Re: [sidr] Key learning procedures in BGPsec?

Hi, On Jan 18, 2012, at 12:36 AM, Eric Osterweil wrote: > 2 - How do we envision the process of an AS getting its own private key > information installed on all of its routers?* Without _these_, updates > cannot be signed... I don't know for a fact, but I expect that the router key pair is cre

Re: [sidr] WG adoption call for draft-ymbk-rpki-rtr-impl-01.txt

Hi, On Jan 22, 2012, at 11:26 PM, Warren Kumari wrote: > Comments: > It is unclear (to me) what exactly was mean by "YES" vs "UNIT TEST" vs "SYS > TEST" -- I could make some guesses, but a definition would be nice. Speaking for my contribution; the one that mentions "Unit Test": Our 'production

Re: [sidr] WG adoption call for draft-ymbk-rpki-rtr-impl-01.txt

On Jan 21, 2012, at 1:19 AM, Murphy, Sandra wrote: > The working group has been requested to adopt draft-ymbk-rpki-rtr-impl-01.txt > as a working group draft. I contributed to the document, so my support is kind of implied I would expect. I am not sure about the rules, I am not an author... In

Re: [sidr] agenda for virtual meeting Mar 24

ity as well so I would have been very interested in exchanging thoughts on this with the WG. Regards, Tim Bruijnzeels (Software Engineer, RIPE NCC) ___ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr

Re: [sidr] replies needed quickly RE: possible additional meeting times

Hi Sandy, WG, Thanks for looking to reschedule this. On 19 Mar 2012, at 22:58, Murphy, Sandra wrote: > EAI was to meet 1300-1500 Afternoon Session I on Monday March 26. > CODEC was to meet 1120-1220 Afternoon Session I Friday March 30. Monday is perfect for me, Friday is a little close to my tra

Re: [sidr] additional interim meetings

Hi, On 22 Mar 2012, at 17:07, Murphy, Sandra wrote: > . > Interim meetings are not supported by the secretariat, so for face-face > meetings we have to rely on volunteer organizations or hosts. That will mean > that some meetings will have no hosts (virtual) or will have hosts but be > spa

Re: [sidr] Interim Meeting Dates/Locations (Proposed)

On 26 Mar 2012, at 16:43, Christopher Morrow wrote: > So, as stated in the meeting today, and in these slides: > > > There is a proposal to schedule 5 future Interim Face to Face > (+virtual) meetings. The dates/locations are: >

Re: [sidr] Interim Meeting Dates/Locations (Proposed)

people want to throw their _requirements_ >> at me. naturally I have my own. But I am but one lens of the issue. >> >> Cheers >> Terry >> ___ >> sidr mailing list >> sidr@ietf.org >> https://www.ietf.org/mailman/listinfo/sidr >

[sidr] rpki repository and validation issues

Hi, There are a number of separate discussions about problems with the rpki repository and ways to mitigate those problems going on on the list at the moment. First of all let me say: as a starting point the current system works most of the time, but we are finding issues that I think should b

Re: [sidr] I-D Action: draft-ietf-sidr-publication-02.txt

Hi, On 29 Mar 2012, at 11:29, Rob Austein wrote: > At Wed, 28 Mar 2012 08:57:19 -0400, Christopher Morrow wrote: >> >> Draft Author Ship Steerers, >> This we didn't chat about at the meeting(s), but are there outstanding >> bits/pieces or should this be sent along for WGLC in the near future? >

Re: [sidr] Interim Meeting Notes / Participation modes / wiki updated

Hi, On 12 Apr 2012, at 04:16, Christopher Morrow wrote: > On Wed, Apr 11, 2012 at 5:25 PM, Arturo Servin wrote: >> Chris, >> >>For the agenda item: "Deployment Discussion -> Discuss the need, and >> publication location/method, for documentation that details rollout of SIDR >> technol

Re: [sidr] agenda and reminder for Apr 30 (Monday) meeting.

Hi, Unfortunately I cannot attend. So please allow me to briefly sum up what I would have liked to contribute to this discussion if I could have been there.. On 26 Apr 2012, at 21:41, Murphy, Sandra wrote: > The agenda is posted at > http://trac.tools.ietf.org/wg/sidr/trac/wiki/InterimMeeting2

[sidr] Can you help us measure validation statistics for the current rpki infrastructure?

