Re: [Sidrops] [WG ADOPTION] draft-va-sidrops-deploy-reconsidered-01 - ENDS 08/11/2019 (Aug 11)

Nick Hilliard <nick@foobar.org> Fri, 13 September 2019 16:19 UTC

Return-Path: <nick@foobar.org>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AF041120073; Fri, 13 Sep 2019 09:19:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6FXUc1sD8IuF; Fri, 13 Sep 2019 09:19:37 -0700 (PDT)
Received: from mail.netability.ie (mail.netability.ie [IPv6:2a03:8900:0:100::5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 834C4120041; Fri, 13 Sep 2019 09:19:34 -0700 (PDT)
X-Envelope-To: sidrops@ietf.org
Received: from cupcake.local (089-101-195156.ntlworld.ie [89.101.195.156] (may be forged)) (authenticated bits=0) by mail.netability.ie (8.15.2/8.15.2) with ESMTPSA id x8DGJU20098916 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 13 Sep 2019 17:19:31 +0100 (IST) (envelope-from nick@foobar.org)
X-Authentication-Warning: cheesecake.ibn.ie: Host 089-101-195156.ntlworld.ie [89.101.195.156] (may be forged) claimed to be cupcake.local
To: Chris Morrow <morrowc@ops-netman.net>
Cc: sidrops@ietf.org, sidrops-chairs@ietf.org, sidrops-ads@ietf.org
References: <yj9o7e8bjdaj.wl-morrowc@ops-netman.net>
From: Nick Hilliard <nick@foobar.org>
Message-ID: <aed96e4a-0ba3-20e3-7412-c7d62cd6d193@foobar.org>
Date: Fri, 13 Sep 2019 17:19:29 +0100
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:52.0) Gecko/20100101 PostboxApp/7.0.2
MIME-Version: 1.0
In-Reply-To: <yj9o7e8bjdaj.wl-morrowc@ops-netman.net>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-GB
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/wlwx2TG6cC5vtTEGucv7P-H30OY>
Subject: Re: [Sidrops] [WG ADOPTION] draft-va-sidrops-deploy-reconsidered-01 - ENDS 08/11/2019 (Aug 11)
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Sep 2019 16:19:40 -0000

Chris Morrow wrote on 21/07/2019 22:19:
> SIDROps folks!
> 
> Please consider this an adoption call for the subject draft, abstract
> of which is:
> 
>    "This document defines a deployment model for reconsidered validation
>     [RFC8360] in the Resource Public Key Infrastructure (RPKI).
> 
>     It stipulates that Relying Parties in the RPKI MUST support
>     reconsidered validation by 1 July TBD-Year, and that Certificate
>     Authorities MAY use the reconsidered validation OIDs in CA
>     certificates that they issue from this date.  Furthermore Certificate
>     Authorities should monitor whether the set of resources in CA
>     certificate they receive has shrunk, and make adjustments in the CA
>     certificates and/or other RPKI objects when appropriate."
> 
> Please have a read, discuss, and comment over the next ~3 weeks period.
> Thanks for your prompt attention to this matter.

belatedly, this seems like a good idea.  My crypto ca/chain-of-trust fu 
is not up to seeing anything obviously wrong with the idea.

Nick