From nobody Wed Apr 3 05:18:30 2019 Return-Path: X-Original-To: sidrops@ietf.org Delivered-To: sidrops@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 87E001200D6; Wed, 3 Apr 2019 05:18:28 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit From: =?utf-8?q?Mirja_K=C3=BChlewind_via_Datatracker?= To: "The IESG" Cc: draft-ietf-sidrops-https-tal@ietf.org, Chris Morrow , sidrops-chairs@ietf.org, morrowc@ops-netman.net, sidrops@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.94.1 Auto-Submitted: auto-generated Precedence: bulk Reply-To: =?utf-8?q?Mirja_K=C3=BChlewind?= Message-ID: <155429390854.22941.444825807988190189.idtracker@ietfa.amsl.com> Date: Wed, 03 Apr 2019 05:18:28 -0700 Archived-At: Subject: [Sidrops] =?utf-8?q?Mirja_K=C3=BChlewind=27s_No_Objection_on_dra?= =?utf-8?q?ft-ietf-sidrops-https-tal-07=3A_=28with_COMMENT=29?= X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Apr 2019 12:18:29 -0000 Mirja Kühlewind has entered the following ballot position for draft-ietf-sidrops-https-tal-07: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-sidrops-https-tal/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Usually we recommend to have a "Changes since RFC7730" section in bis documents... however, maybe the changes are small enough in this doc that that is not needed. From nobody Wed Apr 3 07:07:13 2019 Return-Path: X-Original-To: sidrops@ietf.org Delivered-To: sidrops@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 3494912002F; Wed, 3 Apr 2019 07:07:05 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit From: =?utf-8?q?=C3=89ric_Vyncke_via_Datatracker?= To: "The IESG" Cc: draft-ietf-sidrops-https-tal@ietf.org, Chris Morrow , sidrops-chairs@ietf.org, morrowc@ops-netman.net, sidrops@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.94.1 Auto-Submitted: auto-generated Precedence: bulk Reply-To: =?utf-8?q?=C3=89ric_Vyncke?= Message-ID: <155430042520.22748.5670997045648586145.idtracker@ietfa.amsl.com> Date: Wed, 03 Apr 2019 07:07:05 -0700 Archived-At: Subject: [Sidrops] =?utf-8?q?=C3=89ric_Vyncke=27s_No_Objection_on_draft-i?= =?utf-8?q?etf-sidrops-https-tal-07?= X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Apr 2019 14:07:05 -0000 Éric Vyncke has entered the following ballot position for draft-ietf-sidrops-https-tal-07: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-sidrops-https-tal/ There are no remarks associated with this position. From nobody Wed Apr 3 13:36:22 2019 Return-Path: X-Original-To: sidrops@ietf.org Delivered-To: sidrops@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id ED69A12006A; Wed, 3 Apr 2019 13:36:20 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit From: Roman Danyliw via Datatracker To: "The IESG" Cc: draft-ietf-sidrops-bgpsec-algs-rfc8208-bis@ietf.org, Chris Morrow , sidrops-chairs@ietf.org, morrowc@ops-netman.net, sidrops@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.94.1 Auto-Submitted: auto-generated Precedence: bulk Reply-To: Roman Danyliw Message-ID: <155432378096.22764.10084768405862321330.idtracker@ietfa.amsl.com> Date: Wed, 03 Apr 2019 13:36:20 -0700 Archived-At: Subject: [Sidrops] Roman Danyliw's No Objection on draft-ietf-sidrops-bgpsec-algs-rfc8208-bis-04: (with COMMENT) X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Apr 2019 20:36:21 -0000 Roman Danyliw has entered the following ballot position for draft-ietf-sidrops-bgpsec-algs-rfc8208-bis-04: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-sidrops-bgpsec-algs-rfc8208-bis/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Thank you for this easy to read update to RFC8208. Below are a few editorial comments: (1) Section 1. Editorial nit. s/BGPsec uses a different algorithm [RFC6090] [DSS] as compared to the rest of the RPKI by using a different algorithm that provides similar security with smaller keys making the certificates smaller;/ BGPsec uses a different algorithm [RFC6090] [DSS] as compared to the rest of the RPKI that provides similar security with smaller keys making the certificates smaller;/ (2) Section 2. Editorial nit. s/This section addresses BGPsec algorithms; for example, these algorithms are used by BGPsec routers to sign and verify BGPsec UPDATE messages./ This section addresses the algorithms used by BGPSec [RFC6090] [DSS]. For examples, these algorithms are used by BGPSec routers to sign and verify BGPsec UPDATE messages./ (3) Section 2. The sentence “To identify which algorithm is used, the BGPsec UPDATE message contains the corresponding algorithm ID in each Signature_Block of the BGPsec UPDATE message” seems redundant given that the first sentence of Section 2.1 says something very similar. (4) Section 2.1. Editorial nit. Make the use of constants here consistent with the description of “special-use Algo ID”. s/0x00 and 0xFF/0x00 (0) and 0xFF (255)/ From nobody Sat Apr 6 01:07:20 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5798612012E; Sat, 6 Apr 2019 01:07:19 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.89 X-Spam-Level: X-Spam-Status: No, score=-1.89 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tjSJr5ZNSVIG; Sat, 6 Apr 2019 01:07:16 -0700 (PDT) Received: from chinatelecom.cn (prt-mail.chinatelecom.cn [42.123.76.223]) by ietfa.amsl.com (Postfix) with ESMTP id 5F9D31201BF; Sat, 6 Apr 2019 01:07:14 -0700 (PDT) HMM_SOURCE_IP: 172.18.0.218:39312.66502551 HMM_ATTACHE_NUM: 0000 HMM_SOURCE_TYPE: SMTP Received: from clientip-111.196.132.107 (unknown [172.18.0.218]) by chinatelecom.cn (HERMES) with SMTP id 096F4280093; Sat, 6 Apr 2019 16:07:02 +0800 (CST) X-189-SAVE-TO-SEND: xiechf.bri@chinatelecom.cn Received: from EHLO ip<111.196.132.107> ([172.18.0.218]) by App0025 with ESMTP id 61e6e6d6-c9cf-40d3-a2bd-a258a2457b0e for morrowc@ops-netman.net; Sat Apr 6 16:07:11 2019 X-filter-score: filter<0> test_filter<0> X-Real-From: xiechf.bri@chinatelecom.cn X-Receive-IP: 172.18.0.218 X-MEDUSA-Status: 0 Date: Sat, 6 Apr 2019 16:06:58 +0800 From: "Chongfeng Xie" To: "Chris Morrow" , sidrops , sidrops-chairs , sidrops-ads References: X-Priority: 3 X-Has-Attach: no X-Mailer: Foxmail 7, 2, 8, 379[cn] Mime-Version: 1.0 Message-ID: <2019040616061105356012@chinatelecom.cn> Content-Type: multipart/alternative; boundary="----=_001_NextPart746714270675_=----" Archived-At: Subject: Re: [Sidrops] [WGLC] draft-ietf-sidrops-rp - ENDS: Mar 7, 2019 X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 06 Apr 2019 08:07:19 -0000 This is a multi-part message in MIME format. ------=_001_NextPart746714270675_=---- Content-Type: text/plain; charset="ISO-8859-1" Content-Transfer-Encoding: base64 DQogSSB0aGluayB0aGlzIGRvY3VtZW50IGlzIGdvaW5nIHRvIGhlbHAgSVNQIE5PQyBjb21wcmVo ZW5kIGhvdyB0aGUgUlBLSSB3b3JrcyBmcm9tIHRoZSBwZXJzcGVjdGl2ZSBvZiBSUHMuIEZ1cnRo ZXJtb3JlLCBpdCBpcyBhbHNvIGEgaGVscGZ1bCByZWZlcmVuY2Ugd2hlbiB0aGUgSVNQIGlzIHNl dHRpbmcgcmVxdWlyZW1lbnRzIGZvciBSUCBzZXJ2aWNlL3N5c3RlbSBwcm92aWRlcnMuIA0KDQpJ IHRoaW5rIHRoaXMgZG9jdW1lbnQgaXMgcmVhZHkgdG8gZ28gcHVibGlzaGVkIGluIGdlbmVyYWwu IEkgYW0gaGFwcHkgdG8gc2VlIGl0IG1vdmUgZm9yd2FyZHMuDQoNCkNob25nZmVuZw0KDQoNCg0K eGllY2hmLmJyaUBjaGluYXRlbGVjb20uY24NCiANCkZyb206IENocmlzIE1vcnJvdw0KRGF0ZTog MjAxOS0wMy0xNyAxNjo0Mg0KVG86IHNpZHJvcHM7IHNpZHJvcHMtY2hhaXJzOyBzaWRyb3BzLWFk cw0KU3ViamVjdDogW1NpZHJvcHNdIFtXR0xDXSBkcmFmdC1pZXRmLXNpZHJvcHMtcnAgLSBFTkRT OiBNYXIgNywgMjAxOQ0KSG93ZHkgV0cgRm9sa2VuLA0KVGhlIGF1dGhvcnMgb2Y6DQogIGRyYWZ0 LWlldGYtc2lkcm9wcy1ycA0KIA0KYXJlIGludGVyZXN0ZWQgaW4gbW92aW5nIHRoZWlyIGRvY3Vt ZW50IGZvcndhcmQsIHRoZSBhYnN0cmFjdCBvZiB0aGlzDQpkb2N1bWVudDoNCiANCiAgIlRoaXMg ZG9jdW1lbnQgcHJvdmlkZXMgYSBzaW5nbGUgcmVmZXJlbmNlIHBvaW50IGZvciByZXF1aXJlbWVu dHMgZm9yDQogICBSZWx5aW5nIFBhcnR5IChSUCkgc29mdHdhcmUgZm9yIHVzZSBpbiB0aGUgUmVz b3VyY2UgUHVibGljIEtleQ0KICAgSW5mcmFzdHJ1Y3R1cmUgKFJQS0kpIGluIHRoZSBjb250ZXh0 IG9mIHNlY3VyaW5nIEludGVybmV0IHJvdXRpbmcuDQogICBJdCBjaXRlcyByZXF1aXJlbWVudHMg dGhhdCBhcHBlYXIgaW4gc2V2ZXJhbCBSUEtJIFJGQ3MsIG1ha2luZyBpdA0KICAgZWFzaWVyIGZv ciBpbXBsZW1lbnRlcnMgdG8gYmVjb21lIGF3YXJlIG9mIHRoZXNlIHJlcXVpcmVtZW50cyB0aGF0 DQogICBhcmUgc2VnbWVudGVkIHdpdGggb3J0aG9nb25hbCBmdW5jdGlvbmFsaXRpZXMuIg0KIA0K UGxlYXNlIGhhdmUgYSByZWFkIHRocm91Z2ggdGhpcyBkb2N1bWVudCwgY29tbWVudC9jb21wbGFp bi9ldGMgYXMNCmFwcHJvcHJpYXRlLiBUaGUgZGVjaXNpb24gb24gZm9yd2FyZCBwcm9ncmVzcyBv ciBuZWNlc3NhcnkgZWRpdHMgZW5kcw0KTWFyIDA3LCAyMDE5Lg0KIA0KVGhhbmtzIQ0KLWNocmlz DQooY28tY2hhaXIpDQogDQpfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fXw0KU2lkcm9wcyBtYWlsaW5nIGxpc3QNClNpZHJvcHNAaWV0Zi5vcmcNCmh0dHBzOi8v d3d3LmlldGYub3JnL21haWxtYW4vbGlzdGluZm8vc2lkcm9wcw0K ------=_001_NextPart746714270675_=---- Content-Type: text/html; charset="ISO-8859-1" Content-Transfer-Encoding: quoted-printable =0A

 I think this document&= nbsp;is going to help ISP NOC comprehend how=  the RPKI works from the perspective of=  RPs. Furthermore, it is also a helpful=  reference when the ISP is setting requ= irements for RP service/system providers. =

I think&= nbsp;this document is ready to go published&= nbsp;in general. I am happy to see it&n= bsp;move forwards.

Chongfeng
=0A

=0A
xiech= f.bri@chinatelecom.cn
=0A
 
Date: 2019-03-17 = 16:42
Subject:<= /b> [Sidrops] [WGLC] draft-ietf-sidrops-rp - ENDS: Mar 7, 2019
<= /div>
Howdy WG Folken,
=0A
The authors of:
= =0A
  draft-ietf-sidrops-rp
=0A
 
=0A
are = interested in moving their document forward, the abstract of this
=0A=
document:
=0A
 
=0A
  "This document prov= ides a single reference point for requirements for
=0A
 &nbs= p; Relying Party (RP) software for use in the Resource Public Key
=0A=
   Infrastructure (RPKI) in the context of securing Interne= t routing.
=0A
   It cites requirements that appear in = several RPKI RFCs, making it
=0A
   easier for implemen= ters to become aware of these requirements that
=0A
   = are segmented with orthogonal functionalities."
=0A
 
= =0A
Please have a read through this document, comment/complain/etc as<= /div>=0A
appropriate. The decision on forward progress or necessary ed= its ends
=0A
Mar 07, 2019.
=0A
 
=0A
Thank= s!
=0A
-chris
=0A
(co-chair)
=0A
 
= =0A
_______________________________________________
=0A
Sidro= ps mailing list
=0A
Sidrops@ietf.org
=0A
https://www.iet= f.org/mailman/listinfo/sidrops
=0A
=0A ------=_001_NextPart746714270675_=------ From nobody Sun Apr 7 21:49:20 2019 Return-Path: X-Original-To: sidrops@ietf.org Delivered-To: sidrops@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 472C2120149; Sun, 7 Apr 2019 21:49:12 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit From: Barry Leiba via Datatracker To: "The IESG" Cc: draft-ietf-sidrops-https-tal@ietf.org, Chris Morrow , sidrops@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.94.1 Auto-Submitted: auto-generated Precedence: bulk Reply-To: Barry Leiba Message-ID: <155469895228.18178.17765650719093981433.idtracker@ietfa.amsl.com> Date: Sun, 07 Apr 2019 21:49:12 -0700 Archived-At: Subject: [Sidrops] Barry Leiba's No Objection on draft-ietf-sidrops-https-tal-07: (with COMMENT) X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Apr 2019 04:49:12 -0000 Barry Leiba has entered the following ballot position for draft-ietf-sidrops-https-tal-07: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-sidrops-https-tal/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- I realize that this document inherits the text in Section 3 from RFC 6490, but can you tell me why there are SHOULDs and not MUSTs? Why would one NOT do it the way Section 3 specifies? Then I’ll ask the same question for the new https text in Section 4, especially about TLS certificate and host name validation. From nobody Mon Apr 8 08:09:42 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 411391201C1; Mon, 8 Apr 2019 08:09:27 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -7 X-Spam-Level: X-Spam-Status: No, score=-7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nlnetlabs.nl Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yY9v-ujPlBh9; Mon, 8 Apr 2019 08:09:24 -0700 (PDT) Received: from dicht.nlnetlabs.nl (dicht.nlnetlabs.nl [IPv6:2a04:b900::1:0:0:10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4FC7412009A; Mon, 8 Apr 2019 08:09:21 -0700 (PDT) Received: from [IPv6:2001:981:4b52:1:d19f:f9de:ae50:f74e] (unknown [IPv6:2001:981:4b52:1:d19f:f9de:ae50:f74e]) by dicht.nlnetlabs.nl (Postfix) with ESMTPSA id DD09E2019B; Mon, 8 Apr 2019 17:09:18 +0200 (CEST) Authentication-Results: dicht.nlnetlabs.nl; dmarc=fail (p=none dis=none) header.from=nlnetlabs.nl Authentication-Results: dicht.nlnetlabs.nl; spf=fail smtp.mailfrom=tim@nlnetlabs.nl DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=nlnetlabs.nl; s=default; t=1554736158; bh=x6nrrr84lPBco33f+RWp9bf0PGb9D5Igt7pWDUks2Ew=; h=Subject:From:In-Reply-To:Date:Cc:References:To; b=nsgcjmCJUQFt5DboLK0ss8PMFAy1aZcyLciutYyV+j6o5eBBTXDycgcHViBm6nqcx cSnze3LtnWTryGcMQ74Mst2SAHoMH8seYkt57iTXstcUD9lxk0a2zyYGNB2VXizyKd Bv2J3Yud9Rt9vWuJpNwa8OP0R/zEW39P7XINpVf8= Content-Type: multipart/alternative; boundary="Apple-Mail=_4328B7A7-1094-4E1A-B7A8-6C20E307C4D1" Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.8\)) From: Tim Bruijnzeels In-Reply-To: <155294505475.26094.8605317163998406572@ietfa.amsl.com> Date: Mon, 8 Apr 2019 17:09:18 +0200 Cc: ops-dir@ietf.org, draft-ietf-sidrops-https-tal.all@ietf.org, sidrops@ietf.org, ietf@ietf.org Message-Id: <7406C5A5-F303-46B0-B45A-17C52E6618B8@nlnetlabs.nl> References: <155294505475.26094.8605317163998406572@ietfa.amsl.com> To: Linda Dunbar X-Mailer: Apple Mail (2.3445.104.8) Archived-At: Subject: Re: [Sidrops] Opsdir last call review of draft-ietf-sidrops-https-tal-07 X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Apr 2019 15:09:28 -0000 --Apple-Mail=_4328B7A7-1094-4E1A-B7A8-6C20E307C4D1 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Dear Linda, Thank you for the review and my apologies for the late reply (I have = been moving house). Replies in-line. > On 18 Mar 2019, at 22:37, Linda Dunbar via Datatracker = wrote: >=20 > Reviewer: Linda Dunbar > Review result: Has Nits >=20 > Reviewer: Linda Dunbar > Review result: Ready with Comments & Nits >=20 > I have reviewed this document as part of the Operational directorate's = ongoing > effort to review all IETF documents being processed by the IESG. = These > comments were written with the intent of improving the operational = aspects of > the IETF drafts. Comments that are not addressed in last call may be = included > in AD reviews during the IESG review. Document editors and WG chairs = should > treat these comments just like any other last call comments. >=20 > This document defines the syntax of Trust Anchor Locator (TAL) for = Replying > Parties to retrieve the Trust Anchor, to avoid repeating the = distribution > procedure when Trust Anchor changes. >=20 > My question: if the Trust Anchor changes, does the URI in the TAL = changes? Not typically. The idea is that the TA certificate can be updated w.r.t. = its content - contained resources in particular, and Relying Parties can = find this certificate at the listed URIs. > Another questions: Section 2.4 Example: is the Public Key listed there = for both > URI? Yes, both. There is another draft currently being in the working group that is = concerned with changing TALs - i.e. rolling keys and modifying locations = where they may be found: https://tools.ietf.org/html/draft-ietf-sidrops-signed-tal-02 = This document (https-tals) is concerned only with allowing HTTPS as an = additional scheme for URIs in TALs > Typo: Section 2.1 second paragraph: "without needing to effect..", do = you mean > "without needing to affect ..?? "effect" is correct in this context. I think it could be more clearly = written as: "without needing to redistribute". If no one objects I am = fine with changing this. Note that this text comes from RFC7730. I tried to keep the changes = limited to the addition of HTTPS. Cheers Tim >=20 > Cheers, >=20 > Linda Dunbar >=20 >=20 > _______________________________________________ > Sidrops mailing list > Sidrops@ietf.org > https://www.ietf.org/mailman/listinfo/sidrops --Apple-Mail=_4328B7A7-1094-4E1A-B7A8-6C20E307C4D1 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii Dear = Linda,

Thank you for = the review and my apologies for the late reply (I have been moving = house).

Replies = in-line.

On 18 Mar 2019, at 22:37, Linda Dunbar via = Datatracker <noreply@ietf.org> wrote:

Reviewer: Linda Dunbar
Review result: Has = Nits

Reviewer: Linda Dunbar
Review result: Ready with Comments & Nits
I have reviewed this document as part of the Operational = directorate's ongoing
effort to review all IETF documents = being processed by the IESG.  These
comments were = written with the intent of improving the operational aspects of
the IETF drafts. Comments that are not addressed in last call = may be included
in AD reviews during the IESG review. =  Document editors and WG chairs should
treat these = comments just like any other last call comments.

This document defines the syntax of Trust Anchor Locator = (TAL) for Replying
Parties to retrieve the Trust Anchor, = to avoid repeating the distribution
procedure when Trust = Anchor changes.

My question: if the Trust = Anchor changes, does the URI in the TAL changes?

Not = typically. The idea is that the TA certificate can be updated w.r.t. its = content - contained resources in particular, and Relying Parties can = find this certificate at the listed URIs.

Another = questions: Section 2.4 Example: is the Public Key listed there for = both
URI?

Yes, both.

There is = another draft currently being in the working group that is concerned = with changing TALs - i.e. rolling keys and modifying locations where = they may be found:



= --Apple-Mail=_4328B7A7-1094-4E1A-B7A8-6C20E307C4D1-- From nobody Mon Apr 8 08:53:13 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8F936120049; Mon, 8 Apr 2019 08:53:05 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -7.001 X-Spam-Level: X-Spam-Status: No, score=-7.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nlnetlabs.nl Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ASSlU4NdaLcp; Mon, 8 Apr 2019 08:53:03 -0700 (PDT) Received: from dicht.nlnetlabs.nl (open.nlnetlabs.nl [185.49.140.10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 983A7120026; Mon, 8 Apr 2019 08:53:02 -0700 (PDT) Received: from [IPv6:2001:981:4b52:1:d19f:f9de:ae50:f74e] (unknown [IPv6:2001:981:4b52:1:d19f:f9de:ae50:f74e]) by dicht.nlnetlabs.nl (Postfix) with ESMTPSA id 429E820443; Mon, 8 Apr 2019 17:53:00 +0200 (CEST) Authentication-Results: dicht.nlnetlabs.nl; dmarc=fail (p=none dis=none) header.from=nlnetlabs.nl Authentication-Results: dicht.nlnetlabs.nl; spf=fail smtp.mailfrom=tim@nlnetlabs.nl DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=nlnetlabs.nl; s=default; t=1554738780; bh=ycq2wBV2DU5cU3M5iGiDYXjs7sYIrsb3jupRVBiMO38=; h=Subject:From:In-Reply-To:Date:Cc:References:To; b=F84QK0RNGX666+5w9xIrzRgL6hzcJeLKRJR81XTqq8quUaSaOfwmHg0ikokJv/Vti Zbkxm6jh0jfGMrDVBulypRPdkHcPRRO7aBswQJ49Uz+bbh7ZN1l+PUTHDqHO1sAYdk bnb7QTLpLdrfhV+jbX9lhVdVCQHoO/xvXikCARyk= Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.8\)) From: Tim Bruijnzeels In-Reply-To: <155327986751.23063.11928780401443919371@ietfa.amsl.com> Date: Mon, 8 Apr 2019 17:52:59 +0200 Cc: gen-art@ietf.org, draft-ietf-sidrops-https-tal.all@ietf.org, sidrops@ietf.org, ietf@ietf.org Content-Transfer-Encoding: quoted-printable Message-Id: <9BA9AAE5-FC26-425E-A090-62B05E450A23@nlnetlabs.nl> References: <155327986751.23063.11928780401443919371@ietfa.amsl.com> To: Pete Resnick X-Mailer: Apple Mail (2.3445.104.8) Archived-At: Subject: Re: [Sidrops] Genart last call review of draft-ietf-sidrops-https-tal-07 X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Apr 2019 15:53:06 -0000 Dear Pete, Thank you for the review and my apologies for the late reply (I have = been moving house). Replies in-line. > On 22 Mar 2019, at 19:37, Pete Resnick via Datatracker = wrote: >=20 > Reviewer: Pete Resnick > Review result: Ready with Issues >=20 > I am the assigned Gen-ART reviewer for this draft. The General Area > Review Team (Gen-ART) reviews all IETF documents being processed > by the IESG for the IETF Chair. Please treat these comments just > like any other last call comments. >=20 > For more information, please see the FAQ at >=20 > . >=20 > Document: draft-ietf-sidrops-https-tal-07 > Reviewer: Pete Resnick > Review Date: 2019-03-22 > IETF LC End Date: 2019-03-18 > IESG Telechat date: 2019-04-11 >=20 > Summary: >=20 > I MUST say that this document is quite MUSTy. I only noted those that = caused me > confusion or seemed useless. All of these are either minor issues or = nits. > Either way, the document is generally ready. >=20 > Major issues: >=20 > None. >=20 > Minor issues (or might be nits): >=20 > In 2.3: >=20 > The validity interval of this trust anchor SHOULD reflect the > anticipated period of stability... >=20 > Are there cases where it wouldn't reflect the period of stability? If = so, it > would be good to give an example. If not, then s/SHOULD = reflect/reflects. This is not modified from RFC 7730 - to which I was not an author. I = have limited my changes to adding HTTPS support. That said, I don't think this should be a SHOULD. In practice Relying = Parties will retrieve TA certificates on every validation run, and = changes happen at unpredictable intervals. I would prefer a text that said: The validity interval of this trust anchor is chosen such that the = "notBefore" time predates the moment that this certificate is published, = and the "notAfter" time is after the planned time of re-issuance of this = certificate. >=20 > Similarly for: >=20 > Thus, the entity that issues the trust anchor SHOULD issue a > subordinate CA certificate that contains... >=20 > In this case, that SHOULD might even be a MUST. Also unchanged since 7730. In my opinion this whole section makes recommendations and assumptions = about operations of a Trust Anchor. But it's not complete, and it does = not reflect the operational realities, and there may be other choices = that are valid here too. It may be worthwhile discussing these things in sidrops, but for now I = would propose to make this section a bit less formal. So I would suggest: CURRENT: Because the public key in the TAL and the trust anchor MUST be stable, = this motivates operation of that CA in an offline mode. Thus, the entity = that issues the trust anchor SHOULD issue a subordinate CA certificate = that contains the same INRs (via the use of the "inherit" option in the = INR extensions of the subordinate certificate). NEW: Because the public key in the TAL and the trust anchor MUST be stable, = this motivates operation of that CA in an offline mode. In that case a = subordinate CA certificate containing the same INRs, or in theory any = sub-set of INRs, can be issued for online operations. I suspect though that some of the RFC7730 authors may object to this = change. > In section 4, in the last full paragraph and the bullets, I'm not at = all clear > why these are RECOMMENDEDs and SHOULD [NOT]s. If they're not MUSTs, it = seems > like you should explain circumstances (at least in general terms) = where an > implementation would choose to do deviate from these. >=20 Personally I would prefer that this document does not try to prescribe = how TLS Verification is done. I don't think this is the right place. The = current text is based on similar text in section 4.3 of RFC8182, which I = co-authored. I don't consider myself an expert on TLS verification - = that section is largely based on IESG feedback at the time.=20 I kind of understand where the IESG came from at the time. It's a = reference to RFC7525 which is a BCP for this kind of thing, but in my = opinion it requires too much in the way of specifying local behaviour = (to this RFC). I am not confident that this is the best way - it may not = get sufficient review, it may get outdated, and it may be = un-implementable. In practice Relying Party implementers will use whatever TLS = verification is done by the HTTPS client libraries that they use. They = will have little control over the exact behaviour. And implementing = their own from scratch will most likely make things more brittle and = less secure. I am open to suggestions :D > Nits/editorial comments: >=20 > In the introduction, the "SHOULD" seems superfluous; it doesn't = indicate some > important implementation advice that someone wouldn't otherwise notice = in the > protocol. But it's a nit if ever there was one. ack=20 Thanks Tim >=20 >=20 > _______________________________________________ > Sidrops mailing list > Sidrops@ietf.org > https://www.ietf.org/mailman/listinfo/sidrops From nobody Mon Apr 8 18:45:05 2019 Return-Path: X-Original-To: sidrops@ietf.org Delivered-To: sidrops@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id E0FF712009C; Mon, 8 Apr 2019 18:45:02 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: Benjamin Kaduk via Datatracker To: "The IESG" Cc: draft-ietf-sidrops-bgpsec-algs-rfc8208-bis@ietf.org, Chris Morrow , sidrops-chairs@ietf.org, morrowc@ops-netman.net, sidrops@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.94.1 Auto-Submitted: auto-generated Precedence: bulk Reply-To: Benjamin Kaduk Message-ID: <155477430291.30201.17132123731441062502.idtracker@ietfa.amsl.com> Date: Mon, 08 Apr 2019 18:45:02 -0700 Archived-At: Subject: [Sidrops] Benjamin Kaduk's No Objection on draft-ietf-sidrops-bgpsec-algs-rfc8208-bis-04: (with COMMENT) X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Apr 2019 01:45:03 -0000 Benjamin Kaduk has entered the following ballot position for draft-ietf-sidrops-bgpsec-algs-rfc8208-bis-04: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-sidrops-bgpsec-algs-rfc8208-bis/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Section 2.2.1 Hash algorithms are not identified by themselves in certificates or BGPsec UPDATE messages. They are represented by an OID that combines the hash algorithm with the digital signature algorithm as follows: o The ecdsa-with-SHA256 OID [RFC5480] MUST appear in the Public-Key Cryptography Standards #10 (PKCS #10) signatureAlgorithm field [RFC2986] or in the Certificate Request Message Format (CRMF) POPOSigningKey algorithm field [RFC4211]; where the OID is placed depends on the certificate request format generated. The first paragraph talks of "certificates" but this last sentence talks about "certificate request"s. Are we trying to talk about both? Section 7 The IANA considerations are perhaps not as accurate as they could be. For example, we could say that the BGPsec Algorithm Suite Registry was originally created by RFC 8208 and has been updated to refer to this document, and similarly for the P256-SHA256 codepoint. (Just moving the references over would seem to be even more appropriate if this document were fully Obsoleting 8208.) Appendix A Do we want to note that the certificates are expired but the examples are still useful within that constraint? (They were valid at the time RFC 8208 was published but it seems imprudent to try to assume that the examples would always be valid, when writing a document such as this.) From nobody Tue Apr 9 07:43:55 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B10951200CD; Tue, 9 Apr 2019 07:43:46 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -7 X-Spam-Level: X-Spam-Status: No, score=-7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nlnetlabs.nl Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CwUDEKBVxvee; Tue, 9 Apr 2019 07:43:45 -0700 (PDT) Received: from dicht.nlnetlabs.nl (open.nlnetlabs.nl [185.49.140.10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CFB801203C1; Tue, 9 Apr 2019 07:43:41 -0700 (PDT) Received: from [10.87.0.224] (unknown [145.15.244.27]) by dicht.nlnetlabs.nl (Postfix) with ESMTPSA id A71B92503B; Tue, 9 Apr 2019 16:43:38 +0200 (CEST) Authentication-Results: dicht.nlnetlabs.nl; dmarc=fail (p=none dis=none) header.from=nlnetlabs.nl Authentication-Results: dicht.nlnetlabs.nl; spf=fail smtp.mailfrom=tim@nlnetlabs.nl DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=nlnetlabs.nl; s=default; t=1554821019; bh=6lfX/KcqGgDa3yC5xRsqQq9uiX6K//nJjbX7URUoTuE=; h=Subject:From:In-Reply-To:Date:Cc:References:To; b=tj5wtWnylIPgHBht2vidymfv0eclgQD8P/dW8QvIM1QCycQJ471heLn/OBAZ427/e LiR1EgXCF1nNouk3lrlcEtLK6ufTyXlWvqXxZadnvuKBOBdzB0N7+4NE32WCFTsGeb posYoqWy8Y+elIAPjDRBnng2Oe8i9yJm7xXit53E= Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.8\)) From: Tim Bruijnzeels In-Reply-To: <155429390854.22941.444825807988190189.idtracker@ietfa.amsl.com> Date: Tue, 9 Apr 2019 16:43:32 +0200 Cc: The IESG , draft-ietf-sidrops-https-tal@ietf.org, Chris Morrow , sidrops-chairs@ietf.org, sidrops@ietf.org Content-Transfer-Encoding: quoted-printable Message-Id: <43124744-5AFE-43BA-9386-FB8ED6C3F754@nlnetlabs.nl> References: <155429390854.22941.444825807988190189.idtracker@ietfa.amsl.com> To: =?utf-8?Q?Mirja_K=C3=BChlewind?= X-Mailer: Apple Mail (2.3445.104.8) Archived-At: Subject: Re: [Sidrops] =?utf-8?q?Mirja_K=C3=BChlewind=27s_No_Objection_on_dra?= =?utf-8?q?ft-ietf-sidrops-https-tal-07=3A_=28with_COMMENT=29?= X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Apr 2019 14:43:47 -0000 Dear Mirja, > On 3 Apr 2019, at 14:18, Mirja K=C3=BChlewind via Datatracker = wrote: > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- >=20 > Usually we recommend to have a "Changes since RFC7730" section in bis > documents... however, maybe the changes are small enough in this doc = that that > is not needed. >=20 We have this line in both the abstract and introduction: This document obsoletes the previous definition of Trust Anchor Locators = in=20 RFC 7730 by adding support for HTTPS URIs. I would think that this is enough, but I have no issues with an explicit = section if people find it useful.= From nobody Tue Apr 9 07:48:00 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 139ED120846; Tue, 9 Apr 2019 07:47:51 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lausl4Gq3gFQ; Tue, 9 Apr 2019 07:47:48 -0700 (PDT) Received: from wp513.webpack.hosteurope.de (wp513.webpack.hosteurope.de [IPv6:2a01:488:42:1000:50ed:8223::]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C11D11203C1; Tue, 9 Apr 2019 07:47:48 -0700 (PDT) Received: from sessfw99-sesbfw99-93.ericsson.net ([192.176.1.93] helo=[10.148.125.253]); authenticated by wp513.webpack.hosteurope.de running ExIM with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) id 1hDs2A-0005c6-AD; Tue, 09 Apr 2019 16:47:34 +0200 Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.8\)) From: Mirja Kuehlewind In-Reply-To: <43124744-5AFE-43BA-9386-FB8ED6C3F754@nlnetlabs.nl> Date: Tue, 9 Apr 2019 16:47:33 +0200 Cc: The IESG , draft-ietf-sidrops-https-tal@ietf.org, Chris Morrow , sidrops-chairs@ietf.org, sidrops@ietf.org Content-Transfer-Encoding: quoted-printable Message-Id: References: <155429390854.22941.444825807988190189.idtracker@ietfa.amsl.com> <43124744-5AFE-43BA-9386-FB8ED6C3F754@nlnetlabs.nl> To: Tim Bruijnzeels X-Mailer: Apple Mail (2.3445.104.8) X-bounce-key: webpack.hosteurope.de;ietf@kuehlewind.net;1554821268;1dc0748a; X-HE-SMSGID: 1hDs2A-0005c6-AD Archived-At: Subject: Re: [Sidrops] =?utf-8?q?Mirja_K=C3=BChlewind=27s_No_Objection_on_dra?= =?utf-8?q?ft-ietf-sidrops-https-tal-07=3A_=28with_COMMENT=29?= X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Apr 2019 14:47:52 -0000 Hi Tim, See below. > On 9. Apr 2019, at 16:43, Tim Bruijnzeels wrote: >=20 > Dear Mirja, >=20 >=20 >=20 >> On 3 Apr 2019, at 14:18, Mirja K=C3=BChlewind via Datatracker = wrote: >> = ---------------------------------------------------------------------- >> COMMENT: >> = ---------------------------------------------------------------------- >>=20 >> Usually we recommend to have a "Changes since RFC7730" section in bis >> documents... however, maybe the changes are small enough in this doc = that that >> is not needed. >>=20 >=20 > We have this line in both the abstract and introduction: >=20 > This document obsoletes the previous definition of Trust Anchor = Locators in=20 > RFC 7730 by adding support for HTTPS URIs. >=20 > I would think that this is enough, but I have no issues with an = explicit section if people find it useful. Yes, usually we have a whole section with bullet points in addition to = mentioning it in the abstract and intro, usually as a subsection in the = intro or somewhere in the appendix at the end of the doc. It=E2=80=99s = very helpful for AD reviewing bis docs :-) but the main purpose is to = provide a quick overview to implementers who want to update their = existing implementation. Please consider if you think that could also be = useful for this doc. As I said, usually we have it and I think I = didn=E2=80=99t see a bis doc for a while that didn=E2=80=99t have it. Mirja From nobody Tue Apr 9 07:49:40 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7800A12084A; Tue, 9 Apr 2019 07:49:38 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -7 X-Spam-Level: X-Spam-Status: No, score=-7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nlnetlabs.nl Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ch1wHInxtlef; Tue, 9 Apr 2019 07:49:37 -0700 (PDT) Received: from dicht.nlnetlabs.nl (dicht.nlnetlabs.nl [185.49.140.10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 49781120405; Tue, 9 Apr 2019 07:49:37 -0700 (PDT) Received: from [10.87.0.224] (unknown [145.15.244.27]) by dicht.nlnetlabs.nl (Postfix) with ESMTPSA id A151C25086; Tue, 9 Apr 2019 16:49:33 +0200 (CEST) Authentication-Results: dicht.nlnetlabs.nl; dmarc=fail (p=none dis=none) header.from=nlnetlabs.nl Authentication-Results: dicht.nlnetlabs.nl; spf=fail smtp.mailfrom=tim@nlnetlabs.nl DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=nlnetlabs.nl; s=default; t=1554821375; bh=D/VkLUjPv/NqCNjgoL8ynz0VQhNRGCrWUXEuBJR5vn8=; h=Subject:From:In-Reply-To:Date:Cc:References:To; b=lQ4SuPRG1RF4IC6HW7jB+YBaYNQsJ9iMvpP8kBx1/op13uNEFmAAQSJfIbAzVYJST sYFJ9xGuxAGQWN1+4xEOaMoVWuNgTNYr6sYd6dZsfXAROyS9ouvhHrcWbbo78kJzLa kiIGkQuUVwNl8U+tHgnfmsvHLMXrr8QVwoYo4oDU= Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.8\)) From: Tim Bruijnzeels In-Reply-To: Date: Tue, 9 Apr 2019 16:49:31 +0200 Cc: The IESG , draft-ietf-sidrops-https-tal@ietf.org, Chris Morrow , sidrops-chairs@ietf.org, sidrops@ietf.org Content-Transfer-Encoding: quoted-printable Message-Id: <48B77F35-0F75-4754-A220-3B4F00EAB65E@nlnetlabs.nl> References: <155429390854.22941.444825807988190189.idtracker@ietfa.amsl.com> <43124744-5AFE-43BA-9386-FB8ED6C3F754@nlnetlabs.nl> To: Mirja Kuehlewind X-Mailer: Apple Mail (2.3445.104.8) Archived-At: Subject: Re: [Sidrops] =?utf-8?q?Mirja_K=C3=BChlewind=27s_No_Objection_on_dra?= =?utf-8?q?ft-ietf-sidrops-https-tal-07=3A_=28with_COMMENT=29?= X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Apr 2019 14:49:39 -0000 Hi Mirja, Sure, I will add a small section. Tim > On 9 Apr 2019, at 16:47, Mirja Kuehlewind wrote: >=20 > Hi Tim, >=20 > See below. >=20 >> On 9. Apr 2019, at 16:43, Tim Bruijnzeels wrote: >>=20 >> Dear Mirja, >>=20 >>=20 >>=20 >>> On 3 Apr 2019, at 14:18, Mirja K=C3=BChlewind via Datatracker = wrote: >>> = ---------------------------------------------------------------------- >>> COMMENT: >>> = ---------------------------------------------------------------------- >>>=20 >>> Usually we recommend to have a "Changes since RFC7730" section in = bis >>> documents... however, maybe the changes are small enough in this doc = that that >>> is not needed. >>>=20 >>=20 >> We have this line in both the abstract and introduction: >>=20 >> This document obsoletes the previous definition of Trust Anchor = Locators in=20 >> RFC 7730 by adding support for HTTPS URIs. >>=20 >> I would think that this is enough, but I have no issues with an = explicit section if people find it useful. >=20 > Yes, usually we have a whole section with bullet points in addition to = mentioning it in the abstract and intro, usually as a subsection in the = intro or somewhere in the appendix at the end of the doc. It=E2=80=99s = very helpful for AD reviewing bis docs :-) but the main purpose is to = provide a quick overview to implementers who want to update their = existing implementation. Please consider if you think that could also be = useful for this doc. As I said, usually we have it and I think I = didn=E2=80=99t see a bis doc for a while that didn=E2=80=99t have it. >=20 > Mirja >=20 >=20 From nobody Tue Apr 9 08:08:38 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3EEC51203CE; Tue, 9 Apr 2019 08:08:30 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -7 X-Spam-Level: X-Spam-Status: No, score=-7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nlnetlabs.nl Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Iyn4gVLC8x2P; Tue, 9 Apr 2019 08:08:28 -0700 (PDT) Received: from dicht.nlnetlabs.nl (open.nlnetlabs.nl [185.49.140.10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B3BF41202FA; Tue, 9 Apr 2019 08:08:28 -0700 (PDT) Received: from [10.87.0.224] (unknown [145.15.244.27]) by dicht.nlnetlabs.nl (Postfix) with ESMTPSA id 21C9425177; Tue, 9 Apr 2019 17:08:25 +0200 (CEST) Authentication-Results: dicht.nlnetlabs.nl; dmarc=fail (p=none dis=none) header.from=nlnetlabs.nl Authentication-Results: dicht.nlnetlabs.nl; spf=fail smtp.mailfrom=tim@nlnetlabs.nl DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=nlnetlabs.nl; s=default; t=1554822506; bh=1xJRHclVh6skyRlAMcmRZBQvIYVImgB7+7hggBkAMd4=; h=Subject:From:In-Reply-To:Date:Cc:References:To; b=BMroz+GRD9mvypSzC71ZfUQwItb1YmzV1+6kbOlu9n2T1JcztMU3iOeutKPEv2V5z D1pQS2geC9FmMK7kxu3EOGgvmG1br7UelU1h8aBe8Qn9NtGn5yjY00lDy+rWQNlYC7 msoVXf2Dd0mJ1uZ6L8R/yZ2u7cCi+rSlKnWn8HE4= Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.8\)) From: Tim Bruijnzeels In-Reply-To: <155469895228.18178.17765650719093981433.idtracker@ietfa.amsl.com> Date: Tue, 9 Apr 2019 17:08:24 +0200 Cc: The IESG , draft-ietf-sidrops-https-tal@ietf.org, Chris Morrow , sidrops@ietf.org Content-Transfer-Encoding: quoted-printable Message-Id: References: <155469895228.18178.17765650719093981433.idtracker@ietfa.amsl.com> To: Barry Leiba X-Mailer: Apple Mail (2.3445.104.8) Archived-At: Subject: Re: [Sidrops] Barry Leiba's No Objection on draft-ietf-sidrops-https-tal-07: (with COMMENT) X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Apr 2019 15:08:31 -0000 Dear Barry, > On 8 Apr 2019, at 06:49, Barry Leiba via Datatracker = wrote: > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- >=20 > I realize that this document inherits the text in Section 3 from RFC = 6490, but > can you tell me why there are SHOULDs and not MUSTs? Why would one = NOT do it > the way Section 3 specifies? The first half of section 3 specifies how an RP uses the TAL to download = and validate a TA certificate. In my opinion the SHOULD in the first = sentence could be a MUST. The remainder of the section deals with strategies regarding downloading = fresh copies, and choosing which of the (equivalent) URIs to use. In = practice I believe that most if not all RP implementations fetch TA = certificates on each validation run and the expiration time of the = certificate is generally ignored - this does not conflict with the = SHOULDs because generally these validation runs happen with a frequency = of 10 mins, or hours at must - so it's much sooner. Furthermore some RPs = choose to only try one URI to keep their code complexity low. In short I don't remember clearly from the time that RFC7730 was = discussed, but I don't think that there was consensus in the WG for a = more formal and MUST-y specification for RP use. So, I think the SHOULDs = reflect that. > Then I=E2=80=99ll ask the same question for the new https text in = Section 4, especially > about TLS certificate and host name validation. Yes, and good point. Pete Resnick raised a similar point and I replied = to him yesterday. Are your okay with discussing this point in that = thread? Thank you Tim From nobody Tue Apr 9 13:56:59 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 94180120459; Tue, 9 Apr 2019 13:56:43 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.7 X-Spam-Level: X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cooperw.in header.b=P3X9Yk9k; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=QrdDL8g/ Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rB-uRwpF0bBT; Tue, 9 Apr 2019 13:56:41 -0700 (PDT) Received: from wout2-smtp.messagingengine.com (wout2-smtp.messagingengine.com [64.147.123.25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DA5DB12043C; Tue, 9 Apr 2019 13:56:40 -0700 (PDT) Received: from compute7.internal (compute7.nyi.internal [10.202.2.47]) by mailout.west.internal (Postfix) with ESMTP id AC8C3293; Tue, 9 Apr 2019 16:56:39 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute7.internal (MEProxy); Tue, 09 Apr 2019 16:56:40 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cooperw.in; h= content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; s=fm2; bh=R fd8+OMr13fAr0+Ad0b2EOLcZZ7AS/OSRxIB7k1YTq8=; b=P3X9Yk9k1fi5UbX1d ACs8uMsOkP4Umikrxuw0SLy/nB378xBFuOIJQKmy6uqIq/4AfFVfcg0rCVabSh+V hS/tbWpbUa5CoMUdfRhGT3FoKiJaM6IWvYgxCKGk8cox/6zRsRNtT1laZfHIbSdP nOcd0/iGuEyCZ1cBkl5juoa1JDaBvsWgJkD32dLY27X0/eCFcX50ki00+8KThuFh KeQ90aYh44sVaKD38ABAxzxvIRimxbBHKYv3bTmKlrZ8d/lu4AADBUMIEujq3Bao cTbXfAUwf5SN8d1zQY3dPU0fTb619UEZDiEjUtkeffQmESpArAgTz8J16Ttgm64p +eGYg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm2; bh=Rfd8+OMr13fAr0+Ad0b2EOLcZZ7AS/OSRxIB7k1YT q8=; b=QrdDL8g/HygiwGLNaxK9DI3pkYPpN8pim5ew4djYksUDTWNI66aDYWR9L VRkrKfpfwHiX0YDXCpgNbGfcne25wz2vyiojkjoV/9bia4/lKtOMpQlbb8oD6vI6 Vo/wacEARhZxb8lJFHSWDENZSnVYNBrM1l9Thrb0BjY2T6lnPi745U+OBbEnsf3e rDoSE6Sv30mn0PXGr33OYkUEVPCvAvbIizYDRXr/DQiaxbJQtw4yqhJL3W/e6/hs MYcCJjn+tyfJ96YYl3O1l+pl68xP65p/im1xBD49hxGB3UVQB/P3pEZ85l9eW+kE 6pSeEHEk4mO4yYSLtRLMfTUG4wToA== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduuddrudehgdduheeiucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurheptggguffhjgffgffkfhfvofesthhqmhdthhdtvdenucfhrhhomheptehlihhs shgrucevohhophgvrhcuoegrlhhishhsrgestghoohhpvghrfidrihhnqeenucffohhmrg hinhepthhhrghtshgrihguihguohhnthhthhhinhhkthhhihhsshhhohhulhgusggvrghs hhhouhhlugdrihhnpdhivghtfhdrohhrghenucfkphepudejfedrfeekrdduudejrdekje enucfrrghrrghmpehmrghilhhfrhhomheprghlihhsshgrsegtohhophgvrhifrdhinhen ucevlhhushhtvghrufhiiigvpedt X-ME-Proxy: Received: from rtp-alcoop-nitro5.cisco.com (unknown [173.38.117.87]) by mail.messagingengine.com (Postfix) with ESMTPA id 4EAF410398; Tue, 9 Apr 2019 16:56:38 -0400 (EDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\)) From: Alissa Cooper In-Reply-To: <9BA9AAE5-FC26-425E-A090-62B05E450A23@nlnetlabs.nl> Date: Tue, 9 Apr 2019 16:56:36 -0400 Cc: draft-ietf-sidrops-https-tal.all@ietf.org, gen-art , sidrops@ietf.org, ietf discussion list Content-Transfer-Encoding: quoted-printable Message-Id: References: <155327986751.23063.11928780401443919371@ietfa.amsl.com> <9BA9AAE5-FC26-425E-A090-62B05E450A23@nlnetlabs.nl> To: Tim Bruijnzeels , Pete Resnick X-Mailer: Apple Mail (2.3445.9.1) Archived-At: Subject: Re: [Sidrops] [Gen-art] Genart last call review of draft-ietf-sidrops-https-tal-07 X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Apr 2019 20:56:44 -0000 Pete, thanks for your review. Tim, thanks for your responses. I entered = a No Objection ballot. I think the general approach of limiting the = changes to the HTTPS-related ones seems right, and I agree with your = argument below about TLS validation. Alissa > On Apr 8, 2019, at 11:52 AM, Tim Bruijnzeels wrote: >=20 > Dear Pete, >=20 > Thank you for the review and my apologies for the late reply (I have = been moving house). >=20 > Replies in-line. >=20 >> On 22 Mar 2019, at 19:37, Pete Resnick via Datatracker = wrote: >>=20 >> Reviewer: Pete Resnick >> Review result: Ready with Issues >>=20 >> I am the assigned Gen-ART reviewer for this draft. The General Area >> Review Team (Gen-ART) reviews all IETF documents being processed >> by the IESG for the IETF Chair. Please treat these comments just >> like any other last call comments. >>=20 >> For more information, please see the FAQ at >>=20 >> . >>=20 >> Document: draft-ietf-sidrops-https-tal-07 >> Reviewer: Pete Resnick >> Review Date: 2019-03-22 >> IETF LC End Date: 2019-03-18 >> IESG Telechat date: 2019-04-11 >>=20 >> Summary: >>=20 >> I MUST say that this document is quite MUSTy. I only noted those that = caused me >> confusion or seemed useless. All of these are either minor issues or = nits. >> Either way, the document is generally ready. >>=20 >> Major issues: >>=20 >> None. >>=20 >> Minor issues (or might be nits): >>=20 >> In 2.3: >>=20 >> The validity interval of this trust anchor SHOULD reflect the >> anticipated period of stability... >>=20 >> Are there cases where it wouldn't reflect the period of stability? If = so, it >> would be good to give an example. If not, then s/SHOULD = reflect/reflects. >=20 > This is not modified from RFC 7730 - to which I was not an author. I = have limited my changes to adding HTTPS support. >=20 > That said, I don't think this should be a SHOULD. In practice Relying = Parties will retrieve TA certificates on every validation run, and = changes happen at unpredictable intervals. >=20 > I would prefer a text that said: >=20 > The validity interval of this trust anchor is chosen such that the = "notBefore" time predates the moment that this certificate is published, = and the "notAfter" time is after the planned time of re-issuance of this = certificate. >=20 >>=20 >> Similarly for: >>=20 >> Thus, the entity that issues the trust anchor SHOULD issue a >> subordinate CA certificate that contains... >>=20 >> In this case, that SHOULD might even be a MUST. >=20 > Also unchanged since 7730. >=20 > In my opinion this whole section makes recommendations and assumptions = about operations of a Trust Anchor. But it's not complete, and it does = not reflect the operational realities, and there may be other choices = that are valid here too. >=20 > It may be worthwhile discussing these things in sidrops, but for now I = would propose to make this section a bit less formal. >=20 > So I would suggest: >=20 > CURRENT: > Because the public key in the TAL and the trust anchor MUST be stable, = this motivates operation of that CA in an offline mode. Thus, the entity = that issues the trust anchor SHOULD issue a subordinate CA certificate = that contains the same INRs (via the use of the "inherit" option in the = INR extensions of the subordinate certificate). >=20 > NEW: > Because the public key in the TAL and the trust anchor MUST be stable, = this motivates operation of that CA in an offline mode. In that case a = subordinate CA certificate containing the same INRs, or in theory any = sub-set of INRs, can be issued for online operations. >=20 > I suspect though that some of the RFC7730 authors may object to this = change. >=20 >> In section 4, in the last full paragraph and the bullets, I'm not at = all clear >> why these are RECOMMENDEDs and SHOULD [NOT]s. If they're not MUSTs, = it seems >> like you should explain circumstances (at least in general terms) = where an >> implementation would choose to do deviate from these. >>=20 >=20 > Personally I would prefer that this document does not try to prescribe = how TLS Verification is done. I don't think this is the right place. The = current text is based on similar text in section 4.3 of RFC8182, which I = co-authored. I don't consider myself an expert on TLS verification - = that section is largely based on IESG feedback at the time.=20 >=20 > I kind of understand where the IESG came from at the time. It's a = reference to RFC7525 which is a BCP for this kind of thing, but in my = opinion it requires too much in the way of specifying local behaviour = (to this RFC). I am not confident that this is the best way - it may not = get sufficient review, it may get outdated, and it may be = un-implementable. >=20 > In practice Relying Party implementers will use whatever TLS = verification is done by the HTTPS client libraries that they use. They = will have little control over the exact behaviour. And implementing = their own from scratch will most likely make things more brittle and = less secure. >=20 > I am open to suggestions :D >=20 >=20 >> Nits/editorial comments: >>=20 >> In the introduction, the "SHOULD" seems superfluous; it doesn't = indicate some >> important implementation advice that someone wouldn't otherwise = notice in the >> protocol. But it's a nit if ever there was one. >=20 > ack=20 >=20 >=20 >=20 > Thanks > Tim >=20 >=20 >>=20 >>=20 >> _______________________________________________ >> Sidrops mailing list >> Sidrops@ietf.org >> https://www.ietf.org/mailman/listinfo/sidrops >=20 > _______________________________________________ > Gen-art mailing list > Gen-art@ietf.org > https://www.ietf.org/mailman/listinfo/gen-art From nobody Tue Apr 9 20:27:13 2019 Return-Path: X-Original-To: sidrops@ietf.org Delivered-To: sidrops@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 902F012009C; Tue, 9 Apr 2019 20:27:05 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: Benjamin Kaduk via Datatracker To: "The IESG" Cc: draft-ietf-sidrops-https-tal@ietf.org, Chris Morrow , sidrops-chairs@ietf.org, morrowc@ops-netman.net, sidrops@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.95.0 Auto-Submitted: auto-generated Precedence: bulk Reply-To: Benjamin Kaduk Message-ID: <155486682558.19696.15312172563014424742.idtracker@ietfa.amsl.com> Date: Tue, 09 Apr 2019 20:27:05 -0700 Archived-At: Subject: [Sidrops] Benjamin Kaduk's No Objection on draft-ietf-sidrops-https-tal-07: (with COMMENT) X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Apr 2019 03:27:06 -0000 Benjamin Kaduk has entered the following ballot position for draft-ietf-sidrops-https-tal-07: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-sidrops-https-tal/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Thank you for keeping the diff from RFC 7730 tidy! Abstract their CA certificate. In particular it allows TAs to change the set of Internet Number Resources included in the RFC3779 extension of their certificate. Neither "Internet Number" nor "Number Resources" appears in RFC 3779 that I can see. (On a quick skim, I'm still not sure if we mean AS number or IP address/prefix.) Section 2.1 the trust anchor per se. In the RPKI, certificates contain extensions that represent Internet Number Resources (INRs) [RFC3779]. (As above, I don't see INRs mentioned in RFC 3779.) Since comments are new in this rev of TAL, do we want to caution consumers that implementations may not necessarily support comments yet? Section 2.3 The trust anchor MUST contain a stable key. This key MUST NOT change when the certificate is reissued due to changes in the INR extension(s), when the certificate is renewed prior to expiration, or for any reason other than a key change. (This seems a bit tautological...) If an entity wishes to withdraw a self-signed CA certificate as a putative trust anchor, for any reason, including key rollover, the entity MUST remove the object from the location referenced in the TAL. Certain classes of attacker could continue to publish the last-known certificate as a trust anchor and prevent this withdrawl from taking effect; we should probably cover that in the security considerations. Section 2.4 We say that it's RECOMMENDED to have different domains (so as to get different IP addresses) but this example shows only a single domain. Section 4 Note that a Man in the Middle (MITM) cannot produce a CA certificate that would be considered valid according to the process described in Section 3. [...] I think the key part is that the attacker cannot produce a *new* CA certificate that differs from a legitimate one, but they can MITM the HTTPS connection and present a legitimate (but potentially stale) CA certificate. o DNS names in Repository Server certificates SHOULD NOT contain the wildcard character "*". Would a Relying Party ever reject the HTTPS connection (and thus, the delivered TA) if a wildcard certificate is presented for the HTTPS connection? Section 5 This TAL does not directly provide a list of resources covered by the referenced self-signed CA certificate. Instead, the RP is referred to the trust anchor itself and the INR extension(s) within this certificate. This provides necessary operational flexibility, but it also allows the certificate issuer to claim to be authoritative for any resource. Relying parties should either have great confidence in the issuers of such certificates that they are configuring as trust anchors, or they should issue their own self-signed certificate as a trust anchor and, in doing so, impose constraints on the subordinate certificates. Are there any external databases that a RP could consult to affect the decision of whether to believe that a TA should actually be claiming the indicated resource(s)? (It would be a bit silly, given that this is the RPKI already, but still...) From nobody Wed Apr 10 08:33:52 2019 Return-Path: X-Original-To: sidrops@ietf.org Delivered-To: sidrops@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id D47821203B9; Wed, 10 Apr 2019 08:33:50 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: Roman Danyliw via Datatracker To: "The IESG" Cc: draft-ietf-sidrops-https-tal@ietf.org, Chris Morrow , sidrops-chairs@ietf.org, morrowc@ops-netman.net, sidrops@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.95.0 Auto-Submitted: auto-generated Precedence: bulk Reply-To: Roman Danyliw Message-ID: <155491043086.8945.18059846876808193750.idtracker@ietfa.amsl.com> Date: Wed, 10 Apr 2019 08:33:50 -0700 Archived-At: Subject: [Sidrops] Roman Danyliw's No Objection on draft-ietf-sidrops-https-tal-07: (with COMMENT) X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Apr 2019 15:33:51 -0000 Roman Danyliw has entered the following ballot position for draft-ietf-sidrops-https-tal-07: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-sidrops-https-tal/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Thanks for the easy to read diff with RFC7730. A minor nit: (1) Section 2.1, Typo. s/implementors/implementers/ From nobody Wed Apr 10 10:21:32 2019 Return-Path: X-Original-To: sidrops@ietf.org Delivered-To: sidrops@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id E5332120404; Wed, 10 Apr 2019 10:21:31 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit From: Adam Roach via Datatracker To: "The IESG" Cc: draft-ietf-sidrops-https-tal@ietf.org, Chris Morrow , sidrops-chairs@ietf.org, morrowc@ops-netman.net, sidrops@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.95.0 Auto-Submitted: auto-generated Precedence: bulk Reply-To: Adam Roach Message-ID: <155491689193.9336.11988651941770388340.idtracker@ietfa.amsl.com> Date: Wed, 10 Apr 2019 10:21:31 -0700 Archived-At: Subject: [Sidrops] Adam Roach's Yes on draft-ietf-sidrops-https-tal-07: (with COMMENT) X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Apr 2019 17:21:32 -0000 Adam Roach has entered the following ballot position for draft-ietf-sidrops-https-tal-07: Yes When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-sidrops-https-tal/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Thanks to everyone who worked on this document. --------------------------------------------------------------------------- I find it curious and somewhat problematic that there is not a section, equivalent to the existing section 4, that deals with RSYNC considerations. In particular, the attack described in the first paragraph of section 4 appears to be unavoidable when the TAL contains an RSYNC URI. Minimally, this document should draw attention to that fact, at least in the Security Considerations section. Ideally, it would deprecate -- or at least discourage -- the use of RSYNC URIs for this reason. [This would be a discuss-level comment if this were a green-field document, but I don't want to stand in the way of improving an existing mechanism, so I'm only leaving it as a comment. The authors may choose to move forward without fixing this issue] --------------------------------------------------------------------------- §2.2: > In this document we define a Trust Anchor URI as a URI that can be > used to retrieved a current Trust Anchor certificate Nit: "...to retrieve..." From nobody Wed Apr 10 10:40:41 2019 Return-Path: X-Original-To: sidrops@ietf.org Delivered-To: sidrops@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id ECB421200EB; Wed, 10 Apr 2019 10:40:33 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit From: Alexey Melnikov via Datatracker To: "The IESG" Cc: draft-ietf-sidrops-https-tal@ietf.org, Chris Morrow , sidrops-chairs@ietf.org, morrowc@ops-netman.net, sidrops@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.95.0 Auto-Submitted: auto-generated Precedence: bulk Reply-To: Alexey Melnikov Message-ID: <155491803396.9216.4105477992064648125.idtracker@ietfa.amsl.com> Date: Wed, 10 Apr 2019 10:40:33 -0700 Archived-At: Subject: [Sidrops] Alexey Melnikov's No Objection on draft-ietf-sidrops-https-tal-07: (with COMMENT) X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Apr 2019 17:40:34 -0000 Alexey Melnikov has entered the following ballot position for draft-ietf-sidrops-https-tal-07: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-sidrops-https-tal/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Thank you for this well written document. I have a few relatively minor comments (and questions) which I think you should address: 1. Introduction This document obsoletes [RFC7730] by adding support for HTTPS URIs in a TAL. If this document obsoletes RFC 7730, then I think you need to have "Changes since RFC 7730" section (Is this a BIS document?). If it only updates it, then the above (and the obsolete header at the top of the draft) is not correct. 2.2. Trust Anchor Locator File Format In this document we define a Trust Anchor URI as a URI that can be used to retrieved a current Trust Anchor certificate. This URI MUST be either an rsync URI [RFC5781], or an HTTPS URI [RFC7230]. I think the first mention of URI still needs a reference to RFC 3986. The TAL is an ordered sequence of: 1. an optional comment section consisting of one or more lines each starting with the '#' character, followed by human readable informational UTF-8 text, and ending with a line break, Unless you think you want to use ASCII and Unicode Control characters in this field, I think you should recommend usage of RFC 5198 here. 2.3. TAL and Trust Anchor Certificate Considerations The trust anchor MUST contain a stable key. This key MUST NOT change How does "MUST contain a stable key" differ from "key MUST NOT change"? when the certificate is reissued due to changes in the INR extension(s), when the certificate is renewed prior to expiration, or for any reason other than a key change. This reads funny: “you must not change the key unless you decide to change the key”. Maybe talk about key compromise and key strength no longer being adequate instead? 4. HTTPS Considerations o This protocol does not require the use of SRV-IDs. o This protocol does not require the use of URI-IDs. I suspect this was copied from another RFC, but "does not require" is not right here, as it doesn't prevent it as an option. I think you should change "does not require the use" to "does not use" From nobody Wed Apr 10 10:48:08 2019 Return-Path: X-Original-To: sidrops@ietf.org Delivered-To: sidrops@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 0EA81120253; Wed, 10 Apr 2019 10:48:07 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: Alexey Melnikov via Datatracker To: "The IESG" Cc: draft-ietf-sidrops-bgpsec-algs-rfc8208-bis@ietf.org, Chris Morrow , sidrops-chairs@ietf.org, morrowc@ops-netman.net, sidrops@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.95.0 Auto-Submitted: auto-generated Precedence: bulk Reply-To: Alexey Melnikov Message-ID: <155491848705.8904.6102999785203393745.idtracker@ietfa.amsl.com> Date: Wed, 10 Apr 2019 10:48:07 -0700 Archived-At: Subject: [Sidrops] Alexey Melnikov's Discuss on draft-ietf-sidrops-bgpsec-algs-rfc8208-bis-04: (with DISCUSS) X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Apr 2019 17:48:07 -0000 Alexey Melnikov has entered the following ballot position for draft-ietf-sidrops-bgpsec-algs-rfc8208-bis-04: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-sidrops-bgpsec-algs-rfc8208-bis/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- This is a fine document and sorry for nit-picking, but why is this document "Updates: 8208" instead of "Obsolete: 8208"? From nobody Wed Apr 10 11:49:09 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6A0B412006D; Wed, 10 Apr 2019 11:48:57 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nist.gov Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3n9gbLEXkltu; Wed, 10 Apr 2019 11:48:54 -0700 (PDT) Received: from GCC01-CY1-obe.outbound.protection.outlook.com (mail-eopbgr830095.outbound.protection.outlook.com [40.107.83.95]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3CA8512002F; Wed, 10 Apr 2019 11:48:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nist.gov; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=629xqZOYM92KdzQiomJDaSzhfP2CX+pwI8DCYlP3Agw=; b=PBeaIv6eiIsUzrGpsijFK6xVCsejsjNIYzHtz0JCZYzISeIb+D+65kalaV1yL6/Mq1OV6wt1ld7LZMaxsu9J6l+UhrKGPnr/XPK8WJxNvao73odzGeJ5kaQzVVYvrZ6wz95PVGH+6T+uvCycnwZCRhYRtaRlaqj4PAVo6hiLye4= Received: from SN6PR09MB3167.namprd09.prod.outlook.com (20.177.250.204) by SN6PR09MB3168.namprd09.prod.outlook.com (20.177.250.205) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1792.14; Wed, 10 Apr 2019 18:48:47 +0000 Received: from SN6PR09MB3167.namprd09.prod.outlook.com ([fe80::694c:8a72:b9a7:5832]) by SN6PR09MB3167.namprd09.prod.outlook.com ([fe80::694c:8a72:b9a7:5832%2]) with mapi id 15.20.1771.021; Wed, 10 Apr 2019 18:48:47 +0000 From: "Borchert, Oliver (Fed)" To: Alexey Melnikov , The IESG CC: "draft-ietf-sidrops-bgpsec-algs-rfc8208-bis@ietf.org" , Chris Morrow , "sidrops-chairs@ietf.org" , "sidrops@ietf.org" Thread-Topic: Alexey Melnikov's Discuss on draft-ietf-sidrops-bgpsec-algs-rfc8208-bis-04: (with DISCUSS) Thread-Index: AQHU78WVwxYQIWvxVk6QM4XyxdXWDaY1udYw Date: Wed, 10 Apr 2019 18:48:47 +0000 Message-ID: References: <155491848705.8904.6102999785203393745.idtracker@ietfa.amsl.com> In-Reply-To: <155491848705.8904.6102999785203393745.idtracker@ietfa.amsl.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=oliver.borchert@nist.gov; x-originating-ip: [129.6.140.119] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 9d57738f-4e2e-4d95-1317-08d6bde52a58 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600139)(711020)(4605104)(4618075)(2017052603328)(7193020); SRVR:SN6PR09MB3168; x-ms-traffictypediagnostic: SN6PR09MB3168: x-ms-exchange-purlcount: 2 x-microsoft-antispam-prvs: x-forefront-prvs: 00032065B2 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(396003)(39860400002)(366004)(136003)(346002)(376002)(13464003)(189003)(199004)(68736007)(25786009)(71200400001)(99286004)(3846002)(11346002)(476003)(6116002)(4326008)(71190400001)(97736004)(86362001)(55016002)(9686003)(6306002)(966005)(53936002)(316002)(6246003)(2906002)(105586002)(106356001)(76176011)(6506007)(8676002)(229853002)(486006)(52536014)(7696005)(446003)(186003)(256004)(14444005)(6436002)(14454004)(5660300002)(54906003)(102836004)(478600001)(45080400002)(8936002)(110136005)(305945005)(26005)(7736002)(66066001)(74316002)(81166006)(81156014)(33656002)(53546011); DIR:OUT; SFP:1102; SCL:1; SRVR:SN6PR09MB3168; H:SN6PR09MB3167.namprd09.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: Q55Mn2P7whbxFKlyuTmK4lgxlX5VCdwe5MgBWYoMbdxDFjJfN1j1mlyIQe+3KYjT4vdh7eSB8n21ulk17fD7JwdCmIdZm/J/1g0FRlLIVuuGjiFBCRWmVhEbSPXxHFzM2/6dKSgfXg521oV9XWEQGpx2n3S7k6JXKUQVuKJ4nRHgBOWSRXg4nozNB/2zBXAnIdsglT5ZcS8HFUhr3js6xuLUmHOhOGrQBEYfl9UaKvETgRJfUXwTyA315s1lxIOzGt9BK7GRm9as0FvOoseOg6Db+tnXZrsms+0YNhhrGnlqDXuAJ1lzJe/TKSbS8rBsBQfi3SHAy8mvDyIn34qxFIPKLs4eXc29ZpjZesy4W7tLNGDPWbM9/iQBIB2Ic9uOFwtcsJUf8iTLB1gx6up1JBApBg2XAyxF4LgxkTT36D4= Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-OriginatorOrg: nist.gov X-MS-Exchange-CrossTenant-Network-Message-Id: 9d57738f-4e2e-4d95-1317-08d6bde52a58 X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Apr 2019 18:48:47.4258 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR09MB3168 Archived-At: Subject: Re: [Sidrops] Alexey Melnikov's Discuss on draft-ietf-sidrops-bgpsec-algs-rfc8208-bis-04: (with DISCUSS) X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Apr 2019 18:48:58 -0000 QWxleGV5LA0KDQpBcyBJIGN1cnJlbnRseSB3b3JrIHRocm91Z2ggdGhlIGZlZWRiYWNrIGFuZCBj b21tZW50cyB3aGljaCBJIHdpbGwgcmVwbHkgdG8gaW4gZWFjaCByZXNwZWN0aXZlIGNvbW1lbnQg c29vbiwgdGhlIHF1ZXN0aW9uIG9mIFVwZGF0ZSB2cyBPYnNvbGV0ZSB3YXMgcmFpc2VkIGluIGFu b3RoZXIgY29tbWVudCBhcyB3ZWxsLg0KQXMgSSBzZWUgaXQgbm93LCB0aGlzIGRvY3VtZW50IG1p Z2h0IGJlIGEgYmV0dGVyIGZpdCBmb3IgdGhlICJPYnNvbGV0ZXMiIGNhdGVnb3J5IHJhdGhlciB0 aGUgIlVwZGF0ZXMiIGNhdGVnb3J5Lg0KVGhlIHJlYXNvbmluZyBmb3IgdGhhdCBpcyB0aGF0IHRo aXMgZG9jdW1lbnQgaXMgcmUtd3JpdGUgb2YgODIwOCBjb250YWluaW5nIGFsbCBvZiA4MjA4IHdp dGggc29tZSBpbXBvcnRhbnQgY29ycmVjdGlvbnMgd2UgZGlkIG5vdCBjYXRjaCBkdXJpbmcgdGhl IGZpbmFsIHN0YWdlcyBvZiA4MjA4LiANCkFsc28gaXQgZXh0ZW5kcyA4MjA4IHdpdGggdGhlIElE IHNwYWNlIGZvciBFeHBlcmltZW50YXRpb24gYW5kIERvY3VtZW50YXRpb24gd2hpY2ggd2UgZm9y Z290IGFuZCBJIHJlc3RydWN0dXJlZCB0aGUgZG9jdW1lbnQgdG8gYmUgZWFzaWVyIHRvIHVuZGVy c3RhbmQgYnkgaW1wbGVtZW50ZXJzLiANCkEgcHJldmlvdXMgY29tbWVudCBtZW50aW9uZWQgdGhl ICJTcGVjaWFsLUlEIiBpdCBzaG91bGQgYmUgc3BsaXQgaW50byAiRXhwZXJpbWVudGF0aW9uIiBh bmQgIkRvY3VtZW50YXRpb24iIHdoaWNoIEkgZGlkIGFscmVhZHkgYnV0IGRpZCBub3QgcG9zdCBt eSByZXNwb25zZSB5ZXQuDQoNClNvIHRvIGFuc3dlciB5b3VyIHF1ZXN0aW9uIEkgYmVsaWV2ZSBp dCBzaG91bGQgYmUgY2hhbmdlZCBpbnRvICJPYnNvbGV0ZXMiIHJhdGhlciB0aGFuICJVcGRhdGVz IiB3aGljaCBtYWtlcyBpdCBjbGVhbmVyLg0KDQpUaGFua3MsDQpPbGl2ZXIgDQoNCi0tLS0tT3Jp Z2luYWwgTWVzc2FnZS0tLS0tDQpGcm9tOiBBbGV4ZXkgTWVsbmlrb3YgdmlhIERhdGF0cmFja2Vy IDxub3JlcGx5QGlldGYub3JnPiANClNlbnQ6IFdlZG5lc2RheSwgQXByaWwgMTAsIDIwMTkgMTo0 OCBQTQ0KVG86IFRoZSBJRVNHIDxpZXNnQGlldGYub3JnPg0KQ2M6IGRyYWZ0LWlldGYtc2lkcm9w cy1iZ3BzZWMtYWxncy1yZmM4MjA4LWJpc0BpZXRmLm9yZzsgQ2hyaXMgTW9ycm93IDxtb3Jyb3dj QG9wcy1uZXRtYW4ubmV0Pjsgc2lkcm9wcy1jaGFpcnNAaWV0Zi5vcmc7IG1vcnJvd2NAb3BzLW5l dG1hbi5uZXQ7IHNpZHJvcHNAaWV0Zi5vcmcNClN1YmplY3Q6IEFsZXhleSBNZWxuaWtvdidzIERp c2N1c3Mgb24gZHJhZnQtaWV0Zi1zaWRyb3BzLWJncHNlYy1hbGdzLXJmYzgyMDgtYmlzLTA0OiAo d2l0aCBESVNDVVNTKQ0KSW1wb3J0YW5jZTogSGlnaA0KDQpBbGV4ZXkgTWVsbmlrb3YgaGFzIGVu dGVyZWQgdGhlIGZvbGxvd2luZyBiYWxsb3QgcG9zaXRpb24gZm9yDQpkcmFmdC1pZXRmLXNpZHJv cHMtYmdwc2VjLWFsZ3MtcmZjODIwOC1iaXMtMDQ6IERpc2N1c3MNCg0KV2hlbiByZXNwb25kaW5n LCBwbGVhc2Uga2VlcCB0aGUgc3ViamVjdCBsaW5lIGludGFjdCBhbmQgcmVwbHkgdG8gYWxsIGVt YWlsIGFkZHJlc3NlcyBpbmNsdWRlZCBpbiB0aGUgVG8gYW5kIENDIGxpbmVzLiAoRmVlbCBmcmVl IHRvIGN1dCB0aGlzIGludHJvZHVjdG9yeSBwYXJhZ3JhcGgsIGhvd2V2ZXIuKQ0KDQoNClBsZWFz ZSByZWZlciB0byBodHRwczovL2djYzAxLnNhZmVsaW5rcy5wcm90ZWN0aW9uLm91dGxvb2suY29t Lz91cmw9aHR0cHMlM0ElMkYlMkZ3d3cuaWV0Zi5vcmclMkZpZXNnJTJGc3RhdGVtZW50JTJGZGlz Y3Vzcy1jcml0ZXJpYS5odG1sJmFtcDtkYXRhPTAyJTdDMDElN0NvbGl2ZXIuYm9yY2hlcnQlNDBu aXN0LmdvdiU3QzNkMTk5YzkxODk4NzQ0OTg3MTg4MDhkNmJkZGNiNjM4JTdDMmFiNWQ4MmZkOGZh NDc5N2E5M2UwNTQ2NTVjNjFkZWMlN0MxJTdDMCU3QzYzNjkwNTE1Mjk5MjAwMzg3NyZhbXA7c2Rh dGE9dVBJTGpNTWc5U1pJaVh4bTRReXpudGhpQklqV2RFSUxCdVVoem1KREpmNCUzRCZhbXA7cmVz ZXJ2ZWQ9MA0KZm9yIG1vcmUgaW5mb3JtYXRpb24gYWJvdXQgSUVTRyBESVNDVVNTIGFuZCBDT01N RU5UIHBvc2l0aW9ucy4NCg0KDQpUaGUgZG9jdW1lbnQsIGFsb25nIHdpdGggb3RoZXIgYmFsbG90 IHBvc2l0aW9ucywgY2FuIGJlIGZvdW5kIGhlcmU6DQpodHRwczovL2djYzAxLnNhZmVsaW5rcy5w cm90ZWN0aW9uLm91dGxvb2suY29tLz91cmw9aHR0cHMlM0ElMkYlMkZkYXRhdHJhY2tlci5pZXRm Lm9yZyUyRmRvYyUyRmRyYWZ0LWlldGYtc2lkcm9wcy1iZ3BzZWMtYWxncy1yZmM4MjA4LWJpcyUy RiZhbXA7ZGF0YT0wMiU3QzAxJTdDb2xpdmVyLmJvcmNoZXJ0JTQwbmlzdC5nb3YlN0MzZDE5OWM5 MTg5ODc0NDk4NzE4ODA4ZDZiZGRjYjYzOCU3QzJhYjVkODJmZDhmYTQ3OTdhOTNlMDU0NjU1YzYx ZGVjJTdDMSU3QzAlN0M2MzY5MDUxNTI5OTIwMTM4ODImYW1wO3NkYXRhPUw1eVQ1NmZrTGRDZWdx bW8lMkJwMmRzWk1iSmZmRHI4aDJ4YnJha0RXcWR4USUzRCZhbXA7cmVzZXJ2ZWQ9MA0KDQoNCg0K LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLQ0KRElTQ1VTUzoNCi0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCg0KVGhpcyBpcyBhIGZpbmUg ZG9jdW1lbnQgYW5kIHNvcnJ5IGZvciBuaXQtcGlja2luZywgYnV0IHdoeSBpcyB0aGlzIGRvY3Vt ZW50DQoiVXBkYXRlczogODIwOCIgaW5zdGVhZCBvZiAiT2Jzb2xldGU6IDgyMDgiPw0KDQoNCg0K DQo= From nobody Wed Apr 10 11:49:44 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7E0AF12002F for ; Wed, 10 Apr 2019 11:49:34 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=kumari-net.20150623.gappssmtp.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2MGpPbKdP9AK for ; Wed, 10 Apr 2019 11:49:33 -0700 (PDT) Received: from mail-qk1-x72c.google.com (mail-qk1-x72c.google.com [IPv6:2607:f8b0:4864:20::72c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 73AE51200EF for ; Wed, 10 Apr 2019 11:49:31 -0700 (PDT) Received: by mail-qk1-x72c.google.com with SMTP id n68so1912004qka.1 for ; Wed, 10 Apr 2019 11:49:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kumari-net.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=2/Bjs1L1u3QRlLXLcn7pyG16kzge/xRhpAW9wqLKfzA=; b=JqELxWh8OD4xSP9gtN4y53eresiGfnt0vFyVpyV/N05COiwU8IgWeBDTd3k0qKiqL7 2Hgx/5d8aD4CCC0PkHlJ6sTkJlbDp5NRWc1eg15bGV9tFxTr2RnA+rqY8NwzV37RhZH6 YlLu+YVKgQQT4TZo/Fnw8zJ/77qxZT8MPPw+0YkMsiIwe2Tn7hBpIAI7jA94vrYAmQ0i v+1Tzrth/Bt1a3Y3qyyT9XmZ+JN8R62g3QkMLBpQ1qOaQWwsl2l+SQVpX74ZpEHccXPD xkZAFliFJFvAkaovTsdvw00+4v9ZPX2yRSugUH+DeFru8SVWjoi5TGfdVGP0wouyjz4b Wl9Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=2/Bjs1L1u3QRlLXLcn7pyG16kzge/xRhpAW9wqLKfzA=; b=rQwUNJSUNQLlpXInByxGBgTnl64HrpEJyxX9RjQlailOlNMWeatTBhUNksAFVOFAmj +eMo+wFS8wYkdem34V+Maa1a+gnxsXobCd9W6xlEXQxZRFyZXYdL0O5qVSFuZ070G0K5 dirMcMupddTfpFKLrbz9eLX0jsiPsu6hYZ7t2NnSe7VyifS53M3hJTgTz8cCVS6y+z6U oq4T/kJqsb6X6mAP8mwLdr43Uo/xujJHdn/eUtOFE7Bsu2ZC0rRmttcgo8ajdQo+7pTg hRkG2hF2v8krC++CBNvXXeQ15KGGam0BTxHkpHhsfv0+4qZUthPi6pHE8JMiS5pmOOnl naWw== X-Gm-Message-State: APjAAAUpyngEZNz2YZAxsqWW9FCvjkrj9O+9db6ikWLU01aUaIi9wlqo ueXIYTV/V3ILJr/qU93MonwsFpoV9/2qkZhXghbUKg== X-Google-Smtp-Source: APXvYqze1xaxrFJWZ7850N3vA4V+FtydvAn95Davd69mXP3yu3LdsPCRVAjINMcXq0ryMO7QOZYypYkujRseCB/XE10= X-Received: by 2002:a05:620a:1597:: with SMTP id d23mr33995083qkk.226.1554922169681; Wed, 10 Apr 2019 11:49:29 -0700 (PDT) MIME-Version: 1.0 References: <155491848705.8904.6102999785203393745.idtracker@ietfa.amsl.com> In-Reply-To: <155491848705.8904.6102999785203393745.idtracker@ietfa.amsl.com> From: Warren Kumari Date: Wed, 10 Apr 2019 14:48:53 -0400 Message-ID: To: Alexey Melnikov Cc: The IESG , Chris Morrow , SIDROps Chairs , SIDR Operations WG , draft-ietf-sidrops-bgpsec-algs-rfc8208-bis@ietf.org Content-Type: multipart/alternative; boundary="00000000000093e3d2058631878a" Archived-At: Subject: Re: [Sidrops] Alexey Melnikov's Discuss on draft-ietf-sidrops-bgpsec-algs-rfc8208-bis-04: (with DISCUSS) X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Apr 2019 18:49:34 -0000 --00000000000093e3d2058631878a Content-Type: text/plain; charset="UTF-8" On Wed, Apr 10, 2019 at 1:48 PM Alexey Melnikov via Datatracker < noreply@ietf.org> wrote: > ---------------------------------------------------------------------- > DISCUSS: > ---------------------------------------------------------------------- > > This is a fine document and sorry for nit-picking, but why is this document > "Updates: 8208" instead of "Obsolete: 8208"? > > Thanks an excellent question -- I suspect that the answer is simply "Whoops, that was a mistake" -- is that correct? W -- I don't think the execution is relevant when it was obviously a bad idea in the first place. This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants. ---maf --00000000000093e3d2058631878a Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable


On Wed, Apr 10, 2019 at 1:48 PM Alex= ey Melnikov via Datatracker <noreply= @ietf.org> wrote:
----------------------------------------------------------------------
DISCUSS:
----------------------------------------------------------------------

This is a fine document and sorry for nit-picking, but why is this document=
"Updates: 8208" instead of "Obsolete: 8208"?


Thanks an excellent question -- I suspect t= hat the answer is simply "Whoops, that was a mistake" -- is that= =C2=A0correct?
W

=C2=A0
--
I don't think the execution is relevant w= hen it was obviously a bad idea in the first place.
This is like putting= rabid weasels in your pants, and later expressing regret at having chosen = those particular rabid weasels and that pair of pants.
=C2=A0 =C2=A0---m= af
--00000000000093e3d2058631878a-- From nobody Wed Apr 10 11:51:51 2019 Return-Path: X-Original-To: sidrops@ietf.org Delivered-To: sidrops@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 1B68512002F; Wed, 10 Apr 2019 11:51:41 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: Suresh Krishnan via Datatracker To: "The IESG" Cc: draft-ietf-sidrops-bgpsec-algs-rfc8208-bis@ietf.org, Chris Morrow , sidrops-chairs@ietf.org, morrowc@ops-netman.net, sidrops@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.95.0 Auto-Submitted: auto-generated Precedence: bulk Reply-To: Suresh Krishnan Message-ID: <155492230110.22761.8927064203901632868.idtracker@ietfa.amsl.com> Date: Wed, 10 Apr 2019 11:51:41 -0700 Archived-At: Subject: [Sidrops] Suresh Krishnan's No Objection on draft-ietf-sidrops-bgpsec-algs-rfc8208-bis-04: (with COMMENT) X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Apr 2019 18:51:41 -0000 Suresh Krishnan has entered the following ballot position for draft-ietf-sidrops-bgpsec-algs-rfc8208-bis-04: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-sidrops-bgpsec-algs-rfc8208-bis/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Thanks for providing a BGPsec IPv6 example. I think it would be better if the next hop address comes out of the documentation range instead of the benchmarking range. From nobody Wed Apr 10 12:41:04 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7AFF11205CD; Wed, 10 Apr 2019 12:40:54 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nist.gov Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XUBKEUaezhJS; Wed, 10 Apr 2019 12:40:51 -0700 (PDT) Received: from GCC01-DM2-obe.outbound.protection.outlook.com (mail-eopbgr840103.outbound.protection.outlook.com [40.107.84.103]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8C4E1120458; Wed, 10 Apr 2019 12:40:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nist.gov; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=FxbuV/RBrIG06m4N5gkjDwGK+SaYiLEMKIG3Bx8LhzM=; b=DP8CXd1GmN0LDfDi2/Q2uTgPYQC7Gpl6LqPCRAn5fEE31C046+kdEmPvih43dX4c6wK4FlpYiLJ6TwoD+c6tQWWRkaQIfZAVXPCQgruCEItKFOaZ3CcAMbgjw7aVMsjBCtireo7D5Q+g5nJzPGtYT0b6o/PIpUPs2+bfl7CRH+g= Received: from SN6PR09MB3167.namprd09.prod.outlook.com (20.177.250.204) by SN6PR09MB3167.namprd09.prod.outlook.com (20.177.250.204) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1771.21; Wed, 10 Apr 2019 19:40:48 +0000 Received: from SN6PR09MB3167.namprd09.prod.outlook.com ([fe80::694c:8a72:b9a7:5832]) by SN6PR09MB3167.namprd09.prod.outlook.com ([fe80::694c:8a72:b9a7:5832%2]) with mapi id 15.20.1771.021; Wed, 10 Apr 2019 19:40:48 +0000 From: "Borchert, Oliver (Fed)" To: Benjamin Kaduk , The IESG CC: "draft-ietf-sidrops-bgpsec-algs-rfc8208-bis@ietf.org" , Chris Morrow , "sidrops-chairs@ietf.org" , "sidrops@ietf.org" Thread-Topic: Benjamin Kaduk's No Objection on draft-ietf-sidrops-bgpsec-algs-rfc8208-bis-04: (with COMMENT) Thread-Index: AQHU7nXgQI4Urnu4Ok+oIXvgvm0Y7qY1xJMA Date: Wed, 10 Apr 2019 19:40:48 +0000 Message-ID: References: <155477430291.30201.17132123731441062502.idtracker@ietfa.amsl.com> In-Reply-To: <155477430291.30201.17132123731441062502.idtracker@ietfa.amsl.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=oliver.borchert@nist.gov; x-originating-ip: [129.6.140.119] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: c2b4e057-739b-4940-9b1f-08d6bdec6ec2 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600139)(711020)(4605104)(4618075)(2017052603328)(7193020); SRVR:SN6PR09MB3167; x-ms-traffictypediagnostic: SN6PR09MB3167: x-ms-exchange-purlcount: 2 x-microsoft-antispam-prvs: x-forefront-prvs: 00032065B2 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39860400002)(376002)(136003)(346002)(366004)(396003)(13464003)(199004)(189003)(110136005)(966005)(86362001)(4326008)(52536014)(478600001)(74316002)(106356001)(6436002)(105586002)(33656002)(45080400002)(25786009)(2906002)(66066001)(55016002)(229853002)(5660300002)(54906003)(2171002)(316002)(26005)(6246003)(476003)(6506007)(102836004)(14444005)(7696005)(68736007)(8676002)(11346002)(3846002)(446003)(256004)(486006)(53546011)(6306002)(186003)(97736004)(305945005)(71200400001)(71190400001)(8936002)(6116002)(76176011)(53936002)(7736002)(14454004)(99286004)(9686003)(81166006)(81156014); DIR:OUT; SFP:1102; SCL:1; SRVR:SN6PR09MB3167; H:SN6PR09MB3167.namprd09.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: GaA/DE2WVs+++jOv/aW9h/qIYPfXKiqQh3KdVdNRY6lwvVVCie8Iy8mey86xGlaNqCkdEMUaORF2Z1qyX0OoyhqPJzbdeZX6GuGe1/UNI1iLgOqt+fn88lY4eca6k5Pr+Ne1Aia2Ij2nauJ9Ugzk/MpIk1N2iFY1SIfvWgv8cd2+DRNACgkKCRZQMHR14+ji1LBy1/D1X7qCMlI+CtWazLes4JeHZkMQgcYJo3y/TXnFsvFoCidV/N8E086aS464oSOXMy8HSYUIhYBJzD2aynZ8HFNfcDfQhVAEA1vSEe+ohsodTgoATu+QIh8QiJrVql4q3xOBi14UhBgjwsuIbwZFC719abb8zUn6vtfQkiJuJ652R0U0edHue0ldFxomZm8GlSNAopKdMrlETdu76NEdzyTB65zj3fNdJYFdwCs= Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-OriginatorOrg: nist.gov X-MS-Exchange-CrossTenant-Network-Message-Id: c2b4e057-739b-4940-9b1f-08d6bdec6ec2 X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Apr 2019 19:40:48.5761 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR09MB3167 Archived-At: Subject: Re: [Sidrops] Benjamin Kaduk's No Objection on draft-ietf-sidrops-bgpsec-algs-rfc8208-bis-04: (with COMMENT) X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Apr 2019 19:40:55 -0000 SGkgQmVuamFtaW4sDQpSZWdhcmRpbmcgeW91ciBjb21tZW50cyBiZWxvdzoNCg0KKiBDb21tZW50 IHRvIDIuMi4xDQpBcmUgd2UgdHJ5aW5nIHRvIHRhbGsgYWJvdXQgYm90aD8NCg0Kb2xpdmVyOiBJ IGJlbGlldmUgc28sIHRoZSBjZXJ0aWZpY2F0ZSByZXF1ZXN0IG1hcHMgdGhlIGFsZ29yaXRobSB3 aXRoIHRoZSBPSUQgd2hlcmVhcyBjZXJ0aWZpY2F0ZXMgYW5kIEJHUHNlYyB1cGRhdGUgb25seSBy ZWZlcmVuY2UgdGhlIE9JRC4gDQogICAgICAgICAgICBNYXliZSBTZWFuIGhhcyBhIGJldHRlciBh bnN3ZXI/DQoNCiogQ29tbWVudCB0byBTZWN0aW9uIDc6DQoNCklBTkEgaGFzIHJlZ2lzdGVyZWQg YSBzaW5nbGUgYWxnb3JpdGhtIHN1aXRlDQppZGVudGlmaWVyIGZvciB0aGUgZGlnZXN0IGFsZ29y aXRobSBTSEEtMjU2IFtTSFNdIGFuZCBmb3IgdGhlDQpzaWduYXR1cmUgYWxnb3JpdGhtIEVDRFNB IG9uIHRoZSBQLTI1NiBjdXJ2ZSBbUkZDNjA5MF0gW0RTU10uDQoNCm9saXZlcjogSSBhZGRlZCAi T3JpZ2luYWxseSBmb3IgUkZDODIwOCwgIiBzbyBpdCByZWFkczoNCg0KT3JpZ2luYWxseSBmb3Ig UkZDODIwOCwgIElBTkEgaGFzIHJlZ2lzdGVyZWQgYSBzaW5nbGUgYWxnb3JpdGhtIHN1aXRlDQpp ZGVudGlmaWVyIGZvciB0aGUgZGlnZXN0IGFsZ29yaXRobSBTSEEtMjU2IFtTSFNdIGFuZCBmb3Ig dGhlDQpzaWduYXR1cmUgYWxnb3JpdGhtIEVDRFNBIG9uIHRoZSBQLTI1NiBjdXJ2ZSBbUkZDNjA5 MF0gW0RTU10uDQoNCg0KKiBDb21tZW50IHRvIEFwcGVuZGl4IEE6DQoNCm9saXZlcjogSSBhZGRl ZCB0aGUgZm9sbG93aW5nIHdvcmRpbmcgYXMgM3JkIHNlbnRlbmNlIHVuZGVyIEEuMi4gS2V5cw0K DQpOb3RlOiBFdmVuIHRob3VnaCB0aGUgY2VydGlmaWNhdGVzIGJlbG93IGFyZSBleHBpcmVkLCB0 aGV5IGFyZSBzdGlsbCB1c2VmdWwNCndpdGhpbiB0aGUgY29uc3RyYWludCBvZiB0aGlzIGV4YW1w bGUuDQoNClRoYW5rcywNCk9saXZlcg0KDQoNCg0KLS0tLS1PcmlnaW5hbCBNZXNzYWdlLS0tLS0N CkZyb206IEJlbmphbWluIEthZHVrIHZpYSBEYXRhdHJhY2tlciA8bm9yZXBseUBpZXRmLm9yZz4g DQpTZW50OiBNb25kYXksIEFwcmlsIDA4LCAyMDE5IDk6NDUgUE0NClRvOiBUaGUgSUVTRyA8aWVz Z0BpZXRmLm9yZz4NCkNjOiBkcmFmdC1pZXRmLXNpZHJvcHMtYmdwc2VjLWFsZ3MtcmZjODIwOC1i aXNAaWV0Zi5vcmc7IENocmlzIE1vcnJvdyA8bW9ycm93Y0BvcHMtbmV0bWFuLm5ldD47IHNpZHJv cHMtY2hhaXJzQGlldGYub3JnOyBtb3Jyb3djQG9wcy1uZXRtYW4ubmV0OyBzaWRyb3BzQGlldGYu b3JnDQpTdWJqZWN0OiBCZW5qYW1pbiBLYWR1aydzIE5vIE9iamVjdGlvbiBvbiBkcmFmdC1pZXRm LXNpZHJvcHMtYmdwc2VjLWFsZ3MtcmZjODIwOC1iaXMtMDQ6ICh3aXRoIENPTU1FTlQpDQpJbXBv cnRhbmNlOiBIaWdoDQoNCkJlbmphbWluIEthZHVrIGhhcyBlbnRlcmVkIHRoZSBmb2xsb3dpbmcg YmFsbG90IHBvc2l0aW9uIGZvcg0KZHJhZnQtaWV0Zi1zaWRyb3BzLWJncHNlYy1hbGdzLXJmYzgy MDgtYmlzLTA0OiBObyBPYmplY3Rpb24NCg0KV2hlbiByZXNwb25kaW5nLCBwbGVhc2Uga2VlcCB0 aGUgc3ViamVjdCBsaW5lIGludGFjdCBhbmQgcmVwbHkgdG8gYWxsIGVtYWlsIGFkZHJlc3NlcyBp bmNsdWRlZCBpbiB0aGUgVG8gYW5kIENDIGxpbmVzLiAoRmVlbCBmcmVlIHRvIGN1dCB0aGlzIGlu dHJvZHVjdG9yeSBwYXJhZ3JhcGgsIGhvd2V2ZXIuKQ0KDQoNClBsZWFzZSByZWZlciB0byBodHRw czovL2djYzAxLnNhZmVsaW5rcy5wcm90ZWN0aW9uLm91dGxvb2suY29tLz91cmw9aHR0cHMlM0El MkYlMkZ3d3cuaWV0Zi5vcmclMkZpZXNnJTJGc3RhdGVtZW50JTJGZGlzY3Vzcy1jcml0ZXJpYS5o dG1sJmFtcDtkYXRhPTAyJTdDMDElN0NvbGl2ZXIuYm9yY2hlcnQlNDBuaXN0LmdvdiU3QzBiMzhh ODAzOGRmNTQ2NzEwYjA4MDhkNmJjOGQwMWM4JTdDMmFiNWQ4MmZkOGZhNDc5N2E5M2UwNTQ2NTVj NjFkZWMlN0MxJTdDMCU3QzYzNjkwMzcxMTE0NjczNDA1MiZhbXA7c2RhdGE9OWw5THpNNTN1eENu MHZLJTJGUjVOVDR2d3FXSkltRFRIcVZSejBmemdPM2s0JTNEJmFtcDtyZXNlcnZlZD0wDQpmb3Ig bW9yZSBpbmZvcm1hdGlvbiBhYm91dCBJRVNHIERJU0NVU1MgYW5kIENPTU1FTlQgcG9zaXRpb25z Lg0KDQoNClRoZSBkb2N1bWVudCwgYWxvbmcgd2l0aCBvdGhlciBiYWxsb3QgcG9zaXRpb25zLCBj YW4gYmUgZm91bmQgaGVyZToNCmh0dHBzOi8vZ2NjMDEuc2FmZWxpbmtzLnByb3RlY3Rpb24ub3V0 bG9vay5jb20vP3VybD1odHRwcyUzQSUyRiUyRmRhdGF0cmFja2VyLmlldGYub3JnJTJGZG9jJTJG ZHJhZnQtaWV0Zi1zaWRyb3BzLWJncHNlYy1hbGdzLXJmYzgyMDgtYmlzJTJGJmFtcDtkYXRhPTAy JTdDMDElN0NvbGl2ZXIuYm9yY2hlcnQlNDBuaXN0LmdvdiU3QzBiMzhhODAzOGRmNTQ2NzEwYjA4 MDhkNmJjOGQwMWM4JTdDMmFiNWQ4MmZkOGZhNDc5N2E5M2UwNTQ2NTVjNjFkZWMlN0MxJTdDMCU3 QzYzNjkwMzcxMTE0NjczNDA1MiZhbXA7c2RhdGE9aWRPUyUyQlRtRzF1YnZSSG0xMXZRM2FsVkJV aXRYZjU5S3pLMSUyQjFVbUJxcjAlM0QmYW1wO3Jlc2VydmVkPTANCg0KDQoNCi0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0NCkNPTU1FTlQ6DQotLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQoNClNlY3Rpb24gMi4yLjENCg0KICAgSGFzaCBh bGdvcml0aG1zIGFyZSBub3QgaWRlbnRpZmllZCBieSB0aGVtc2VsdmVzIGluIGNlcnRpZmljYXRl cyBvcg0KICAgQkdQc2VjIFVQREFURSBtZXNzYWdlcy4gIFRoZXkgYXJlIHJlcHJlc2VudGVkIGJ5 IGFuIE9JRCB0aGF0IGNvbWJpbmVzDQogICB0aGUgaGFzaCBhbGdvcml0aG0gd2l0aCB0aGUgZGln aXRhbCBzaWduYXR1cmUgYWxnb3JpdGhtIGFzIGZvbGxvd3M6DQoNCiAgIG8gIFRoZSBlY2RzYS13 aXRoLVNIQTI1NiBPSUQgW1JGQzU0ODBdIE1VU1QgYXBwZWFyIGluIHRoZSBQdWJsaWMtS2V5DQog ICAgICBDcnlwdG9ncmFwaHkgU3RhbmRhcmRzICMxMCAoUEtDUyAjMTApIHNpZ25hdHVyZUFsZ29y aXRobSBmaWVsZA0KICAgICAgW1JGQzI5ODZdIG9yIGluIHRoZSBDZXJ0aWZpY2F0ZSBSZXF1ZXN0 IE1lc3NhZ2UgRm9ybWF0IChDUk1GKQ0KICAgICAgUE9QT1NpZ25pbmdLZXkgYWxnb3JpdGhtIGZp ZWxkIFtSRkM0MjExXTsgd2hlcmUgdGhlIE9JRCBpcyBwbGFjZWQNCiAgICAgIGRlcGVuZHMgb24g dGhlIGNlcnRpZmljYXRlIHJlcXVlc3QgZm9ybWF0IGdlbmVyYXRlZC4NCg0KVGhlIGZpcnN0IHBh cmFncmFwaCB0YWxrcyBvZiAiY2VydGlmaWNhdGVzIiBidXQgdGhpcyBsYXN0IHNlbnRlbmNlIHRh bGtzIGFib3V0ICJjZXJ0aWZpY2F0ZSByZXF1ZXN0InMuICBBcmUgd2UgdHJ5aW5nIHRvIHRhbGsg YWJvdXQgYm90aD8NCg0KU2VjdGlvbiA3DQoNClRoZSBJQU5BIGNvbnNpZGVyYXRpb25zIGFyZSBw ZXJoYXBzIG5vdCBhcyBhY2N1cmF0ZSBhcyB0aGV5IGNvdWxkIGJlLg0KRm9yIGV4YW1wbGUsIHdl IGNvdWxkIHNheSB0aGF0IHRoZSBCR1BzZWMgQWxnb3JpdGhtIFN1aXRlIFJlZ2lzdHJ5IHdhcyBv cmlnaW5hbGx5IGNyZWF0ZWQgYnkgUkZDIDgyMDggYW5kIGhhcyBiZWVuIHVwZGF0ZWQgdG8gcmVm ZXIgdG8gdGhpcyBkb2N1bWVudCwgYW5kIHNpbWlsYXJseSBmb3IgdGhlIFAyNTYtU0hBMjU2IGNv ZGVwb2ludC4NCihKdXN0IG1vdmluZyB0aGUgcmVmZXJlbmNlcyBvdmVyIHdvdWxkIHNlZW0gdG8g YmUgZXZlbiBtb3JlIGFwcHJvcHJpYXRlIGlmIHRoaXMgZG9jdW1lbnQgd2VyZSBmdWxseSBPYnNv bGV0aW5nIDgyMDguKQ0KDQpBcHBlbmRpeCBBDQoNCkRvIHdlIHdhbnQgdG8gbm90ZSB0aGF0IHRo ZSBjZXJ0aWZpY2F0ZXMgYXJlIGV4cGlyZWQgYnV0IHRoZSBleGFtcGxlcyBhcmUgc3RpbGwgdXNl ZnVsIHdpdGhpbiB0aGF0IGNvbnN0cmFpbnQ/ICAoVGhleSB3ZXJlIHZhbGlkIGF0IHRoZSB0aW1l IFJGQyA4MjA4IHdhcyBwdWJsaXNoZWQgYnV0IGl0IHNlZW1zIGltcHJ1ZGVudCB0byB0cnkgdG8g YXNzdW1lIHRoYXQgdGhlIGV4YW1wbGVzIHdvdWxkIGFsd2F5cyBiZSB2YWxpZCwgd2hlbiB3cml0 aW5nIGEgZG9jdW1lbnQgc3VjaCBhcyB0aGlzLikNCg0KDQo= From nobody Wed Apr 10 14:28:03 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6BCEC1203BC for ; Wed, 10 Apr 2019 14:27:55 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IfFUpWPoX4vR for ; Wed, 10 Apr 2019 14:27:54 -0700 (PDT) Received: from mail-qk1-x72b.google.com (mail-qk1-x72b.google.com [IPv6:2607:f8b0:4864:20::72b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 624EB120341 for ; Wed, 10 Apr 2019 14:27:52 -0700 (PDT) Received: by mail-qk1-x72b.google.com with SMTP id g1so2201603qki.5 for ; Wed, 10 Apr 2019 14:27:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=cmES8x7WsXx3dSU8Sol37mzHvYTRitRfC7/GfgOoJLI=; b=jKhOuKMCz2LH39McVPNfkjZBEyWy6ufSoM7Io6J2PtGX4t4mJeGnkahpAZ+OGcDaNd 3ZdcrRoZtkTcm//ZDHn0GnyIarYgytNm8jxIC5fTOaD00nneTdCXruXFFzPkxakH8Igm 4iSCLndXrxbN1WH0IEkQ15TzrG7OjpBfQlPkY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=cmES8x7WsXx3dSU8Sol37mzHvYTRitRfC7/GfgOoJLI=; b=o6hdq92QiT3WstUzlESZiIAcqn/kzygaaCJCAHQhBgZUTxHlnnHM+OAyJUtIjqvLB+ x+6QzdSy0vq7ktNBAoIujwb2+K1RxAW6wGKfOFuaAvC0EoPkSodxTayOUGUcynSojy4X O0bIaU8eTxOGs/qwyoszruqCZobUZsaaGmrNZzazxdN7vOioD2zEa5U22QjjZKEASsv/ rmCFyhTBLb1SoqhYc4g6S7s+3MpkoYizH9GFR9JuKuFrKWNk9KQvXeF11noj5NmyuM/s /pBtUVSlb8QZo69urSgw1xeukqMy61CLk7M+uN2mkhAs6LZR4z3d1OtPItGqGpnnkLPu 3gPQ== X-Gm-Message-State: APjAAAUpPnQzOuyW9ApJlQj/CBX6YmpKJINU7zjCCUoJ2toi0kKZWs2t c91b96PVkNRiTsrwRm1qUCNxww== X-Google-Smtp-Source: APXvYqw8MxoouyLTKW0YLDtJyWhIIi4y8k68L5c4EFwqU2oQL1ZABW76dJUaDRGqlX8fB9g1ak3bNQ== X-Received: by 2002:ae9:ed4c:: with SMTP id c73mr35940852qkg.192.1554931671529; Wed, 10 Apr 2019 14:27:51 -0700 (PDT) Received: from sn3rd.lan ([75.102.131.36]) by smtp.gmail.com with ESMTPSA id g5sm20216965qke.71.2019.04.10.14.27.50 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 10 Apr 2019 14:27:50 -0700 (PDT) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.8\)) From: Sean Turner In-Reply-To: Date: Wed, 10 Apr 2019 17:27:50 -0400 Cc: Alexey Melnikov , The IESG , Chris Morrow , SIDROps Chairs , SIDR Operations WG , draft-ietf-sidrops-bgpsec-algs-rfc8208-bis@ietf.org Content-Transfer-Encoding: quoted-printable Message-Id: <7433410F-E7A3-47B8-87F1-C170C30CE4E5@sn3rd.com> References: <155491848705.8904.6102999785203393745.idtracker@ietfa.amsl.com> To: Warren Kumari X-Mailer: Apple Mail (2.3445.104.8) Archived-At: Subject: Re: [Sidrops] Alexey Melnikov's Discuss on draft-ietf-sidrops-bgpsec-algs-rfc8208-bis-04: (with DISCUSS) X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Apr 2019 21:27:55 -0000 > On Apr 10, 2019, at 14:48, Warren Kumari wrote: >=20 >=20 >=20 > On Wed, Apr 10, 2019 at 1:48 PM Alexey Melnikov via Datatracker = wrote: > ---------------------------------------------------------------------- > DISCUSS: > ---------------------------------------------------------------------- >=20 > This is a fine document and sorry for nit-picking, but why is this = document > "Updates: 8208" instead of "Obsolete: 8208"? >=20 >=20 > Thanks an excellent question -- I suspect that the answer is simply = "Whoops, that was a mistake" -- is that correct? > W Nope this draft is an updates because it=E2=80=99s just adding some = things to 8208 not replacing it entirely. spt From nobody Wed Apr 10 14:30:44 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5E9EC12033F; Wed, 10 Apr 2019 14:30:37 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.6 X-Spam-Level: X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PJzJUNRxcYLS; Wed, 10 Apr 2019 14:30:35 -0700 (PDT) Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 757001201E7; Wed, 10 Apr 2019 14:30:35 -0700 (PDT) Received: from kduck.mit.edu (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id x3ALURUf032473 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 10 Apr 2019 17:30:29 -0400 Date: Wed, 10 Apr 2019 16:30:26 -0500 From: Benjamin Kaduk To: Sean Turner Cc: Warren Kumari , SIDROps Chairs , draft-ietf-sidrops-bgpsec-algs-rfc8208-bis@ietf.org, Alexey Melnikov , SIDR Operations WG , Chris Morrow , The IESG Message-ID: <20190410213026.GH18549@kduck.mit.edu> References: <155491848705.8904.6102999785203393745.idtracker@ietfa.amsl.com> <7433410F-E7A3-47B8-87F1-C170C30CE4E5@sn3rd.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <7433410F-E7A3-47B8-87F1-C170C30CE4E5@sn3rd.com> User-Agent: Mutt/1.10.1 (2018-07-13) Archived-At: Subject: Re: [Sidrops] Alexey Melnikov's Discuss on draft-ietf-sidrops-bgpsec-algs-rfc8208-bis-04: (with DISCUSS) X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Apr 2019 21:30:38 -0000 On Wed, Apr 10, 2019 at 05:27:50PM -0400, Sean Turner wrote: > > > > On Apr 10, 2019, at 14:48, Warren Kumari wrote: > > > > > > > > On Wed, Apr 10, 2019 at 1:48 PM Alexey Melnikov via Datatracker wrote: > > ---------------------------------------------------------------------- > > DISCUSS: > > ---------------------------------------------------------------------- > > > > This is a fine document and sorry for nit-picking, but why is this document > > "Updates: 8208" instead of "Obsolete: 8208"? > > > > > > Thanks an excellent question -- I suspect that the answer is simply "Whoops, that was a mistake" -- is that correct? > > W > > Nope this draft is an updates because it’s just adding some things to 8208 not replacing it entirely. Er, what is left in 8208 that's not being replaced? The diff seems pretty indicative that all the content is present in the new doc, to me. -Ben From nobody Wed Apr 10 14:32:27 2019 Return-Path: X-Original-To: sidrops@ietf.org Delivered-To: sidrops@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 903E71203EB; Wed, 10 Apr 2019 14:32:25 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit From: Adam Roach via Datatracker To: "The IESG" Cc: draft-ietf-sidrops-bgpsec-algs-rfc8208-bis@ietf.org, Chris Morrow , sidrops-chairs@ietf.org, morrowc@ops-netman.net, sidrops@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.95.0 Auto-Submitted: auto-generated Precedence: bulk Reply-To: Adam Roach Message-ID: <155493194558.22757.15388423154564497249.idtracker@ietfa.amsl.com> Date: Wed, 10 Apr 2019 14:32:25 -0700 Archived-At: Subject: [Sidrops] Adam Roach's Discuss on draft-ietf-sidrops-bgpsec-algs-rfc8208-bis-04: (with DISCUSS and COMMENT) X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Apr 2019 21:32:26 -0000 Adam Roach has entered the following ballot position for draft-ietf-sidrops-bgpsec-algs-rfc8208-bis-04: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-sidrops-bgpsec-algs-rfc8208-bis/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- Thanks to everyone who worked on this document. This issue should be trivial to fix, but it's still a blocker. §2.1: > Special-Use algorithm IDs span from 0xFA (250) to 0xFE (254). §7: > In addition IANA is asked to register the following address space for > "Special-Use": > > Algorithm Digest Signature Specification > Suite Algorithm Algorithm Pointer > Identifier > +------------+---------------+--------------+-----------------------+ > | 0xFB-0xFE | Special-Use | Special-Use | This Document | > +------------+---------------+--------------+-----------------------+ The ranges here do not match ([0xFA-0xFE] != [0xFB-0xFE]). Presuming that the text in Section 2.1 is what was intended, this issue impacts all of the tables in section 7. ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- I agree with Alexey's discuss. --------------------------------------------------------------------------- §7: > To be modified to: > > Algorithm Digest Signature Specification > Suite Algorithm Algorithm Pointer > Identifier > +------------+---------------+--------------+-----------------------+ > | 0x2-0xFA | Unassigned | Unassigned | | > +------------+---------------+--------------+-----------------------+ Nit: The prose has been updated to use "0x02" rather than "0x2". It would be nice if the IANA section matched this update. From nobody Wed Apr 10 14:33:15 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 651F612042E for ; Wed, 10 Apr 2019 14:33:09 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MzHI69smd4HI for ; Wed, 10 Apr 2019 14:33:08 -0700 (PDT) Received: from mail-qk1-x732.google.com (mail-qk1-x732.google.com [IPv6:2607:f8b0:4864:20::732]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E24BE120430 for ; Wed, 10 Apr 2019 14:33:04 -0700 (PDT) Received: by mail-qk1-x732.google.com with SMTP id a71so2218492qkg.2 for ; Wed, 10 Apr 2019 14:33:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=THb4+hI7FEzkzxTfgwHzE9jUr6M6aMGuNqNfa7Ks2Eo=; b=monw8sDConGAhsvaKOc2ozZEteKz9MUj4TVOXY+J2J+agOgbJe8PAe53ZWOL+E5x0S TaBWIugzyjLWo/WWTOXS9mRzG2jQouT/q9HoeD4nAIqu29miKHLX9Tm5RmyX114G+ypw JPN/u1cNFz0LiKr86qe2075cxDvJQVU819MBw= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=THb4+hI7FEzkzxTfgwHzE9jUr6M6aMGuNqNfa7Ks2Eo=; b=Ov1+syuYq1sJkIypn3QN1ena08ayDHSpvfusvCr+vWHt158Mc0HRdWiaOtF6fmlvnb M3VgFpeIChE2HJc/e0D6E9YpAEcA9dv6dG0e1usNEqLpylw/PElCd4JZtOkXT5xy53Zt J7uy9tzQf9jRHc4wURtw4PaUsV8TKJeGMhPuMNXihtGGaws4U3vUDRw/aHUW3u4JSoQn oms+MD8EPazVMx1XWE8jj/l0yeXW5ZMtsjrWJ7ihkUV68dIBRPWf5fGlfzp/HtUmz1zR GE9XxMbgaKC5bjbtbaUbJD2+ZCwSDAa+B1mNkbJGmBwfgIh4Ew9YZU+yFKxOXHmLavfN gpVQ== X-Gm-Message-State: APjAAAVSd7cgtvBFjBDmrr/cc/L8B270bKXG+aYLmaSpEtFa9mFtnh0O w3XIbyhBmgxwIdAAsXDrSGoqzw== X-Google-Smtp-Source: APXvYqxks99MaADkMBtxgkOys4r+7f21/HW9QxwURmdkdZBCzE3oi+WyMJthDBrpcfIvL+JlKpQvtQ== X-Received: by 2002:a37:9e8a:: with SMTP id h132mr34590579qke.74.1554931983990; Wed, 10 Apr 2019 14:33:03 -0700 (PDT) Received: from sn3rd.lan ([75.102.131.36]) by smtp.gmail.com with ESMTPSA id c9sm21269685qkb.86.2019.04.10.14.33.02 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 10 Apr 2019 14:33:03 -0700 (PDT) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.8\)) From: Sean Turner In-Reply-To: <20190410213026.GH18549@kduck.mit.edu> Date: Wed, 10 Apr 2019 17:33:02 -0400 Cc: Warren Kumari , SIDROps Chairs , draft-ietf-sidrops-bgpsec-algs-rfc8208-bis@ietf.org, Alexey Melnikov , SIDR Operations WG , Chris Morrow , The IESG Content-Transfer-Encoding: quoted-printable Message-Id: <7F8F49E4-4EC2-4196-8AF2-8EBCC4F61C4E@sn3rd.com> References: <155491848705.8904.6102999785203393745.idtracker@ietfa.amsl.com> <7433410F-E7A3-47B8-87F1-C170C30CE4E5@sn3rd.com> <20190410213026.GH18549@kduck.mit.edu> To: Benjamin Kaduk X-Mailer: Apple Mail (2.3445.104.8) Archived-At: Subject: Re: [Sidrops] Alexey Melnikov's Discuss on draft-ietf-sidrops-bgpsec-algs-rfc8208-bis-04: (with DISCUSS) X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Apr 2019 21:33:10 -0000 > On Apr 10, 2019, at 17:30, Benjamin Kaduk wrote: >=20 > On Wed, Apr 10, 2019 at 05:27:50PM -0400, Sean Turner wrote: >>=20 >>=20 >>> On Apr 10, 2019, at 14:48, Warren Kumari wrote: >>>=20 >>>=20 >>>=20 >>> On Wed, Apr 10, 2019 at 1:48 PM Alexey Melnikov via Datatracker = wrote: >>> = ---------------------------------------------------------------------- >>> DISCUSS: >>> = ---------------------------------------------------------------------- >>>=20 >>> This is a fine document and sorry for nit-picking, but why is this = document >>> "Updates: 8208" instead of "Obsolete: 8208"? >>>=20 >>>=20 >>> Thanks an excellent question -- I suspect that the answer is simply = "Whoops, that was a mistake" -- is that correct? >>> W >>=20 >> Nope this draft is an updates because it=E2=80=99s just adding some = things to 8208 not replacing it entirely. >=20 > Er, what is left in 8208 that's not being replaced? > The diff seems pretty indicative that all the content is present in = the new > doc, to me. I have always thought ot this an updates. I am also willing to change = it to be an obsoletes. spt= From nobody Thu Apr 11 04:47:37 2019 Return-Path: X-Original-To: sidrops@ietf.org Delivered-To: sidrops@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 5557D120048; Thu, 11 Apr 2019 04:47:27 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: Martin Vigoureux via Datatracker To: "The IESG" Cc: draft-ietf-sidrops-bgpsec-algs-rfc8208-bis@ietf.org, Chris Morrow , sidrops-chairs@ietf.org, morrowc@ops-netman.net, sidrops@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.95.0 Auto-Submitted: auto-generated Precedence: bulk Reply-To: Martin Vigoureux Message-ID: <155498324734.12798.5045139622000753027.idtracker@ietfa.amsl.com> Date: Thu, 11 Apr 2019 04:47:27 -0700 Archived-At: Subject: [Sidrops] Martin Vigoureux's No Objection on draft-ietf-sidrops-bgpsec-algs-rfc8208-bis-04: (with COMMENT) X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Apr 2019 11:47:28 -0000 Martin Vigoureux has entered the following ballot position for draft-ietf-sidrops-bgpsec-algs-rfc8208-bis-04: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-sidrops-bgpsec-algs-rfc8208-bis/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Hi if this obsoletes 8208 then the iana registry looks fine. If it is an update I see no reason to change the reference from 8208 to This Document for the identifiers 8208 had defined. -m From nobody Thu Apr 11 04:52:55 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0AD0A1201B1 for ; Thu, 11 Apr 2019 04:52:46 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1li4DROKW7ID for ; Thu, 11 Apr 2019 04:52:44 -0700 (PDT) Received: from mail-qt1-x835.google.com (mail-qt1-x835.google.com [IPv6:2607:f8b0:4864:20::835]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DF827120099 for ; Thu, 11 Apr 2019 04:52:43 -0700 (PDT) Received: by mail-qt1-x835.google.com with SMTP id v20so6606530qtv.12 for ; Thu, 11 Apr 2019 04:52:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=IiaUZSugxvsfGmOL+qZcueGr1f7sw3mwJf8PVxyElbw=; b=N/eJzXuRFEY7CnRjhMS2PjHO0Zy0XqpkDfeMKqhSA063mHHN0AXjVIUhmylr3x3OxB rqA7GGqKLMlEuUto37c+ftRzwzLJtBMkBnDIg1u3DMmeHjvjMBj4GGL4+A9O3//vKE04 RTd7G/LnLGe3T0A9tUGp25OxLBCyifB454tRk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=IiaUZSugxvsfGmOL+qZcueGr1f7sw3mwJf8PVxyElbw=; b=cG9lfhvR0q5yWfVwrC6rSJMBiS4vuT1a5V9RKTKPA4SuoND6MZjnF0fCfbCY536Eb1 w1CfjcpmONRWC22ZkGYsV7P6qF+NjHWxHRTiE2i8kfxbiidkMFYZmhIP2J/y3Z8TERgj 1TziOhQ6rCew01vR0QcNFCENAHxhMInry0bizZnb5uWXVj5o9QPtrIjc0frffJGaadUx +9iSPnZIZ9lHcMPmtYp+El1dlBa7e8jnvt3BREd7KKYmUDH5nmSihl4l9WzvtfOebsTN 2f/yAA7mTN3aovVOHBZ2IPGbun67txwptyk/EwDpk+l1zrNAwXN7v3zXF4d/SVUxh86z I5sw== X-Gm-Message-State: APjAAAX66vl2sCC0z2oRM/BZ7z7uL7hSb9z4A6Xk22j9LUvgj2MfQXFg 5DTfz0qrtBtwS+E3xXMncoLxCA== X-Google-Smtp-Source: APXvYqwDDImhU7ne3+Nxb59WrX/cCMdLgo3INF5gsB67ktalhh9EydlkCF85/ByQ/nNFgmIxWcTC7Q== X-Received: by 2002:ac8:2734:: with SMTP id g49mr40593422qtg.228.1554983563068; Thu, 11 Apr 2019 04:52:43 -0700 (PDT) Received: from sn3rd.lan ([75.102.131.36]) by smtp.gmail.com with ESMTPSA id h24sm27458252qte.50.2019.04.11.04.52.41 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 11 Apr 2019 04:52:42 -0700 (PDT) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.8\)) From: Sean Turner In-Reply-To: <554dd3b6-4e1b-4582-8411-cf98425b1d21@www.fastmail.com> Date: Thu, 11 Apr 2019 07:52:40 -0400 Cc: Benjamin Kaduk , Warren Kumari , SIDROps Chairs , draft-ietf-sidrops-bgpsec-algs-rfc8208-bis@ietf.org, SIDR Operations WG , Chris Morrow , The IESG Content-Transfer-Encoding: quoted-printable Message-Id: References: <155491848705.8904.6102999785203393745.idtracker@ietfa.amsl.com> <7433410F-E7A3-47B8-87F1-C170C30CE4E5@sn3rd.com> <20190410213026.GH18549@kduck.mit.edu> <554dd3b6-4e1b-4582-8411-cf98425b1d21@www.fastmail.com> To: Alexey Melnikov X-Mailer: Apple Mail (2.3445.104.8) Archived-At: Subject: Re: [Sidrops] Alexey Melnikov's Discuss on draft-ietf-sidrops-bgpsec-algs-rfc8208-bis-04: (with DISCUSS) X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Apr 2019 11:52:46 -0000 > On Apr 11, 2019, at 06:00, Alexey Melnikov = wrote: >=20 > On Wed, Apr 10, 2019, at 10:30 PM, Benjamin Kaduk wrote: >> On Wed, Apr 10, 2019 at 05:27:50PM -0400, Sean Turner wrote: >>>=20 >>>=20 >>>> On Apr 10, 2019, at 14:48, Warren Kumari wrote: >>>>=20 >>>>=20 >>>>=20 >>>> On Wed, Apr 10, 2019 at 1:48 PM Alexey Melnikov via Datatracker = wrote: >>>> = ---------------------------------------------------------------------- >>>> DISCUSS: >>>> = ---------------------------------------------------------------------- >>>>=20 >>>> This is a fine document and sorry for nit-picking, but why is this = document >>>> "Updates: 8208" instead of "Obsolete: 8208"? >>>>=20 >>>>=20 >>>> Thanks an excellent question -- I suspect that the answer is simply = "Whoops, that was a mistake" -- is that correct? >>>> W >>>=20 >>> Nope this draft is an updates because it=E2=80=99s just adding some = things to 8208 not replacing it entirely. >>=20 >> Er, what is left in 8208 that's not being replaced? >> The diff seems pretty indicative that all the content is present in = the new >> doc, to me. >=20 > Exactly. This document doesn't just update the IANA registration = process, it incorporates the whole RFC 8208 content. After it is = published as an RFC, there would never be any need for people to read = RFC 8208. This means it is obsolete relationship. No argument whatsoever from me about whether this is an = obsoletes/updates. am looking forward to the finalized IESG statement = on updates vs obsoletes ;). spt= From nobody Thu Apr 11 05:48:56 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DCDB712017B; Thu, 11 Apr 2019 05:48:41 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.7 X-Spam-Level: X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cooperw.in header.b=gRt84NX1; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=Fm22B+VB Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AsS8vds4Vffm; Thu, 11 Apr 2019 05:48:40 -0700 (PDT) Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EA7171200D8; Thu, 11 Apr 2019 05:48:36 -0700 (PDT) Received: from compute7.internal (compute7.nyi.internal [10.202.2.47]) by mailout.nyi.internal (Postfix) with ESMTP id 3106B26F32; Thu, 11 Apr 2019 08:48:36 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute7.internal (MEProxy); Thu, 11 Apr 2019 08:48:36 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cooperw.in; h= content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; s=fm2; bh=3 XMXakMsv5vDMtTSJow1sZOWsrxq22DScwOYIhMYjig=; b=gRt84NX1qLRqUpPIU 3RsebW54H5Fl0KtaIdQAbvXHDaH9qJmQC3Y8ReMRj19GSlEO2pevKTrPB0vnNAuF T1Z6l8p8Q5S5QRV9uNB2wbrr4E6YPyGYL5WgXX1fdYRrlgWO4STlnmGdW33DwFpo xbT6rd2RMVtkb13Vf7zJQzaXB70og2TjuuuajCXqKyfQc6tEbAOKA08eoqxpOP19 T+oQsEZuFxTU7zi0fekBbKfcvHfeNnthM6hLM9u6yRz/md2jpLhYBVJP1Z3A5GRG SA7JdJWM969G5r5Xq5/ipM5hmfK9mehXSivx6bL3iXr93KEeovZaEV8Ue/l7NwbA XYeuA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm2; bh=3XMXakMsv5vDMtTSJow1sZOWsrxq22DScwOYIhMYj ig=; b=Fm22B+VB5gLgc8Ig6m939e4dLBUYirngEYpLP1gSs0sIUYfjHk4K9+Zxc yJdC1o1pIfrSs4QVVjV9nIeLbK40F1BBhQv+FV8KfvGrju00UKqcXCQBlqkJcBT5 iqbTCv3gJGcUyXvaCHSBU29avPDj3nwhetG9EUQrq/Bih2COq4tqRFj34dxd/L0H ou1ln8mRZXo9CFRJGUuDBgZLIM+1tu17HOe37mvZbBj8+HG7wRAHQD1l0BVZlrap XaHRELG5XrhIETfrEy42/zYcmyftW0F5bBdKEOl9FwWOyYIcootKLtRt2x7TqN9B 3UmYWGxWl8d2pApoU2rhk9opVhtFA== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduuddrudelgdehjecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurheptggguffhjgffgffkfhfvofesthhqmh dthhdtvdenucfhrhhomheptehlihhsshgrucevohhophgvrhcuoegrlhhishhsrgestgho ohhpvghrfidrihhnqeenucffohhmrghinhepihgvthhfrdhorhhgnecukfhppedujeefrd efkedruddujedrkeejnecurfgrrhgrmhepmhgrihhlfhhrohhmpegrlhhishhsrgestgho ohhpvghrfidrihhnnecuvehluhhsthgvrhfuihiivgeptd X-ME-Proxy: Received: from rtp-alcoop-nitro5.cisco.com (unknown [173.38.117.87]) by mail.messagingengine.com (Postfix) with ESMTPA id 7C804E4173; Thu, 11 Apr 2019 08:48:35 -0400 (EDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\)) From: Alissa Cooper In-Reply-To: <155249156086.27887.17276454493405406028@ietfa.amsl.com> Date: Thu, 11 Apr 2019 08:48:33 -0400 Cc: General Area Review Team , sidrops@ietf.org, ietf@ietf.org, draft-ietf-sidrops-bgpsec-algs-rfc8208-bis.all@ietf.org Content-Transfer-Encoding: quoted-printable Message-Id: <4FBAA132-F213-4A44-A148-BBBC4D1CAEE2@cooperw.in> References: <155249156086.27887.17276454493405406028@ietfa.amsl.com> To: Francesca Palombini via Datatracker X-Mailer: Apple Mail (2.3445.9.1) Archived-At: Subject: Re: [Sidrops] [Gen-art] Genart last call review of draft-ietf-sidrops-bgpsec-algs-rfc8208-bis-04 X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Apr 2019 12:48:42 -0000 Francesca, thanks for your review. I entered a No Objection ballot. Alissa > On Mar 13, 2019, at 11:39 AM, Francesca Palombini via Datatracker = wrote: >=20 > Reviewer: Francesca Palombini > Review result: Ready >=20 > I am the assigned Gen-ART reviewer for this draft. The General Area > Review Team (Gen-ART) reviews all IETF documents being processed > by the IESG for the IETF Chair. Please treat these comments just > like any other last call comments. >=20 > For more information, please see the FAQ at >=20 > . >=20 > Document: draft-ietf-sidrops-bgpsec-algs-rfc8208-bis-04 > Reviewer: Francesca Palombini > Review Date: 2019-03-13 > IETF LC End Date: 2019-03-18 > IESG Telechat date: Not scheduled for a telechat >=20 > Summary: This draft is ready for publication as a Proposed Standard = RFC. >=20 > Major issues: -- >=20 > Minor issues: -- >=20 > Nits/editorial comments: -- >=20 >=20 > _______________________________________________ > Gen-art mailing list > Gen-art@ietf.org > https://www.ietf.org/mailman/listinfo/gen-art From nobody Thu Apr 11 12:32:15 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 42FAF120682; Thu, 11 Apr 2019 12:32:13 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.6 X-Spam-Level: X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5YiJwHASYlti; Thu, 11 Apr 2019 12:32:10 -0700 (PDT) Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 717A0120677; Thu, 11 Apr 2019 12:32:10 -0700 (PDT) Received: from kduck.mit.edu (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id x3BJW2gV000644 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 11 Apr 2019 15:32:04 -0400 Date: Thu, 11 Apr 2019 14:32:02 -0500 From: Benjamin Kaduk To: "Borchert, Oliver (Fed)" Cc: The IESG , "draft-ietf-sidrops-bgpsec-algs-rfc8208-bis@ietf.org" , Chris Morrow , "sidrops-chairs@ietf.org" , "sidrops@ietf.org" Message-ID: <20190411193202.GT18549@kduck.mit.edu> References: <155477430291.30201.17132123731441062502.idtracker@ietfa.amsl.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.10.1 (2018-07-13) Archived-At: Subject: Re: [Sidrops] Benjamin Kaduk's No Objection on draft-ietf-sidrops-bgpsec-algs-rfc8208-bis-04: (with COMMENT) X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Apr 2019 19:32:13 -0000 On Wed, Apr 10, 2019 at 07:40:48PM +0000, Borchert, Oliver (Fed) wrote: > Hi Benjamin, > Regarding your comments below: > > * Comment to 2.2.1 > Are we trying to talk about both? > > oliver: I believe so, the certificate request maps the algorithm with the OID whereas certificates and BGPsec update only reference the OID. > Maybe Sean has a better answer? Okay. Maybe we want to say "certificates or certificate request" (or similar) in a couple places, but let's see what Sean says. > * Comment to Section 7: > > IANA has registered a single algorithm suite > identifier for the digest algorithm SHA-256 [SHS] and for the > signature algorithm ECDSA on the P-256 curve [RFC6090] [DSS]. > > oliver: I added "Originally for RFC8208, " so it reads: > > Originally for RFC8208, IANA has registered a single algorithm suite > identifier for the digest algorithm SHA-256 [SHS] and for the > signature algorithm ECDSA on the P-256 curve [RFC6090] [DSS]. I'd suggest something like: [RFC8208] directed IANA to register a single algorithm suite identifier for the digest algorithm SHA-256 [SHS] and for the signature algorithm ECDSA on the P-256 curve [RFC6090] [DSS]. This identifier is still valid, and IANA has updated its registration to refer to this document. But this is a non-blocking-comment, so do what you think is best. > > * Comment to Appendix A: > > oliver: I added the following wording as 3rd sentence under A.2. Keys > > Note: Even though the certificates below are expired, they are still useful > within the constraint of this example. Thanks! -Ben > Thanks, > Oliver > > > > -----Original Message----- > From: Benjamin Kaduk via Datatracker > Sent: Monday, April 08, 2019 9:45 PM > To: The IESG > Cc: draft-ietf-sidrops-bgpsec-algs-rfc8208-bis@ietf.org; Chris Morrow ; sidrops-chairs@ietf.org; morrowc@ops-netman.net; sidrops@ietf.org > Subject: Benjamin Kaduk's No Objection on draft-ietf-sidrops-bgpsec-algs-rfc8208-bis-04: (with COMMENT) > Importance: High > > Benjamin Kaduk has entered the following ballot position for > draft-ietf-sidrops-bgpsec-algs-rfc8208-bis-04: No Objection > > When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) > > > Please refer to https://gcc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fiesg%2Fstatement%2Fdiscuss-criteria.html&data=02%7C01%7Coliver.borchert%40nist.gov%7C0b38a8038df546710b0808d6bc8d01c8%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C636903711146734052&sdata=9l9LzM53uxCn0vK%2FR5NT4vwqWJImDTHqVRz0fzgO3k4%3D&reserved=0 > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://gcc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-ietf-sidrops-bgpsec-algs-rfc8208-bis%2F&data=02%7C01%7Coliver.borchert%40nist.gov%7C0b38a8038df546710b0808d6bc8d01c8%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C636903711146734052&sdata=idOS%2BTmG1ubvRHm11vQ3alVBUitXf59KzK1%2B1UmBqr0%3D&reserved=0 > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > Section 2.2.1 > > Hash algorithms are not identified by themselves in certificates or > BGPsec UPDATE messages. They are represented by an OID that combines > the hash algorithm with the digital signature algorithm as follows: > > o The ecdsa-with-SHA256 OID [RFC5480] MUST appear in the Public-Key > Cryptography Standards #10 (PKCS #10) signatureAlgorithm field > [RFC2986] or in the Certificate Request Message Format (CRMF) > POPOSigningKey algorithm field [RFC4211]; where the OID is placed > depends on the certificate request format generated. > > The first paragraph talks of "certificates" but this last sentence talks about "certificate request"s. Are we trying to talk about both? > > Section 7 > > The IANA considerations are perhaps not as accurate as they could be. > For example, we could say that the BGPsec Algorithm Suite Registry was originally created by RFC 8208 and has been updated to refer to this document, and similarly for the P256-SHA256 codepoint. > (Just moving the references over would seem to be even more appropriate if this document were fully Obsoleting 8208.) > > Appendix A > > Do we want to note that the certificates are expired but the examples are still useful within that constraint? (They were valid at the time RFC 8208 was published but it seems imprudent to try to assume that the examples would always be valid, when writing a document such as this.) > > From nobody Thu Apr 11 13:42:48 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 666D0120310; Thu, 11 Apr 2019 13:42:46 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nist.gov Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Rd3gXOM1s4K0; Thu, 11 Apr 2019 13:42:44 -0700 (PDT) Received: from GCC01-CY1-obe.outbound.protection.outlook.com (mail-eopbgr830131.outbound.protection.outlook.com [40.107.83.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D5375120174; Thu, 11 Apr 2019 13:42:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nist.gov; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=kjpmrmGxfqhVqJP7PJNMsIGEqcnJW26yt5aRM9AlvXw=; b=VnCbYNE+SCNHExSjQV++u84r+rP2AZ6sa+NHM+R7m/k4sphLqMutCDmc2jCzM3SJV/SlaorUZOGaGyYj2T29FdY+ssfXh2y7cB2HyI0ITj9D6XjRUyBYNjwEZWwGzwW5XVAi05Dtt3GRDOnPgLqF99ElHEnOjqVB1kFAQsocf0U= Received: from SN6PR09MB3167.namprd09.prod.outlook.com (20.177.250.204) by SN6PR09MB3166.namprd09.prod.outlook.com (20.177.250.203) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1792.14; Thu, 11 Apr 2019 20:42:42 +0000 Received: from SN6PR09MB3167.namprd09.prod.outlook.com ([fe80::694c:8a72:b9a7:5832]) by SN6PR09MB3167.namprd09.prod.outlook.com ([fe80::694c:8a72:b9a7:5832%2]) with mapi id 15.20.1771.021; Thu, 11 Apr 2019 20:42:42 +0000 From: "Borchert, Oliver (Fed)" To: Benjamin Kaduk CC: The IESG , "draft-ietf-sidrops-bgpsec-algs-rfc8208-bis@ietf.org" , Chris Morrow , "sidrops-chairs@ietf.org" , "sidrops@ietf.org" Thread-Topic: Benjamin Kaduk's No Objection on draft-ietf-sidrops-bgpsec-algs-rfc8208-bis-04: (with COMMENT) Thread-Index: AQHU7nXgQI4Urnu4Ok+oIXvgvm0Y7qY1xJMAgAGY+gD//9CvgA== Date: Thu, 11 Apr 2019 20:42:41 +0000 Message-ID: <51ECF11B-5A4D-4EA3-9E79-2B01FA2F08A5@nist.gov> References: <155477430291.30201.17132123731441062502.idtracker@ietfa.amsl.com> <20190411193202.GT18549@kduck.mit.edu> In-Reply-To: <20190411193202.GT18549@kduck.mit.edu> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/10.17.1.190326 authentication-results: spf=none (sender IP is ) smtp.mailfrom=oliver.borchert@nist.gov; x-originating-ip: [2610:20:6222:140:60e8:7040:b5a2:4046] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 668eefef-2fb5-4ac6-9efe-08d6bebe3e86 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600139)(711020)(4605104)(4618075)(2017052603328)(7193020); SRVR:SN6PR09MB3166; x-ms-traffictypediagnostic: SN6PR09MB3166: x-ms-exchange-purlcount: 2 x-microsoft-antispam-prvs: x-forefront-prvs: 00046D390F x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(396003)(346002)(366004)(136003)(376002)(39860400002)(13464003)(199004)(189003)(229853002)(81156014)(54906003)(83716004)(82746002)(5660300002)(316002)(71200400001)(33656002)(58126008)(99286004)(71190400001)(2171002)(6916009)(45080400002)(6246003)(14444005)(25786009)(2616005)(11346002)(486006)(256004)(46003)(446003)(476003)(36756003)(6116002)(7736002)(478600001)(53936002)(105586002)(106356001)(68736007)(81166006)(966005)(305945005)(6486002)(186003)(97736004)(4326008)(102836004)(8676002)(6306002)(6506007)(76176011)(14454004)(86362001)(53546011)(6512007)(8936002)(2906002)(6436002); DIR:OUT; SFP:1102; SCL:1; SRVR:SN6PR09MB3166; H:SN6PR09MB3167.namprd09.