Hi, As you know there are discussions about the rpki repository and validation standards and infrastructure. There was some discussion and people suggested that we (as a wg) should do more, distributed, measurements. To help this effort we have now built a statistics feedback option in our val

Re: [sidr] RPKI and private keys (was RE: Interim Meeting Draft Agenda: 04-30-2012 (April 30, 2012)))

Not replying to anyone in particular here.. I just want to say though that this exporting of keys of routers makes me nervous. I think this will degrade the level of trust that people can place in bgpsec, and therefore I think it's not a good idea to include this in the standards. I understan

Re: [sidr] WGLC for draft-ietf-sidr-pfx-validate-06

Hi, On 2 Jun 2012, at 01:00, Murphy, Sandra wrote: > The authors have stated that they believe that > draft-ietf-sidr-pfx-validate-06 "BGP Prefix Origin Validation" is ready for a > working group last call. Prefix validate assumes full knowledge of all applicable ROAs (or other sources of inf

Re: [sidr] WGLC for draft-ietf-sidr-pfx-validate-06

Hi, Please allow me to clarify my earlier comments. On 12 Jun 2012, at 10:31, Tim Bruijnzeels wrote: > Hi, > > On 2 Jun 2012, at 01:00, Murphy, Sandra wrote: >> The authors have stated that they believe that >> draft-ietf-sidr-pfx-validate-06 "BGP Prefix Origin Vali

Re: [sidr] WGLC for draft-ietf-sidr-pfx-validate-06

On 16 Jun 2012, at 22:59, Pradosh Mohapatra wrote: > Hi Tim, > > >>> Prefix validate assumes full knowledge of all applicable ROAs (or other >>> sources of information if they are used) and I believe this should be >>> stated more strongly. >>> >>> The security considerations section address

Re: [sidr] Discussion topics for the virtual interim on June 29th

Hi, On 18 Jun 2012, at 04:30, Randy Bush wrote: > it sounds as if tim wants to discuss a point in pfx-validate, and > whether it is a security issue. we need to get that draft gone, so > let's try to clear any issues folk have. I am not sure if a lengthy discussion is needed. My point is just th

Re: [sidr] WGLC for draft-ietf-sidr-pfx-validate-06

Hi, On 29 Jun 2012, at 15:51, Randy Bush wrote: >> With inconsistencies I did not mean that the validated cache is out of date, >> which I agree, will always be there even if it could be minimised. >> >> The inconsistencies I refer to are different in nature. It's that the >> snapshot that the

Re: [sidr] I-D Action: draft-ietf-sidr-origin-ops-18.txt

Hi Steve, On 2 Aug 2012, at 16:51, Stephen Kent wrote: > Randy, > > I would like to add some more text, based on discussions with RP software > developers, > e.g., Rob and Andrew, and an analysis of a couple of SIDR RFCs > > RFC 6486 (TAL) states that no manifest will enumerate the self-signed

Re: [sidr] WG acceptance call for draft-ymbk-rpki-grandparenting

Hi, Thank you George for phrasing this so accurately. I fully agree that in case of the RIRs there already exists a frame work (address policy) that provides all the process needed for this. I am not sure how many big ISPs / LIRs follow this discussion, but I expect that there commercial contra

Re: [sidr] btw: minutes for interim 27 Jul 2012

Hi, On 21 Aug 2012, at 19:41, Murphy, Sandra wrote: > What I forwarded before was the pure text of the minutes taken. > > The minutes taker also published the minutes at a web site and incorporated > snapshots of blackboard (literally) drawings. Those might be useful in > understanding the te

Re: [sidr] RPKI <-> allocation consistency

Hi, On 31 Aug 2012, at 14:34, Brian Dickson wrote: > So, does it not make sense that the RPKI, meaning its design, architecture, > procedures, etc., should actually enforce exclulsivity? I think that INRs appearing on certs in multiple locations, different TAs, or different branches, are not re

Re: [sidr] New Version Notification for draft-rogaglia-sidr-multiple-publication-points-01.txt

Hi Carlos, WG, I like the idea, but I think 4.1 (Rules for Relying Parties) needs more work. I will try to come up with some text from my perspective. Tim On Oct 25, 2012, at 6:09 PM, Carlos M. Martinez wrote: > FYI, > > added new co-author, added empty line between URIs and key. > > rega

[sidr] New draft on separating validation from object retrieval

Hi all, I have already had some informal discussions about this and decided to write our ideas up in a informational draft: http://www.ietf.org/internet-drafts/draft-tbruijnzeels-sidr-validation-local-cache-00.txt I will do a short talk on this during today's sidr session to explain the backg

