I have some ideas I = would like to share with the authors and working group after the = presentation on multiple publication = points.

=3D I support the idea = of having multiple publication points in = general

I think it addresses a need for = increased redundancy, even if it adds = complexity.

=3D I agree = that two documents instead of one would be = useful

The problem of finding different = out-of-sync information is different when retrieving TAs, and published = objects of certificates.

=3D = Instructions to TAs listing multiple publication = point

I believe the TA SHOULD make sure that TA = certificates published in different locations are kept up to date. I = think a maximum of 24 hour delay between updating the first location and = the last location is the right order of magnitude. If TAs can no longer = maintain a publication point I believe they MUST remove the TA = certificate from that publication = point.

=3D Instructions to RPs = looking at TAs

I believe it should be local = policy whether an RP fetches just one, or several TA = certificates.

I think it should be recommended = to download all TA certificates, validate them (including self signed = signature) and compare them. The certificate with the highest serial = number should be used.

=3D = Allowing changes to TALs

Obviously a more = detailed document would be needed to describe this, but one way to = achieve this could be to let the current TA to publish a signed object = containing the new TAL, and some other information like: date when new = TAL becomes operational and date when the current TAL will be = withdrawn.

I believe this is useful here = because it would allow TAs to change the list of URIs they include on = the TAL. This can also give us a useful way to do planned rolls of TA = keys, and with some other meta-info this might be useful for algorithm = roll as well.

=3D = Instructions to CAs using multiple publication = points

I believe SIA fields can be used to list = more than one publication point, irrespective of = protocol.

I believe that CAs MUST maintain all = their publication points. As a rule I think that a "MUST send = updates to all publication points with one hour is appropriate". = Furthermore I believe that a CA that is planning to remove a publication = point MUST request a new certificate minus the corresponding SIA = pointers before withdrawing. And conversely, if CAs want to add = publication point I believe they MUST start publishing there first, and = only then request a new certificate with the additional SIA = pointers.

=3D Instructions to = RPs when using multiple publication points

I = think local policy applies. I would recommend that multiple sources are = checked, but if an RP will only use e.g. the first publication point I = think that should be allowed. The CA has a responsibility to keep all = those publication points up to date, or withdraw them if they can't, or = just won't..

I believe that separating the = object discovery and retrieval from validation can help to deal with = inconsistencies between repositories. Described here:

http://tools.ietf.org/id/draft-tbruijnzeels-sidr-validation-= local-cache-01.txt

In a nutshell the idea = is to do validation using manifests as authoritative sources to find the = current objects published by for a CA certificate. The latest *valid* = manifest is used for this. The objects are retrieved by hash rather than = their name. So it does not matter where the RP got this from, or how = often.

That said this needs pilot work. I hope = to do proof-of-concept code. I don't believe this is the only way for = RPs to deal with this, but I think it would help to show a possible way = to achieve = this.