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: kRPHljv/+O9Z20qrDhzpt97ah4jdLMTVMSmRS28kAOkBmxfNZpHoiAX+pXxp6ZL9nIl1RRzT1mXOddTp/AkpR1BTZkzBythf90QyaCrddhjGxe66HE5K6w1CSH2LUS1KnY+p/Q5yjL+le2MVQBdZ7Evvo5DtM7pkhxH/zZ4Xd6yPYpmgMrkUfq5F/YlGGJqfb7qOgelNn57ahIT2StNxUoAtcP5jjemKgP7g827X14XlhdCpg5E8xNHKA3vttOMkDSniKdRS7rfQWjsBD1xDDKTbEOD2Kdp9Ouh4k/pQWOHE8mbaICFPC4BNny7igDhJppkKN6AhAC6sNqczKQC1FvdrzKkuyQIZ918mFYihcFlEqJtlVRP3SYRLSpDP0JaNMxjifs/vPyEzyoMxmBzp/2TgUeVAdFex4wRpyCcb2G0= Content-Type: text/plain; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-OriginatorOrg: nist.gov X-MS-Exchange-CrossTenant-Network-Message-Id: 668eefef-2fb5-4ac6-9efe-08d6bebe3e86 X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Apr 2019 20:42:41.9445 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR09MB3166 Archived-At: Subject: Re: [Sidrops] Benjamin Kaduk's No Objection on draft-ietf-sidrops-bgpsec-algs-rfc8208-bis-04: (with COMMENT) X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Apr 2019 20:42:47 -0000 SSBhZ3JlZSBhbmQgYXBwbGllZCB5b3VyIHN1Z2dlc3Rpb24sDQoNCiJbUkZDODIwOF0gZGlyZWN0 ZWQuLi4uIg0KDQpUaGFua3MsDQpPbGl2ZXINCg0K77u/T24gNC8xMS8xOSwgMzozMiBQTSwgIkJl bmphbWluIEthZHVrIiA8a2FkdWtAbWl0LmVkdT4gd3JvdGU6DQoNCiAgICBPbiBXZWQsIEFwciAx MCwgMjAxOSBhdCAwNzo0MDo0OFBNICswMDAwLCBCb3JjaGVydCwgT2xpdmVyIChGZWQpIHdyb3Rl Og0KICAgID4gSGkgQmVuamFtaW4sDQogICAgPiBSZWdhcmRpbmcgeW91ciBjb21tZW50cyBiZWxv dzoNCiAgICA+IA0KICAgID4gKiBDb21tZW50IHRvIDIuMi4xDQogICAgPiBBcmUgd2UgdHJ5aW5n IHRvIHRhbGsgYWJvdXQgYm90aD8NCiAgICA+IA0KICAgID4gb2xpdmVyOiBJIGJlbGlldmUgc28s IHRoZSBjZXJ0aWZpY2F0ZSByZXF1ZXN0IG1hcHMgdGhlIGFsZ29yaXRobSB3aXRoIHRoZSBPSUQg d2hlcmVhcyBjZXJ0aWZpY2F0ZXMgYW5kIEJHUHNlYyB1cGRhdGUgb25seSByZWZlcmVuY2UgdGhl IE9JRC4gDQogICAgPiAgICAgICAgICAgICBNYXliZSBTZWFuIGhhcyBhIGJldHRlciBhbnN3ZXI/ DQogICAgDQogICAgT2theS4gIE1heWJlIHdlIHdhbnQgdG8gc2F5ICJjZXJ0aWZpY2F0ZXMgb3Ig Y2VydGlmaWNhdGUgcmVxdWVzdCIgKG9yDQogICAgc2ltaWxhcikgaW4gYSBjb3VwbGUgcGxhY2Vz LCBidXQgbGV0J3Mgc2VlIHdoYXQgU2VhbiBzYXlzLg0KICAgIA0KICAgID4gKiBDb21tZW50IHRv IFNlY3Rpb24gNzoNCiAgICA+IA0KICAgID4gSUFOQSBoYXMgcmVnaXN0ZXJlZCBhIHNpbmdsZSBh bGdvcml0aG0gc3VpdGUNCiAgICA+IGlkZW50aWZpZXIgZm9yIHRoZSBkaWdlc3QgYWxnb3JpdGht IFNIQS0yNTYgW1NIU10gYW5kIGZvciB0aGUNCiAgICA+IHNpZ25hdHVyZSBhbGdvcml0aG0gRUNE U0Egb24gdGhlIFAtMjU2IGN1cnZlIFtSRkM2MDkwXSBbRFNTXS4NCiAgICA+IA0KICAgID4gb2xp dmVyOiBJIGFkZGVkICJPcmlnaW5hbGx5IGZvciBSRkM4MjA4LCAiIHNvIGl0IHJlYWRzOg0KICAg ID4gDQogICAgPiBPcmlnaW5hbGx5IGZvciBSRkM4MjA4LCAgSUFOQSBoYXMgcmVnaXN0ZXJlZCBh IHNpbmdsZSBhbGdvcml0aG0gc3VpdGUNCiAgICA+IGlkZW50aWZpZXIgZm9yIHRoZSBkaWdlc3Qg YWxnb3JpdGhtIFNIQS0yNTYgW1NIU10gYW5kIGZvciB0aGUNCiAgICA+IHNpZ25hdHVyZSBhbGdv cml0aG0gRUNEU0Egb24gdGhlIFAtMjU2IGN1cnZlIFtSRkM2MDkwXSBbRFNTXS4NCiAgICANCiAg ICBJJ2Qgc3VnZ2VzdCBzb21ldGhpbmcgbGlrZToNCiAgICANCiAgICAgICBbUkZDODIwOF0gZGly ZWN0ZWQgSUFOQSB0byByZWdpc3RlciBhIHNpbmdsZSBhbGdvcml0aG0gc3VpdGUgaWRlbnRpZmll ciBmb3IgdGhlDQogICAgICAgZGlnZXN0IGFsZ29yaXRobSBTSEEtMjU2IFtTSFNdIGFuZCBmb3Ig dGhlIHNpZ25hdHVyZSBhbGdvcml0aG0gRUNEU0ENCiAgICAgICBvbiB0aGUgUC0yNTYgY3VydmUg W1JGQzYwOTBdIFtEU1NdLiAgVGhpcyBpZGVudGlmaWVyIGlzIHN0aWxsIHZhbGlkLCBhbmQNCiAg ICAgICBJQU5BIGhhcyB1cGRhdGVkIGl0cyByZWdpc3RyYXRpb24gdG8gcmVmZXIgdG8gdGhpcyBk b2N1bWVudC4NCiAgICANCiAgICBCdXQgdGhpcyBpcyBhIG5vbi1ibG9ja2luZy1jb21tZW50LCBz byBkbyB3aGF0IHlvdSB0aGluayBpcyBiZXN0Lg0KICAgIA0KICAgIA0KICAgID4gDQogICAgPiAq IENvbW1lbnQgdG8gQXBwZW5kaXggQToNCiAgICA+IA0KICAgID4gb2xpdmVyOiBJIGFkZGVkIHRo ZSBmb2xsb3dpbmcgd29yZGluZyBhcyAzcmQgc2VudGVuY2UgdW5kZXIgQS4yLiBLZXlzDQogICAg PiANCiAgICA+IE5vdGU6IEV2ZW4gdGhvdWdoIHRoZSBjZXJ0aWZpY2F0ZXMgYmVsb3cgYXJlIGV4 cGlyZWQsIHRoZXkgYXJlIHN0aWxsIHVzZWZ1bA0KICAgID4gd2l0aGluIHRoZSBjb25zdHJhaW50 IG9mIHRoaXMgZXhhbXBsZS4NCiAgICANCiAgICBUaGFua3MhDQogICAgDQogICAgLUJlbg0KICAg IA0KICAgID4gVGhhbmtzLA0KICAgID4gT2xpdmVyDQogICAgPiANCiAgICA+IA0KICAgID4gDQog ICAgPiAtLS0tLU9yaWdpbmFsIE1lc3NhZ2UtLS0tLQ0KICAgID4gRnJvbTogQmVuamFtaW4gS2Fk dWsgdmlhIERhdGF0cmFja2VyIDxub3JlcGx5QGlldGYub3JnPiANCiAgICA+IFNlbnQ6IE1vbmRh eSwgQXByaWwgMDgsIDIwMTkgOTo0NSBQTQ0KICAgID4gVG86IFRoZSBJRVNHIDxpZXNnQGlldGYu b3JnPg0KICAgID4gQ2M6IGRyYWZ0LWlldGYtc2lkcm9wcy1iZ3BzZWMtYWxncy1yZmM4MjA4LWJp c0BpZXRmLm9yZzsgQ2hyaXMgTW9ycm93IDxtb3Jyb3djQG9wcy1uZXRtYW4ubmV0Pjsgc2lkcm9w cy1jaGFpcnNAaWV0Zi5vcmc7IG1vcnJvd2NAb3BzLW5ldG1hbi5uZXQ7IHNpZHJvcHNAaWV0Zi5v cmcNCiAgICA+IFN1YmplY3Q6IEJlbmphbWluIEthZHVrJ3MgTm8gT2JqZWN0aW9uIG9uIGRyYWZ0 LWlldGYtc2lkcm9wcy1iZ3BzZWMtYWxncy1yZmM4MjA4LWJpcy0wNDogKHdpdGggQ09NTUVOVCkN CiAgICA+IEltcG9ydGFuY2U6IEhpZ2gNCiAgICA+IA0KICAgID4gQmVuamFtaW4gS2FkdWsgaGFz IGVudGVyZWQgdGhlIGZvbGxvd2luZyBiYWxsb3QgcG9zaXRpb24gZm9yDQogICAgPiBkcmFmdC1p ZXRmLXNpZHJvcHMtYmdwc2VjLWFsZ3MtcmZjODIwOC1iaXMtMDQ6IE5vIE9iamVjdGlvbg0KICAg ID4gDQogICAgPiBXaGVuIHJlc3BvbmRpbmcsIHBsZWFzZSBrZWVwIHRoZSBzdWJqZWN0IGxpbmUg aW50YWN0IGFuZCByZXBseSB0byBhbGwgZW1haWwgYWRkcmVzc2VzIGluY2x1ZGVkIGluIHRoZSBU byBhbmQgQ0MgbGluZXMuIChGZWVsIGZyZWUgdG8gY3V0IHRoaXMgaW50cm9kdWN0b3J5IHBhcmFn cmFwaCwgaG93ZXZlci4pDQogICAgPiANCiAgICA+IA0KICAgID4gUGxlYXNlIHJlZmVyIHRvIGh0 dHBzOi8vZ2NjMDEuc2FmZWxpbmtzLnByb3RlY3Rpb24ub3V0bG9vay5jb20vP3VybD1odHRwcyUz QSUyRiUyRnd3dy5pZXRmLm9yZyUyRmllc2clMkZzdGF0ZW1lbnQlMkZkaXNjdXNzLWNyaXRlcmlh Lmh0bWwmYW1wO2RhdGE9MDIlN0MwMSU3Q29saXZlci5ib3JjaGVydCU0MG5pc3QuZ292JTdDNTcz YmE4YzZjYjBjNDAwZmZmN2EwOGQ2YmViNDZhMDglN0MyYWI1ZDgyZmQ4ZmE0Nzk3YTkzZTA1NDY1 NWM2MWRlYyU3QzElN0MwJTdDNjM2OTA2MDc5NDEzMTE2Mzk3JmFtcDtzZGF0YT1mdUMySm5Kckdl UXZ6SnQyUHZTMUxzSmpJZUR1QmlqJTJCR3FEbHNjaU1LV3clM0QmYW1wO3Jlc2VydmVkPTANCiAg ICA+IGZvciBtb3JlIGluZm9ybWF0aW9uIGFib3V0IElFU0cgRElTQ1VTUyBhbmQgQ09NTUVOVCBw b3NpdGlvbnMuDQogICAgPiANCiAgICA+IA0KICAgID4gVGhlIGRvY3VtZW50LCBhbG9uZyB3aXRo IG90aGVyIGJhbGxvdCBwb3NpdGlvbnMsIGNhbiBiZSBmb3VuZCBoZXJlOg0KICAgID4gaHR0cHM6 Ly9nY2MwMS5zYWZlbGlua3MucHJvdGVjdGlvbi5vdXRsb29rLmNvbS8/dXJsPWh0dHBzJTNBJTJG JTJGZGF0YXRyYWNrZXIuaWV0Zi5vcmclMkZkb2MlMkZkcmFmdC1pZXRmLXNpZHJvcHMtYmdwc2Vj LWFsZ3MtcmZjODIwOC1iaXMlMkYmYW1wO2RhdGE9MDIlN0MwMSU3Q29saXZlci5ib3JjaGVydCU0 MG5pc3QuZ292JTdDNTczYmE4YzZjYjBjNDAwZmZmN2EwOGQ2YmViNDZhMDglN0MyYWI1ZDgyZmQ4 ZmE0Nzk3YTkzZTA1NDY1NWM2MWRlYyU3QzElN0MwJTdDNjM2OTA2MDc5NDEzMTE2Mzk3JmFtcDtz ZGF0YT1YaXRtdXF4eTNaYWROeXlMWldQV0hpR015ZFJ5eUZuWGlhZmc3cXFYb1BVJTNEJmFtcDty ZXNlcnZlZD0wDQogICAgPiANCiAgICA+IA0KICAgID4gDQogICAgPiAtLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQog ICAgPiBDT01NRU5UOg0KICAgID4gLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KICAgID4gDQogICAgPiBTZWN0aW9u IDIuMi4xDQogICAgPiANCiAgICA+ICAgIEhhc2ggYWxnb3JpdGhtcyBhcmUgbm90IGlkZW50aWZp ZWQgYnkgdGhlbXNlbHZlcyBpbiBjZXJ0aWZpY2F0ZXMgb3INCiAgICA+ICAgIEJHUHNlYyBVUERB VEUgbWVzc2FnZXMuICBUaGV5IGFyZSByZXByZXNlbnRlZCBieSBhbiBPSUQgdGhhdCBjb21iaW5l cw0KICAgID4gICAgdGhlIGhhc2ggYWxnb3JpdGhtIHdpdGggdGhlIGRpZ2l0YWwgc2lnbmF0dXJl IGFsZ29yaXRobSBhcyBmb2xsb3dzOg0KICAgID4gDQogICAgPiAgICBvICBUaGUgZWNkc2Etd2l0 aC1TSEEyNTYgT0lEIFtSRkM1NDgwXSBNVVNUIGFwcGVhciBpbiB0aGUgUHVibGljLUtleQ0KICAg ID4gICAgICAgQ3J5cHRvZ3JhcGh5IFN0YW5kYXJkcyAjMTAgKFBLQ1MgIzEwKSBzaWduYXR1cmVB bGdvcml0aG0gZmllbGQNCiAgICA+ICAgICAgIFtSRkMyOTg2XSBvciBpbiB0aGUgQ2VydGlmaWNh dGUgUmVxdWVzdCBNZXNzYWdlIEZvcm1hdCAoQ1JNRikNCiAgICA+ICAgICAgIFBPUE9TaWduaW5n S2V5IGFsZ29yaXRobSBmaWVsZCBbUkZDNDIxMV07IHdoZXJlIHRoZSBPSUQgaXMgcGxhY2VkDQog ICAgPiAgICAgICBkZXBlbmRzIG9uIHRoZSBjZXJ0aWZpY2F0ZSByZXF1ZXN0IGZvcm1hdCBnZW5l cmF0ZWQuDQogICAgPiANCiAgICA+IFRoZSBmaXJzdCBwYXJhZ3JhcGggdGFsa3Mgb2YgImNlcnRp ZmljYXRlcyIgYnV0IHRoaXMgbGFzdCBzZW50ZW5jZSB0YWxrcyBhYm91dCAiY2VydGlmaWNhdGUg cmVxdWVzdCJzLiAgQXJlIHdlIHRyeWluZyB0byB0YWxrIGFib3V0IGJvdGg/DQogICAgPiANCiAg ICA+IFNlY3Rpb24gNw0KICAgID4gDQogICAgPiBUaGUgSUFOQSBjb25zaWRlcmF0aW9ucyBhcmUg cGVyaGFwcyBub3QgYXMgYWNjdXJhdGUgYXMgdGhleSBjb3VsZCBiZS4NCiAgICA+IEZvciBleGFt cGxlLCB3ZSBjb3VsZCBzYXkgdGhhdCB0aGUgQkdQc2VjIEFsZ29yaXRobSBTdWl0ZSBSZWdpc3Ry eSB3YXMgb3JpZ2luYWxseSBjcmVhdGVkIGJ5IFJGQyA4MjA4IGFuZCBoYXMgYmVlbiB1cGRhdGVk IHRvIHJlZmVyIHRvIHRoaXMgZG9jdW1lbnQsIGFuZCBzaW1pbGFybHkgZm9yIHRoZSBQMjU2LVNI QTI1NiBjb2RlcG9pbnQuDQogICAgPiAoSnVzdCBtb3ZpbmcgdGhlIHJlZmVyZW5jZXMgb3ZlciB3 b3VsZCBzZWVtIHRvIGJlIGV2ZW4gbW9yZSBhcHByb3ByaWF0ZSBpZiB0aGlzIGRvY3VtZW50IHdl cmUgZnVsbHkgT2Jzb2xldGluZyA4MjA4LikNCiAgICA+IA0KICAgID4gQXBwZW5kaXggQQ0KICAg ID4gDQogICAgPiBEbyB3ZSB3YW50IHRvIG5vdGUgdGhhdCB0aGUgY2VydGlmaWNhdGVzIGFyZSBl eHBpcmVkIGJ1dCB0aGUgZXhhbXBsZXMgYXJlIHN0aWxsIHVzZWZ1bCB3aXRoaW4gdGhhdCBjb25z dHJhaW50PyAgKFRoZXkgd2VyZSB2YWxpZCBhdCB0aGUgdGltZSBSRkMgODIwOCB3YXMgcHVibGlz aGVkIGJ1dCBpdCBzZWVtcyBpbXBydWRlbnQgdG8gdHJ5IHRvIGFzc3VtZSB0aGF0IHRoZSBleGFt cGxlcyB3b3VsZCBhbHdheXMgYmUgdmFsaWQsIHdoZW4gd3JpdGluZyBhIGRvY3VtZW50IHN1Y2gg YXMgdGhpcy4pDQogICAgPiANCiAgICA+IA0KICAgIA0KDQo= From nobody Thu Apr 11 14:09:46 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AA4C3120751; Thu, 11 Apr 2019 14:09:40 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nist.gov Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ItiUOCCNNtBk; Thu, 11 Apr 2019 14:09:38 -0700 (PDT) Received: from GCC01-CY1-obe.outbound.protection.outlook.com (mail-eopbgr830102.outbound.protection.outlook.com [40.107.83.102]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5E39C120384; Thu, 11 Apr 2019 14:09:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nist.gov; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/VeSC81Lkt4rKJu36qx5LNR83Q557gLIDP9xpVgQiw8=; b=PVd4tv5tGZWqDKl4Q6c3xdad2XbbdcpoL3Z/WODsOd6n4AbMDP8XwThENEGXExOtrJavzF2JgKfV4S7gOtfdGADl/wJVe3HZzSRPARk3Ve1Lt9Tr0FN2ucnDUJFAsc6yM8MxSFireg7qDazOGTqEuB9Duj9Yki8Y4HZjoFyw4TA= Received: from SN6PR09MB3167.namprd09.prod.outlook.com (20.177.250.204) by SN6PR09MB3166.namprd09.prod.outlook.com (20.177.250.203) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1792.14; Thu, 11 Apr 2019 21:09:36 +0000 Received: from SN6PR09MB3167.namprd09.prod.outlook.com ([fe80::694c:8a72:b9a7:5832]) by SN6PR09MB3167.namprd09.prod.outlook.com ([fe80::694c:8a72:b9a7:5832%2]) with mapi id 15.20.1771.021; Thu, 11 Apr 2019 21:09:36 +0000 From: "Borchert, Oliver (Fed)" To: Mehmet Ersue , "ops-dir@ietf.org" CC: "sidrops@ietf.org" , "ietf@ietf.org" , "draft-ietf-sidrops-bgpsec-algs-rfc8208-bis.all@ietf.org" Thread-Topic: Opsdir last call review of draft-ietf-sidrops-bgpsec-algs-rfc8208-bis-04 Thread-Index: AQHU3XJwhFhuItnwVUWWyb34eg0i0KY3lwkA Date: Thu, 11 Apr 2019 21:09:36 +0000 Message-ID: References: <155290366133.26147.15826331095937544086@ietfa.amsl.com> In-Reply-To: <155290366133.26147.15826331095937544086@ietfa.amsl.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=oliver.borchert@nist.gov; x-originating-ip: [129.6.140.119] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 2d4422ce-64ef-400e-6d53-08d6bec200f7 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600139)(711020)(4605104)(4618075)(2017052603328)(7193020); SRVR:SN6PR09MB3166; x-ms-traffictypediagnostic: SN6PR09MB3166: x-ms-exchange-purlcount: 2 x-microsoft-antispam-prvs: x-forefront-prvs: 00046D390F x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39860400002)(376002)(366004)(346002)(396003)(136003)(13464003)(189003)(199004)(81166006)(7696005)(305945005)(966005)(7736002)(6116002)(68736007)(106356001)(478600001)(74316002)(105586002)(53936002)(8936002)(3846002)(26005)(53546011)(86362001)(6436002)(2906002)(186003)(97736004)(76176011)(6506007)(14454004)(9686003)(4326008)(6306002)(102836004)(8676002)(33656002)(71200400001)(52536014)(316002)(5660300002)(71190400001)(99286004)(229853002)(55016002)(81156014)(54906003)(110136005)(66066001)(2501003)(256004)(476003)(446003)(45080400002)(6246003)(11346002)(486006)(25786009); DIR:OUT; SFP:1102; SCL:1; SRVR:SN6PR09MB3166; H:SN6PR09MB3167.namprd09.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: vRk8vrkw+hcZJsjirazZOcJDGTr8a93rGJGSoCQDjk5l5PZITx5Z7H93C7HB31GbS1LtxL4u7k4OGCCV4KCf3LE34tQ+IfGCPAf7eHOBzoTONvIhEM/END24NH2jMGZYXtZ2p4PUQ+MbaWN/tnt8DFUYaObafpGK0mlfsKooSvFIWnSJzEiSAG1Lx5Erhm5gY/3P3Rc2il0u6elm62kLkfkNp8isBgkzk1dowbW2I5gh//2eMn2sVNCMBfs/8+v0mIzq3AJUC+I+V2OTrU56KZUi7xljPQcFyN2fX0SVUsd5oZWxeHMFzPHrF+TaWXH0dTg3LyrXKORFdiJaMvJnM8QCWm0XAA39rZ3KN7/PWNoQhEF/edJbGmy43pvgrW8AaxuFJLUxVZFDjkUqFxE89C+UZ9dw1JCIlnmOZr+K9Vs= Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-OriginatorOrg: nist.gov X-MS-Exchange-CrossTenant-Network-Message-Id: 2d4422ce-64ef-400e-6d53-08d6bec200f7 X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Apr 2019 21:09:36.6530 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR09MB3166 Archived-At: Subject: Re: [Sidrops] Opsdir last call review of draft-ietf-sidrops-bgpsec-algs-rfc8208-bis-04 X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Apr 2019 21:09:45 -0000 SGkgTWVobWV0LA0KDQpSZWdhcmRpbmc6DQogIENoZWNraW5nIG5pdHMgYWNjb3JkaW5nIHRvIGh0 dHBzOi8vd3d3LmlldGYub3JnL2lkLWluZm8vY2hlY2tsaXN0IDoNCiAgLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLQ0KDQogID09IFRoZXJlIGFyZSAxIGluc3RhbmNlIG9mIGxpbmVzIHdpdGggbm9uLVJGQzM4 NDktY29tcGxpYW50IElQdjYgYWRkcmVzc2VzDQogICAgIGluIHRoZSBkb2N1bWVudC4gIElmIHRo ZXNlIGFyZSBleGFtcGxlIGFkZHJlc3NlcywgdGhleSBzaG91bGQgYmUgY2hhbmdlZC4NCg0KSSBt b2RpZmllZCB0aGUgTmV4dEhvcCBJUHY2IEFkZHJlc3MgaW4gdGhlIGV4YW1wbGUgZnJvbSBhIHJv dXRhYmxlIElQdjYgYWRkcmVzcyB0byB1c2UgDQphIHByaXZhdGUgdXNlIElQdjYgYWRkcmVzcyBp bnN0ZWFkLg0KV2l0aCB0aGlzIHRoZSBzaWduYXR1cmVzIGluIHRoZSBleGFtcGxlIGFyZSBhbGwg c3RpbGwgdmFsaWQgYmVjYXVzZSBpdCBpcyBub3Qgc2lnbmVkIG92ZXIgaXQuDQoNCk9saXZlcg0K DQoNCg0KDQotLS0tLU9yaWdpbmFsIE1lc3NhZ2UtLS0tLQ0KRnJvbTogTWVobWV0IEVyc3VlIHZp YSBEYXRhdHJhY2tlciA8bm9yZXBseUBpZXRmLm9yZz4gDQpTZW50OiBNb25kYXksIE1hcmNoIDE4 LCAyMDE5IDY6MDggQU0NClRvOiBvcHMtZGlyQGlldGYub3JnDQpDYzogc2lkcm9wc0BpZXRmLm9y ZzsgaWV0ZkBpZXRmLm9yZzsgZHJhZnQtaWV0Zi1zaWRyb3BzLWJncHNlYy1hbGdzLXJmYzgyMDgt YmlzLmFsbEBpZXRmLm9yZw0KU3ViamVjdDogT3BzZGlyIGxhc3QgY2FsbCByZXZpZXcgb2YgZHJh ZnQtaWV0Zi1zaWRyb3BzLWJncHNlYy1hbGdzLXJmYzgyMDgtYmlzLTA0DQpJbXBvcnRhbmNlOiBI aWdoDQoNClJldmlld2VyOiBNZWhtZXQgRXJzdWUNClJldmlldyByZXN1bHQ6IEhhcyBOaXRzDQoN CkkgcmV2aWV3ZWQgdGhlIGRvY3VtZW50ICJCR1BzZWMgQWxnb3JpdGhtcywgS2V5IEZvcm1hdHMs IGFuZCBTaWduYXR1cmUgRm9ybWF0cyINCihkcmFmdC1pZXRmLXNpZHJvcHMtYmdwc2VjLWFsZ3Mt cmZjODIwOC1iaXMtMDQudHh0KSBhcyBwYXJ0IG9mIHRoZSBPcGVyYXRpb25hbCBkaXJlY3RvcmF0 ZSdzIG9uZ29pbmcgZWZmb3J0IHRvIHJldmlldyBhbGwgSUVURiBkb2N1bWVudHMgYmVpbmcgcHJv Y2Vzc2VkIGJ5IHRoZSBJRVNHLiBUaGVzZSBjb21tZW50cyB3ZXJlIHdyaXR0ZW4gcHJpbWFyaWx5 IGZvciB0aGUgYmVuZWZpdCBvZiB0aGUgb3BlcmF0aW9uYWwgYXJlYSBkaXJlY3RvcnMuICBEb2N1 bWVudCBlZGl0b3JzIGFuZCBXRyBjaGFpcnMgc2hvdWxkIHRyZWF0IHRoZXNlIGNvbW1lbnRzIGp1 c3QgbGlrZSBhbnkgb3RoZXIgbGFzdCBjYWxsIGNvbW1lbnRzLg0KDQpJbnRlbmRlZCBzdGF0dXM6 IFN0YW5kYXJkcyBUcmFjaw0KQ3VycmVudCBJRVNHIHN0YXRlOiBXYWl0aW5nIGZvciBXcml0ZXVw DQpJQU5BIFN0YXRlOiBJQU5BIC0gUmV2aWV3IE5lZWRlZA0KDQpTdW1tYXJ5Og0KVGhlIGRvY3Vt ZW50IHNwZWNpZmllcyB0aGUgYWxnb3JpdGhtcywgYWxnb3JpdGhtIHBhcmFtZXRlcnMsIGFzeW1t ZXRyaWMga2V5IGZvcm1hdHMsIGFzeW1tZXRyaWMga2V5IHNpemVzLCBhbmQgc2lnbmF0dXJlIGZv cm1hdHMgdXNlZCBpbiBCR1BzZWMuICBUaGUgZG9jdW1lbnQgdXBkYXRlcyBSRkMgODIwOCAoIkJH UHNlYyBBbGdvcml0aG1zLCBLZXkgRm9ybWF0cywgYW5kIFNpZ25hdHVyZQ0KRm9ybWF0cyIpIGJ5 IGFkZGluZyBTcGVjaWFsLVVzZSBBbGdvcml0aG0gSURzIGFuZCBjb3JyZWN0aW5nIHRoZSByYW5n ZSBvZiB1bmFzc2lnbmVkIGFsZ29yaXRobXMgSURzIHRvIGZpbGwgdGhlIGNvbXBsZXRlIHJhbmdl Lg0KDQpUaGVyZSBhcmUgc29tZSBuaXRzIGluIHRoZSBkb2N1bWVudCBsaWtlDQotIE5vcm1hdGl2 ZSByZWZlcmVuY2UgdG8gYW4gSW5mb3JtYXRpb25hbCBSRkNzIGFuZA0KLSBOb24tUkZDICg/KSBu b3JtYXRpdmUgcmVmZXJlbmNlcw0KU2VlDQpodHRwczovL2djYzAxLnNhZmVsaW5rcy5wcm90ZWN0 aW9uLm91dGxvb2suY29tLz91cmw9aHR0cHMlM0ElMkYlMkZ0b29scy5pZXRmLm9yZyUyRmlkbml0 cyUzRnVybCUzRGh0dHBzJTNBJTJGJTJGdG9vbHMuaWV0Zi5vcmclMkZpZCUyRmRyYWZ0LWlldGYt c2lkcm9wcy1iZ3BzZWMtYWxncy1yZmM4MjA4LWJpcy0wNC50eHQmYW1wO2RhdGE9MDIlN0MwMSU3 Q29saXZlci5ib3JjaGVydCU0MG5pc3QuZ292JTdDZTE0MTVlZmFlYzJlNDBkYTA3NDAwOGQ2YWI4 OTkxODYlN0MyYWI1ZDgyZmQ4ZmE0Nzk3YTkzZTA1NDY1NWM2MWRlYyU3QzElN0MwJTdDNjM2ODg1 MDA0Njc3ODUwNTI4JmFtcDtzZGF0YT1IbHBGS2gxRkVsalQwNFBXNmFJZVFTN0ZlNyUyQiUyRm92 TDJmcEtJbFlDNHBQSSUzRCZhbXA7cmVzZXJ2ZWQ9MA0KDQpBcyBmYXIgYXMgSSBjYW4gdGVsbCB0 aGUgZG9jdW1lbnQgZG9lcyBub3QgY2F1c2UgYW55IGlzc3VlcyByZWxhdGVkIHRvIG9wZXJhdGlv bnMgYW5kIG1hbmFnZW1lbnQuDQoNCk1laG1ldA0KDQo= From nobody Thu Apr 11 14:16:48 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 523C11200C3; Thu, 11 Apr 2019 14:16:40 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nist.gov Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4JTo5FFIbVZT; Thu, 11 Apr 2019 14:16:38 -0700 (PDT) Received: from GCC01-DM2-obe.outbound.protection.outlook.com (mail-eopbgr840107.outbound.protection.outlook.com [40.107.84.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B5749120047; Thu, 11 Apr 2019 14:16:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nist.gov; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=NEVUTYc57Izui08IcMXciS0NiO9nJG0MKGZ6xlBsd94=; b=HqWVNgeTs2fE8kDikVFY7J4kCh1Dy9TGt/Fo7ENSZSNKkXXyWSX3pWQhaFtsDbVayeOc8fk7ANXSf/n8o2AlPCLvSQ6jsmzWHWwsk3iaNHYVv52cm/sdYjs141rjxJZ4dU3sSsxLnITGr122/J9izoxdoD897mmyvAR3sP4tw28= Received: from SN6PR09MB3167.namprd09.prod.outlook.com (20.177.250.204) by SN6PR09MB3167.namprd09.prod.outlook.com (20.177.250.204) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1771.21; Thu, 11 Apr 2019 21:16:35 +0000 Received: from SN6PR09MB3167.namprd09.prod.outlook.com ([fe80::694c:8a72:b9a7:5832]) by SN6PR09MB3167.namprd09.prod.outlook.com ([fe80::694c:8a72:b9a7:5832%2]) with mapi id 15.20.1771.021; Thu, 11 Apr 2019 21:16:35 +0000 From: "Borchert, Oliver (Fed)" To: Carlos Pignataro , "rtg-dir@ietf.org" CC: "sidrops@ietf.org" , "ietf@ietf.org" , "draft-ietf-sidrops-bgpsec-algs-rfc8208-bis.all@ietf.org" Thread-Topic: Rtgdir telechat review of draft-ietf-sidrops-bgpsec-algs-rfc8208-bis-04 Thread-Index: AQHU5Aq8UAmlfJbAlUyDGzfunZHNJKY3jhHw Date: Thu, 11 Apr 2019 21:16:35 +0000 Message-ID: References: <155362877270.7408.1659232059641306508@ietfa.amsl.com> In-Reply-To: <155362877270.7408.1659232059641306508@ietfa.amsl.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=oliver.borchert@nist.gov; x-originating-ip: [129.6.140.119] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 1a4f6f2b-819d-48a3-a47f-08d6bec2fa52 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600139)(711020)(4605104)(4618075)(2017052603328)(7193020); SRVR:SN6PR09MB3167; x-ms-traffictypediagnostic: SN6PR09MB3167: x-ms-exchange-purlcount: 1 x-microsoft-antispam-prvs: x-forefront-prvs: 00046D390F x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(396003)(366004)(376002)(346002)(136003)(39860400002)(199004)(189003)(13464003)(76094002)(53546011)(486006)(186003)(68736007)(2501003)(97736004)(256004)(6246003)(476003)(6506007)(3846002)(446003)(26005)(102836004)(7696005)(14444005)(11346002)(316002)(14454004)(7736002)(8676002)(53936002)(76176011)(99286004)(9686003)(6116002)(71200400001)(305945005)(8936002)(71190400001)(105586002)(74316002)(6436002)(106356001)(478600001)(52536014)(86362001)(110136005)(4326008)(81156014)(81166006)(54906003)(5660300002)(229853002)(55016002)(33656002)(45080400002)(66066001)(2906002)(25786009); DIR:OUT; SFP:1102; SCL:1; SRVR:SN6PR09MB3167; H:SN6PR09MB3167.namprd09.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: H6l1zSLjITnqwz/cJub/EH/8VxsXK5vGy8XEjQzvWmLCVMR5WA3lIdm6UFzmg9m7wgM6ni9NauuQf6Z04/Nwgcp9qLzPOnJyfn00VG3ng4PejCTsOUiewSXbhTWUFMa/8J59IteC/evMt+dAIj97psqmTBaOZUpwWjW6+cMIojl0PFo9DyI4vSIkZF82AztRaIS4N39Gz1TP1UujoMnrfsJKDQlAMoxs0OheNmuqioda0jGIeCfDOWpMZ2btFoD8i7e60UoiyGJF9W5eSYq/sd6HkwJKrnn1K4K4cVpqiENVjDi3q5+drPBDWxPKljz6hA0MdtxCYZo3foBOrgfJN0Z0j5Cysd6fiVe/j/6CojyVIsnoy5LiUsl5LcfO1r/9ks+LXNILboifMlI9WTf93KKi6NEPwurXykt593jRugs= Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-OriginatorOrg: nist.gov X-MS-Exchange-CrossTenant-Network-Message-Id: 1a4f6f2b-819d-48a3-a47f-08d6bec2fa52 X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Apr 2019 21:16:35.0855 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR09MB3167 Archived-At: Subject: Re: [Sidrops] Rtgdir telechat review of draft-ietf-sidrops-bgpsec-algs-rfc8208-bis-04 X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Apr 2019 21:16:40 -0000 Q2FybG9zLA0KDQpJIGZpeGVkIHRoZSBOZXh0SG9wIElQdjYgYWRkcmVzcyB0byB1c2UgYSBwcml2 YXRlIHVzZSBJUC4gSXQgd2FzIGFuIGVhc3kgZml4IHdoaWNoIGRvZXMgbm90IGFmZmVjdCB0aGUg c2lnbmF0dXJlcy4NCkkgZm9sbG93ZWQgeW91ciBhZHZpc2UgdG8gc3BsaXQgdGhlIFNwZWNpYWwt VXNlIElEIGludG8gYSByYW5nZSBmb3IgRXhwZXJpbWVudGFsLUlEIGFuZCBEb2N1bWVudGF0aW9u LUlELg0KDQpUaGUgdG9waWMgb2Ygb2Jzb2xldGUgdnMgdXBkYXRlIGlzIHN0aWxsIG9wZW4gYW5k IEkgd2FpdCBmb3IgSUVTRyBndWlkYW5jZS4NCg0KSWYgd2FudGVkL3JlcXVlc3RlZCwgSSBjYW4g dXBsb2FkIGEgdmVyc2lvbiAwNSBvZiB0aGUgZG9jdW1lbnQgd2l0aCB0aGUgbW9kaWZpY2F0aW9u cyBJIG91dGxpbmVkIGluIHRoZSBwcmV2aW91cyBlbWFpbHMgYWxyZWFkeS4NCg0KT2xpdmVyDQoN Cg0KLS0tLS1PcmlnaW5hbCBNZXNzYWdlLS0tLS0NCkZyb206IENhcmxvcyBQaWduYXRhcm8gdmlh IERhdGF0cmFja2VyIDxub3JlcGx5QGlldGYub3JnPiANClNlbnQ6IFR1ZXNkYXksIE1hcmNoIDI2 LCAyMDE5IDM6MzMgUE0NClRvOiBydGctZGlyQGlldGYub3JnDQpDYzogc2lkcm9wc0BpZXRmLm9y ZzsgaWV0ZkBpZXRmLm9yZzsgZHJhZnQtaWV0Zi1zaWRyb3BzLWJncHNlYy1hbGdzLXJmYzgyMDgt YmlzLmFsbEBpZXRmLm9yZw0KU3ViamVjdDogUnRnZGlyIHRlbGVjaGF0IHJldmlldyBvZiBkcmFm dC1pZXRmLXNpZHJvcHMtYmdwc2VjLWFsZ3MtcmZjODIwOC1iaXMtMDQNCkltcG9ydGFuY2U6IEhp Z2gNCg0KUmV2aWV3ZXI6IENhcmxvcyBQaWduYXRhcm8NClJldmlldyByZXN1bHQ6IEhhcyBJc3N1 ZXMNCg0KSGVsbG8sDQoNCkkgaGF2ZSBiZWVuIHNlbGVjdGVkIGFzIHRoZSBSb3V0aW5nIERpcmVj dG9yYXRlIHJldmlld2VyIGZvciB0aGlzIGRyYWZ0LiBUaGUgUm91dGluZyBEaXJlY3RvcmF0ZSBz ZWVrcyB0byByZXZpZXcgYWxsIHJvdXRpbmcgb3Igcm91dGluZy1yZWxhdGVkIGRyYWZ0cyBhcyB0 aGV5IHBhc3MgdGhyb3VnaCBJRVRGIGxhc3QgY2FsbCBhbmQgSUVTRyByZXZpZXcsIGFuZCBzb21l dGltZXMgb24gc3BlY2lhbCByZXF1ZXN0LiBUaGUgcHVycG9zZSBvZiB0aGUgcmV2aWV3IGlzIHRv IHByb3ZpZGUgYXNzaXN0YW5jZSB0byB0aGUgUm91dGluZyBBRHMuDQpGb3IgbW9yZSBpbmZvcm1h dGlvbiBhYm91dCB0aGUgUm91dGluZyBEaXJlY3RvcmF0ZSwgcGxlYXNlIHNlZQ0K4oCLaHR0cHM6 Ly9nY2MwMS5zYWZlbGlua3MucHJvdGVjdGlvbi5vdXRsb29rLmNvbS8/dXJsPWh0dHAlM0ElMkYl MkZ0cmFjLnRvb2xzLmlldGYub3JnJTJGYXJlYSUyRnJ0ZyUyRnRyYWMlMkZ3aWtpJTJGUnRnRGly JmFtcDtkYXRhPTAyJTdDMDElN0NvbGl2ZXIuYm9yY2hlcnQlNDBuaXN0LmdvdiU3QzQzNTBlNWUy ZGI5MTQxNjAyYTQwMDhkNmIyMjFkZDE1JTdDMmFiNWQ4MmZkOGZhNDc5N2E5M2UwNTQ2NTVjNjFk ZWMlN0MxJTdDMCU3QzYzNjg5MjI1NTg1OTQwNTY0OCZhbXA7c2RhdGE9MEc5RHhGTDlDSnpzWURR WEVvJTJGZW8ySW9UaEIlMkZtbmF5JTJCam9JZjJ6UXNsdyUzRCZhbXA7cmVzZXJ2ZWQ9MA0KDQpB bHRob3VnaCB0aGVzZSBjb21tZW50cyBhcmUgcHJpbWFyaWx5IGZvciB0aGUgdXNlIG9mIHRoZSBS b3V0aW5nIEFEcywgaXQgd291bGQgYmUgaGVscGZ1bCBpZiB5b3UgY291bGQgY29uc2lkZXIgdGhl bSBhbG9uZyB3aXRoIGFueSBvdGhlciBJRVRGIExhc3QgQ2FsbCBjb21tZW50cyB0aGF0IHlvdSBy ZWNlaXZlLCBhbmQgc3RyaXZlIHRvIHJlc29sdmUgdGhlbSB0aHJvdWdoIGRpc2N1c3Npb24gb3Ig YnkgdXBkYXRpbmcgdGhlIGRyYWZ0Lg0KDQpEb2N1bWVudDogZHJhZnQtaWV0Zi1zaWRyb3BzLWJn cHNlYy1hbGdzLXJmYzgyMDgtYmlzLTA0DQpSZXZpZXdlcjogQ2FybG9zIFBpZ25hdGFybw0KSW50 ZW5kZWQgU3RhdHVzOiBQcm9wb3NlZCBTdGFuZGFyZA0KDQpTdW1tYXJ5Og0KVGhpcyBkb2N1bWVu dCBzcGVjaWZpZXMgdGhlIGFsZ29yaXRobXMgYW5kIHBhcmFtZXRlcnMgZm9yIEJHUHNlYyAoQm9y ZGVyIEdhdGV3YXkgUHJvdG9jb2wgU2VjdXJpdHkpLg0KDQpDb21tZW50czoNClRoaXMgaXMgYSBj bGVhciwgY29tcHJlaGVuc2l2ZSwgYW5kIHdlbGwgd3JpdHRlbiBkb2N1bWVudC4gSXQgc3RhdGVz IGl0IHVwZGF0ZXMgKGlmIGFwcHJvdmVkKSBSRkMgODIwOCwgYW5kIEkgcGFydGljdWxhcmx5IGFw cHJlY2lhdGUgU2VjdGlvbiAxLjIsICJDaGFuZ2VzIGZyb20gUkZDIDgyMDgiLCBpbiBleHBsaWNp dGx5IHNob3dpbmcgaG93LiBIb3dldmVyLCBpdCBpcyB1bmNsZWFyIHRvIG1lIGlmIHRoZSByaWdo dCByZWxhdGlvbnNoaXAgaXMgdG8gInVwZGF0ZSIgb3IgdG8gIm9ic29sZXRlIiBSRkMgODIwOC4g U2hvdWxkIHRoaXMgZG9jdW1lbnQgYmUgYXBwcm92ZWQgYW5kIHB1Ymxpc2hlZCwgd291bGQgUkZD IDgyMDggc3RpbGwgYmUgYWN0aXZlIGFuZCByZWxldmFudCwgb25seSB1cGRhdGVkLCBvciByZS13 cml0dGVuPw0KDQpNaW5vciBJc3N1ZXM6DQoNCjEuICBJbnRyb2R1Y3Rpb24NCg0KICAgVGhpcyBk b2N1bWVudCB1cGRhdGVzIFtSRkM3OTM1XSB0byBhZGQgc3VwcG9ydCBmb3IgYSkgYSBkaWZmZXJl bnQNCiAgIGFsZ29yaXRobSBmb3IgQkdQc2VjIGNlcnRpZmljYXRlIHJlcXVlc3RzLCB3aGljaCBh cmUgaXNzdWVkIG9ubHkgYnkNCiAgIEJHUHNlYyBzcGVha2VyczsgYikgYSBkaWZmZXJlbnQgU3Vi amVjdCBQdWJsaWMgS2V5IEluZm8gZm9ybWF0IGZvcg0KDQpDTVA6IERvZXMgdGhpcyBkb2N1bWVu dCB1cGRhdGUgUkZDNzkzNSBvciBSRkM4MjA4IG9uIHRoZXNlIGlzc3Vlcz8gTWVhbmluZywgaWYg aXQgcmVhbGx5IHVwZGF0ZXMgUkZDNzkzNSwgdGhlbiBpdCB3b3VsZCBvYnNvbGV0ZSBSRkMgODIw OC4gSWYgaXQgZG9lcyBub3Qgb2Jzb2xldGUgUkZDIDgyMDgsIHRoZW4gaXQgd291bGQgdXBkYXRl IFJGQyA4MjA4IGFuZCBSRkMgNzkzNSwgcGVyaGFwcz8gQ01QOiBJIGJlbGlldmUgdGhlIHJpZ2h0 IG1ldGFkYXRhIHdvdWxkIGJlOiBVcGRhdGVzOiA3OTM1IE9ic29sZXRlczogODIwOA0KDQpDTVA6 IEFsc28sIGFuIGVkaXRvcmlhbDogdGhpcyBpcyBhIHZlcnkgdGhpY2sgcGFyYWdyYXBoIHRvIHBh cnNlIGNvbnRhaW5pbmcgYW4gZW51bWVyYXRlZCBsaXN0IGVtYmVkZGVkIGluIGl0LiBTaG91bGQg Y2xhcml0eSBiZSBpbXByb3ZlZCBpZiB0dXJuZWQgaW50byBhbiBhY3R1YWwgbGlzdD8gKGEpLCAo YiksIGV0Yy4NCg0KICAgQXBwZW5kaXggQSBjb250YWlucyBleGFtcGxlIEJHUHNlYyBVUERBVEUg bWVzc2FnZXMgYXMgd2VsbCBhcyB0aGUNCiAgIHByaXZhdGUga2V5cyB1c2VkIHRvIGdlbmVyYXRl IHRoZSBtZXNzYWdlcyBhbmQgdGhlIGNlcnRpZmljYXRlcw0KICAgbmVjZXNzYXJ5IHRvIHZhbGlk YXRlIHRoZSBzaWduYXR1cmVzLg0KDQpDTVA6IE1heWJlIG92ZXJraWxsLCBidXQgbWlnaHQgYmUg dXNlZnVsIHRvIGV4cGxpY2l0bHkgc2F5IHRoYXQgdGhlIEFwcGVuZGl4IGlzIG5vbi1ub3JtYXRp dmUuIEp1c3QgYSB0aG91Z2h0IGZvciB5b3VyIGNvbnNpZGVyYXRpb24uDQoNCjIuMS4gQWxnb3Jp dGhtIElEIFR5cGVzDQoNCiAgIG8gIFNwZWNpYWwtVXNlIEFsZ29yaXRobSBJRA0KDQogICAgICBT cGVjaWFsLVVzZSBhbGdvcml0aG0gSURzIHNwYW4gZnJvbSAweEZBICgyNTApIHRvIDB4RkUgKDI1 NCkuICBUbw0KICAgICAgYWxsb3cgZG9jdW1lbnRhdGlvbiBhbmQgZXhwZXJpbWVudGF0aW9uIHRv IGFjY3VyYXRlbHkgZGVzY3JpYmUNCg0KQ01QOiBJIHdhcyB3b25kZXJpbmcgaWYgaXQgaXMgYXBw cm9wcmlhdGUgdG8gdXNlIGEgY29tbW9uIGJsb2NrIGZvciBib3RoIGRvY3VtZW50YXRpb24gKHBh cGVyKSBhbmQgZXhwZXJpbWVudGF0aW9uICh3aXJlIGluIGxhYnMpLiBDTVA6IEluIHRoaXMsIEkg bm90ZSB0aGF0IFJGQyA0NzI3IHNheXM6DQoNCiIgIEl0IGlzIG5vdA0KICAgYXBwcm9wcmlhdGUg dG8gdXNlIGFkZHJlc3NlcyBpbiB0aGUgZG9jdW1lbnRhdGlvbiBwcmVmaXggW1JGQzM4NDldDQog ICBmb3IgZXhwZXJpbWVudGF0aW9uLiINCg0KQ01QOiBTbywgd2hpbGUgSSBoYXZlIG5vIHN0cm9u ZyBwb3NpdGlvbiAoSSB0aGluayksIGl0IG1pZ2h0IGJlIHVzZWZ1bCB0byBjb25zaWRlciBzZXBh cmF0aW5nIHRoZXNlIHR3byBzZW1hbnRpY3Mgd2l0aCBkaWZmZXJlbnQgYWxsb2NhdGlvbnMuDQoN CjguICBSZWZlcmVuY2VzDQoNCkNNUDogTGFzdGx5LCBJIGFtIHN1cmUgQURzIGFyZSBjaGVja2lu ZyBkb3ducmVmcyBhbmQgdGhlIHN1Y2guDQoNCkFsc28gTml0czoNCg0KRm91bmQgcG9zc2libGUg SVB2NiBhZGRyZXNzICcyMDAxOjAwMTA6MDAwMDowMDAwOjAwMDA6MDAwMDpjNjMzOjY0NjQnIGlu IHBvc2l0aW9uIDc4MyBpbiB0aGUgcGFyYWdyYXBoOyB0aGlzIGRvZXNuJ3QgbWF0Y2ggUkZDIDM4 NDkncyBzdWdnZXN0ZWQNCjIwMDE6REI4OjovMzIgYWRkcmVzcyByYW5nZSBvciBSRkMgNDE5Mydz IFVuaXF1ZSBMb2NhbCBBZGRyZXNzIHJhbmdlIEZDMDA6Oi83Lg0KDQpDTVA6IEkgaG9wZSB0aGVz ZSBhcmUgdXNlZnVsLg0KDQpUaGFuayB5b3UsDQoNCkNhcmxvcyBQaWduYXRhcm8uDQoNCg== From nobody Thu Apr 11 14:30:27 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1714B120656; Thu, 11 Apr 2019 14:30:19 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nist.gov Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KG1nkdAtBL_5; Thu, 11 Apr 2019 14:30:16 -0700 (PDT) Received: from GCC01-DM2-obe.outbound.protection.outlook.com (mail-eopbgr840114.outbound.protection.outlook.com [40.107.84.