Re: [sidr] additions and changes to agenda on Friday

Hi, On Nov 9, 2012, at 4:07 AM, Randy Bush wrote: >>> no need. this is object based security. rama and hanuman have tals and >>> validate. having every cache in the world hit the CAs is not gonna >>> scale. >> Yes, perhaps we need a different architecture and transport protocol. > > measurem

Re: [sidr] Scaling properties of caching in a globally deployed RPKI / BGPSEC system

Hi, Some more comments on the numbers and formula.. On Nov 15, 2012, at 5:36 AM, Arturo Servin wrote: > Erick > > Very interesting research. But I am finding difficult to understand how > you got 1.4 M objects. > > Let me try to explain what I have seen in the young deployment of

Re: [sidr] RPKI Repository Distribution Protocol - a proposal for an rsync replacement for the RPKI

Hi, As some of you might know I have also done some thinking on analysing the problems with the current infrastructure, and also have some ideas about improvements and talked about this at the Vancouver interim. It's way too much for inline email, so I also took the liberty of writing my ideas

Re: [sidr] Scaling properties of caching in a globally deployed RPKI / BGPSEC system

2, at 10:44 PM, Eric Osterweil wrote: > > On Nov 16, 2012, at 10:45 AM, Tim Bruijnzeels wrote: > >> Hi, >> >> Some more comments on the numbers and formula.. >> >> On Nov 15, 2012, at 5:36 AM, Arturo Servin wrote: >> > > > >>

Re: [sidr] Scaling properties of caching in a globally deployed RPKI / BGPSEC system

Hey all, On Dec 7, 2012, at 2:31 PM, "Carlos M. martinez" wrote: > Hey Chris et al, > > On 12/07/2012 03:34 AM, Christopher Morrow wrote: > ... snip ... > >> I think somewhere 5-8 messages back Arturo's note that: >> 1) hosted model is just a crutch >> 2) hosted model isn't intended for every

Re: [sidr] the need for speed

Hi Danny, WG, People have mentioned that if the security was somehow part of the updates themselves, then you could have security at the speed of updates. I don't see how this could work, it would have to be a completely different set of standards from what's currently being worked on. Most lik

Re: [sidr] comments on the repository analysis I-D

On 27 Mar, 2013, at 6:24 PM, Randy Bush wrote: >> Yes, I assume >> http://tools.ietf.org/agenda/86/slides/slides-86-sidr-1.pdf slide 3. >> Which I think is a good estimate. > > actually, i think the number of pub points will be closer to the number > of entries in the rir's datamesses

Re: [sidr] wglc draft-ietf-sidr-policy-qualifiers-00

Hi, On Jul 15, 2013, at 4:53 PM, Tim Bruijnzeels wrote: > If the document is accepted I think more discussion is needed though on what > the RP can do with this information. Sorry.. for snoozing.. it's not the adoption call of course, but last call. My point stands though, I wo

[sidr] Erratum for RFC6486? (manifests)

Dear WG, RFC6486 has this to say about the validity times of EE certificates in manifests: http://tools.ietf.org/html/rfc6486#section-5.1 In the case of a "one-time-use" EE certificate, the validity times of the EE certificate MUST exactly match the thisUpdate and nex

Re: [sidr] Requesting comments on multiple publication points

On Aug 1, 2013, at 5:50 PM, Carlos Martinez-Cagnazzo wrote: > thanks for all your input on this draft. I encourage all to send their > comments and discuss the draft on the list. I have some ideas I would like to share with the authors and working group after the presentation on multiple publ

Re: [sidr] meeting request for IETF 88

On Sep 18, 2013, at 12:22 AM, "Murphy, Sandra" wrote: > I requested one session for the IETF 88 meeting. I adjusted the conflicts > list as Alexey had added several. > > Just to be sure I've covered the important ones, please take a look at the > list: > > Conflicts to Avoid: > First Prio

Re: [sidr] Soliciting agenda ideas for Vancouver

Hi Rob, Sorry for the belated reply. In short I support pursuing this work and prefer separating the publication protocol parts from the config protocol. It may indeed be helpful if you did a short presentation on this to refresh the WG memory. More details inline. On Oct 20, 2013, at 10:03

Re: [sidr] a query to the wg regarding publication draft

Hi, My opinion below.. On Nov 8, 2013, at 5:25 AM, "Murphy, Sandra" wrote: > Rob posed a question to the room during the meeting on Tue (Nov 5) about the > publication draft. See slides at > http://www.ietf.org/proceedings/88/slides/slides-88-sidr-1.pdf. > > The question to the list is: >