Cheers

Tim

= --Apple-Mail=_A1B14E69-7540-4B7D-AB06-A27F93D51D1C-- From prvs=1926ad17cd=sandra.murphy@parsons.com Fri Aug 2 00:32:58 2013 Return-Path: X-Original-To: sidr@ietfa.amsl.com Delivered-To: sidr@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1E42121E8284 for ; Fri, 2 Aug 2013 00:32:58 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.586 X-Spam-Level: X-Spam-Status: No, score=-2.586 tagged_above=-999 required=5 tests=[AWL=0.013, BAYES_00=-2.599] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Mq55KRpSHkll for ; Fri, 2 Aug 2013 00:32:51 -0700 (PDT) Received: from txdal11mx03.parsons.com (txdal11mx03.parsons.com [206.219.199.111]) by ietfa.amsl.com (Postfix) with ESMTP id 0AB0F11E829B for ; Fri, 2 Aug 2013 00:32:27 -0700 (PDT) Received: from pps.filterd (txdal11mx03 [127.0.0.1]) by txdal11mx03.parsons.com (8.14.5/8.14.5) with SMTP id r727UOiL018027 for ; Fri, 2 Aug 2013 02:32:27 -0500 Received: from m4.sparta.com (m4.sparta.com [157.185.61.2]) by txdal11mx03.parsons.com with ESMTP id 1e05peggqp-1 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NOT) for ; Fri, 02 Aug 2013 02:32:27 -0500 Received: from Beta5.sparta.com ([10.62.8.21]) by M4.sparta.com (8.14.4/8.14.4) with ESMTP id r727WJbk009197 for ; Fri, 2 Aug 2013 02:32:19 -0500 Received: from CVA-HUB002.centreville.ads.sparta.com ([10.62.108.29]) by Beta5.sparta.com (8.13.8/8.13.8) with ESMTP id r727WJ3W020807 for ; Fri, 2 Aug 2013 02:32:19 -0500 Received: from CVA-MB002.centreville.ads.sparta.com ([fe80::6046:a82a:c500:c9ad]) by CVA-HUB002.centreville.ads.sparta.com ([fe80::9817:c0c5:e172:9d1c%11]) with mapi id 14.02.0342.003; Fri, 2 Aug 2013 03:32:12 -0400 From: "Murphy, Sandra" To: "sidr@ietf.org" Thread-Topic: agenda and slides posted Thread-Index: Ac6PUma7RZHVNEBZS9ypqhgCpRvm9A== Date: Fri, 2 Aug 2013 07:32:12 +0000 Message-ID: <24B20D14B2CD29478C8D5D6E9CBB29F6749C98E3@CVA-MB002.centreville.ads.sparta.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.62.8.137] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.10.8794, 1.0.431, 0.0.0000 definitions=2013-08-02_04:2013-08-01, 2013-08-02, 1970-01-01 signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 kscore.is_bulkscore=9.46971945303687e-11 kscore.compositescore=0 circleOfTrustscore=48.064 compositescore=0.0543551683579278 urlsuspect_oldscore=0.543551683579278 suspectscore=0 recipient_domain_to_sender_totalscore=0 phishscore=0 bulkscore=0 kscore.is_spamscore=0 recipient_to_sender_totalscore=0 recipient_domain_to_sender_domain_totalscore=6008 rbsscore=0.0543551683579278 spamscore=0 recipient_to_sender_domain_totalscore=0 urlsuspectscore=0.3 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=7.0.1-1305240000 definitions=main-1308020005 Subject: [sidr] agenda and slides posted X-BeenThere: sidr@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Secure Interdomain Routing List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Aug 2013 07:32:58 -0000 The posted agenda is revised to show Tim's presentation on manifests moved = to today's meeting and pushing back the other presentations accordingly. W= e've lost the general discussion time at the end.=0A= =0A= We are the last session in the meeting, so we can not run over.=0A= =0A= There's supposedly a 10 min break between the two "sessions" that make up o= ur time today. I expect to work straight through, but will ask about objec= tions during the administrivia portion.=0A= =0A= --Sandy=0A= From prvs=1926ad17cd=sandra.murphy@parsons.com Fri Aug 2 01:36:21 2013 Return-Path: X-Original-To: sidr@ietfa.amsl.com Delivered-To: sidr@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 28E2D21E82D2 for ; Fri, 2 Aug 2013 01:36:14 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.586 X-Spam-Level: X-Spam-Status: No, score=-2.586 tagged_above=-999 required=5 tests=[AWL=0.013, BAYES_00=-2.599] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JKZHlz8SWlxk for ; Fri, 2 Aug 2013 01:36:00 -0700 (PDT) Received: from txdal11mx03.parsons.com (txdal11mx03.parsons.com [206.219.199.111]) by ietfa.amsl.com (Postfix) with ESMTP id 0010A11E82C9 for ; Fri, 2 Aug 2013 01:32:32 -0700 (PDT) Received: from pps.filterd (txdal11mx03 [127.0.0.1]) by txdal11mx03.parsons.com (8.14.5/8.14.5) with SMTP id r728WGO3006420 for ; Fri, 2 Aug 2013 03:32:18 -0500 Received: from m4.sparta.com (m4.sparta.com [157.185.61.2]) by txdal11mx03.parsons.com with ESMTP id 1e05pegphv-1 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NOT) for ; Fri, 02 Aug 2013 03:32:18 -0500 Received: from Beta5.sparta.com ([10.62.8.21]) by M4.sparta.com (8.14.4/8.14.4) with ESMTP id r728W6Ai009336 for ; Fri, 2 Aug 2013 03:32:06 -0500 Received: from CVA-HUB001.centreville.ads.sparta.com ([10.62.108.11]) by Beta5.sparta.com (8.13.8/8.13.8) with ESMTP id r728W6I1021311 for ; Fri, 2 Aug 2013 03:32:06 -0500 Received: from CVA-MB002.centreville.ads.sparta.com ([fe80::6046:a82a:c500:c9ad]) by CVA-HUB001.centreville.ads.sparta.com ([fe80::8ca8:7aea:3db9:1972%11]) with mapi id 14.02.0342.003; Fri, 2 Aug 2013 04:31:59 -0400 From: "Murphy, Sandra" To: "sidr@ietf.org" Thread-Topic: key management drafts Thread-Index: Ac5/RZMGY26TYrCaQ/KwvsUu25Za4wQFQjFw Date: Fri, 2 Aug 2013 08:31:58 +0000 Message-ID: <24B20D14B2CD29478C8D5D6E9CBB29F6749C9995@CVA-MB002.centreville.ads.sparta.com> References: <24B20D14B2CD29478C8D5D6E9CBB29F6749A84E8@CVA-MB001.centreville.ads.sparta.com> In-Reply-To: <24B20D14B2CD29478C8D5D6E9CBB29F6749A84E8@CVA-MB001.centreville.ads.sparta.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.62.8.137] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.10.8794, 1.0.431, 0.0.0000 definitions=2013-08-02_04:2013-08-01, 2013-08-02, 1970-01-01 signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 kscore.is_bulkscore=1.01618158332428e-11 kscore.compositescore=0 circleOfTrustscore=48.064 compositescore=0.0543551683579278 urlsuspect_oldscore=0.543551683579278 suspectscore=0 recipient_domain_to_sender_totalscore=0 phishscore=0 bulkscore=0 kscore.is_spamscore=0 recipient_to_sender_totalscore=0 recipient_domain_to_sender_domain_totalscore=6008 rbsscore=0.0543551683579278 spamscore=0 recipient_to_sender_domain_totalscore=0 urlsuspectscore=0.3 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=7.0.1-1305240000 definitions=main-1308020021 Subject: Re: [sidr] key management drafts X-BeenThere: sidr@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Secure Interdomain Routing List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Aug 2013 08:36:24 -0000 Seriously, folks. Nothing? Really?=0A= =0A= --Sandy=0A= =0A= ________________________________________=0A= From: sidr-bounces@ietf.org [sidr-bounces@ietf.org] on behalf of Murphy, Sa= ndra [Sandra.Murphy@sparta.com]=0A= Sent: Friday, July 12, 2013 5:23 PM=0A= To: sidr@ietf.org=0A= Subject: [sidr] key management drafts=0A= =0A= Any system that uses cryptography finds that the key management aspects are= a very important part.=0A= =0A= We have two drafts at the moment that are related to key management - draft= -ietf-sidr-bgpsec-rollover and draft-ietf-sidr-rtr-keying.=0A= =0A= There's been little comment on these drafts since they were adopted as wg d= rafts. Key management is not simple, and the impact on the system could be= large.=0A= =0A= So this is a poke to try to review these drafts and comment.=0A= =0A= --Sandy, speaking for the co-chairs=0A= _______________________________________________=0A= sidr mailing list=0A= sidr@ietf.org=0A= https://www.ietf.org/mailman/listinfo/sidr=0A= From benno@NLnetLabs.nl Fri Aug 2 03:02:44 2013 Return-Path: X-Original-To: sidr@ietfa.amsl.com Delivered-To: sidr@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4893F21E82E8 for ; Fri, 2 Aug 2013 03:02:44 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.6 X-Spam-Level: X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, NO_RELAYS=-0.001] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5-eemT+ArjWK for ; Fri, 2 Aug 2013 03:02:43 -0700 (PDT) Received: from open.nlnetlabs.nl (open.nlnetlabs.nl [IPv6:2001:7b8:206:1::1]) by ietfa.amsl.com (Postfix) with ESMTP id 32B7921E82DA for ; Fri, 2 Aug 2013 03:02:42 -0700 (PDT) Received: from dhcp-6476.meeting.ietf.org ([IPv6:2001:df8:0:96:351d:4d18:6ac2:7a7f]) (authenticated bits=0) by open.nlnetlabs.nl (8.14.7/8.14.4) with ESMTP id r72A2c45002359 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO) for ; Fri, 2 Aug 2013 12:02:40 +0200 (CEST) (envelope-from benno@NLnetLabs.nl) Authentication-Results: open.nlnetlabs.nl; dmarc=none header.from=NLnetLabs.nl DKIM-Filter: OpenDKIM Filter v2.8.2 open.nlnetlabs.nl r72A2c45002359 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=nlnetlabs.nl; s=default; t=1375437760; bh=RlAlCE0OQjdPy7zQgj1ccD0Ab/9s1qeKjHTeJ+KJA3w=; h=Date:From:To:Subject; b=ZyOvT67SvTPlman/5Zz9DoimUBxrmZ4/qn3/clIWwMVk5fKpc8T4yDCGS0+h9Lm3w ug+EhmLcHYljZfHJpunqo3QCn/hXjdPI9qrcBmhlqPe37XaeJlBC5A1EOON5IP2vv2 f0QiA9Z+gxIrxkCUbOc2nRCfJEttXUiGsVn9XhxY= Message-ID: <51FB83BD.1020400@NLnetLabs.nl> Date: Fri, 02 Aug 2013 12:02:37 +0200 From: Benno Overeinder User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:17.0) Gecko/20130620 Thunderbird/17.0.7 MIME-Version: 1.0 To: sidr@ietf.org X-Enigmail-Version: 1.5.2 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.4.3 (open.nlnetlabs.nl [IPv6:2001:7b8:206:1::1]); Fri, 02 Aug 2013 12:02:40 +0200 (CEST) Subject: [sidr] SURFnet RPKI dashboard X-BeenThere: sidr@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Secure Interdomain Routing List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Aug 2013 10:02:44 -0000 If you are interested in the SURFnet RPKI dashboard, please see http://rpki.surfnet.nl/. Please be aware that some of the interactive charts take some time to be generated. So be patient, it can sometimes take a 10 seconds before the page shows up. You can find the code at https://github.com/remydb/RPKI-Dashboard -- Benno -- Benno J. Overeinder NLnet Labs http://www.nlnetlabs.nl/ From carlosm3011@gmail.com Fri Aug 2 03:26:14 2013 Return-Path: X-Original-To: sidr@ietfa.amsl.com Delivered-To: sidr@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B518521E836F for ; Fri, 2 Aug 2013 03:26:14 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.183 X-Spam-Level: X-Spam-Status: No, score=-2.183 tagged_above=-999 required=5 tests=[AWL=0.417, BAYES_00=-2.599, HTML_MESSAGE=0.001, NO_RELAYS=-0.001] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s4jdQhIeHgsQ for ; Fri, 2 Aug 2013 03:26:14 -0700 (PDT) Received: from mail-lb0-x22b.google.com (mail-lb0-x22b.google.com [IPv6:2a00:1450:4010:c04::22b]) by ietfa.amsl.com (Postfix) with ESMTP id 2F3BC21E8376 for ; Fri, 2 Aug 2013 03:26:10 -0700 (PDT) Received: by mail-lb0-f171.google.com with SMTP id t13so324483lbd.16 for ; Fri, 02 Aug 2013 03:26:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:reply-to:date:message-id:subject:from:to:content-type; bh=OZq4IHqPhW6D9JaEewVxDqKQMbLXRWuGSuunCwioDP0=; b=ztwirq/b4aGR6W4WfGLOohJuUgjryDw4/hhQq2pf3oFFUDiSlrmLiWEJFFei6Y4icl QFnPtjwB1N9vqJD/tdWvLLNvF3cXpZMjALEAyKgTC+0tY7DxmKSDYiVYb5mU9kT+4kjN zlxBugdxTrW14SmpJ4DqQ+OIKkDkjcbp/t8smMuUxQlgYkjw243mlLXnaA/cD4JIscFb 9hfZqaggYlUbhu6KwpEiRkBJxrYru7Dms1I+hHqvCI3WHkwe+suTq6UFpdrtWvSRA1CG 39UlyaBI/ZZXkaj6uNuRLK30Me/ffgYmWMwruM3dsT1/am/7ZDiu/fTAJQBDsiHYLunp YBKg== MIME-Version: 1.0 X-Received: by 10.112.181.36 with SMTP id dt4mr193587lbc.46.1375439170078; Fri, 02 Aug 2013 03:26:10 -0700 (PDT) Received: by 10.112.168.225 with HTTP; Fri, 2 Aug 2013 03:26:09 -0700 (PDT) Date: Fri, 2 Aug 2013 12:26:09 +0200 Message-ID: From: Carlos Martinez-Cagnazzo To: "sidr@ietf.org" Content-Type: multipart/alternative; boundary=001a11c36ad0248b9604e2f4639d Subject: [sidr] Signaling / notifying RPs of an upcoming TAL change X-BeenThere: sidr@ietf.org X-Mailman-Version: 2.1.12 Precedence: list Reply-To: carlos@lacnic.net List-Id: Secure Interdomain Routing List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Aug 2013 10:26:14 -0000 --001a11c36ad0248b9604e2f4639d Content-Type: text/plain; charset=ISO-8859-1 Hello all, Several of us, in some cases independently, have been discussing the possible need of signaling RPs about an upcoming TAL change. We don't have a common proposal and there is no I-D (yet!), but we would like to hear the list's feedback / thoughts on the issue. Cheers! Carlos --001a11c36ad0248b9604e2f4639d Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable

Hello all,

Several of us, in some cases= independently, have been discussing the possible need of signaling RPs abo= ut an upcoming TAL change.

We don't have a com= mon proposal and there is no I-D (yet!), but we would like to hear the list= 's feedback / thoughts on the issue.

Cheers!

Carlos=A0

--001a11c36ad0248b9604e2f4639d-- From randy@psg.com Fri Aug 2 04:08:45 2013 Return-Path: X-Original-To: sidr@ietfa.amsl.com Delivered-To: sidr@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 82C8411E82E0 for ; Fri, 2 Aug 2013 04:08:45 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.527 X-Spam-Level: X-Spam-Status: No, score=-2.527 tagged_above=-999 required=5 tests=[AWL=0.072, BAYES_00=-2.599] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YQNmf7GqQVjo for ; Fri, 2 Aug 2013 04:08:40 -0700 (PDT) Received: from ran.psg.com (ran.psg.com [198.180.150.18]) by ietfa.amsl.com (Postfix) with ESMTP id CECE811E80F8 for ; Fri, 2 Aug 2013 04:05:53 -0700 (PDT) Received: from localhost ([127.0.0.1] helo=ryuu.psg.com.psg.com) by ran.psg.com with esmtp (Exim 4.76) (envelope-from ) id 1V5DB8-0003Ak-WA; Fri, 02 Aug 2013 11:05:51 +0000 Date: Fri, 02 Aug 2013 13:05:53 +0200 Message-ID: From: Randy Bush To: "Carlos M. Martinez" In-Reply-To: References: User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/22.3 Mule/5.0 (SAKAKI) MIME-Version: 1.0 (generated by SEMI 1.14.7 - "Harue") Content-Type: text/plain; charset=US-ASCII Cc: sidr wg list Subject: Re: [sidr] Signaling / notifying RPs of an upcoming TAL change X-BeenThere: sidr@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Secure Interdomain Routing List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Aug 2013 11:08:45 -0000 notify which rps? randy From gih@apnic.net Fri Aug 2 04:14:18 2013 Return-Path: X-Original-To: sidr@ietfa.amsl.com Delivered-To: sidr@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F397611E827F for ; Fri, 2 Aug 2013 04:14:17 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -99.443 X-Spam-Level: X-Spam-Status: No, score=-99.443 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_NET=0.611, RDNS_NONE=0.1, RELAY_IS_203=0.994, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Rrqg7SYwW9Nz for ; Fri, 2 Aug 2013 04:14:13 -0700 (PDT) Received: from so-mailgw.apnic.net (so-mailgw.apnic.net [IPv6:2001:dd8:a:3::230]) by ietfa.amsl.com (Postfix) with SMTP id B836D11E828F for ; Fri, 2 Aug 2013 04:13:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=apnic.net; s=c3po; h=received:received:content-type:mime-version:subject:from:in-reply-to:date:cc: content-transfer-encoding:message-id:references:to:x-mailer:return-path; bh=ev8ojbIr6eakmgqLYqdX1nCLVDan7+XHKrAhiIOOFRw=; b=7QuRwz1wTvCfXlPsAmvK+SALjaDVg2KcNtxD75VPgPjQ1h+rAYE/L5NUvjXSTWiz5pbp9p0b4c9MS WgUGGe7IbBGI7Pqg+cy44GZRcC7MKvJwZUt5OTspQhG6MNNieoH+1vjHGMGbWQ+tHXHDOKRAHLQoAm QxMoGNshpruiXtdM= Received: from NXMDA1.org.apnic.net (unknown [203.119.93.247]) by so-mailgw.apnic.net (Halon Mail Gateway) with ESMTP; Fri, 2 Aug 2013 21:13:34 +1000 (EST) Received: from dhcp-565a.meeting.ietf.org (203.119.101.249) by NXMDA1.org.apnic.net (203.119.107.11) with Microsoft SMTP Server (TLS) id 14.1.218.12; Fri, 2 Aug 2013 21:13:34 +1000 Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 (Mac OS X Mail 6.5 \(1508\)) From: Geoff Huston In-Reply-To: Date: Fri, 2 Aug 2013 21:13:29 +1000 Content-Transfer-Encoding: 7bit Message-ID: <8CABE898-EE90-4BA5-8828-DF8B9497FB9E@apnic.net> References: To: Randy Bush X-Mailer: Apple Mail (2.1508) Cc: "Carlos M. Martinez" , sidr wg list Subject: Re: [sidr] Signaling / notifying RPs of an upcoming TAL change X-BeenThere: sidr@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Secure Interdomain Routing List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Aug 2013 11:14:18 -0000 > notify which rps? esp From randy@psg.com Fri Aug 2 04:15:13 2013 Return-Path: X-Original-To: sidr@ietfa.amsl.com Delivered-To: sidr@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ED48411E82E7 for ; Fri, 2 Aug 2013 04:15:12 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.528 