IETF Logo Mail Archive

Re: [Sidrops] Making ASPA AFI-Agnostic - coordination

Job Snijders <job@fastly.com> Thu, 08 June 2023 18:19 UTC

Return-Path: <job@fastly.com>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CFECBC151070 for <sidrops@ietfa.amsl.com>; Thu, 8 Jun 2023 11:19:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.095
X-Spam-Level:
X-Spam-Status: No, score=-7.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=fastly.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U1Ko_Se8XzVr for <sidrops@ietfa.amsl.com>; Thu, 8 Jun 2023 11:19:53 -0700 (PDT)
Received: from mail-ej1-x632.google.com (mail-ej1-x632.google.com [IPv6:2a00:1450:4864:20::632]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3695DC15106B for <sidrops@ietf.org>; Thu, 8 Jun 2023 11:19:53 -0700 (PDT)
Received: by mail-ej1-x632.google.com with SMTP id a640c23a62f3a-977d7bdde43so200687066b.0 for <sidrops@ietf.org>; Thu, 08 Jun 2023 11:19:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastly.com; s=google; t=1686248391; x=1688840391; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=EL/VFZsEC8iPp2VUziz9fox0TllnXFIJ0iNdpoJhjlM=; b=VxhuS9XhIROZa+irnRiyQyo+7vZmR00/m12BLvdfUN5jwvsXkcBdP2jvDktr1wVHes rL9b75AzmTtHD2O7AYKG19+Bfwt87ONLQ+G3N69gaj/9aqN/fJaJx1fEcbxzLD6h9vS8 GXHAvI4ooyZp0bYfLrPPD5G25Ia1QySqujSoY=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686248391; x=1688840391; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=EL/VFZsEC8iPp2VUziz9fox0TllnXFIJ0iNdpoJhjlM=; b=AKZXWGdwpzMKwyMs3f9OpYeZ0pcPSqikbpYOveaV8DH5tCaz/lOT4/25yIaAYp4o2H q9IZs+VMjqR2rspkMaaAEzE/E3rntd64MxJVPtVe1OvO7eKs3Hxf/0UTPps2V3a8z8Ay O5kcdSkdmdCwSUxfsIvhUBN5V4YWQR+Oa+uLUUKbtFXH0qsbQTIdvP8ZoUJrZfxfgeYK VqbbvnBipeep8HncZOlsGPo/2RFraOZ61LrJ12yg6dQI2jYIY4fSy/99+e2ximI6i+2n uzJLHZoAzGlYGZGfWSsLJ3HxKN57MtoGo5YUaiyiiT32Ckxg+sUvjQOQOULF8MA+ZMpR AijQ==
X-Gm-Message-State: AC+VfDyiFZ9ceD6r4lQtd5hplVbBoG1Lo25aayEFg3ysNzygpMeNKn+A mhOWltMmdd17DZF9PrOTk3EQjJnmNlodJcmdED0=
X-Google-Smtp-Source: ACHHUZ7UB4LdaIhLQXDcaomH4i07BGbi1qoDf7dTIjL+kn4OgM3L5ZTFulo+4SvPtzYZjMz+cStnfA==
X-Received: by 2002:a17:906:5d0d:b0:965:aa65:233f with SMTP id g13-20020a1709065d0d00b00965aa65233fmr29857ejt.2.1686248391084; Thu, 08 Jun 2023 11:19:51 -0700 (PDT)
Received: from snel ([2a10:3781:276:1:16f6:d8ff:fe47:2eb7]) by smtp.gmail.com with ESMTPSA id bk4-20020a170906b0c400b0096f675ce45csm147755ejb.182.2023.06.08.11.19.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 08 Jun 2023 11:19:50 -0700 (PDT)
Date: Thu, 08 Jun 2023 20:19:48 +0200
From: Job Snijders <job@fastly.com>
To: Martin Hoffmann <martin@nlnetlabs.nl>
Cc: Russ Housley <housley@vigilsec.com>, "sidrops@ietf.org" <sidrops@ietf.org>
Message-ID: <ZIIbxAe9UXVzsFY3@snel>
References: <ZH+hdvAwuZ7nN3vK@snel> <4dbb0ef4-91fc-6bbd-d979-2d0b736295ac@tu-dresden.de> <ZIBJUycE10HjIfAP@diehard.n-r-g.com> <BLAPR09MB63226569F3349669ABBEA60D9853A@BLAPR09MB6322.namprd09.prod.outlook.com> <62C121A4-DD89-477A-98EC-4356420F4888@vigilsec.com> <BLAPR09MB63223FFA678A45B6530265B49853A@BLAPR09MB6322.namprd09.prod.outlook.com> <AEE28B86-CACA-4280-99C4-505EC4A16963@vigilsec.com> <20230607184927.56a48b58@glaurung.nlnetlabs.nl> <098E4295-F418-41AF-B84F-0F826EA5C477@vigilsec.com> <20230608181210.1f5e5fc4@glaurung.nlnetlabs.nl>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <20230608181210.1f5e5fc4@glaurung.nlnetlabs.nl>
X-Clacks-Overhead: GNU Terry Pratchett
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/zkzQAefr84rk_EJFWoASraMO9Tw>
Subject: Re: [Sidrops] Making ASPA AFI-Agnostic - coordination
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Jun 2023 18:19:56 -0000

On Thu, Jun 08, 2023 at 06:12:10PM +0200, Martin Hoffmann wrote:
> Russ Housley wrote:
> > 
> > In CMS, the version number indicates which alternatives are possible
> > in some CHOICEs.  The point is to ensure that the ASN,1 decode
> > operation will work if you recognize the version number.
> 
> But, crucially, the overall structure remains the same. The new version
> of the draft changes the structure of the ProviderASSet which I think
> warrants to treat this as an entirely new definition and use a new
> content type OID.

Another relevant question is whether we want to have a 'grace period' in
which both formats are valid. I myself would prefer to make this is a
'hard cut', simply a breaking change to avoid the complications of
supporting both profiles in my RP implementation.

As far as I know there is only one ASPA verifying deployment (YYCIX),
and the few already-existing ASPA objects can probably easily be updated
through a software update.

If the group accepts it as a 'breaking change' and commits to work to
migrate the tiny ASPA ecosystem in the span of a few weeks, I see less
of a need to get a new content-type OID. Technically if 'breaking
change' is the choosen path forward, there wouldn't even be a need to
bump the version of contained in the eContent.

However, bumping the version contained in the eContent is be a novelty
in the RPKI ecosystem, so keep things as-is (profile-15) might have some
value as a learning experience for this community.

In this situation I suspect there aren't objectively right or wrong
choices, but in the interest of time we should converge and agree rather
sooner than later on one of the options.

For previous ASPA profile changes no new OID were requested.

Kind regards,

Job

v2.23.0 | Report a Bug | By Email