Re: [sidr] wg adoption call for draft-austein-sidr-rpki-oob-setup-00

Hi, On Nov 15, 2013, at 6:12 PM, "Murphy, Sandra" wrote: > The authors of draft-austein-sidr-rpki-oob-setup-00 have requested wg > adoption. I support adopting this work___ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr

Re: [sidr] WG Adoption: draft-ymbk-lta-use-cases

Hi wg, On Jan 10, 2014, at 9:33 PM, "Murphy, Sandra" wrote: > Can others please look at this and speak up as to whether you do or do not > support adoption? +1, support discussing this in a document Regards, Tim ___ sidr mailing list sidr@ietf.org h

Re: [sidr] Another potential DOS attack on RP software?

Hi Demian, On Jan 23, 2014, at 1:46 PM, Demian Rosenkranz wrote: > Hi, > > I'm thinking about another potential DoS attack. An entity which owns a CA > certificate has the possibility to generate a huge hierarchy of further CA > certificates without any limitation (as far as I know). > As

Re: [sidr] working group adoption poll for draft-huston-sidr-rfc6490-bis

On Feb 8, 2014, at 5:21 AM, Randy Bush wrote: > i think this is a worthwhile effort and this document is a good place to > start. > +1 Some initial comments in-line. > -- > > presuming there is consensus to adopt, i have some some nits we can > discuss when it is a wg item. > > o i though

Re: [sidr] I-D Action: draft-ietf-sidr-lta-use-cases-00.txt

Hi, On Feb 6, 2014, at 1:28 AM, "Murphy, Sandra" wrote: > The lta-use-cases draft was motivated as a way to start/guide discussion of > the Local Trust Anchor Management draft and the Suspenders draft. > > The question is whether we need both efforts, or only one, and if so, which > one. > >

Re: [sidr] working group adoption poll for draft-huston-sidr-rfc6490-bis

Hi Roque, all, First of all, the short version: = Yes, I support adoption = No, I don't see big issues / show stoppers, have some comments = Yes, I do see potential for other improvements (but I understand we may want to leave it for now) On Feb 10, 2014, at 6:28 PM, Roque Gagliano (rogaglia)

Re: [sidr] working group adoption poll for draft-huston-sidr-rfc6490-bis

Hi Steve On Feb 11, 2014, at 7:12 PM, Stephen Kent wrote: > Tim, >> >>> -- >>> >>> presuming there is consensus to adopt, i have some some nits we can >>> discuss when it is a wg item. >>> >>> o i thought folk wanted a blank line between the URI(s) and the key >>> >> I am not sure that I ca

Re: [sidr] working group adoption poll for draft-huston-sidr-rfc6490-bis

Hi Steve, On Feb 12, 2014, at 4:17 PM, Stephen Kent wrote: > I'm happy to work with you on a new doc that explores added security > functions for TALs. Let's have a chat in London. Carlos may also be interested. Tim___ sidr mailing list sidr@ietf.or

Re: [sidr] Updates to rpki-rtr protocol (RFC 6810 bis)

Hi Rob, wg, Sorry for the late reply. For the record: I support adopting this work. I will reply to issues raised and discussed in this thread where appropriate. Here I just wanted to comment on this: > 2) We added a few timing parameters to the End Of Data PDU. These, > like the Serial Num

Re: [sidr] Updates to rpki-rtr protocol (RFC 6810 bis)

On Mar 17, 2014, at 4:51 PM, David Mandelberg wrote: > On 2014-03-07 06:39, Rob Austein wrote: >> David can speak for himself, but speaking on my own behalf as a >> implementer: if we define a canonical order, comparing two PDUs is a >> simple binary string comparison. If we don't define a cano

Re: [sidr] Questions about draft-huston-rpki-validation-01

Hi, Sorry for the late reply, I have been very busy with other work. On Mar 18, 2014, at 9:09 PM, "Sriram, Kotikalapudi" wrote: >>> >>> That is good. But what I meant was (in your I-D under discussion) does >>> the alternate validation algorithm for a ROA need slightly different >>> wording (

Re: [sidr] WG adoption poll for draft-huston-rpki-validation-01

Hi, I read the draft and I support adoption. I think this addresses a real problem both in the transfer case described in the document, and in fragility wrt unintended changes in the hierarchical RPKI. This could be considered bad CA ops, but even then I think the impact on the children should