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6359C1204AA; Thu, 11 Apr 2019 14:30:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nist.gov; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=LxtCEOkarfkplfnshsaoL28W+lHauRmVVTwt/0dKxOs=; b=ywpiP5/wGaBzqZ6VYcqgaG5lSGkefat5gEUAwzKzBvafdBvcYQ1Yn1j+1h5MeB0rPk7FB9TtWF/dZ1hdgVg6QYqmHDlRrttJC+WC2yLL8R/YXr5/02/VXTIKjOPmzRc/3YEZzmcyM/hxOwdXTHDlInPOstz6t7xaUMLlaHy3KxM= Received: from SN6PR09MB3167.namprd09.prod.outlook.com (20.177.250.204) by SN6PR09MB3165.namprd09.prod.outlook.com (20.177.250.202) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1771.21; Thu, 11 Apr 2019 21:30:11 +0000 Received: from SN6PR09MB3167.namprd09.prod.outlook.com ([fe80::694c:8a72:b9a7:5832]) by SN6PR09MB3167.namprd09.prod.outlook.com ([fe80::694c:8a72:b9a7:5832%2]) with mapi id 15.20.1771.021; Thu, 11 Apr 2019 21:30:11 +0000 From: "Borchert, Oliver (Fed)" To: Adam Roach , The IESG CC: "draft-ietf-sidrops-bgpsec-algs-rfc8208-bis@ietf.org" , Chris Morrow , "sidrops-chairs@ietf.org" , "sidrops@ietf.org" Thread-Topic: Adam Roach's Discuss on draft-ietf-sidrops-bgpsec-algs-rfc8208-bis-04: (with DISCUSS and COMMENT) Thread-Index: AQHU7+TomgBeH2NnAEacVxYvcq6yZqY3eeQQ Date: Thu, 11 Apr 2019 21:30:11 +0000 Message-ID: References: <155493194558.22757.15388423154564497249.idtracker@ietfa.amsl.com> In-Reply-To: <155493194558.22757.15388423154564497249.idtracker@ietfa.amsl.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=oliver.borchert@nist.gov; x-originating-ip: [129.6.140.119] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: f5f721a6-d27a-4c57-8390-08d6bec4e106 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600139)(711020)(4605104)(4618075)(2017052603328)(7193020); SRVR:SN6PR09MB3165; x-ms-traffictypediagnostic: SN6PR09MB3165: x-ms-exchange-purlcount: 2 x-microsoft-antispam-prvs: x-forefront-prvs: 00046D390F x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(346002)(396003)(366004)(39860400002)(136003)(376002)(199004)(54164003)(13464003)(189003)(14454004)(305945005)(6116002)(478600001)(3846002)(8676002)(966005)(6246003)(81156014)(53936002)(7736002)(45080400002)(81166006)(8936002)(66574012)(102836004)(186003)(53546011)(71200400001)(5660300002)(76176011)(99286004)(7696005)(33656002)(97736004)(4326008)(52536014)(26005)(6506007)(74316002)(25786009)(11346002)(476003)(2906002)(486006)(6436002)(110136005)(446003)(71190400001)(86362001)(55016002)(68736007)(54906003)(316002)(106356001)(105586002)(229853002)(256004)(9686003)(6306002)(66066001)(14444005); DIR:OUT; SFP:1102; SCL:1; SRVR:SN6PR09MB3165; H:SN6PR09MB3167.namprd09.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:3; received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: +yl3Jn7T4XKZfAA0ZMeSF09QjBQmPRck9KVhfUb8JUMLErTW7vJxRtLlSHlXmBvzGOv23kI9Ly6BE0d3bMR8UEJnx8n4fKQABo32gkSWut66lIAh/Gv7MZytfJhfpwhr2efsU0YbJux/wAT3BvByWkXuD7jn8xxlZveEXpwoHBFc2xqcRNptFhUEFOVVIe/UOGzVSAi618QWDfOn1Ei2JL+w2S1pz031ekAL9s/bS7/xTrE9B2ioKxOeEX9JufRWPggEFqn+CfdF5m+Iyi2ccD3fO/+Z36gRfa2MQE4LUy8AUc5Gg/ulZOxGqcXtl5M34jDeiRHKIZeLsFqBqSCjgica7N0GMJXBgAuyqhOqozcFZJphSO/0JXagCwYsTfbbGtNYSSeRLSPAfxFe6M9Cmx89FJsL4672w5hrnC9Qre8= Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-OriginatorOrg: nist.gov X-MS-Exchange-CrossTenant-Network-Message-Id: f5f721a6-d27a-4c57-8390-08d6bec4e106 X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Apr 2019 21:30:11.6030 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR09MB3165 Archived-At: Subject: Re: [Sidrops] Adam Roach's Discuss on draft-ietf-sidrops-bgpsec-algs-rfc8208-bis-04: (with DISCUSS and COMMENT) X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Apr 2019 21:30:20 -0000 QWRhbSwNCg0KQSBwcmV2aW91cyBjb21tZW50IG1lbnRpb25lZCB0byBzcGxpdCBTcGVjaWFsIC1V c2UgaW50byBFeHBlcmltZW50YWwgYW5kIERvY3VtZW50YXRpb24uIA0KSSBtYWRlIHRoZSBmb2xs b3dpbmcgbW9kaWZpY2F0aW9uIHdoaWNoIGFsc28gYWRkcmVzc2VzIHlvdXIgY29tbWVudDoNCg0K SW4gc2VjdGlvbiAyLCBJIHJlbW92ZWQgdGhlIFNwZWNpYWwtVXNlIElEIGFuZCByZXBsYWNlZCBp dCB3aXRoOg0KDQpvICBFeHBlcmltZW50YXRpb24gQWxnb3JpdGhtIElEDQoNCiAgICAgIEV4cGVy aW1lbnRhdGlvbiBhbGdvcml0aG0gSURzIHNwYW4gZnJvbSAweEY3ICgyNDcpIHRvIDB4RkEgKDI1 MCkuIA0KICAgICAgVG8gYWxsb3cgZXhwZXJpbWVudGF0aW9uIHRvIGFjY3VyYXRlbHkgZGVzY3Jp YmUgZGVwbG95bWVudA0KICAgICAgZXhhbXBsZXMsIHRoZSB1c2Ugb2YgcHVibGljbHkgYXNzaWdu ZWQgYWxnb3JpdGhtIElEcyBpcw0KICAgICAgaW5hcHByb3ByaWF0ZSwgYW5kIGEgcmVzZXJ2ZWQg YmxvY2sgb2YgRXhwZXJpbWVudGF0aW9uIGFsZ29yaXRobQ0KICAgICAgSURzIGlzIHJlcXVpcmVk LiAgVGhpcyBlbnN1cmVzIHRoYXQgZXhwZXJpbWVudGF0aW9uIGRvZXMgbm90IGNsYXNoDQogICAg ICB3aXRoIGFzc2lnbmVkIGFsZ29yaXRobSBJRHMgaW4gZGVwbG95ZWQgbmV0d29ya3MsIGFuZCBt aXRpZ2F0ZXMNCiAgICAgIHRoZSByaXNrcyB0byBvcGVyYXRpb25hbCBpbnRlZ3JpdHkgb2YgdGhl IG5ldHdvcmsgdGhyb3VnaA0KICAgICAgaW5hcHByb3ByaWF0ZSB1c2Ugb2YgZXhwZXJpbWVudGF0 aW9uIHRvIHBlcmZvcm0gbGl0ZXJhbA0KICAgICAgY29uZmlndXJhdGlvbiBvZiByb3V0aW5nIGVs ZW1lbnRzIG9uIHByb2R1Y3Rpb24gc3lzdGVtcy4gIEEgcm91dGVyDQogICAgICB0aGF0IGVuY291 bnRlcnMgYW4gYWxnb3JpdGhtIElEIG9mIHRoaXMgdHlwZSBvdXRzaWRlIG9mIGFuDQogICAgICBl eHBlcmltZW50YWwgbmV0d29yaywgU0hPVUxEIHRyZWF0IGl0IHRoZSBzYW1lIGFzDQogICAgICAi dW5zdXBwb3J0ZWQgYWxnb3JpdGhtIiBhcyBzcGVjaWZpZWQgaW4gU2VjdGlvbiA1LjIgb2YgW1JG QzgyMDVdLg0KDQogICBvICBEb2N1bWVudGF0aW9uIEFsZ29yaXRobSBJRA0KDQogICAgICBEb2N1 bWVudGF0aW9uIGFsZ29yaXRobSBJRHMgc3BhbiBmcm9tIDB4RkIgKDI1MSkgdG8gMHhGRSAoMjU0 KS4gDQogICAgICBUbyBhbGxvdyBkb2N1bWVudGF0aW9uIHRvIGFjY3VyYXRlbHkgZGVzY3JpYmUg ZGVwbG95bWVudCBleGFtcGxlcywNCiAgICAgIHRoZSB1c2Ugb2YgcHVibGljbHkgYXNzaWduZWQg YWxnb3JpdGhtIElEcyBpcyBpbmFwcHJvcHJpYXRlLCBhbmQgYQ0KICAgICAgcmVzZXJ2ZWQgYmxv Y2sgb2YgRG9jdW1lbnRhdGlvbiBhbGdvcml0aG0gSURzIGlzIHJlcXVpcmVkLiAgVGhpcw0KICAg ICAgZW5zdXJlcyB0aGF0IGRvY3VtZW50YXRpb24gZG9lcyBub3QgY2xhc2ggd2l0aCBhc3NpZ25l ZCBhbGdvcml0aG0NCiAgICAgIElEcyBpbiBkZXBsb3llZCBuZXR3b3JrcywgYW5kIG1pdGlnYXRl cyB0aGUgcmlza3MgdG8gb3BlcmF0aW9uYWwNCiAgICAgIGludGVncml0eSBvZiB0aGUgbmV0d29y ayB0aHJvdWdoIGluYXBwcm9wcmlhdGUgdXNlIG9mDQogICAgICBkb2N1bWVudGF0aW9uIHRvIHBl cmZvcm0gbGl0ZXJhbCBjb25maWd1cmF0aW9uIG9mIHJvdXRpbmcgZWxlbWVudHMNCiAgICAgIG9u IHByb2R1Y3Rpb24gc3lzdGVtcy4gIEEgcm91dGVyIHRoYXQgZW5jb3VudGVycyBhbiBhbGdvcml0 aG0gSUQNCiAgICAgIG9mIHRoaXMgdHlwZSBTSE9VTEQgdHJlYXQgaXQgdGhlIHNhbWUgYXMgInVu c3VwcG9ydGVkIGFsZ29yaXRobSINCiAgICAgIGFzIHNwZWNpZmllZCBpbiBTZWN0aW9uIDUuMiBv ZiBbUkZDODIwNV0uDQoNCg0KDQpBbmQgaW4gc2VjdGlvbiA3Og0KDQouLi4NCistLS0tLS0tLS0t LS0rLS0tLS0tLS0tLS0tLS0tLS0rLS0tLS0tLS0tLS0tLS0tLS0rLS0tLS0tLS0tLS0tLS0tLS0t Kw0KfCAweDAyLTB4RjYgIHwgVW5hc3NpZ25lZCAgICAgIHwgVW5hc3NpZ25lZCAgICAgIHwgICAg ICAgICAgICAgICAgICB8DQorLS0tLS0tLS0tLS0tKy0tLS0tLS0tLS0tLS0tLS0tKy0tLS0tLS0t LS0tLS0tLS0tKy0tLS0tLS0tLS0tLS0tLS0tLSsNCnwgMHhGNy0weEZBICB8IEV4cGVyaW1lbnRh dGlvbiB8IEV4cGVyaW1lbnRhdGlvbiB8IFRoaXMgRG9jdW1lbnQgICAgfA0KKy0tLS0tLS0tLS0t LSstLS0tLS0tLS0tLS0tLS0tLSstLS0tLS0tLS0tLS0tLS0tLSstLS0tLS0tLS0tLS0tLS0tLS0r DQp8IDB4RkItMHhGRSAgfCBEb2N1bWVudGF0aW9uICAgfCBEb2N1bWVudGF0aW9uICAgfCBUaGlz IERvY3VtZW50ICAgIHwNCistLS0tLS0tLS0tLS0rLS0tLS0tLS0tLS0tLS0tLS0rLS0tLS0tLS0t LS0tLS0tLS0rLS0tLS0tLS0tLS0tLS0tLS0tKw0KLi4uDQoNCkkgYmVsaWV2ZSB0aGlzIGRvZXMg cmVzb2x2ZSB0aGUgaXNzdWUsDQoNClRoYW5rcywNCk9saXZlcg0KDQoNCi0tLS0tT3JpZ2luYWwg TWVzc2FnZS0tLS0tDQpGcm9tOiBBZGFtIFJvYWNoIHZpYSBEYXRhdHJhY2tlciA8bm9yZXBseUBp ZXRmLm9yZz4gDQpTZW50OiBXZWRuZXNkYXksIEFwcmlsIDEwLCAyMDE5IDU6MzIgUE0NClRvOiBU aGUgSUVTRyA8aWVzZ0BpZXRmLm9yZz4NCkNjOiBkcmFmdC1pZXRmLXNpZHJvcHMtYmdwc2VjLWFs Z3MtcmZjODIwOC1iaXNAaWV0Zi5vcmc7IENocmlzIE1vcnJvdyA8bW9ycm93Y0BvcHMtbmV0bWFu Lm5ldD47IHNpZHJvcHMtY2hhaXJzQGlldGYub3JnOyBtb3Jyb3djQG9wcy1uZXRtYW4ubmV0OyBz aWRyb3BzQGlldGYub3JnDQpTdWJqZWN0OiBBZGFtIFJvYWNoJ3MgRGlzY3VzcyBvbiBkcmFmdC1p ZXRmLXNpZHJvcHMtYmdwc2VjLWFsZ3MtcmZjODIwOC1iaXMtMDQ6ICh3aXRoIERJU0NVU1MgYW5k IENPTU1FTlQpDQpJbXBvcnRhbmNlOiBIaWdoDQoNCkFkYW0gUm9hY2ggaGFzIGVudGVyZWQgdGhl IGZvbGxvd2luZyBiYWxsb3QgcG9zaXRpb24gZm9yDQpkcmFmdC1pZXRmLXNpZHJvcHMtYmdwc2Vj LWFsZ3MtcmZjODIwOC1iaXMtMDQ6IERpc2N1c3MNCg0KV2hlbiByZXNwb25kaW5nLCBwbGVhc2Ug a2VlcCB0aGUgc3ViamVjdCBsaW5lIGludGFjdCBhbmQgcmVwbHkgdG8gYWxsIGVtYWlsIGFkZHJl c3NlcyBpbmNsdWRlZCBpbiB0aGUgVG8gYW5kIENDIGxpbmVzLiAoRmVlbCBmcmVlIHRvIGN1dCB0 aGlzIGludHJvZHVjdG9yeSBwYXJhZ3JhcGgsIGhvd2V2ZXIuKQ0KDQoNClBsZWFzZSByZWZlciB0 byBodHRwczovL2djYzAxLnNhZmVsaW5rcy5wcm90ZWN0aW9uLm91dGxvb2suY29tLz91cmw9aHR0 cHMlM0ElMkYlMkZ3d3cuaWV0Zi5vcmclMkZpZXNnJTJGc3RhdGVtZW50JTJGZGlzY3Vzcy1jcml0 ZXJpYS5odG1sJmFtcDtkYXRhPTAyJTdDMDElN0NvbGl2ZXIuYm9yY2hlcnQlNDBuaXN0LmdvdiU3 Q2UzZDI1OGIyZmVjMjQ2ODY2OWIzMDhkNmJkZmMwODk3JTdDMmFiNWQ4MmZkOGZhNDc5N2E5M2Uw NTQ2NTVjNjFkZWMlN0MxJTdDMCU3QzYzNjkwNTI4NzUxMjg5MDUwNSZhbXA7c2RhdGE9ViUyRmt0 N1FFUGhNelg2T1ZldW5EUWgyQjhrQXEyeVdTYXFoeU9hUDdOUyUyRkUlM0QmYW1wO3Jlc2VydmVk PTANCmZvciBtb3JlIGluZm9ybWF0aW9uIGFib3V0IElFU0cgRElTQ1VTUyBhbmQgQ09NTUVOVCBw b3NpdGlvbnMuDQoNCg0KVGhlIGRvY3VtZW50LCBhbG9uZyB3aXRoIG90aGVyIGJhbGxvdCBwb3Np dGlvbnMsIGNhbiBiZSBmb3VuZCBoZXJlOg0KaHR0cHM6Ly9nY2MwMS5zYWZlbGlua3MucHJvdGVj dGlvbi5vdXRsb29rLmNvbS8/dXJsPWh0dHBzJTNBJTJGJTJGZGF0YXRyYWNrZXIuaWV0Zi5vcmcl MkZkb2MlMkZkcmFmdC1pZXRmLXNpZHJvcHMtYmdwc2VjLWFsZ3MtcmZjODIwOC1iaXMlMkYmYW1w O2RhdGE9MDIlN0MwMSU3Q29saXZlci5ib3JjaGVydCU0MG5pc3QuZ292JTdDZTNkMjU4YjJmZWMy NDY4NjY5YjMwOGQ2YmRmYzA4OTclN0MyYWI1ZDgyZmQ4ZmE0Nzk3YTkzZTA1NDY1NWM2MWRlYyU3 QzElN0MwJTdDNjM2OTA1Mjg3NTEyODkwNTA1JmFtcDtzZGF0YT1Fd0YlMkJiRW9YJTJCVzElMkYx NzFQa0tIZWVOOU5ja2RuR0VVTVQ5TTk3d2RsV1RnJTNEJmFtcDtyZXNlcnZlZD0wDQoNCg0KDQot LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tDQpESVNDVVNTOg0KLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KDQpUaGFua3MgdG8gZXZlcnlv bmUgd2hvIHdvcmtlZCBvbiB0aGlzIGRvY3VtZW50Lg0KDQpUaGlzIGlzc3VlIHNob3VsZCBiZSB0 cml2aWFsIHRvIGZpeCwgYnV0IGl0J3Mgc3RpbGwgYSBibG9ja2VyLg0KDQrCpzIuMToNCg0KPiAg ICAgU3BlY2lhbC1Vc2UgYWxnb3JpdGhtIElEcyBzcGFuIGZyb20gMHhGQSAoMjUwKSB0byAweEZF ICgyNTQpLg0KDQrCpzc6DQoNCj4gIEluIGFkZGl0aW9uIElBTkEgaXMgYXNrZWQgdG8gcmVnaXN0 ZXIgdGhlIGZvbGxvd2luZyBhZGRyZXNzIHNwYWNlIGZvcg0KPiAgIlNwZWNpYWwtVXNlIjoNCj4N Cj4gICAgQWxnb3JpdGhtICAgRGlnZXN0ICAgICAgICAgIFNpZ25hdHVyZSAgICAgICBTcGVjaWZp Y2F0aW9uDQo+ICAgIFN1aXRlICAgICAgIEFsZ29yaXRobSAgICAgICBBbGdvcml0aG0gICAgICAg UG9pbnRlcg0KPiAgICBJZGVudGlmaWVyDQo+ICArLS0tLS0tLS0tLS0tKy0tLS0tLS0tLS0tLS0t LSstLS0tLS0tLS0tLS0tLSstLS0tLS0tLS0tLS0tLS0tLS0tLS0tLSsNCj4gIHwgMHhGQi0weEZF ICB8IFNwZWNpYWwtVXNlICAgfCBTcGVjaWFsLVVzZSAgfCBUaGlzIERvY3VtZW50ICAgICAgICAg fA0KPiAgKy0tLS0tLS0tLS0tLSstLS0tLS0tLS0tLS0tLS0rLS0tLS0tLS0tLS0tLS0rLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0rDQoNCg0KVGhlIHJhbmdlcyBoZXJlIGRvIG5vdCBtYXRjaCAoWzB4 RkEtMHhGRV0gIT0gWzB4RkItMHhGRV0pLiBQcmVzdW1pbmcgdGhhdCB0aGUgdGV4dCBpbiBTZWN0 aW9uIDIuMSBpcyB3aGF0IHdhcyBpbnRlbmRlZCwgdGhpcyBpc3N1ZSBpbXBhY3RzIGFsbCBvZiB0 aGUgdGFibGVzIGluIHNlY3Rpb24gNy4NCg0KDQotLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQpDT01NRU5UOg0KLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLQ0KDQpJIGFncmVlIHdpdGggQWxleGV5J3MgZGlzY3Vzcy4NCg0KLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tDQoNCsKnNzoNCg0KPiAgVG8gYmUgbW9kaWZpZWQgdG86DQo+DQo+ICAgIEFsZ29y aXRobSAgIERpZ2VzdCAgICAgICAgICBTaWduYXR1cmUgICAgICAgU3BlY2lmaWNhdGlvbg0KPiAg ICBTdWl0ZSAgICAgICBBbGdvcml0aG0gICAgICAgQWxnb3JpdGhtICAgICAgIFBvaW50ZXINCj4g ICAgSWRlbnRpZmllcg0KPiAgKy0tLS0tLS0tLS0tLSstLS0tLS0tLS0tLS0tLS0rLS0tLS0tLS0t LS0tLS0rLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0rDQo+ICB8IDB4Mi0weEZBICAgfCBVbmFzc2ln bmVkICAgIHwgVW5hc3NpZ25lZCAgIHwgICAgICAgICAgICAgICAgICAgICAgIHwNCj4gICstLS0t LS0tLS0tLS0rLS0tLS0tLS0tLS0tLS0tKy0tLS0tLS0tLS0tLS0tKy0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tKw0KDQpOaXQ6IFRoZSBwcm9zZSBoYXMgYmVlbiB1cGRhdGVkIHRvIHVzZSAiMHgwMiIg cmF0aGVyIHRoYW4gIjB4MiIuIEl0IHdvdWxkIGJlIG5pY2UgaWYgdGhlIElBTkEgc2VjdGlvbiBt YXRjaGVkIHRoaXMgdXBkYXRlLg0KDQoNCg== From nobody Thu Apr 11 14:33:27 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D7CF9120220; Thu, 11 Apr 2019 14:33:20 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nist.gov Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UJ0-mIY5aO3M; Thu, 11 Apr 2019 14:33:18 -0700 (PDT) Received: from GCC01-DM2-obe.outbound.protection.outlook.com (mail-dm2gcc01on0701.outbound.protection.outlook.com [IPv6:2a01:111:f400:fd01::701]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 334AB120086; Thu, 11 Apr 2019 14:33:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nist.gov; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=dshmY8TS+whonlGPbVxGnEHqNDBDKX/ZlCt5sgafoR4=; b=CJcaMGtj3X+XWiJ3wM7DrW0YoRLjMG+QzLaBAddkTIMIPwP+BKQ5ML8ntMPklHf/FgPsEq6FmyUrBk7XrJdWNRqr+bBV8gnQiJVNk2I0hDKLnUviw84k8/tfnRMHmw8yGoH5MD2XEJT8ZkSamh2c+38Ga807mIDt9VdREvk0fXo= Received: from SN6PR09MB3167.namprd09.prod.outlook.com (20.177.250.204) by SN6PR09MB3165.namprd09.prod.outlook.com (20.177.250.202) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1771.21; Thu, 11 Apr 2019 21:33:16 +0000 Received: from SN6PR09MB3167.namprd09.prod.outlook.com ([fe80::694c:8a72:b9a7:5832]) by SN6PR09MB3167.namprd09.prod.outlook.com ([fe80::694c:8a72:b9a7:5832%2]) with mapi id 15.20.1771.021; Thu, 11 Apr 2019 21:33:16 +0000 From: "Borchert, Oliver (Fed)" To: Adam Roach , The IESG CC: "draft-ietf-sidrops-bgpsec-algs-rfc8208-bis@ietf.org" , Chris Morrow , "sidrops-chairs@ietf.org" , "sidrops@ietf.org" Thread-Topic: Adam Roach's Discuss on draft-ietf-sidrops-bgpsec-algs-rfc8208-bis-04: (with DISCUSS and COMMENT) Thread-Index: AQHU7+TomgBeH2NnAEacVxYvcq6yZqY3fD7A Date: Thu, 11 Apr 2019 21:33:16 +0000 Message-ID: References: <155493194558.22757.15388423154564497249.idtracker@ietfa.amsl.com> In-Reply-To: <155493194558.22757.15388423154564497249.idtracker@ietfa.amsl.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=oliver.borchert@nist.gov; x-originating-ip: [129.6.140.119] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: cb9ef805-8ea4-4ee1-ba70-08d6bec54f09 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600139)(711020)(4605104)(4618075)(2017052603328)(7193020); SRVR:SN6PR09MB3165; x-ms-traffictypediagnostic: SN6PR09MB3165: x-ms-exchange-purlcount: 2 x-microsoft-antispam-prvs: x-forefront-prvs: 00046D390F x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(346002)(396003)(366004)(39860400002)(136003)(376002)(199004)(54164003)(13464003)(189003)(14454004)(305945005)(6116002)(478600001)(3846002)(8676002)(966005)(6246003)(81156014)(53936002)(7736002)(45080400002)(81166006)(8936002)(102836004)(186003)(53546011)(71200400001)(5660300002)(76176011)(99286004)(7696005)(33656002)(97736004)(4326008)(52536014)(26005)(6506007)(74316002)(25786009)(11346002)(476003)(2906002)(486006)(6436002)(110136005)(446003)(71190400001)(86362001)(55016002)(68736007)(54906003)(316002)(106356001)(105586002)(229853002)(256004)(9686003)(6306002)(66066001)(14444005); DIR:OUT; SFP:1102; SCL:1; SRVR:SN6PR09MB3165; H:SN6PR09MB3167.namprd09.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: jHrOG6X1MYo/hl69sVaGuKehnvReuIHYm2Y39+elHhTj9/0APx+EwBbEvungMQR/w4d3wGx/Q2DUA6ROVdjauQKLfw45bWzfAWx9Daxwg4NjmFEHK5ZUEEfFUaNPb0TQW+oI3Bc8HyqYT9YkVOi3jPsFaTPOajIPu/Mck2Lnk9cwa/Vxve/Ym1LQh0SrJKtdFqJrWhciqgRZ9XZ/HjMH3gDZ4gRw2T1Dd8GJxKd0taFCN2U9a3XGTQLMsrQhfqXBkS2o2MFB+7duiRV8om8c/OqnHfyHSd2uUHXXuU5go4sHBcPJRMnvBWlA3w5PZ6jXRHthd0TreSbgrV9Ptemio8mvidbkP2628Ip7AP2caF85ErfOSH9ZpbUL4N9pFrBa8ne//kc+4bWdEGh0y3MkyzbNS5xXWAgFBEL7MgFLaos= Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-OriginatorOrg: nist.gov X-MS-Exchange-CrossTenant-Network-Message-Id: cb9ef805-8ea4-4ee1-ba70-08d6bec54f09 X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Apr 2019 21:33:16.2245 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR09MB3165 Archived-At: Subject: Re: [Sidrops] Adam Roach's Discuss on draft-ietf-sidrops-bgpsec-algs-rfc8208-bis-04: (with DISCUSS and COMMENT) X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Apr 2019 21:33:21 -0000 QWRhbSwNCg0KSSBhbHNvIGFkZHJlc3NlZCAuLi4NCg0Kwqc3Og0KDQo+ICBUbyBiZSBtb2RpZmll ZCB0bzoNCj4NCj4gICAgQWxnb3JpdGhtICAgRGlnZXN0ICAgICAgICAgIFNpZ25hdHVyZSAgICAg ICBTcGVjaWZpY2F0aW9uDQo+ICAgIFN1aXRlICAgICAgIEFsZ29yaXRobSAgICAgICBBbGdvcml0 aG0gICAgICAgUG9pbnRlcg0KPiAgICBJZGVudGlmaWVyIA0KPiAgKy0tLS0tLS0tLS0tLSstLS0t LS0tLS0tLS0tLS0rLS0tLS0tLS0tLS0tLS0rLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0rDQo+ICB8 IDB4Mi0weEZBICAgfCBVbmFzc2lnbmVkICAgIHwgVW5hc3NpZ25lZCAgIHwgICAgICAgICAgICAg ICAgICAgICAgIHwNCj4gICstLS0tLS0tLS0tLS0rLS0tLS0tLS0tLS0tLS0tKy0tLS0tLS0tLS0t LS0tKy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tKw0KDQpBbmQgY2hhbmdlZCBpdCB0byANCg0KKy0t LS0tLS0tLS0tLSstLS0tLS0tLS0tLS0tLS0rLS0tLS0tLS0tLS0tLS0rLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0rDQp8IDB4MDItMHhGQSAgIHwgVW5hc3NpZ25lZCAgICB8IFVuYXNzaWduZWQgICB8 ICAgICAgICAgICAgICAgICAgICAgICB8DQorLS0tLS0tLS0tLS0tKy0tLS0tLS0tLS0tLS0tLSst LS0tLS0tLS0tLS0tLSstLS0tLS0tLS0tLS0tLS0tLS0tLS0tLSsNCg0KDQpUaGFua3MsDQpPbGl2 ZXINCg0KDQotLS0tLU9yaWdpbmFsIE1lc3NhZ2UtLS0tLQ0KRnJvbTogQWRhbSBSb2FjaCB2aWEg RGF0YXRyYWNrZXIgPG5vcmVwbHlAaWV0Zi5vcmc+IA0KU2VudDogV2VkbmVzZGF5LCBBcHJpbCAx MCwgMjAxOSA1OjMyIFBNDQpUbzogVGhlIElFU0cgPGllc2dAaWV0Zi5vcmc+DQpDYzogZHJhZnQt aWV0Zi1zaWRyb3BzLWJncHNlYy1hbGdzLXJmYzgyMDgtYmlzQGlldGYub3JnOyBDaHJpcyBNb3Jy b3cgPG1vcnJvd2NAb3BzLW5ldG1hbi5uZXQ+OyBzaWRyb3BzLWNoYWlyc0BpZXRmLm9yZzsgbW9y cm93Y0BvcHMtbmV0bWFuLm5ldDsgc2lkcm9wc0BpZXRmLm9yZw0KU3ViamVjdDogQWRhbSBSb2Fj aCdzIERpc2N1c3Mgb24gZHJhZnQtaWV0Zi1zaWRyb3BzLWJncHNlYy1hbGdzLXJmYzgyMDgtYmlz LTA0OiAod2l0aCBESVNDVVNTIGFuZCBDT01NRU5UKQ0KSW1wb3J0YW5jZTogSGlnaA0KDQpBZGFt IFJvYWNoIGhhcyBlbnRlcmVkIHRoZSBmb2xsb3dpbmcgYmFsbG90IHBvc2l0aW9uIGZvcg0KZHJh ZnQtaWV0Zi1zaWRyb3BzLWJncHNlYy1hbGdzLXJmYzgyMDgtYmlzLTA0OiBEaXNjdXNzDQoNCldo ZW4gcmVzcG9uZGluZywgcGxlYXNlIGtlZXAgdGhlIHN1YmplY3QgbGluZSBpbnRhY3QgYW5kIHJl cGx5IHRvIGFsbCBlbWFpbCBhZGRyZXNzZXMgaW5jbHVkZWQgaW4gdGhlIFRvIGFuZCBDQyBsaW5l cy4gKEZlZWwgZnJlZSB0byBjdXQgdGhpcyBpbnRyb2R1Y3RvcnkgcGFyYWdyYXBoLCBob3dldmVy LikNCg0KDQpQbGVhc2UgcmVmZXIgdG8gaHR0cHM6Ly9nY2MwMS5zYWZlbGlua3MucHJvdGVjdGlv bi5vdXRsb29rLmNvbS8/dXJsPWh0dHBzJTNBJTJGJTJGd3d3LmlldGYub3JnJTJGaWVzZyUyRnN0 YXRlbWVudCUyRmRpc2N1c3MtY3JpdGVyaWEuaHRtbCZhbXA7ZGF0YT0wMiU3QzAxJTdDb2xpdmVy LmJvcmNoZXJ0JTQwbmlzdC5nb3YlN0NlM2QyNThiMmZlYzI0Njg2NjliMzA4ZDZiZGZjMDg5NyU3 QzJhYjVkODJmZDhmYTQ3OTdhOTNlMDU0NjU1YzYxZGVjJTdDMSU3QzAlN0M2MzY5MDUyODc1MTI4 OTA1MDUmYW1wO3NkYXRhPVYlMkZrdDdRRVBoTXpYNk9WZXVuRFFoMkI4a0FxMnlXU2FxaHlPYVA3 TlMlMkZFJTNEJmFtcDtyZXNlcnZlZD0wDQpmb3IgbW9yZSBpbmZvcm1hdGlvbiBhYm91dCBJRVNH IERJU0NVU1MgYW5kIENPTU1FTlQgcG9zaXRpb25zLg0KDQoNClRoZSBkb2N1bWVudCwgYWxvbmcg d2l0aCBvdGhlciBiYWxsb3QgcG9zaXRpb25zLCBjYW4gYmUgZm91bmQgaGVyZToNCmh0dHBzOi8v Z2NjMDEuc2FmZWxpbmtzLnByb3RlY3Rpb24ub3V0bG9vay5jb20vP3VybD1odHRwcyUzQSUyRiUy RmRhdGF0cmFja2VyLmlldGYub3JnJTJGZG9jJTJGZHJhZnQtaWV0Zi1zaWRyb3BzLWJncHNlYy1h bGdzLXJmYzgyMDgtYmlzJTJGJmFtcDtkYXRhPTAyJTdDMDElN0NvbGl2ZXIuYm9yY2hlcnQlNDBu aXN0LmdvdiU3Q2UzZDI1OGIyZmVjMjQ2ODY2OWIzMDhkNmJkZmMwODk3JTdDMmFiNWQ4MmZkOGZh NDc5N2E5M2UwNTQ2NTVjNjFkZWMlN0MxJTdDMCU3QzYzNjkwNTI4NzUxMjg5MDUwNSZhbXA7c2Rh dGE9RXdGJTJCYkVvWCUyQlcxJTJGMTcxUGtLSGVlTjlOY2tkbkdFVU1UOU05N3dkbFdUZyUzRCZh bXA7cmVzZXJ2ZWQ9MA0KDQoNCg0KLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KRElTQ1VTUzoNCi0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0NCg0KVGhhbmtzIHRvIGV2ZXJ5b25lIHdobyB3b3JrZWQgb24gdGhpcyBkb2N1bWVudC4NCg0K VGhpcyBpc3N1ZSBzaG91bGQgYmUgdHJpdmlhbCB0byBmaXgsIGJ1dCBpdCdzIHN0aWxsIGEgYmxv Y2tlci4NCg0KwqcyLjE6DQoNCj4gICAgIFNwZWNpYWwtVXNlIGFsZ29yaXRobSBJRHMgc3BhbiBm cm9tIDB4RkEgKDI1MCkgdG8gMHhGRSAoMjU0KS4NCg0Kwqc3Og0KDQo+ICBJbiBhZGRpdGlvbiBJ QU5BIGlzIGFza2VkIHRvIHJlZ2lzdGVyIHRoZSBmb2xsb3dpbmcgYWRkcmVzcyBzcGFjZSBmb3IN Cj4gICJTcGVjaWFsLVVzZSI6DQo+DQo+ICAgIEFsZ29yaXRobSAgIERpZ2VzdCAgICAgICAgICBT aWduYXR1cmUgICAgICAgU3BlY2lmaWNhdGlvbg0KPiAgICBTdWl0ZSAgICAgICBBbGdvcml0aG0g ICAgICAgQWxnb3JpdGhtICAgICAgIFBvaW50ZXINCj4gICAgSWRlbnRpZmllcg0KPiAgKy0tLS0t LS0tLS0tLSstLS0tLS0tLS0tLS0tLS0rLS0tLS0tLS0tLS0tLS0rLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0rDQo+ICB8IDB4RkItMHhGRSAgfCBTcGVjaWFsLVVzZSAgIHwgU3BlY2lhbC1Vc2UgIHwg VGhpcyBEb2N1bWVudCAgICAgICAgIHwNCj4gICstLS0tLS0tLS0tLS0rLS0tLS0tLS0tLS0tLS0t Ky0tLS0tLS0tLS0tLS0tKy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tKw0KDQoNClRoZSByYW5nZXMg aGVyZSBkbyBub3QgbWF0Y2ggKFsweEZBLTB4RkVdICE9IFsweEZCLTB4RkVdKS4gUHJlc3VtaW5n IHRoYXQgdGhlIHRleHQgaW4gU2VjdGlvbiAyLjEgaXMgd2hhdCB3YXMgaW50ZW5kZWQsIHRoaXMg aXNzdWUgaW1wYWN0cyBhbGwgb2YgdGhlIHRhYmxlcyBpbiBzZWN0aW9uIDcuDQoNCg0KLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLQ0KQ09NTUVOVDoNCi0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCg0KSSBhZ3JlZSB3aXRoIEFsZXhleSdz IGRpc2N1c3MuDQoNCi0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KDQrCpzc6DQoNCj4gIFRvIGJlIG1vZGlm aWVkIHRvOg0KPg0KPiAgICBBbGdvcml0aG0gICBEaWdlc3QgICAgICAgICAgU2lnbmF0dXJlICAg ICAgIFNwZWNpZmljYXRpb24NCj4gICAgU3VpdGUgICAgICAgQWxnb3JpdGhtICAgICAgIEFsZ29y aXRobSAgICAgICBQb2ludGVyDQo+ICAgIElkZW50aWZpZXINCj4gICstLS0tLS0tLS0tLS0rLS0t LS0tLS0tLS0tLS0tKy0tLS0tLS0tLS0tLS0tKy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tKw0KPiAg fCAweDItMHhGQSAgIHwgVW5hc3NpZ25lZCAgICB8IFVuYXNzaWduZWQgICB8ICAgICAgICAgICAg ICAgICAgICAgICB8DQo+ICArLS0tLS0tLS0tLS0tKy0tLS0tLS0tLS0tLS0tLSstLS0tLS0tLS0t LS0tLSstLS0tLS0tLS0tLS0tLS0tLS0tLS0tLSsNCg0KTml0OiBUaGUgcHJvc2UgaGFzIGJlZW4g dXBkYXRlZCB0byB1c2UgIjB4MDIiIHJhdGhlciB0aGFuICIweDIiLiBJdCB3b3VsZCBiZSBuaWNl IGlmIHRoZSBJQU5BIHNlY3Rpb24gbWF0Y2hlZCB0aGlzIHVwZGF0ZS4NCg0KDQo= From nobody Thu Apr 11 15:42:29 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 393731203F6; Thu, 11 Apr 2019 15:42:22 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.679 X-Spam-Level: X-Spam-Status: No, score=-1.679 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, T_SPF_HELO_PERMERROR=0.01, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=nostrum.