Re: [sidr] wglc for draft-ietf-sidr-adverse-actions-00

2016-10-25 Thread Christopher Morrow
Howdy folks! This WGLC ended up being a bit more of a long discussion than I anticipated... I think since this WGLC there have been 2 document updates to catch comments/concerns/etc and I think deal with them properly. I don't see anymore chatter for this document after 9/2/2016, so I think we

Re: [sidr] wglc for draft-ietf-sidr-adverse-actions-00

2016-07-19 Thread Stephen Kent
Tim, Thanks for taking the time to read and comment on the document. I will change CA certificate analysis to be section 2.1, and make the CRL section b 2.3, as per your request. The Manifest section will remain 2.2, ROAs will become 2.4, GB will become 2.5, and Router Certificates will

Re: [sidr] wglc for draft-ietf-sidr-adverse-actions-00

2016-07-17 Thread Tim Bruijnzeels
Hi, I have a number of late comments (unfortunately no time to read this in detail earlier) First of all, I believe that the structure of the document, where analysis is done without going into details of solutions, is useful. That said I have some substantial comments. I think the order of

Re: [sidr] wglc for draft-ietf-sidr-adverse-actions-00

2016-07-13 Thread Sandra Murphy
There’s been a rather energetic conversation about this but not many people involved. The wglc needs some more reviewers and commenters to gauge consensus. There’s just a few days left - please consider reviewing the draft and providing comments and publication worthiness to the list. —Sandy

Re: [sidr] wglc for draft-ietf-sidr-adverse-actions-00

2016-07-06 Thread Stephen Kent
Sriram, >A newer ROA competes with an older ROA if the newer ROA points to a different ASN, contains the same or a more specific prefix, and is issued by a different CA. For DDoS mitigation service, (as an example) a /16 prefix owner may create (well in advance) two new ROAs for

Re: [sidr] wglc for draft-ietf-sidr-adverse-actions-00

2016-07-06 Thread Stephen Kent
Sandy, I don’t see that there’s a requirement that a router have only one certificate, either. A router that was configured to speak as two different ASs might have one key certified by both ASs and might have two different keys, one for each AS. There was no intent to suggest that a

Re: [sidr] wglc for draft-ietf-sidr-adverse-actions-00

2016-07-06 Thread Stephen Kent
Randy, Thanks for providing additional examples to clarify your concerns. I'll revise the intro text accordingly. Steve ___ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr

Re: [sidr] wglc for draft-ietf-sidr-adverse-actions-00

2016-07-05 Thread Randy Bush
> I don’t see that there’s a requirement that a router have only one > certificate, either. A router that was configured to speak as two > different ASs might have one key certified by both ASs and might have > two different keys, one for each AS. that this is designed in is not an accident. we

Re: [sidr] wglc for draft-ietf-sidr-adverse-actions-00

2016-07-05 Thread Sandra Murphy
Speaking as regular ol’ member: On Jul 1, 2016, at 6:39 PM, Randy Bush wrote: >> I'll revise that text to note the case of a resource transfer appears to >> be competition > > it is more than transfer. it is the very frequent operation of changing > tranist providers. i own P,

Re: [sidr] wglc for draft-ietf-sidr-adverse-actions-00

2016-07-01 Thread Randy Bush
> I'll revise that text to note the case of a resource transfer appears to > be competition it is more than transfer. it is the very frequent operation of changing tranist providers. i own P, but do not use bgp. my parent T0 announces it for me (roa P-T0). i change upstream providers to T1.

Re: [sidr] wglc for draft-ietf-sidr-adverse-actions-00

2016-07-01 Thread Stephen Kent
Randy, I presume you are referring to the text that describes ROA competition, although you didn't cite specific text in your message (too much typing?). I'll revise that text to note the case of a resource transfer appears to be competition, absent any additional info labeling it as such.

Re: [sidr] wglc for draft-ietf-sidr-adverse-actions-00

2016-06-30 Thread Randy Bush
the introduction starts by labeling the basic make before break of a provider switch, a perfectly normal operation, as an adverse action. randy ___ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr

[sidr] wglc for draft-ietf-sidr-adverse-actions-00

2016-06-30 Thread Sandra Murphy
The authors of draft-ietf-sidr-adverse-actions-00, "Adverse Actions by a Certification Authority (CA) or Repository Manager in the Resource Public Key Infrastructure (RPKI)”, believe that the document is ready for a working group last call. This starts a two week wglc which will end on 14