Re: [sidr] I-D Action: draft-ietf-sidr-rpki-validation-reconsidered-00.txt

n Routing Working Group of > the IETF. > >Title : RPKI Validation Reconsidered >Authors : Geoff Huston > George Michaelson > Carlos M. Martinez > Tim Bruijnzeels >

Re: [sidr] I-D Action: draft-ietf-sidr-rpki-validation-reconsidered-00.txt

Steve, all, On Jul 23, 2014, at 2:30 PM, Stephen Kent wrote: > Tim, > >> Hi, >> >> As you may have noticed my name was added to the author list, so it will >> come as no surprise that I read this document and agree with its content. >> >> I believe that all RIRs share both operational concer

Re: [sidr] I-D Action: draft-ietf-sidr-rpki-validation-reconsidered-00.txt

On Jul 24, 2014, at 11:30 AM, Sandra Murphy wrote: > On Jul 24, 2014, at 10:37 AM, Russ Housley wrote: > … >> RFC 3779 has been implemented. For example, OpenSSL implements RFC 3779, >> and others make use of this certificate handling software. We are not >> talking about a little tweak to

Re: [sidr] I-D Action: draft-ietf-sidr-rpki-validation-reconsidered-00.txt

Hi, a few more comments.. after this I think it's better (from my end) to discuss tomorrow in the working group. On Jul 24, 2014, at 2:35 PM, Stephen Kent wrote: > Tim, > >> ... The first approach has my strong preference. I believe it's simple to explain and implement, effe

Re: [sidr] I-D Action: draft-ietf-sidr-rpki-validation-reconsidered-00.txt

Hi, On Jul 25, 2014, at 9:09 AM, Byron Ellacott wrote: > Hi, > > From: Stephen Kent > Date: Thursday, 24 July 2014 5:20 pm > To: Tim Bruijnzeels > Cc: "sidr@ietf.org" > Subject: Re: [sidr] I-D Action: > draft-ietf-sidr-rpki-validation-reconsidered-00.tx

Re: [sidr] I-D Action: draft-ietf-sidr-rpki-validation-reconsidered-00.txt

Hi all, On 04 Aug 2014, at 23:47, Sandra Murphy wrote: > speaking as a regular ol' member > > On Aug 4, 2014, at 4:42 PM, "George, Wes" wrote: > >> Late to the discussion because I needed to have cycles to read and think >> about this draft... >> >> >> On 7/31/14, 4:03 PM, "Stephen Kent" w

Re: [sidr] I-D Action: draft-ietf-sidr-rpki-validation-reconsidered-00.txt

On 09 Aug 2014, at 04:42, Randy Bush wrote: The question was about why, in this effort, we are using 3779 validation rules >>> because we understand how they work formally from considerable >>> experience with PKIs. they are deployed and working today. >> Well ok. Where else are the 3

Re: [sidr] I-D Action: draft-ietf-sidr-rpki-validation-reconsidered-00.txt

Hi John, all, Hoping to clarify my reasoning why I think this is validation approach provides a significant quick win.. On 29 Oct 2014, at 00:17, John Curran wrote: > On Aug 11, 2014, at 11:58 AM, Tim Bruijnzeels wrote: >> ... >> The *one* thing I (and I believe we..) chall

Re: [sidr] this is possibly Tim Bruijnzeels delta protocol

Hi all, This is the old version of the doc. The basic principle remains the same, but we made some significant simplifications. I am working on a revised document and I hope to post it to the wg within two weeks. So, you’re welcome to read this, but it may be worth waiting for the update becaus

Re: [sidr] Call for input: RPKI Browser

Hi Matthias, We have been thinking of building a similar graphical UI for browsing the RPKI tree into our validator, but we haven’t had the time to work on it so-far, and we have quite a few other things to work on as well. What is your future plan with this? Are you planning to provide this as

Re: [sidr] this is possibly Tim Bruijnzeels delta protocol

Hi all, On 14 Nov 2014, at 21:38, Tim Bruijnzeels wrote: > ...and I hope to post it to the wg within two weeks... A little later than I was hoping for, but I just uploaded a revised version: http://www.ietf.org/id/draft-tbruijnzeels-sidr-delta-protocol-03.txt I would like to ask the work

Re: [sidr] this is possibly Tim Bruijnzeels delta protocol

On 23 Dec 2014, at 23:41, David Mandelberg wrote: > Yes, I know I'm an author, but I'm going to review this anyway. > > Section 3.2.3: "The serial attribute must be an unbounded, unsigned positive > integer indicating the current version of the repository." On the relying > party side, unboun

