requirements imposed on CAs and RP are described
>>   in Section 5 of [RFC6487]. CRLs in the RPKI are tightly constrained;
>>   only the AuthorityKeyIndetifier and CRLNumber extensions are allowed,
>>   and they MUST be present.  No other CRL extensions are allowed, and
>>   no CRLEntry extensions are permitted.  RPs are required to verify
>>   that these constraints have been met.  Each CRL in the RPKI MUST be
>>   verified using the public key from the certificate of the CA that
>>   issued the CRL.
> 
> 
> The normative language is used in an Informational document.


Good catch.

We authors were eliminating normative language in this document, this is a missed one:-)


> 
> 
>> 4.2.2.  ROA
>> 
>>   To validate a ROA, the RP is required perform all the checks
>>   specified in [RFC6488] as well as the additional ROA-specific
>>   validation steps.  The IP address delegation extension [RFC3779]
>>   present in the end-entity (EE) certificate (contained within the
>>   ROA), must encompass each of the IP address prefix(es) in the ROA.
>> 
>>   More details for ROA validation are specified in Section 2 of
>>   [RFC6482].
> 
> 
> Section 2 of RFC6482 defines the ROA content-type, not the validation.

Yes. It might be a typo. 

We should have referred to Section 4 of  [RFC6482]

> 
> 
>> 4.2.3.  Ghostbusters
>> 
>> 
>>   The Ghostbusters Record is optional; a publication point in the RPKI
>>   can have zero or more associated Ghostbuster Records.
> 
> 
> Since no other CMS object description in this document mentions object’s optionality, this sentence may be understood as that the Ghostbusters Record is the only type of object which is optional. This is not the case.

We haven’t thought of this implication. 

Thanks for your consideration. 

> 
> 
>> 4.3.  How to Make Use of Manifest Data
>> 
>>   For a given publication point, the RP ought to perform tests, as
>>   specified in Section 6.1 of [RFC6486], to determine the state of the
>>   Manifest at the publication point.  A Manifest can be classified as
>>   either valid or invalid, and a valid Manifest is either current and
>>   stale.  An RP decides how to make use of a Manifest based on its
>>   state, according to local (RP) policy.
>> 
>>   If there are valid objects in a publication point that are not
>>   present on a Manifest, [RFC6486] does not mandate specific RP
>>   behavior with respect to such objects.  However, most RP software
>>   ignores such objects and this document recommends that this behavior
>>   be adopted uniformly.
> 
> 
> To my knowledge, most RP software notifies operator about presence of such objects, not just ignores them.
> 
> Also, I’m not sure how to treat “recommends” in an informational document.


Since you and I can neither know how other  RP software would behave in terms of this issue.

How about crossing out 'However, most RP software ignores such objects and this document recommends that this behavior be adopted uniformly.’


> 
> 
>>   In the absence of a Manifest, an RP is expected to accept all valid
>>   signed objects present in the publication point.  
> 
> 
> RFC6486 says that all such objects "SHOULD be viewed as suspect, but MAY be used by the RP, as per local policy”. This is quite different to “RP is expected to accept”.
> 
> 
> 
> And again, in general, I do not quite understand how authors chose to describe in detail some validation steps, and completely omit other steps, which makes the overall value of this document unclear to me.


You are touching the key point. 

We authors were bothered  by RFC 6486 which is squishy in how RPs would use Manifest, but find it hard to improve it.

That’s why we tried to go into detail of this issue instead of just referring to Section 6 of RFC 6486 but leave TBD in early version. 

If the WG has no more better idea, we authors will consider to adjust this section regarding 'How to Make Use of Manifest Data’ .


Di