[xml2rfc] subsection failure
Randy Bush <randy@psg.com> Thu, 23 April 2020 19:44 UTC
Return-Path: <randy@psg.com>
X-Original-To: xml2rfc@ietfa.amsl.com
Delivered-To: xml2rfc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6AA2D3A12BE for <xml2rfc@ietfa.amsl.com>; Thu, 23 Apr 2020 12:44:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RWhlu1-Du1_H for <xml2rfc@ietfa.amsl.com>; Thu, 23 Apr 2020 12:44:36 -0700 (PDT)
Received: from ran.psg.com (ran.psg.com [IPv6:2001:418:8006::18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C01B13A12BD for <xml2rfc@ietf.org>; Thu, 23 Apr 2020 12:44:36 -0700 (PDT)
Received: from localhost ([127.0.0.1] helo=ryuu.rg.net) by ran.psg.com with esmtp (Exim 4.90_1) (envelope-from <randy@psg.com>) id 1jRhlz-0003x2-0p for xml2rfc@ietf.org; Thu, 23 Apr 2020 19:44:35 +0000
Date: Thu, 23 Apr 2020 12:44:34 -0700
Message-ID: <m21roedm1p.wl-randy@psg.com>
From: Randy Bush <randy@psg.com>
To: XML2RFC Interest Group <xml2rfc@ietf.org>
User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/26.3 Mule/6.0 (HANACHIRUSATO)
MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue")
Content-Type: text/plain; charset="US-ASCII"
Archived-At: <https://mailarchive.ietf.org/arch/msg/xml2rfc/YA_wywDEF6AV86SIHRZ_Uxx_r98>
Subject: [xml2rfc] subsection failure
X-BeenThere: xml2rfc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <xml2rfc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/xml2rfc>, <mailto:xml2rfc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/xml2rfc/>
List-Post: <mailto:xml2rfc@ietf.org>
List-Help: <mailto:xml2rfc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/xml2rfc>, <mailto:xml2rfc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Apr 2020 19:44:38 -0000
why does including a subsection give me Error: Unable to validate the XML document: draft-ymbk-sidrops-rpki-rov-timing.xml <string>: Line 105: Element section content does not follow the DTD, expecting ((t | figure | texttable | iref)* , section*), got (t section t t t t t t t t ) make: *** [all] Error 1 if i pull it to a separate section it works. if i eliminte the paragraphs after the first </section> it works. binary search elimination got me nothing <section anchor="intro" title="Introduction"> <t> This document explores, and makes recommendations for, timing of Resource Public Key Infrastructure (RPKI) publication of ROV data, their propagation, and their use in Relying Parties (RP), caches and routers. </t> <section anchor="struct" title="Deployment Structure"> <t> The RPKI supply chain from CAs to reach routers has a structure as follows: </t> <t> <list style="hanging"> <t hangText="Cerification Authorities:"> The authoritative data of the RPKI are published by a distributed set of servers, Certification Authorities, at the IANA, RIRs, NIRs, and ISPs (see <xref target="RFC6481"/>). </t> <t hangText="Publication Points:"> The CAs publish their authoritative data in publicly accessible repositories which have a Publication Point (PP) for each CA. </t> <t hangText="Relying Parties:"> Relying Parties are a local set of one or more collected and verified caches of RPKI data which are collected from the PPs. </t> <t> Note that RPs can pull from other RPs, thereby creating a somewhat complex topology. </t> <t hangText="Routers:"> Validating routers fetch data from local caches using the RPKI to Router Protocol, <xref target="I-D.ietf-sidrops-8210bis"/>. Routers are clients of the caches. Validating routers MUST have a trust relationship with, and a trusted transport channel to, any RP(s) they use. <xref target="I-D.ietf-sidrops-8210bis"/> specifies mechanisms for the router to assure itself of the authenticity of the cache and to authenticate itself to the cache. </t> </list> </t> </section> <t> As Resource Public Key Infrastructure (RPKI) based Route Origin Validation (ROV) becomes deployed in the Internet, the quality of the routing control plane, and hence timely and accurate delivery of packets in the data plane, depend more and more on prompt and accurate propagation of the RPKI data from the originating Certification Authorities (CAs), to Relying Parties (RPs), to Border Gateway Protocol (BGP) speaking routers. </t> <t> Origin Validation based on stale ROAs allows accidental mis-origination. While delays in ROA propagation to ROV in routers can cause loss of good traffic. Therefore minimizing propagation time of data from CAs to routers is critical. </t> <t> Before the data can start on the CA to router chain, the resource holder (operator) MUST create or delete the relevant ROA(s) through the CA's operational interface(s). The operator is responsible for anticipating their future needs for ROAs, be aware of the propagation time from creating ROAs to effect on routing, and SHOULD create, delete, or modify ROAs sufficiently in advance of any needs in the routing system. </t> <t> There are questions of how frequently a CA publishes, how often an RP pulls, and how often routers pull from their RP(s). Overall, the router(s) SHOULD react within an hour of ROA publication. </t> <t> For CAs publishing to PPs, a few seconds to a minute seems easily achieved with reasonable software. See <xref target="publish"/>. </t> <t> Relying Party validating caches periodically retrieve data from CA publication points. RPs using rsync to poll publication points every ten minutes would be a burden today, given the load it would put on publication services, cf. one notorious repository which is structured against specification. RPs using RRDP impose no such load. As the infrastructure moves from rsync to RRDP, fetching every ten minutes would be reasonable. For rsync, an hour would be the longest acceptable window. See <xref target="rp-pull"/>. </t> <t> For the BGP speaking router(s) pulling from the RP(s), five minutes to an hour is a wide window. But, the RPKI-Rtr protocol does have the Serial Notify PDU, the equivalent of DNS Notify, where the cache tells the router that it has new data. See <xref target="router-pull"/>. </t> <t> We discuss each of these in detail below. </t> </section>
- [xml2rfc] subsection failure Randy Bush
- Re: [xml2rfc] subsection failure Robert Moskowitz
- Re: [xml2rfc] subsection failure Randy Bush
- Re: [xml2rfc] subsection failure Robert Moskowitz
- Re: [xml2rfc] subsection failure Randy Bush
- Re: [xml2rfc] subsection failure Robert Moskowitz
- Re: [xml2rfc] subsection failure Randy Bush
- Re: [xml2rfc] subsection failure Robert Moskowitz
- Re: [xml2rfc] subsection failure Carsten Bormann
- Re: [xml2rfc] subsection failure Nico Williams