X-Spam-Level: X-Spam-Status: No, score=-2.528 tagged_above=-999 required=5 tests=[AWL=0.071, BAYES_00=-2.599] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id btTjwG+vKG85 for ; Fri, 2 Aug 2013 04:15:07 -0700 (PDT) Received: from ran.psg.com (ran.psg.com [198.180.150.18]) by ietfa.amsl.com (Postfix) with ESMTP id B95C011E82E0 for ; Fri, 2 Aug 2013 04:15:06 -0700 (PDT) Received: from localhost ([127.0.0.1] helo=ryuu.psg.com.psg.com) by ran.psg.com with esmtp (Exim 4.76) (envelope-from ) id 1V5DK3-0003Dl-Oe; Fri, 02 Aug 2013 11:15:04 +0000 Date: Fri, 02 Aug 2013 13:15:06 +0200 Message-ID: From: Randy Bush To: Geoff Huston In-Reply-To: <8CABE898-EE90-4BA5-8828-DF8B9497FB9E@apnic.net> References: <8CABE898-EE90-4BA5-8828-DF8B9497FB9E@apnic.net> User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/22.3 Mule/5.0 (SAKAKI) MIME-Version: 1.0 (generated by SEMI 1.14.7 - "Harue") Content-Type: text/plain; charset=US-ASCII Cc: "Carlos M. Martinez" , sidr wg list Subject: Re: [sidr] Signaling / notifying RPs of an upcoming TAL change X-BeenThere: sidr@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Secure Interdomain Routing List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Aug 2013 11:15:13 -0000 >> notify which rps? > esp better than ah From tim@ripe.net Fri Aug 2 04:31:49 2013 Return-Path: X-Original-To: sidr@ietfa.amsl.com Delivered-To: sidr@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EB3FE21E8370 for ; Fri, 2 Aug 2013 04:31:43 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.001, BAYES_00=-2.599] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b1koY3RbNHby for ; Fri, 2 Aug 2013 04:31:34 -0700 (PDT) Received: from postgirl.ripe.net (postgirl.ipv6.ripe.net [IPv6:2001:67c:2e8:11::c100:1342]) by ietfa.amsl.com (Postfix) with ESMTP id BB38521E8354 for ; Fri, 2 Aug 2013 04:31:07 -0700 (PDT) Received: from dodo.ripe.net ([193.0.23.4]) by postgirl.ripe.net with esmtps (TLSv1:AES256-SHA:256) (Exim 4.72) (envelope-from ) id 1V5DZM-0008GI-QJ; Fri, 02 Aug 2013 13:30:54 +0200 Received: from puppy.ripe.net ([193.0.1.230] helo=[IPv6:::1]) by dodo.ripe.net with esmtps (TLSv1:AES128-SHA:128) (Exim 4.72) (envelope-from ) id 1V5DZM-0004c3-N9; Fri, 02 Aug 2013 13:30:52 +0200 Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 6.5 \(1508\)) From: Tim Bruijnzeels In-Reply-To: Date: Fri, 2 Aug 2013 13:30:55 +0200 Content-Transfer-Encoding: quoted-printable Message-Id: <61A759E4-2994-45BC-8CF3-D21911A04F64@ripe.net> References: To: Randy Bush X-Mailer: Apple Mail (2.1508) X-Anti-Virus: Kaspersky Anti-Virus for Linux Mail Server 5.6.48/RELEASE, bases: 20120425 #7816575, check: 20130802 clean X-RIPE-Spam-Level: ---- X-RIPE-Spam-Report: Spam Total Points: -4.4 points pts rule name description ---- ---------------------- ------------------------------------ -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP -1.5 RP_MATCHES_RCVD Envelope sender domain matches handover relay domain -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] X-RIPE-Signature: 784d7acfe6559f2a0b602ec6519a07197e9d0c0eff79c281ac3b6aa527710ca9 Cc: "Carlos M. Martinez" , sidr wg list Subject: Re: [sidr] Signaling / notifying RPs of an upcoming TAL change X-BeenThere: sidr@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Secure Interdomain Routing List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Aug 2013 11:31:49 -0000 On Aug 2, 2013, at 1:05 PM, Randy Bush wrote: > notify which rps? All RPs that trust the current TAL The TA may need this because: =3D They need to do a planned roll of the key - e.g. we use an HSM of vendor X, we may want to change vendor, = vendor can go out of business etc =3D They need to change the one current publication point =3D They need to add/remove publication points - if multiple becomes = standard I agree that it's much better to prevent all these needs, but I don't = think it's possible to commit to that when long key life (decades) is = the objective. Tim= From randy@psg.com Fri Aug 2 04:33:43 2013 Return-Path: X-Original-To: sidr@ietfa.amsl.com Delivered-To: sidr@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DB2A711E8252 