At 5:49 PM -0700 11/3/11, Terry Manderson wrote:
On 2/11/11 6:34 PM, "Stephen Kent" <[email protected]> wrote:
Architecture, yes. Structured approach, yes. To both of those I agree.
Having the IETF define the dates when algorithms shift. I am not convinced.
An architecture that ignores the need to have a global, uniform set
of milestones for transition phases is incomplete.
I appreciate your view Steve. And in the traditional sense you are correct,
unfortunately I think that level of completion, as a standards document,
will be the 'enemy of the good' as that flips right over into operational
space.
One of the initial set of SIDR RFCs is draft-ietf-sidr-rpki-algs. The
new alg suite will be defined in a new version of that doc. I
envisioned that this doc would also be the place where the milestones
will be published. But, a BCP specifying the milestones seems
reasonable as well.
> Yes, we are talking years. No, it cannot be a local, per-CA
decision, because
> the transition affects all RPs. I anticipate that the stakeholders,
CAs and RPs, will have the ability to comment on the proposed dates,
and that the IETF/IESG will take into account these comments when
developing the timeline. If a major problem arises that makes it
infeasible for CAs to adhere t the timeline, a new RFC can be issued.
If you are that desperate to see this in play, then perhaps SIDR should
consider creating an operational BCP that provides the recommendation for
algorithms phase-in/phase-out dates. And in that comes the warning, that
IETF specified dates (except for past events) are in a very grey area WRT
the IETF.
I think the BCP idea is appropriate. I don't agree with your gray
area argument. Let's avoid terms like "desperate."
But neither this document (in blessing the idea) nor
draft-ietf-sidr-rpki-algs (as standards track) is the place for it.
let's just say we disagree, modulo the idea of putting the milestones in
a BCP.
>> What I do like about the document is the pre-canned phases, of
what happens
>> when, and how. This is good.. and I think that satisfies the request from
the SEC ADs, but specifying the "when" in IETF - I just don't buy.
So, who do you propose as alternates? Your comment above about
parent(s) and "non-leaf" CAs issuing a statement encompasses IANA,
the RIRs, and thousands of ISPs. When has that set of players issued
a statement analogous to this?
Surely the ISPs would be represented by or through the RIRs?
I'm not an expert in communications between IANA/ICANN/RIRs but if they
needed to issue a statement based on stakeholder (RP) consultation for 'the
good of the internet', its likely they would.
In principle the RIRs & IANA, perhaps the NRO & IANA, would be an
appropriate group to issue such a statement. So far, this process has
been rocky, which is probably why there is an IAB-issused statement
re IANA as a global TA for the RPKI. Nonetheless, this might be a
reasonable split of responsibility, i.e., alg spec through the IETF
process, and milestone publication via an RFC authored by the NRO and
IANA.
Steve
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