Re: [sidr] wg adoption call for draft-tbruijnzeels-sidr-delta-protocol-03

Hi, Thank you. I am about to leave on a one-week break though, so unless one of the co-authors wants to take care of this, I prefer to do this when I am back (16 feb) - that way I am also around for follow-up discussion. Thanks Tim On 05 Feb 2015, at 23:38, Sandra Murphy wrote: > There has b

[sidr] draft-ietf-sidr-delta-protocol-00.txt

Hi all, Following working group adoption I submitted the latest version of the delta protocol document as a working group item: > https://datatracker.ietf.org/doc/draft-ietf-sidr-delta-protocol/ Sriram, allow me to get back on previous comments you made during the call for adoption: > When au

Re: [sidr] WGLC for draft-ietf-sidr-rpki-rtr-rfc6810-bis-03

Hi, I read the document and it looks good to me, except for one clarification in section 5.10: https://tools.ietf.org/html/draft-ietf-sidr-rpki-rtr-rfc6810-bis-03#section-5.10 The IPv4 Prefix description (sectio

Re: [sidr] [Idr] Levels of BGPsec/RPKI validation, was: Re: wglc for draft-ietf-sidr-bgpsec-protocol-11

Hi, > On 30 Apr 2015, at 01:18, Randy Bush wrote: > >> First: >> There should be operational BCP recommendation based on the principle of >> make-before-break >> ( in doc like https://tools.ietf.org/html/draft-ietf-sidr-bgpsec-ops-05 ): >> 1. Certificate should be renewed and pre-published in a

Re: [sidr] I-D Action: draft-ietf-sidr-rfc6490-bis-03.txt

Hi all, > On Apr 1, 2015, at 4:06 AM, David Mandelberg wrote: > > Hi, > > While thinking about RRDP (draft-ietf-sidr-delta-protocol-00), I realized > that there's a minor conflict between RRDP's push to transition from rsync to > http(s), and the TAL format's requirement to use only rsync URI

Re: [sidr] Last Call: (Resource Public Key Infrastructure (RPKI) Trust Anchor Locator) to Proposed Standard

e facto this is what everyone is doing now, and I see no issues with our running code (both trust anchor code producing TALs, and validator code parsing this). Regards Tim Bruijnzeels (RIPE NCC) ___ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr

Re: [sidr] preventing SKI collisions

Hi Sean, Specifically on this point: > On Aug 7, 2015, at 12:52 AM, Sean Turner wrote: > > I’m all for switching to using a better hash algorithm to avoid collisions, > but why can’t we just do it anytime we want? The SKI/AKI fields are only > ever generated by a CA so the RPs don’t need to

Re: [sidr] preventing SKI collisions

> On Aug 7, 2015, at 11:35 AM, Randy Bush wrote: > >> This change would require certificates to be re-issued (or possibly >> keys to be rolled) all the way down from Trust Anchors. When the >> parent CA re-issues a certificate for the child CA with a new style >> SKI, then the child will have to

Re: [sidr] preventing SKI collisions

Hi, > On Aug 11, 2015, at 9:12 PM, Richard Hansen wrote: > >> On topic #3: >> >> Assuming we are willing to bite off generating KIs RPKI-wide, can we >> do as Tim suggested in his email >> (https://mailarchive.ietf.org/arch/msg/sidr/3H8Q7zT4t06lZXHx_iD3N188U2I) >> knowing that we’ve got an exam

Re: [sidr] WG adoption call for draft-dseomn-sidr-slurm

Hi, I understand it's past the end of call date, but I was fortunate enough to have a three week holiday that unfortunately covered these two weeks. In any case I too support adoption. As I said at the mic in Prague, we are already doing some of this in the RIPE NCC RPKI Validator and having a

Re: [sidr] I-D Action: draft-ietf-sidr-delta-protocol-01.txt

: RPKI Repository Delta Protocol > Authors : Tim Bruijnzeels > Oleg Muravskiy > Bryan Weber > Rob Austein > David Mandelberg > Filename: draft-ietf-sidr-delta-pr

Re: [sidr] I-D Action: draft-ietf-sidr-rtr-keying-10.txt

Hi Randy, Good point, and I have to admit that I don't have a clear picture of this yet (there is definitely a part on me there..). But in any case if we are to support signing router certificates in a hosted solution, then it's important that that improves. So I would be very happy to hear ab