for ; Fri, 2 Aug 2013 04:33:35 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.531 X-Spam-Level: X-Spam-Status: No, score=-2.531 tagged_above=-999 required=5 tests=[AWL=0.068, BAYES_00=-2.599] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vaMm3pte7s1t for ; Fri, 2 Aug 2013 04:33:27 -0700 (PDT) Received: from ran.psg.com (ran.psg.com [198.180.150.18]) by ietfa.amsl.com (Postfix) with ESMTP id 3B86E21E8328 for ; Fri, 2 Aug 2013 04:33:25 -0700 (PDT) Received: from localhost ([127.0.0.1] helo=ryuu.psg.com.psg.com) by ran.psg.com with esmtp (Exim 4.76) (envelope-from ) id 1V5Dbk-0003JB-TZ; Fri, 02 Aug 2013 11:33:23 +0000 Date: Fri, 02 Aug 2013 13:33:23 +0200 Message-ID: From: Randy Bush To: Tim Bruijnzeels In-Reply-To: <61A759E4-2994-45BC-8CF3-D21911A04F64@ripe.net> References: <61A759E4-2994-45BC-8CF3-D21911A04F64@ripe.net> User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/22.3 Mule/5.0 (SAKAKI) MIME-Version: 1.0 (generated by SEMI 1.14.7 - "Harue") Content-Type: text/plain; charset=US-ASCII Cc: "Carlos M. Martinez" , sidr wg list Subject: Re: [sidr] Signaling / notifying RPs of an upcoming TAL change X-BeenThere: sidr@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Secure Interdomain Routing List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Aug 2013 11:33:45 -0000 >> notify which rps? > All RPs that trust the current TAL oh, the ones who signed arin's lawyer silliness? :) the point geoff and i are jokingly making is that you do not really know all the parties relying on a ca randy From kent@bbn.com Fri Aug 2 05:50:47 2013 Return-Path: X-Original-To: sidr@ietfa.amsl.com Delivered-To: sidr@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5A94311E8321 for ; Fri, 2 Aug 2013 05:50:42 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -106.398 X-Spam-Level: X-Spam-Status: No, score=-106.398 tagged_above=-999 required=5 tests=[AWL=0.200, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O0Zr8qYMeGzt for ; Fri, 2 Aug 2013 05:50:34 -0700 (PDT) Received: from smtp.bbn.com (smtp.bbn.com [128.33.1.81]) by ietfa.amsl.com (Postfix) with ESMTP id 98B0021E82FE for ; Fri, 2 Aug 2013 05:48:56 -0700 (PDT) Received: from dommiel.bbn.com ([192.1.122.15]:36574 helo=fritz.local) by smtp.bbn.com with esmtp (Exim 4.77 (FreeBSD)) (envelope-from ) id 1V5Ems-000JRc-Jc for sidr@ietf.org; Fri, 02 Aug 2013 08:48:54 -0400 Message-ID: <51FBAAB6.8060807@bbn.com> Date: Fri, 02 Aug 2013 08:48:54 -0400 From: Stephen Kent User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:17.0) Gecko/20130107 Thunderbird/17.0.2 MIME-Version: 1.0 To: sidr Content-Type: multipart/alternative; boundary="------------020809030807040902070304" Subject: [sidr] RFC 3779 and its relationship to Geoff's proposal X-BeenThere: sidr@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Secure Interdomain Routing List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Aug 2013 12:50:47 -0000 This is a multi-part message in MIME format. --------------020809030807040902070304 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit The relevant text from 3779 is copied below, and underlined. 2.3. IP Address Delegation Extension Certification Path Validation Certification path validation of a certificate containing the IP address delegation extension requires additional processing. As _each_ certificate in a path is validated, the IP addresses in the IP address delegation extension of that certificate _MUST be subsumed by_ _IP addresses in the IP address delegation extension in the issuer's__ _ _certificate_. _Validation MUST fail when this is not the case_. A certificate that is a trust anchor for certification path validation of certificates containing the IP address delegation extension, as well as all certificates along the path, MUST each contain the IP address delegation extension. The initial set of allowed address ranges is taken from the trust anchor certificate. --------------020809030807040902070304 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit The relevant text from 3779 is copied below, and underlined.