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kPMgRI13izQM; Thu, 11 Apr 2019 15:42:20 -0700 (PDT) Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 39319120405; Thu, 11 Apr 2019 15:42:20 -0700 (PDT) Received: from MacBook-Pro.roach.at (99-152-146-228.lightspeed.dllstx.sbcglobal.net [99.152.146.228]) (authenticated bits=0) by nostrum.com (8.15.2/8.15.2) with ESMTPSA id x3BMgFhP012398 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Thu, 11 Apr 2019 17:42:16 -0500 (CDT) (envelope-from adam@nostrum.com) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=nostrum.com; s=default; t=1555022537; bh=1hXEXur/czUpo5Plm4FI5VKLJVSsU0+j5DOOqzyO+lg=; h=Subject:To:Cc:References:From:Date:In-Reply-To; b=JYFedHrNBWHmmPCbP+6hdJONqocxz3CQv7OqfuuJMtMFI0spCKWsgdkS3Tdze6BBX +PQ7TXwbORWPRmHTEANTnnQvBzj//OlveMAV0t8x/0X21DXSPglvdv5Pca6vnrcSw6 EfsnCP/Jc6ZSFAUyxfAZdPbHsQDBNngH5r2MtcMg= X-Authentication-Warning: raven.nostrum.com: Host 99-152-146-228.lightspeed.dllstx.sbcglobal.net [99.152.146.228] claimed to be MacBook-Pro.roach.at To: "Borchert, Oliver (Fed)" , The IESG Cc: Chris Morrow , "sidrops-chairs@ietf.org" , "sidrops@ietf.org" , "draft-ietf-sidrops-bgpsec-algs-rfc8208-bis@ietf.org" References: <155493194558.22757.15388423154564497249.idtracker@ietfa.amsl.com> From: Adam Roach Message-ID: Date: Thu, 11 Apr 2019 17:42:10 -0500 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:60.0) Gecko/20100101 Thunderbird/60.6.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US Archived-At: Subject: Re: [Sidrops] Adam Roach's Discuss on draft-ietf-sidrops-bgpsec-algs-rfc8208-bis-04: (with DISCUSS and COMMENT) X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Apr 2019 22:42:23 -0000 Thanks! These two changes look good to me. I'll clear when a new version of the draft is submitted (note, however, that I am out of the office tomorrow). /a On 4/11/19 4:33 PM, Borchert, Oliver (Fed) wrote: > Adam, > > I also addressed ... > > §7: > >> To be modified to: >> >> Algorithm Digest Signature Specification >> Suite Algorithm Algorithm Pointer >> Identifier >> +------------+---------------+--------------+-----------------------+ >> | 0x2-0xFA | Unassigned | Unassigned | | >> +------------+---------------+--------------+-----------------------+ > And changed it to > > +------------+---------------+--------------+-----------------------+ > | 0x02-0xFA | Unassigned | Unassigned | | > +------------+---------------+--------------+-----------------------+ > > > Thanks, > Oliver > > > -----Original Message----- > From: Adam Roach via Datatracker > Sent: Wednesday, April 10, 2019 5:32 PM > To: The IESG > Cc: draft-ietf-sidrops-bgpsec-algs-rfc8208-bis@ietf.org; Chris Morrow ; sidrops-chairs@ietf.org; morrowc@ops-netman.net; sidrops@ietf.org > Subject: Adam Roach's Discuss on draft-ietf-sidrops-bgpsec-algs-rfc8208-bis-04: (with DISCUSS and COMMENT) > Importance: High > > Adam Roach has entered the following ballot position for > draft-ietf-sidrops-bgpsec-algs-rfc8208-bis-04: Discuss > > When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) > > > Please refer to https://gcc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fiesg%2Fstatement%2Fdiscuss-criteria.html&data=02%7C01%7Coliver.borchert%40nist.gov%7Ce3d258b2fec2468669b308d6bdfc0897%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C636905287512890505&sdata=V%2Fkt7QEPhMzX6OVeunDQh2B8kAq2yWSaqhyOaP7NS%2FE%3D&reserved=0 > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://gcc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-ietf-sidrops-bgpsec-algs-rfc8208-bis%2F&data=02%7C01%7Coliver.borchert%40nist.gov%7Ce3d258b2fec2468669b308d6bdfc0897%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C636905287512890505&sdata=EwF%2BbEoX%2BW1%2F171PkKHeeN9NckdnGEUMT9M97wdlWTg%3D&reserved=0 > > > > ---------------------------------------------------------------------- > DISCUSS: > ---------------------------------------------------------------------- > > Thanks to everyone who worked on this document. > > This issue should be trivial to fix, but it's still a blocker. > > §2.1: > >> Special-Use algorithm IDs span from 0xFA (250) to 0xFE (254). > §7: > >> In addition IANA is asked to register the following address space for >> "Special-Use": >> >> Algorithm Digest Signature Specification >> Suite Algorithm Algorithm Pointer >> Identifier >> +------------+---------------+--------------+-----------------------+ >> | 0xFB-0xFE | Special-Use | Special-Use | This Document | >> +------------+---------------+--------------+-----------------------+ > > The ranges here do not match ([0xFA-0xFE] != [0xFB-0xFE]). Presuming that the text in Section 2.1 is what was intended, this issue impacts all of the tables in section 7. > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > I agree with Alexey's discuss. > > --------------------------------------------------------------------------- > > §7: > >> To be modified to: >> >> Algorithm Digest Signature Specification >> Suite Algorithm Algorithm Pointer >> Identifier >> +------------+---------------+--------------+-----------------------+ >> | 0x2-0xFA | Unassigned | Unassigned | | >> +------------+---------------+--------------+-----------------------+ > Nit: The prose has been updated to use "0x02" rather than "0x2". It would be nice if the IANA section matched this update. > > From nobody Thu Apr 11 21:27:47 2019 Return-Path: X-Original-To: sidrops@ietf.org Delivered-To: sidrops@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id EB38612008A; Thu, 11 Apr 2019 21:27:45 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: Cc: sidrops@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.95.0 Auto-Submitted: auto-generated Precedence: bulk Reply-To: sidrops@ietf.org Message-ID: <155504326588.14168.14003526367241373495@ietfa.amsl.com> Date: Thu, 11 Apr 2019 21:27:45 -0700 Archived-At: Subject: [Sidrops] I-D Action: draft-ietf-sidrops-rtr-keying-05.txt X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Apr 2019 04:27:46 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the SIDR Operations WG of the IETF. Title : Router Keying for BGPsec Authors : Randy Bush Sean Turner Keyur Patel Filename : draft-ietf-sidrops-rtr-keying-05.txt Pages : 19 Date : 2019-04-11 Abstract: BGPsec-speaking routers are provisioned with private keys in order to sign BGPsec announcements. The corresponding public keys are published in the global Resource Public Key Infrastructure, enabling verification of BGPsec messages. This document describes two methods of generating the public-private key-pairs: router-driven and operator-driven. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-sidrops-rtr-keying/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-sidrops-rtr-keying-05 https://datatracker.ietf.org/doc/html/draft-ietf-sidrops-rtr-keying-05 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-sidrops-rtr-keying-05 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Thu Apr 11 21:28:45 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A1BB3120094 for ; Thu, 11 Apr 2019 21:28:43 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vFXpISCrQQK5 for ; Thu, 11 Apr 2019 21:28:41 -0700 (PDT) Received: from mail-qk1-x72d.google.com (mail-qk1-x72d.google.com [IPv6:2607:f8b0:4864:20::72d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 002EF12003F for ; Thu, 11 Apr 2019 21:28:40 -0700 (PDT) Received: by mail-qk1-x72d.google.com with SMTP id o129so4885558qke.8 for ; Thu, 11 Apr 2019 21:28:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=3ZIWQISjErt4ZYPfQuHC+rKoit7m5kHkDeHlfqmVgMI=; b=HFr1ZNnv5I8Snl0MmvIUCLEUOJw4awa0+Fr4qIeq8V9VyEwPxX1pyRgmziFacwpjG6 DNxuYSubsMMtdcJ3n5oQkckigkG4nr+R+5KbjJCojvWdk7YgybVNhxthnp5daN8cffDi SvMXm0hjy/kW+fpgmfSAK5fL1HCiv6F8F0yWI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=3ZIWQISjErt4ZYPfQuHC+rKoit7m5kHkDeHlfqmVgMI=; b=jsZuM0j85UruAK57uHd2GK1VrVcoU8xCDnbNCL5A6FU/XOnG5aer2ayL/pbnANK2WS bC7EhtLiA5O4Vr1F6ph+5RwRJwyl5nvDVRCktc8dlJz6yCQADBHY7+/+bzrky2RiBUYe 2cZfqilZ70gAQ9DkG5lAGMxG/E3POf2PEaWsZHNSQnSI+SYQCrpu+iOiSmpTX5mJIzHL cPo1SfpfUm9TKAs9v0dHQdEJTXztmZytUCvzMj50F6cUWqRGI0U2Hi3wsy69P5REdxC7 pR5w//P7h3KFO+0lGasPiKufcVQ7P7DROm+2e7NmvMzCs48DfaI+MTi9w9C7y3WrjnZp neKA== X-Gm-Message-State: APjAAAVQzzRAmeoJaFuAoqQWcEZGM02UOmF7koEA6eR6sm0vx8Ok9Hi/ nNBy+pTcKSf2qGzIa+B/nBiPYQ== X-Google-Smtp-Source: APXvYqyJPQUQEtQQ5EtL3hwS3U/OFXELeWVFmJk2jb/9Q8DeNL2M+jQVw7pEQCt2bk6JHtyoWHcZjA== X-Received: by 2002:a37:bb07:: with SMTP id l7mr41652330qkf.51.1555043320014; Thu, 11 Apr 2019 21:28:40 -0700 (PDT) Received: from sn3rd.lan ([75.102.131.36]) by smtp.gmail.com with ESMTPSA id z20sm23912240qkb.52.2019.04.11.21.28.38 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 11 Apr 2019 21:28:39 -0700 (PDT) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.8\)) From: Sean Turner In-Reply-To: Date: Fri, 12 Apr 2019 00:28:35 -0400 Cc: Alissa Cooper , The IESG , SIDROps Chairs , Chris Morrow , SIDR Operations WG , draft-ietf-sidrops-rtr-keying@ietf.org Content-Transfer-Encoding: quoted-printable Message-Id: References: <154830586386.7517.12515642346949342885.idtracker@ietfa.amsl.com> <587443F2-D022-4109-AFF7-E6C06091E151@sn3rd.com> To: Eric Rescorla X-Mailer: Apple Mail (2.3445.104.8) Archived-At: Subject: Re: [Sidrops] Eric Rescorla's Discuss on draft-ietf-sidrops-rtr-keying-03: (with DISCUSS and COMMENT) X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Apr 2019 04:28:44 -0000 > On Mar 22, 2019, at 06:23, Eric Rescorla wrote: >=20 >=20 >=20 > On Tue, Feb 12, 2019 at 6:25 PM Sean Turner wrote: >=20 >=20 > > On Jan 23, 2019, at 23:57, Eric Rescorla wrote: > >=20 > > Eric Rescorla has entered the following ballot position for > > draft-ietf-sidrops-rtr-keying-03: Discuss > >=20 > > When responding, please keep the subject line intact and reply to = all > > email addresses included in the To and CC lines. (Feel free to cut = this > > introductory paragraph, however.) > >=20 > >=20 > > Please refer to = https://www.ietf.org/iesg/statement/discuss-criteria.html > > for more information about IESG DISCUSS and COMMENT positions. > >=20 > >=20 > > The document, along with other ballot positions, can be found here: > > https://datatracker.ietf.org/doc/draft-ietf-sidrops-rtr-keying/ > >=20 > >=20 > >=20 > > = ---------------------------------------------------------------------- > > DISCUSS: > > = ---------------------------------------------------------------------- > >=20 > > Rich version of this review at: > > https://mozphab-ietf.devsvcdev.mozaws.net/D13996 > >=20 > >=20 > >=20 > > DETAIL > > S 2. > >>=20 > >> Operators are free to use either the router-driven or = operator-driven > >> method as supported by the platform. Regardless of the method > >> chosen, operators first establish a protected channel between = the > >> management system and the router. How this protected channel = is > >> established is router-specific and is beyond scope of this = document. > >=20 > > This seems rather under-specified. Given that we know that people = are > > not careful about this, I think you need to specify some sort of > > minimum requirements for this channel. That need not be a particular > > protocol, but it needs to specify the security properties it = provides. > > I see you have some SHOULD-level language later, but I think you = need > > MUST level, and as noted below, I think the guidance is wrong. >=20 > Alissa had a comment in the same vein so I hope to address both here. >=20 > In the future, routers may come with key material burned into them = that the router can then use to securely communicate with the operator = (e.g., brewski or something akin to what=E2=80=99s in s8), but the = reality is that the routers arrive with nada on them. So, s2 is about = how the operator gets keying material into the router that it can then = later use to secure communications with the operator. There=E2=80=99s = two ways to get this done and there=E2=80=99s an initial leap of faith = that has to happen (i.e., there=E2=80=99s -no- security on first = connect): >=20 > - the operator connects directly through the =E2=80=9Ccraft=E2=80=9D = port and =E2=80=9Csquirts=E2=80=9D the keying material in and configures = the router to use SSH (or whatever) for future connections. It=E2=80=99s = also going to set up it=E2=80=99s AS number and whatever else goes in = the config file to make the protocol run. >=20 > - the operator connects over a network port and squirts the keying = material in and configures the router to use SSH (or whatever) for = future connections. But, chances are very high that the operator = connects to the router via SSH, and probably with some generic lame pwd. >=20 > So while I agree we want to better specify what kind of protections = this channel should provide I am unsure what to write if the router has = no keying material whatsoever when the operator gets first it. >=20 > OK. I think you need to lay this out in the text in more detail, but = I'll trust you to do it. I=E2=80=99m suggesting the following text in s2: To be clear: for both of these methods, an initial leap-of-faith is required because the router has no keying material that it can use to protect communications with anyone or anything. Because of this initial leap of faith, a direct physical connection is safer than connecting via a network connection because there is less chance of a man in the middle. Once keying material is established on the router, the communications channel must prevent eavesdropping, tampering, and message forgery. This initial leap-of-faith will no longer be required once routers are delivered to operators with operator-trusted keying material. > > S 5.2. > >> the BGP Identifier when it sends the CSR to the CA. > >>=20 > >> Even if the operator cannot extract the private key from the = router, > >> this signature still provides a linkage between a private key = and a > >> router. That is, the operator can verify the proof of = possession > >> (POP), as required by [RFC6484]. > >=20 > > It's not clear to me what is being claimed in terms of PoP here. As = I > > understand it, the certificate is a binding between the AS = number/BGP > > identifier pair and the public key, but if neither of those is in = the > > PKCS#10 request, then they're not signed over by the private key, = and > > so PoP isn't really operative. The relevant question is whether if I > > obtain the PKCS#10 request I can obtain a certificate for an = identity > > other than the intended one. >=20 > 1st baed on somebody else=E2=80=99s comment we=E2=80=99re moving that = paragraph to s5.1. It=E2=80=99s out of place in s5.2 because If the = operator can generate the key well they certainly have access to it. >=20 > The POP we=E2=80=99re getting is that the router has the key. If = there=E2=80=99s nothing in the CSR but the operator is the middle-man = then the operator can tell the CA this CSR goes with this name though = some other means. >=20 > But this *isn't* PoP because you can transplant the CSR into another = context. Here the operator is doing the POP check and if the channel the operator = is talking to the router over is secured after initial set-up then the = operator can be sure that the entity that signed the CSR after the = operator requested the router sign the CSR is the CSR. The operator can = then act as the RA to tell the CA that it was the one that the POP = check. If the operator is trying to be a bad guy then sure all bets are = off. > >> the CA prior to operator initiating the router's CSR. CAs = use > >> authentication material to determine whether the router is > >> eligible to receive a certificate. Authentication material = at a > >> minimum includes the router's AS number and BGP Identifier = as > >> well as the router's key material, but can also include > >> additional information. Authentication material can be > >=20 > > Surely it also includes some information that allows the router to > > prove it is entitled to a key with that AS and BGP identifier, but = I'm > > not seeing this here. >=20 > I guess maybe I am confused because I thought that=E2=80=99s what the = entire bullet was about. The operator is priming the CA with = information that will allow the router to begin contacting the CA = without the operator in the middle. >=20 > Yes, but my point is what ties this to the identity? Some account = entry on the CA? On the router side it=E2=80=99s the CSR and on the CA side it=E2=80=99s = some kind of account entry on the CA. I will add the following to the = bullet: The CA stores this authentication material in an account entry for the = router so that it can later be compared against the CSR prior to the CA = issuing a certificate to the router. > > S 1. > >> operator-driven method. Routers are required to support at = least one > >> of the methods in order to work in various deployment = environments. > >> Some routers may not allow the private key to be off-loaded = while > >> others may. While off-loading private keys would ease swapping = of > >> routing engines, exposure of private keys is a well known = security > >> risk. > >=20 > > This is a somewhat shallow treatment of this. Specifically: > >=20 > > 1. There are multiple ways in which a device might allow a key not = to > > be exported. For instance, there might not be a command, but it = might > > be in unencrypted NVRAM. Or, it might be in an HSM. These have very > > different security properties. > >=20 > > 2. There are designs which allow a key to be moved from device to > > device without exposure, e.g.,, a hardware token. >=20 > I agree it=E2=80=99s a little/lot shallow, but I am not sure what = digging deeper is going to accomplish here especially in the intro. >=20 > Well, my point is that it misrepresents the situation.=20 I=E2=80=99m dropping everything from that paragraph after the 1st = sentence. A new version was posted: https://datatracker.ietf.org/doc/draft-ietf-sidrops-rtr-keying/ spt= From nobody Fri Apr 12 06:24:40 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 71F8A1201DA; Fri, 12 Apr 2019 06:24:32 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nist.gov Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8lNu4zED_JlM; Fri, 12 Apr 2019 06:24:29 -0700 (PDT) Received: from GCC01-DM2-obe.outbound.protection.outlook.com (mail-eopbgr840135.outbound.protection.outlook.com [40.107.84.135]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5A43512037F; Fri, 12 Apr 2019 06:24:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nist.gov; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=1xfY8B79MXrCM7k+pd0kmHNpyF8tBppR7nWGN/aUOvQ=; b=qYmbeQTsCGW75QDPafSnrndMxHa0QBdFxL4USFKbTSvL0JaAZnff/21fWgQgNSDc/kSe2ZG+LFj9bDppwP6zTJj3QPxybvamuIGLlUIebUgAaKT40P7wdmlHEX05T4M5z18VXfRFPe1FflaS08gXsQRakLwnxhNyR1ke1hkcX10= Received: from BYAPR09MB3159.namprd09.prod.outlook.com (20.178.0.209) by BYAPR09MB3160.namprd09.prod.outlook.com (20.178.0.210) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1792.19; Fri, 12 Apr 2019 13:24:17 +0000 Received: from BYAPR09MB3159.namprd09.prod.outlook.com ([fe80::7572:a62c:ed7d:db9a]) by BYAPR09MB3159.namprd09.prod.outlook.com ([fe80::7572:a62c:ed7d:db9a%4]) with mapi id 15.20.1792.018; Fri, 12 Apr 2019 13:24:17 +0000 From: "Borchert, Oliver (Fed)" To: Adam Roach , The IESG CC: Chris Morrow , "sidrops-chairs@ietf.org" , "sidrops@ietf.org" , "draft-ietf-sidrops-bgpsec-algs-rfc8208-bis@ietf.org" Thread-Topic: [Sidrops] Adam Roach's Discuss on draft-ietf-sidrops-bgpsec-algs-rfc8208-bis-04: (with DISCUSS and COMMENT) Thread-Index: AQHU7+TomgBeH2NnAEacVxYvcq6yZqY3fD7AgAATkQCAALNngA== Date: Fri, 12 Apr 2019 13:24:17 +0000 Message-ID: <9B0EBE95-B2FE-4F3C-9CED-CB48D2F6F3C7@nist.gov> References: <155493194558.22757.15388423154564497249.idtracker@ietfa.amsl.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/10.17.1.190326 authentication-results: spf=none (sender IP is ) smtp.mailfrom=oliver.borchert@nist.gov; x-originating-ip: [2610:20:6222:140:e9c7:e6fe:43e9:fb79] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 9d76ee26-b099-4fc6-7a0c-08d6bf4a2a5a x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600139)(711020)(4605104)(4618075)(2017052603328)(7193020); SRVR:BYAPR09MB3160; x-ms-traffictypediagnostic: BYAPR09MB3160: x-ms-exchange-purlcount: 3 x-microsoft-antispam-prvs: x-forefront-prvs: 0005B05917 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(396003)(366004)(39860400002)(136003)(346002)(376002)(13464003)(189003)(199004)(54164003)(25786009)(8936002)(99286004)(6436002)(6116002)(68736007)(86362001)(36756003)(46003)(105586002)(106356001)(486006)(81166006)(81156014)(8676002)(316002)(256004)(54906003)(76176011)(58126008)(110136005)(14444005)(478600001)(97736004)(6246003)(229853002)(2616005)(83716004)(71190400001)(6512007)(45080400002)(6306002)(53936002)(82746002)(6486002)(14454004)(186003)(476003)(966005)(71200400001)(5660300002)(2906002)(446003)(4326008)(7736002)(33656002)(53546011)(6506007)(102836004)(11346002)(305945005); DIR:OUT; SFP:1102; SCL:1; SRVR:BYAPR09MB3160; H:BYAPR09MB3159.namprd09.