Re: [sidr] Validation Reconsidered (again/again) question

> On 06 Nov 2015, at 10:56, Carlos M. Martinez wrote: > > Aside from process questions (whether should the draft update a standard > or nor), I definitely believe the WG should continue working on this. +1 Tim > > -Carlos > > On 11/6/15 10:52 AM, Christopher Morrow wrote: >> Please take 2 we

Re: [sidr] Validation reconsidered draft status

> On 16 Nov 2015, at 19:16, Stephen Kent wrote: > > Andy, >>> On Nov 5, 2015, at 3:53 PM, Karen Seo wrote: >>> >>> Folks, >>> >>> I think the authors have brought up some pertinent issues which have helped >>> inspire other work which subsumes them. So I thank them but agree that it >>> see

Re: [sidr] Validation Reconsidered (again/again) question

Hi, > On 25 Nov 2015, at 21:19, Stephen Kent wrote: > > None of those who believe that this draft is a good thing seem to have > addressed > an issue I raised a while ago; the proposed solution is ill-defined and, the > most > likely interpretation doesn't seem to work, in general. I'll try to

Re: [sidr] Validation Reconsidered (again/again) question

Hi Andrei > On 01 Dec 2015, at 12:04, Andrei Robachevsky > wrote: > > Tim Bruijnzeels wrote on 26/11/15 13:29: >> Please note that for ROAs there is a requirement that all ROA >> prefixes are included on the EE certificate of the (ROA) signed >> object CMS. This

Re: [sidr] wg adoption call for draft-tbruijnzeels-sidr-validation-local-cache-02

Hi Steve, group, I agree that it would be useful to have a standards track document co-authored by the three major implementors. But this document is intended as an informational track document to describe our implementation only, so that: - it can be scrutinised - we can refer to it to explain

Re: [sidr] wg adoption call for draft-tbruijnzeels-sidr-validation-local-cache-02

Hi Steve, On 16 Dec 2015, at 23:36, Stephen Kent wrote: > > Tim, > > Since, as you reminded me, this is Informational, I agree that this > doc need not be co-authored as I had suggested. But the intro must > emphasize that it just documenting what RIPE has chosen to do, and > that it does not

Re: [sidr] Validation Reconsidered (again/again) question

Hi Steve, Without going into every detail. I understand this is not what the current text says. I provided an alternative description to illustrate how I would propose to re-write text. The current text takes a bottom-up view of the process w.r.t. verifying the presence of resources looking ba

[sidr] Using RRDP links in the RIPE NCC repository

Hi all, Just a heads up that we have started to include RRDP SIAs as in the RIPE NCC RPKI certificates. We are using a cloud provider to host the publication server and CDN - but I am not sure it's appropriate to name companies on this list ;). It shouldn't affect any recent validators - recent

Re: [sidr] wg adoption call for draft-tbruijnzeels-sidr-validation-local-cache-02

Hi Sandy, Technical question. We plan to submit an update before the cut-off date - no major overhaul but we have some changes. Can we just submit a new version as an official document, or should we just re-submit this one, and do the update in a week or two? Thanks Tim > On 03 Mar 2016, a

Re: [sidr] I-D Action: draft-ietf-sidr-delta-protocol-02.txt

> > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the Secure Inter-Domain Routing of the IETF. > >Title : RPKI Repository Delta Protocol >Authors : Tim Bruijnzeels >

Re: [sidr] I-D Action: draft-ietf-sidr-rpki-validation-reconsidered-03.txt

Authors : Geoff Huston > George Michaelson > Carlos M. Martinez > Tim Bruijnzeels > Andrew Lee Newton > Alain Aina > Filename: draft-

Re: [sidr] wglc for draft-ietf-sidr-rfc6485bis-05

Dear working group, Please progress. Thank you authors! Tim > On 21 Mar 2016, at 22:20, Sandra Murphy wrote: > > A nagging reminder. There has been no comment, pro or con. > > It’s a short draft. Please do review and say whether you want the draft to > progress or not. > > If you want to

Re: [sidr] adoption call for draft-kent-sidr-adverse-actions-02

Dear working group, I support adopting this work. I believe it's useful to think about what can go wrong. I am happy to see that this document (1) focusses on adverse actions irrespective of intentional or accidental cause, and (2) does not suggest a solution. I do have one remaining concern,

[sidr] The question about https certificates and frequency of mft/crl re-issuance

Hi all, I promised to take this to list. So, as presented today, the volume of updates of MFTs and CRLs in the RIPE NCC repository vs updates of ROAs is about 1000:1. This is a bad signal -to-noise ratio that causes waste of cycles and bandwidth. = Why this noisy? MITM.. We get this, because w