2.3. IP Address Delegation Extension Certification Path Validation

   Certification path validation of a certificate containing the IP
   address delegation extension requires additional processing. As each
   certificate in a path is validated, the IP addresses in the IP
   address delegation extension of that certificate MUST be subsumed by
   IP addresses in the IP address delegation extension in the issuer's
   certificate. Validation MUST fail when this is not the case. A
   certificate that is a trust anchor for certification path validation
   of certificates containing the IP address delegation extension, as
   well as all certificates along the path, MUST each contain the IP
   address delegation extension. The initial set of allowed address
   ranges is taken from the trust anchor certificate.
--------------020809030807040902070304-- From gih@apnic.net Fri Aug 2 05:58:12 2013 Return-Path: X-Original-To: sidr@ietfa.amsl.com Delivered-To: sidr@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5781121E804D for ; Fri, 2 Aug 2013 05:58:12 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -99.443 X-Spam-Level: X-Spam-Status: No, score=-99.443 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_NET=0.611, RDNS_NONE=0.1, RELAY_IS_203=0.994, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XpCC6Hz3+P7Z for ; Fri, 2 Aug 2013 05:58:08 -0700 (PDT) Received: from ia-mailgw.apnic.net (ia-mailgw.apnic.net [IPv6:2001:dd8:a:3::243]) by ietfa.amsl.com (Postfix) with SMTP id 5642B21E80B4 for ; Fri, 2 Aug 2013 05:57:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=apnic.net; s=c3po; h=received:received:content-type:mime-version:subject:from:in-reply-to:date:cc: content-transfer-encoding:message-id:references:to:x-mailer:return-path; bh=EODeQ1vGiyk+Td1ox3WG1jUr3ZP29N2oL7Hd7mnPYfI=; b=NQyrUe2/85GRNf5+5txwHC6KZxwV20MCGV7PaNg/5E4eGMXdNuBkC648ZeKjnFLo7m8Knlb1z+X6s UWSg9ygX+drzwizxUEDppBHjwiEoATXNsALdlMFI4+y3aDod7QU6elNJXzKt6ERdAAB6XWm0pdHtSM a5AataxFdKyd5xmw= Received: from NXMDA1.org.apnic.net (unknown [203.119.93.247]) by ia-mailgw.apnic.net (Halon Mail Gateway) with ESMTP; Fri, 2 Aug 2013 22:57:03 +1000 (EST) Received: from dhcp-565a.meeting.ietf.org (203.119.101.249) by NXMDA1.org.apnic.net (203.119.107.11) with Microsoft SMTP Server (TLS) id 14.1.218.12; Fri, 2 Aug 2013 22:57:03 +1000 Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 (Mac OS X Mail 6.5 \(1508\)) From: Geoff Huston In-Reply-To: <51FBAAB6.8060807@bbn.com> Date: Fri, 2 Aug 2013 22:56:58 +1000 Content-Transfer-Encoding: quoted-printable Message-ID: <9091821A-425F-4503-8A76-60EBBEE306CA@apnic.net> References: <51FBAAB6.8060807@bbn.com> To: Stephen Kent X-Mailer: Apple Mail (2.1508) Cc: sidr Subject: Re: [sidr] RFC 3779 and its relationship to Geoff's proposal X-BeenThere: sidr@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Secure Interdomain Routing List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Aug 2013 12:58:12 -0000 On 02/08/2013, at 10:48 PM, Stephen Kent wrote: > The relevant text from 3779 is copied below, and underlined. >=20 > 2.3. IP Address Delegation Extension Certification Path Validation = immutable >=20 Thanks for this Steve. This would imply that in order to contemplate a = change of the style of validation of RPKI certificates into order to = improve the robustness of certificate operation, there is also = contemplation of changes to RFC3779. Just as well we don't have the = hubris to proclaim that RFC's are immutable. From carlosm3011@gmail.com Fri Aug 2 06:25:35 2013 Return-Path: X-Original-To: sidr@ietfa.amsl.com Delivered-To: sidr@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C473021E80BC for ; Fri, 2 Aug 2013 06:25:34 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.359 X-Spam-Level: X-Spam-Status: No, score=-1.359 tagged_above=-999 required=5 tests=[AWL=0.618, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, NO_RELAYS=-0.001] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PVhvvMLUJLqu for ; Fri, 2 Aug 2013 06:25:34 -0700 (PDT) Received: from mail-la0-x236.google.com (mail-la0-x236.google.com [IPv6:2a00:1450:4010:c03::236]) by ietfa.amsl.com (Postfix) with ESMTP id 55C0721E80CF for ; Fri, 2 Aug 2013 06:25:32 -0700 (PDT) Received: by mail-la0-f54.google.com with SMTP id ea20so428872lab.41 for ; Fri, 02 Aug 2013 06:25:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type; bh=tyMizLRh0tmgTqjmo5lcfyhLq4wEyRkDh80sLYRgREc=; b=p+XTY2r4DDzBZQTqZ2Simu5j6WwnJE3UIG6BKEWoDYF7ZfKpt2reIa5LDeYJUz7DEw H5lum54cdWWJywjUgMpb6GQGTrwivlAtmLz32yLZzMwv+tSgpZgTzKA0i711FJkac5Wl d3//Ak+wFax2pLXIte/oQzIfP08rHrjQ2h/SDNlFEHdZ5Nv3t66KCdNkhyJlapqv1JYh MObGppBB7l9z5BYzIFQeUZy9leeeMwSHQPGcX2xBrleJdus5PXaEsr9NUDr4NJC+QmiB s8Ki6WRZAHzBOg07Jduye4+AUzw6GsKcgOJOu7TpDhHyum5uQPdRu/9WtwPa73fhvvi4 NKCA== MIME-Version: 1.0 X-Received: by 10.152.26.72 with SMTP id j8mr1798346lag.19.1375449931213; Fri, 02 Aug 2013 06:25:31 -0700 (PDT) Sender: carlosm3011@gmail.com Received: by 10.112.168.225 with HTTP; Fri, 2 Aug 2013 06:25:31 -0700 (PDT) In-Reply-To: References: <61A759E4-2994-45BC-8CF3-D21911A04F64@ripe.net> Date: Fri, 2 Aug 2013 15:25:31 +0200 X-Google-Sender-Auth: uZH8j1DbxTI-FNm9_tgjZRMXSJ0 Message-ID: From: Carlos Martinez-Cagnazzo To: Randy Bush Content-Type: multipart/alternative; boundary=089e0160c36e8e6ec504e2f6e47a Cc: sidr wg list Subject: Re: [sidr] Signaling / notifying RPs of an upcoming TAL change X-BeenThere: sidr@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Secure Interdomain Routing List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Aug 2013 13:25:35 -0000 --089e0160c36e8e6ec504e2f6e47a Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Sorry for the loose use of the word 'notify'. In Spanish una 'notificaci=F3= n' can go both ways. It's true that in English and in the IETF a 'notify' message implies knowledge of clients on part of servers. Moving on, what we all had in mind was some sort of signaling that would warn a RP of an upcoming TAL change. Some form of shelf life, or 'better-check-for-new-one' time indication would IMO suffice, but I believe that this thing deserves some thought. regards Carlos On Fri, Aug 2, 2013 at 1:33 PM, Randy Bush wrote: > >> notify which rps? > > All RPs that trust the current TAL > > oh, the ones who signed arin's lawyer silliness? :) > > the point geoff and i are jokingly making is that you do not really know > all the parties relying on a ca > > randy > _______________________________________________ > sidr mailing list > sidr@ietf.org > https://www.ietf.org/mailman/listinfo/sidr > --089e0160c36e8e6ec504e2f6e47a Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable

Sorry for the loose use of the word 'notify'. In S= panish una 'notificaci=F3n' can go both ways. It's true that in= English and in the IETF a 'notify' message implies knowledge of cl= ients on part of servers.

Moving on, what we all had in mind was some sort of signalin= g that would warn a RP of an upcoming TAL change. Some form of shelf life, = or 'better-check-for-new-one' time indication would IMO suffice, bu= t I believe that this thing deserves some thought.

regards

Carlos

On Fri, Aug 2, 20= 13 at 1:33 PM, Randy Bush <randy@psg.com> wrote:

>> notify which rps?=
> All RPs that trust the current TAL

oh, the ones who signed arin's lawyer silliness? =A0:)

the point geoff and i are jokingly making is that you do not really know all the parties relying on a ca

randy

_____________________= __________________________
sidr mailing list
sidr@ietf.org
ht= tps://www.ietf.org/mailman/listinfo/sidr