Re: [sidr] BGPSec RFC status

> On 20 Apr 2016, at 00:31, Roque Gagliano (rogaglia) > wrote: > > +1 with Standard Track. +1 > > The question could have been relevant six years ago and we may not have > debated it that much then. Today, we are clearly beyond experimental draft > definition and we do not want to stop peopl

Re: [sidr] working group adoption call for draft-kklf-sidr-route-server-rpki-light-01

Hi, I believe this is useful work and support adoption. Happy to contribute to the discussion where I can. Tim > On 02 May 2016, at 15:32, Carlos M. Martinez wrote: > > Hello all, > > LACNIC has worked on three projects involving RPKI-enabling IXPs [0]. We > certainly support adoption of

Re: [sidr] Last Call: (Securing RPSL Objects with RPKI Signatures) to Proposed Standard

> On 12 May 2016, at 13:22, Randy Bush wrote: > I agree that the original text allowing multiple signatures supports the case where the components of the primary key of the object (i.e., prefix+ASN) come from different resource holders. I will restore that text. >>> >>> this

Re: [sidr] Terry Manderson's Discuss on draft-ietf-sidr-rpsl-sig-11: (with DISCUSS and COMMENT)

Hi, > On 18 May 2016, at 15:08, Brian Haberman wrote: > > Hi Terry, > > On 5/17/16 11:37 PM, Terry Manderson wrote: >> Terry Manderson has entered the following ballot position for >> draft-ietf-sidr-rpsl-sig-11: Discuss >> >> When responding, please keep the subject line intact and reply to a

Re: [sidr] Terry Manderson's Discuss on draft-ietf-sidr-rpsl-sig-11: (with DISCUSS and COMMENT)

signing cert, Inline is better. It > can refer to whatever chain it likes. > > -G > > On Thu, May 19, 2016 at 1:02 AM, Brian Haberman > wrote: >> Hi Tim, >> >> On 5/18/16 10:32 AM, Tim Bruijnzeels wrote: >>> Hi, >>> >>>> On 18 M

Re: [sidr] Terry Manderson's Discuss on draft-ietf-sidr-rpsl-sig-11: (with DISCUSS and COMMENT)

Hi Robert, all, > On 20 May 2016, at 13:32, Robert Kisteleki wrote: > > Chiming it late... > > On 2016-05-19 0:39, George Michaelson wrote: >> I would rather the sigs were signed by ee certs which were in the >> blob, than have to make an external reference and I would rather we >> varied the c

Re: [sidr] comments on validation reconsidered -03

Dear Steve, WG Thank you for the review. I haven't had much time unfortunately, but I finally managed to upload a new version -04 that I believe addresses most of the comments you made. Generally speaking this new version: - Updates existing standards - We restructured somewhat to avoid back an

Re: [sidr] come on people Re: The question about https certificates and frequency of mft/crl re-issuance

Hi, > On 25 Jun 2016, at 09:32, Randy Bush wrote: > >> Look, if no one can summon the energy to respond, Tim has no way to >> decide on a change. > > i believe that rob laid this out clearly many months ago. and no, i > will not look it up for folk; the epicycles have become too painful. I re

Re: [sidr] rpki-tree-validation vs. madi-sidr-rp

Hi, The point that I was trying to make, but maybe not clearly, is that rpki-tree-validation is indeed intended as an Informational document specifically detailing our implementation only, but that the RP implementers discussed earlier during WG sessions that we might want to create a generalis

Re: [sidr] revising Section 7.2 of RFC 6487

Hi, I have just submitted a -05 version of the document. This version includes: = minor clarifications and improvements to the English (thanks Steve) = the text to replace all of RFC6487 section 7.2 suggested by Steve including Geoff's comment = amended to reject over-claiming EE certificates so

Re: [sidr] I-D Action: draft-ietf-sidr-delta-protocol-03.txt

s. > This draft is a work item of the Secure Inter-Domain Routing of the IETF. > >Title : RPKI Repository Delta Protocol > Authors : Tim Bruijnzeels > Oleg Muravskiy > Bryan Weber >

Re: [sidr] I-D Action: draft-ietf-sidr-rpki-validation-reconsidered-06.txt

George Michaelson > Carlos M. Martinez > Tim Bruijnzeels > Andrew Lee Newton > Daniel Shaw > Filename: draft-ietf-sidr-rpki-validation-reconsidered-06.txt > Pages

  1   2   3   >