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: IGZvqmHn/4rYkOAVTrjxgKM57Bsx259co96Z+IAef7CYkRTe6X5ohbh5o4DAjMa+S70uT1wcezkswGEPztSve3yWeA4jre80zCCDqaTbvfUC0C0DJjOBlc3nFyOATeE++W4m8lYA2o/tMoCbqbhdChjvdqN9+zo3eaNjLeE0CilhPzthPrV3LX8TZwMRxoV/uSWMAnYZE+p2i03sDf0XXg5Idribg9N1xfCOwj8f5oJXDwmfT1kNbE8rre246za0sQbVE/6YXoB3/cUgu8w8Q3SByo3uEHt8giGsrjeO2+LkdNJMX0Fbq6he5mr4nsQqQXi+pzmheKorl79Wg3OYaBHzP59BBd5E1mBhit5Wn62pilaJVES6z4xQypEbXA/AwTfLmanPPevQDzpsSm0ktsxXckSq6mwbjpPKrvgkNXI= Content-Type: text/plain; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-OriginatorOrg: nist.gov X-MS-Exchange-CrossTenant-Network-Message-Id: 9d76ee26-b099-4fc6-7a0c-08d6bf4a2a5a X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Apr 2019 13:24:17.6269 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR09MB3160 Archived-At: Subject: Re: [Sidrops] Adam Roach's Discuss on draft-ietf-sidrops-bgpsec-algs-rfc8208-bis-04: (with DISCUSS and COMMENT) X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Apr 2019 13:24:32 -0000 SSB3aWxsIHRyeSB0byB1cGxvYWQgMDUgdG9kYXksDQoNCk9saXZlcg0KDQrvu79PbiA0LzExLzE5 LCA2OjQyIFBNLCAiU2lkcm9wcyBvbiBiZWhhbGYgb2YgQWRhbSBSb2FjaCIgPHNpZHJvcHMtYm91 bmNlc0BpZXRmLm9yZyBvbiBiZWhhbGYgb2YgYWRhbUBub3N0cnVtLmNvbT4gd3JvdGU6DQoNCiAg ICBUaGFua3MhIFRoZXNlIHR3byBjaGFuZ2VzIGxvb2sgZ29vZCB0byBtZS4gSSdsbCBjbGVhciB3 aGVuIGEgbmV3IHZlcnNpb24gDQogICAgb2YgdGhlIGRyYWZ0IGlzIHN1Ym1pdHRlZCAobm90ZSwg aG93ZXZlciwgdGhhdCBJIGFtIG91dCBvZiB0aGUgb2ZmaWNlIA0KICAgIHRvbW9ycm93KS4NCiAg ICANCiAgICAvYQ0KICAgIA0KICAgIE9uIDQvMTEvMTkgNDozMyBQTSwgQm9yY2hlcnQsIE9saXZl ciAoRmVkKSB3cm90ZToNCiAgICA+IEFkYW0sDQogICAgPg0KICAgID4gSSBhbHNvIGFkZHJlc3Nl ZCAuLi4NCiAgICA+DQogICAgPiDCpzc6DQogICAgPg0KICAgID4+ICAgVG8gYmUgbW9kaWZpZWQg dG86DQogICAgPj4NCiAgICA+PiAgICAgQWxnb3JpdGhtICAgRGlnZXN0ICAgICAgICAgIFNpZ25h dHVyZSAgICAgICBTcGVjaWZpY2F0aW9uDQogICAgPj4gICAgIFN1aXRlICAgICAgIEFsZ29yaXRo bSAgICAgICBBbGdvcml0aG0gICAgICAgUG9pbnRlcg0KICAgID4+ICAgICBJZGVudGlmaWVyDQog ICAgPj4gICArLS0tLS0tLS0tLS0tKy0tLS0tLS0tLS0tLS0tLSstLS0tLS0tLS0tLS0tLSstLS0t LS0tLS0tLS0tLS0tLS0tLS0tLSsNCiAgICA+PiAgIHwgMHgyLTB4RkEgICB8IFVuYXNzaWduZWQg ICAgfCBVbmFzc2lnbmVkICAgfCAgICAgICAgICAgICAgICAgICAgICAgfA0KICAgID4+ICAgKy0t LS0tLS0tLS0tLSstLS0tLS0tLS0tLS0tLS0rLS0tLS0tLS0tLS0tLS0rLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0rDQogICAgPiBBbmQgY2hhbmdlZCBpdCB0bw0KICAgID4NCiAgICA+ICstLS0tLS0t LS0tLS0rLS0tLS0tLS0tLS0tLS0tKy0tLS0tLS0tLS0tLS0tKy0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tKw0KICAgID4gfCAweDAyLTB4RkEgICB8IFVuYXNzaWduZWQgICAgfCBVbmFzc2lnbmVkICAg fCAgICAgICAgICAgICAgICAgICAgICAgfA0KICAgID4gKy0tLS0tLS0tLS0tLSstLS0tLS0tLS0t LS0tLS0rLS0tLS0tLS0tLS0tLS0rLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0rDQogICAgPg0KICAg ID4NCiAgICA+IFRoYW5rcywNCiAgICA+IE9saXZlcg0KICAgID4NCiAgICA+DQogICAgPiAtLS0t LU9yaWdpbmFsIE1lc3NhZ2UtLS0tLQ0KICAgID4gRnJvbTogQWRhbSBSb2FjaCB2aWEgRGF0YXRy YWNrZXIgPG5vcmVwbHlAaWV0Zi5vcmc+DQogICAgPiBTZW50OiBXZWRuZXNkYXksIEFwcmlsIDEw LCAyMDE5IDU6MzIgUE0NCiAgICA+IFRvOiBUaGUgSUVTRyA8aWVzZ0BpZXRmLm9yZz4NCiAgICA+ IENjOiBkcmFmdC1pZXRmLXNpZHJvcHMtYmdwc2VjLWFsZ3MtcmZjODIwOC1iaXNAaWV0Zi5vcmc7 IENocmlzIE1vcnJvdyA8bW9ycm93Y0BvcHMtbmV0bWFuLm5ldD47IHNpZHJvcHMtY2hhaXJzQGll dGYub3JnOyBtb3Jyb3djQG9wcy1uZXRtYW4ubmV0OyBzaWRyb3BzQGlldGYub3JnDQogICAgPiBT dWJqZWN0OiBBZGFtIFJvYWNoJ3MgRGlzY3VzcyBvbiBkcmFmdC1pZXRmLXNpZHJvcHMtYmdwc2Vj LWFsZ3MtcmZjODIwOC1iaXMtMDQ6ICh3aXRoIERJU0NVU1MgYW5kIENPTU1FTlQpDQogICAgPiBJ bXBvcnRhbmNlOiBIaWdoDQogICAgPg0KICAgID4gQWRhbSBSb2FjaCBoYXMgZW50ZXJlZCB0aGUg Zm9sbG93aW5nIGJhbGxvdCBwb3NpdGlvbiBmb3INCiAgICA+IGRyYWZ0LWlldGYtc2lkcm9wcy1i Z3BzZWMtYWxncy1yZmM4MjA4LWJpcy0wNDogRGlzY3Vzcw0KICAgID4NCiAgICA+IFdoZW4gcmVz cG9uZGluZywgcGxlYXNlIGtlZXAgdGhlIHN1YmplY3QgbGluZSBpbnRhY3QgYW5kIHJlcGx5IHRv IGFsbCBlbWFpbCBhZGRyZXNzZXMgaW5jbHVkZWQgaW4gdGhlIFRvIGFuZCBDQyBsaW5lcy4gKEZl ZWwgZnJlZSB0byBjdXQgdGhpcyBpbnRyb2R1Y3RvcnkgcGFyYWdyYXBoLCBob3dldmVyLikNCiAg ICA+DQogICAgPg0KICAgID4gUGxlYXNlIHJlZmVyIHRvIGh0dHBzOi8vZ2NjMDEuc2FmZWxpbmtz LnByb3RlY3Rpb24ub3V0bG9vay5jb20vP3VybD1odHRwcyUzQSUyRiUyRnd3dy5pZXRmLm9yZyUy Rmllc2clMkZzdGF0ZW1lbnQlMkZkaXNjdXNzLWNyaXRlcmlhLmh0bWwmYW1wO2RhdGE9MDIlN0Mw MSU3Q29saXZlci5ib3JjaGVydCU0MG5pc3QuZ292JTdDNmIzZjg5NGM1ODE3NDJlYzZiZTQwOGQ2 YmVjZWZiZTIlN0MyYWI1ZDgyZmQ4ZmE0Nzk3YTkzZTA1NDY1NWM2MWRlYyU3QzElN0MwJTdDNjM2 OTA2MTkzNTM0MzAwMjQzJmFtcDtzZGF0YT1jYXQwJTJCY2RNWVhybm9UN2ElMkYwZnJZdHdselVJ VzBTb0c4TFdxJTJGa1loZXhBJTNEJmFtcDtyZXNlcnZlZD0wDQogICAgPiBmb3IgbW9yZSBpbmZv cm1hdGlvbiBhYm91dCBJRVNHIERJU0NVU1MgYW5kIENPTU1FTlQgcG9zaXRpb25zLg0KICAgID4N CiAgICA+DQogICAgPiBUaGUgZG9jdW1lbnQsIGFsb25nIHdpdGggb3RoZXIgYmFsbG90IHBvc2l0 aW9ucywgY2FuIGJlIGZvdW5kIGhlcmU6DQogICAgPiBodHRwczovL2djYzAxLnNhZmVsaW5rcy5w cm90ZWN0aW9uLm91dGxvb2suY29tLz91cmw9aHR0cHMlM0ElMkYlMkZkYXRhdHJhY2tlci5pZXRm Lm9yZyUyRmRvYyUyRmRyYWZ0LWlldGYtc2lkcm9wcy1iZ3BzZWMtYWxncy1yZmM4MjA4LWJpcyUy RiZhbXA7ZGF0YT0wMiU3QzAxJTdDb2xpdmVyLmJvcmNoZXJ0JTQwbmlzdC5nb3YlN0M2YjNmODk0 YzU4MTc0MmVjNmJlNDA4ZDZiZWNlZmJlMiU3QzJhYjVkODJmZDhmYTQ3OTdhOTNlMDU0NjU1YzYx ZGVjJTdDMSU3QzAlN0M2MzY5MDYxOTM1MzQzMDAyNDMmYW1wO3NkYXRhPWpLVGxLQzBsVHElMkJC S0F6dktmdkVCeHNGc2hjVnNQMGVCZ1lPWlBqQktjSSUzRCZhbXA7cmVzZXJ2ZWQ9MA0KICAgID4N CiAgICA+DQogICAgPg0KICAgID4gLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KICAgID4gRElTQ1VTUzoNCiAgICA+ IC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0NCiAgICA+DQogICAgPiBUaGFua3MgdG8gZXZlcnlvbmUgd2hvIHdvcmtl ZCBvbiB0aGlzIGRvY3VtZW50Lg0KICAgID4NCiAgICA+IFRoaXMgaXNzdWUgc2hvdWxkIGJlIHRy aXZpYWwgdG8gZml4LCBidXQgaXQncyBzdGlsbCBhIGJsb2NrZXIuDQogICAgPg0KICAgID4gwqcy LjE6DQogICAgPg0KICAgID4+ICAgICAgU3BlY2lhbC1Vc2UgYWxnb3JpdGhtIElEcyBzcGFuIGZy b20gMHhGQSAoMjUwKSB0byAweEZFICgyNTQpLg0KICAgID4gwqc3Og0KICAgID4NCiAgICA+PiAg IEluIGFkZGl0aW9uIElBTkEgaXMgYXNrZWQgdG8gcmVnaXN0ZXIgdGhlIGZvbGxvd2luZyBhZGRy ZXNzIHNwYWNlIGZvcg0KICAgID4+ICAgIlNwZWNpYWwtVXNlIjoNCiAgICA+Pg0KICAgID4+ICAg ICBBbGdvcml0aG0gICBEaWdlc3QgICAgICAgICAgU2lnbmF0dXJlICAgICAgIFNwZWNpZmljYXRp b24NCiAgICA+PiAgICAgU3VpdGUgICAgICAgQWxnb3JpdGhtICAgICAgIEFsZ29yaXRobSAgICAg ICBQb2ludGVyDQogICAgPj4gICAgIElkZW50aWZpZXINCiAgICA+PiAgICstLS0tLS0tLS0tLS0r LS0tLS0tLS0tLS0tLS0tKy0tLS0tLS0tLS0tLS0tKy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tKw0K ICAgID4+ICAgfCAweEZCLTB4RkUgIHwgU3BlY2lhbC1Vc2UgICB8IFNwZWNpYWwtVXNlICB8IFRo aXMgRG9jdW1lbnQgICAgICAgICB8DQogICAgPj4gICArLS0tLS0tLS0tLS0tKy0tLS0tLS0tLS0t LS0tLSstLS0tLS0tLS0tLS0tLSstLS0tLS0tLS0tLS0tLS0tLS0tLS0tLSsNCiAgICA+DQogICAg PiBUaGUgcmFuZ2VzIGhlcmUgZG8gbm90IG1hdGNoIChbMHhGQS0weEZFXSAhPSBbMHhGQi0weEZF XSkuIFByZXN1bWluZyB0aGF0IHRoZSB0ZXh0IGluIFNlY3Rpb24gMi4xIGlzIHdoYXQgd2FzIGlu dGVuZGVkLCB0aGlzIGlzc3VlIGltcGFjdHMgYWxsIG9mIHRoZSB0YWJsZXMgaW4gc2VjdGlvbiA3 Lg0KICAgID4NCiAgICA+DQogICAgPiAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQogICAgPiBDT01NRU5UOg0KICAg ID4gLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLQ0KICAgID4NCiAgICA+IEkgYWdyZWUgd2l0aCBBbGV4ZXkncyBkaXNj dXNzLg0KICAgID4NCiAgICA+IC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KICAgID4NCiAgICA+IMKnNzoN CiAgICA+DQogICAgPj4gICBUbyBiZSBtb2RpZmllZCB0bzoNCiAgICA+Pg0KICAgID4+ICAgICBB bGdvcml0aG0gICBEaWdlc3QgICAgICAgICAgU2lnbmF0dXJlICAgICAgIFNwZWNpZmljYXRpb24N CiAgICA+PiAgICAgU3VpdGUgICAgICAgQWxnb3JpdGhtICAgICAgIEFsZ29yaXRobSAgICAgICBQ b2ludGVyDQogICAgPj4gICAgIElkZW50aWZpZXINCiAgICA+PiAgICstLS0tLS0tLS0tLS0rLS0t LS0tLS0tLS0tLS0tKy0tLS0tLS0tLS0tLS0tKy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tKw0KICAg ID4+ICAgfCAweDItMHhGQSAgIHwgVW5hc3NpZ25lZCAgICB8IFVuYXNzaWduZWQgICB8ICAgICAg ICAgICAgICAgICAgICAgICB8DQogICAgPj4gICArLS0tLS0tLS0tLS0tKy0tLS0tLS0tLS0tLS0t LSstLS0tLS0tLS0tLS0tLSstLS0tLS0tLS0tLS0tLS0tLS0tLS0tLSsNCiAgICA+IE5pdDogVGhl IHByb3NlIGhhcyBiZWVuIHVwZGF0ZWQgdG8gdXNlICIweDAyIiByYXRoZXIgdGhhbiAiMHgyIi4g SXQgd291bGQgYmUgbmljZSBpZiB0aGUgSUFOQSBzZWN0aW9uIG1hdGNoZWQgdGhpcyB1cGRhdGUu DQogICAgPg0KICAgID4NCiAgICANCiAgICBfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fXw0KICAgIFNpZHJvcHMgbWFpbGluZyBsaXN0DQogICAgU2lkcm9wc0Bp ZXRmLm9yZw0KICAgIGh0dHBzOi8vZ2NjMDEuc2FmZWxpbmtzLnByb3RlY3Rpb24ub3V0bG9vay5j b20vP3VybD1odHRwcyUzQSUyRiUyRnd3dy5pZXRmLm9yZyUyRm1haWxtYW4lMkZsaXN0aW5mbyUy RnNpZHJvcHMmYW1wO2RhdGE9MDIlN0MwMSU3Q29saXZlci5ib3JjaGVydCU0MG5pc3QuZ292JTdD NmIzZjg5NGM1ODE3NDJlYzZiZTQwOGQ2YmVjZWZiZTIlN0MyYWI1ZDgyZmQ4ZmE0Nzk3YTkzZTA1 NDY1NWM2MWRlYyU3QzElN0MwJTdDNjM2OTA2MTkzNTM0MzEwMjQ4JmFtcDtzZGF0YT1QS2hudnIw MTN6UU80YU10bEhUUDU0dTclMkZPU2NSVlF6emdmWnUweGpoNmclM0QmYW1wO3Jlc2VydmVkPTAN CiAgICANCg0K From nobody Fri Apr 12 14:58:06 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6FF731205F3; Fri, 12 Apr 2019 14:58:04 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.901 X-Spam-Level: X-Spam-Status: No, score=-6.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YnKITkgunsQh; Fri, 12 Apr 2019 14:58:03 -0700 (PDT) Received: from ran.psg.com (ran.psg.com [IPv6:2001:418:8006::18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2C49612060E; Fri, 12 Apr 2019 14:58:03 -0700 (PDT) Received: from localhost ([127.0.0.1] helo=ryuu.rg.net) by ran.psg.com with esmtp (Exim 4.90_1) (envelope-from ) id 1hF4BE-0001Po-GO; Fri, 12 Apr 2019 21:57:52 +0000 Date: Fri, 12 Apr 2019 14:57:51 -0700 Message-ID: From: Randy Bush To: Sean Turner Cc: Alexey Melnikov , Chris Morrow , draft-ietf-sidrops-bgpsec-algs-rfc8208-bis@ietf.org, SIDR Operations WG , SIDROps Chairs , Benjamin Kaduk , Warren Kumari , The IESG In-Reply-To: References: <155491848705.8904.6102999785203393745.idtracker@ietfa.amsl.com> <7433410F-E7A3-47B8-87F1-C170C30CE4E5@sn3rd.com> <20190410213026.GH18549@kduck.mit.edu> <554dd3b6-4e1b-4582-8411-cf98425b1d21@www.fastmail.com> User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/25.3 Mule/6.0 (HANACHIRUSATO) MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") Content-Type: text/plain; charset=US-ASCII Archived-At: Subject: Re: [Sidrops] Alexey Melnikov's Discuss on draft-ietf-sidrops-bgpsec-algs-rfc8208-bis-04: (with DISCUSS) X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Apr 2019 21:58:05 -0000 > No argument whatsoever from me about whether this is an > obsoletes/updates. am looking forward to the finalized IESG statement > on updates vs obsoletes ;). tenterhooks From nobody Sun Apr 14 09:41:46 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3732B1207F5; Tue, 9 Apr 2019 08:13:51 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.649 X-Spam-Level: X-Spam-Status: No, score=-1.649 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UHfai56kPvMr; Tue, 9 Apr 2019 08:13:50 -0700 (PDT) Received: from mail-io1-f50.google.com (mail-io1-f50.google.com [209.85.166.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3DD77120773; Tue, 9 Apr 2019 08:13:50 -0700 (PDT) Received: by mail-io1-f50.google.com with SMTP id v4so14602842ioj.5; Tue, 09 Apr 2019 08:13:50 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=f71p30GQUh4lNmoJxNYLelRuf19iwMO0idEwTAMPxe0=; b=bOWRQhmUsGGl7BwXiXW9DVeuVqaKSNsgIQ5e/DQk/LfQArnOUJjMbml8CT9jbS5hAf UHCXAiFjL6Jap10SWJa/3ZFE5Mno9oiMlsBXpPjW9KqpKyhX8RxGZT6l2JuYB0C184n7 SAWxyWTrBIfyRWgpTwDXA+vNeIaabIQu+fCrk8oRwt5JmlLaK9sg4AkrQn2T7eKMoXI8 OQpcFBHIkL23IyiqBiM59kWtZCMn/cTV6qPLNYgfSqigDJXDejU8dDRtQH5TS6nDizbw adwVibv9IK1I1j6XlFUQLqlE1JwVgBIVfaDUfDqIOm0NVOHpZQ1+FEnpstr+5nBT4O6o fkaA== X-Gm-Message-State: APjAAAVadaqVKDYaEZIYsXRuianODDiy1JTztx/0A5sD06ebd5y1RWaV ye9mC7iwvLOUutZyESgputypbwBguCaZL0Y/ldg= X-Google-Smtp-Source: APXvYqxN1rNrK45O4sAZ+NvyJasKG8Mf3LnAQcHQ6rHFLbRf6SAz5ML/MSb7v4Wc5MiyI/y4QwmELZH86e771vYzmIc= X-Received: by 2002:a5d:899a:: with SMTP id m26mr6570553iol.268.1554822829261; Tue, 09 Apr 2019 08:13:49 -0700 (PDT) MIME-Version: 1.0 References: <155469895228.18178.17765650719093981433.idtracker@ietfa.amsl.com> In-Reply-To: From: Barry Leiba Date: Tue, 9 Apr 2019 11:13:38 -0400 Message-ID: To: Tim Bruijnzeels Cc: The IESG , draft-ietf-sidrops-https-tal@ietf.org, Chris Morrow , sidrops@ietf.org Content-Type: text/plain; charset="UTF-8" Archived-At: X-Mailman-Approved-At: Sun, 14 Apr 2019 09:41:45 -0700 Subject: Re: [Sidrops] Barry Leiba's No Objection on draft-ietf-sidrops-https-tal-07: (with COMMENT) X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Apr 2019 15:13:51 -0000 Hi, Tim; thanks for the response. > Yes, and good point. Pete Resnick raised a similar point and I replied to him yesterday. Are > your okay with discussing this point in that thread? Yes, indeed. And as my comment was not a DISCUSS, I'll go farther and let you and Pete simply work it out, and be happy with the result. Thanks again. Barry From nobody Sun Apr 14 09:41:54 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C25C91200F1; Thu, 11 Apr 2019 03:01:13 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.699 X-Spam-Level: X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fastmail.fm header.b=H3gSlbBw; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=aBYkWcrV Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9C6pfSuVqcTu; Thu, 11 Apr 2019 03:01:10 -0700 (PDT) Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7B7421202B8; Thu, 11 Apr 2019 03:01:10 -0700 (PDT) Received: from compute7.internal (compute7.nyi.internal [10.202.2.47]) by mailout.nyi.internal (Postfix) with ESMTP id 3D9D42205C; Thu, 11 Apr 2019 06:01:09 -0400 (EDT) Received: from imap1 ([10.202.2.51]) by compute7.internal (MEProxy); Thu, 11 Apr 2019 06:01:09 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastmail.fm; h= mime-version:message-id:in-reply-to:references:date:from:to:cc :subject:content-type:content-transfer-encoding; s=fm2; bh=L7dDf RHxC9IxyMIbR012n7nVc/vrY+crF/RTEMfG6FM=; b=H3gSlbBwy+OCbPkWuqnil xzPGXW3V5C4D27e14bwmB9F7sRjMVe1lOp6+rBwAuMzQn1viqRwOogknEDnFYnmN 40y0Wq1WmQy5dVWG2vvPAURT/Xh7YXrnrw9zDYxBO7YxSfIz08GnZlw+EoINBdEG CZNL2JB06g6n0A4tA2Wws78yojuknyewrDu8dfBi8bB2zmopSXoO6wjDCVF8pHYM f6sP7ixHjVUObxHi0FGXSmpSvIW4+/wagkFmfxapLxrRNtU5dI/DbBcdv1F5ZbAF AaWiOKgSKv9zULA940iRnK+U/s5ZxF4auSz9ecuAVuMDGHZm/6FY1GI1r4cmpRHR g== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm2; bh=L7dDfRHxC9IxyMIbR012n7nVc/vrY+crF/RTEMfG6 FM=; b=aBYkWcrVjEsxQqZXF5aLCE0+sLWJ3nHcIJXRPxZsyPu7hE70Qq3o8G7hA /Hm7QVIIMRYc5GtAUc1DaxOHGkjFgobeeWBHNpbV85GiAxDZEELwsGnWokL2W6VZ uX7Jn0iHjDuIVwq8AIhF7VwTLXDXl4Tq9KfT2OxkwlGajEKjpGyPlk7K5px8vtrM p5qj9J/4e5W38jPCPUskB+5ssngnJDoT3ru0/fMQBwpaMXuwM4v5etAzcr4zzbiv 5+pBUSbT88rsFWIC+0VoLIHLhrxqibGTwxzkoAcd7q0WPvi9cJcdkQ9ws3IdiYSC 8r64z5t6LXdNHZpnrIuqWQvMhPhtw== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduuddrudelgddvgecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc fjughrpefofgggkfgjfhffhffvufgtgfesthhqredtreerjeenucfhrhhomhepfdetlhgv gigvhicuofgvlhhnihhkohhvfdcuoegrrghmvghlnhhikhhovhesfhgrshhtmhgrihhlrd hfmheqnecurfgrrhgrmhepmhgrihhlfhhrohhmpegrrghmvghlnhhikhhovhesfhgrshht mhgrihhlrdhfmhenucevlhhushhtvghrufhiiigvpedt X-ME-Proxy: Received: by mailuser.nyi.internal (Postfix, from userid 501) id 97F3FD4132; Thu, 11 Apr 2019 06:01:08 -0400 (EDT) X-Mailer: MessagingEngine.com Webmail Interface User-Agent: Cyrus-JMAP/3.1.6-329-gf4aae99-fmstable-20190329v1 Mime-Version: 1.0 X-Me-Personality: 21611513 Message-Id: <554dd3b6-4e1b-4582-8411-cf98425b1d21@www.fastmail.com> In-Reply-To: <20190410213026.GH18549@kduck.mit.edu> References: <155491848705.8904.6102999785203393745.idtracker@ietfa.amsl.com> <7433410F-E7A3-47B8-87F1-C170C30CE4E5@sn3rd.com> <20190410213026.GH18549@kduck.mit.edu> Date: Thu, 11 Apr 2019 06:00:47 -0400 From: "Alexey Melnikov" To: "Benjamin Kaduk" , "Sean Turner" Cc: "Warren Kumari" , "SIDROps Chairs" , draft-ietf-sidrops-bgpsec-algs-rfc8208-bis@ietf.org, "SIDR Operations WG" , "Chris Morrow" , "The IESG" Content-Type: text/plain;charset=utf-8 Content-Transfer-Encoding: quoted-printable Archived-At: X-Mailman-Approved-At: Sun, 14 Apr 2019 09:41:45 -0700 Subject: Re: [Sidrops] =?utf-8?q?Alexey_Melnikov=27s_Discuss_on_draft-ietf-si?= =?utf-8?q?drops-bgpsec-algs-rfc8208-bis-04=3A_=28with_DISCUSS=29?= X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Apr 2019 10:01:14 -0000 On Wed, Apr 10, 2019, at 10:30 PM, Benjamin Kaduk wrote: > On Wed, Apr 10, 2019 at 05:27:50PM -0400, Sean Turner wrote: > >=20 > >=20 > > > On Apr 10, 2019, at 14:48, Warren Kumari wrote= : > > >=20 > > >=20 > > >=20 > > > On Wed, Apr 10, 2019 at 1:48 PM Alexey Melnikov via Datatracker wrote: > > > ------------------------------------------------------------------= ---- > > > DISCUSS: > > > ------------------------------------------------------------------= ---- > > >=20 > > > This is a fine document and sorry for nit-picking, but why is this= document > > > "Updates: 8208" instead of "Obsolete: 8208"? > > >=20 > > >=20 > > > Thanks an excellent question -- I suspect that the answer is simpl= y "Whoops, that was a mistake" -- is that correct? > > > W > >=20 > > Nope this draft is an updates because it=E2=80=99s just adding some = things to 8208 not replacing it entirely. >=20 > Er, what is left in 8208 that's not being replaced? > The diff seems pretty indicative that all the content is present in th= e new > doc, to me. Exactly. This document doesn't just update the IANA registration process= , it incorporates the whole RFC 8208 content. After it is published as a= n RFC, there would never be any need for people to read RFC 8208. This m= eans it is obsolete relationship. From nobody Sun Apr 14 09:42:00 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7DE551201EF; Thu, 11 Apr 2019 21:41:29 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -12.511 X-Spam-Level: X-Spam-Status: No, score=-12.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=1.989, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j2G9oaN04J1K; Thu, 11 Apr 2019 21:41:27 -0700 (PDT) Received: from alln-iport-6.cisco.com (alln-iport-6.cisco.com [173.37.142.93]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AEF101201D1; Thu, 11 Apr 2019 21:41:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=19522; q=dns/txt; s=iport; t=1555044086; x=1556253686; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=xnsziRIMGQxpnzaI5Q6b9tnyvMERo5gQmkHiTFgXY68=; b=L31itZPfQkkLyWwlbgFA1YqE6mx0eoSzYFRYMKM2lxtmsI/ufnY36IGh 2gCVBpBLRMmFiZw2m1VbaJR3G3sYF6YUZqRFySWCoe133Gjk7gBYSlV7S yeb6493OPyMqUrgLiibq0Cr1w0kkuOI0t2xqtDX5Sh2W5JhIHdyQUmNa3 I=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0AFAADuFbBc/5FdJa1lGgEBAQEBAgE?= =?us-ascii?q?BAQEHAgEBAQGBUgQBAQEBCwGBDlgqaIEDKAqEBJU2kk+FeYF7DgEBIoEQXYJ?= =?us-ascii?q?eAheFXCM1CA0BAQMBAQoBAgECbRwMhUoBAQEEI08HDAQCAQgRBAEBKAMCAgI?= =?us-ascii?q?wFAkIAgQOBYMdBAEBJgF2TAMcD6wGgS+EMQGDUQOCK4EwAYRehmgXgUA/gRE?= =?us-ascii?q?nH4JMPoJhAgIYgUYYgnMxgiYDinACBYIohDGHYIxtCQKCBYU2UYhHg0MTB4I?= =?us-ascii?q?GXYU9jE6MeYEBhAyKcYJ0AhEVgTAhAjQNgUlwFTsqAYJBCQorhTuFFIU/QTE?= =?us-ascii?q?BAQEBjh4rgQQybgEB?= X-IronPort-AV: E=Sophos;i="5.60,340,1549929600"; d="scan'208,217";a="260675811" Received: from rcdn-core-9.cisco.com ([173.37.93.145]) by alln-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 12 Apr 2019 04:41:25 +0000 Received: from XCH-RTP-019.cisco.com (xch-rtp-019.cisco.com [64.101.220.159]) by rcdn-core-9.cisco.com (8.15.2/8.15.2) with ESMTPS id x3C4fO31012891 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Fri, 12 Apr 2019 04:41:25 GMT Received: from xch-rtp-020.cisco.com (64.101.220.160) by XCH-RTP-019.cisco.com (64.101.220.159) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Fri, 12 Apr 2019 00:41:24 -0400 Received: from xch-rtp-020.cisco.com ([64.101.220.160]) by XCH-RTP-020.cisco.com ([64.101.220.160]) with mapi id 15.00.1473.003; Fri, 12 Apr 2019 00:41:24 -0400 From: "Carlos Pignataro (cpignata)" To: "Borchert, Oliver (Fed)" CC: Routing Directorate , "sidrops@ietf.org" , "ietf@ietf.org" , "draft-ietf-sidrops-bgpsec-algs-rfc8208-bis.all@ietf.org" Thread-Topic: Rtgdir telechat review of draft-ietf-sidrops-bgpsec-algs-rfc8208-bis-04 Thread-Index: AQHU5Aq8UAmlfJbAlUyDGzfunZHNJKY3jhHwgADA3YA= Date: Fri, 12 Apr 2019 04:41:23 +0000 Message-ID: References: <155362877270.7408.1659232059641306508@ietfa.amsl.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-mailer: Apple Mail (2.3445.104.8) x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.118.116.132] Content-Type: multipart/alternative; boundary="_000_E27801656EBA4D5F8CB518E47ACD6B4Cciscocom_" MIME-Version: 1.0 X-Outbound-SMTP-Client: 64.101.220.159, xch-rtp-019.cisco.com X-Outbound-Node: rcdn-core-9.cisco.com Archived-At: X-Mailman-Approved-At: Sun, 14 Apr 2019 09:41:45 -0700 Subject: Re: [Sidrops] Rtgdir telechat review of draft-ietf-sidrops-bgpsec-algs-rfc8208-bis-04 X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Apr 2019 04:41:29 -0000 --_000_E27801656EBA4D5F8CB518E47ACD6B4Cciscocom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 VGhhbmsgeW91IGZvciBoYXZpbmcgY29uc2lkZXJlZCBteSBjb21tZW50cywgT2xpdmVyLCBhbmQg YWN0aW5nIG9uIHRoZW0uDQoNClRoYW5rcywNCg0K4oCUIENhcmxvcyBQaWduYXRhcm8NCg0KT24g QXByIDExLCAyMDE5LCBhdCA1OjE2IFBNLCBCb3JjaGVydCwgT2xpdmVyIChGZWQpIDxvbGl2ZXIu Ym9yY2hlcnRAbmlzdC5nb3Y8bWFpbHRvOm9saXZlci5ib3JjaGVydEBuaXN0Lmdvdj4+IHdyb3Rl Og0KDQpDYXJsb3MsDQoNCkkgZml4ZWQgdGhlIE5leHRIb3AgSVB2NiBhZGRyZXNzIHRvIHVzZSBh IHByaXZhdGUgdXNlIElQLiBJdCB3YXMgYW4gZWFzeSBmaXggd2hpY2ggZG9lcyBub3QgYWZmZWN0 IHRoZSBzaWduYXR1cmVzLg0KSSBmb2xsb3dlZCB5b3VyIGFkdmlzZSB0byBzcGxpdCB0aGUgU3Bl Y2lhbC1Vc2UgSUQgaW50byBhIHJhbmdlIGZvciBFeHBlcmltZW50YWwtSUQgYW5kIERvY3VtZW50 YXRpb24tSUQuDQoNClRoZSB0b3BpYyBvZiBvYnNvbGV0ZSB2cyB1cGRhdGUgaXMgc3RpbGwgb3Bl biBhbmQgSSB3YWl0IGZvciBJRVNHIGd1aWRhbmNlLg0KDQpJZiB3YW50ZWQvcmVxdWVzdGVkLCBJ IGNhbiB1cGxvYWQgYSB2ZXJzaW9uIDA1IG9mIHRoZSBkb2N1bWVudCB3aXRoIHRoZSBtb2RpZmlj YXRpb25zIEkgb3V0bGluZWQgaW4gdGhlIHByZXZpb3VzIGVtYWlscyBhbHJlYWR5Lg0KDQpPbGl2 ZXINCg0KDQotLS0tLU9yaWdpbmFsIE1lc3NhZ2UtLS0tLQ0KRnJvbTogQ2FybG9zIFBpZ25hdGFy byB2aWEgRGF0YXRyYWNrZXIgPG5vcmVwbHlAaWV0Zi5vcmc8bWFpbHRvOm5vcmVwbHlAaWV0Zi5v cmc+Pg0KU2VudDogVHVlc2RheSwgTWFyY2ggMjYsIDIwMTkgMzozMyBQTQ0KVG86IHJ0Zy1kaXJA aWV0Zi5vcmc8bWFpbHRvOnJ0Zy1kaXJAaWV0Zi5vcmc+DQpDYzogc2lkcm9wc0BpZXRmLm9yZzxt YWlsdG86c2lkcm9wc0BpZXRmLm9yZz47IGlldGZAaWV0Zi5vcmc8bWFpbHRvOmlldGZAaWV0Zi5v cmc+OyBkcmFmdC1pZXRmLXNpZHJvcHMtYmdwc2VjLWFsZ3MtcmZjODIwOC1iaXMuYWxsQGlldGYu b3JnPG1haWx0bzpkcmFmdC1pZXRmLXNpZHJvcHMtYmdwc2VjLWFsZ3MtcmZjODIwOC1iaXMuYWxs QGlldGYub3JnPg0KU3ViamVjdDogUnRnZGlyIHRlbGVjaGF0IHJldmlldyBvZiBkcmFmdC1pZXRm LXNpZHJvcHMtYmdwc2VjLWFsZ3MtcmZjODIwOC1iaXMtMDQNCkltcG9ydGFuY2U6IEhpZ2gNCg0K UmV2aWV3ZXI6IENhcmxvcyBQaWduYXRhcm8NClJldmlldyByZXN1bHQ6IEhhcyBJc3N1ZXMNCg0K SGVsbG8sDQoNCkkgaGF2ZSBiZWVuIHNlbGVjdGVkIGFzIHRoZSBSb3V0aW5nIERpcmVjdG9yYXRl IHJldmlld2VyIGZvciB0aGlzIGRyYWZ0LiBUaGUgUm91dGluZyBEaXJlY3RvcmF0ZSBzZWVrcyB0 byByZXZpZXcgYWxsIHJvdXRpbmcgb3Igcm91dGluZy1yZWxhdGVkIGRyYWZ0cyBhcyB0aGV5IHBh c3MgdGhyb3VnaCBJRVRGIGxhc3QgY2FsbCBhbmQgSUVTRyByZXZpZXcsIGFuZCBzb21ldGltZXMg b24gc3BlY2lhbCByZXF1ZXN0LiBUaGUgcHVycG9zZSBvZiB0aGUgcmV2aWV3IGlzIHRvIHByb3Zp ZGUgYXNzaXN0YW5jZSB0byB0aGUgUm91dGluZyBBRHMuDQpGb3IgbW9yZSBpbmZvcm1hdGlvbiBh Ym91dCB0aGUgUm91dGluZyBEaXJlY3RvcmF0ZSwgcGxlYXNlIHNlZQ0K4oCLaHR0cHM6Ly9nY2Mw MS5zYWZlbGlua3MucHJvdGVjdGlvbi5vdXRsb29rLmNvbS8/dXJsPWh0dHAlM0ElMkYlMkZ0cmFj LnRvb2xzLmlldGYub3JnJTJGYXJlYSUyRnJ0ZyUyRnRyYWMlMkZ3aWtpJTJGUnRnRGlyJmFtcDtk YXRhPTAyJTdDMDElN0NvbGl2ZXIuYm9yY2hlcnQlNDBuaXN0LmdvdiU3QzQzNTBlNWUyZGI5MTQx NjAyYTQwMDhkNmIyMjFkZDE1JTdDMmFiNWQ4MmZkOGZhNDc5N2E5M2UwNTQ2NTVjNjFkZWMlN0Mx JTdDMCU3QzYzNjg5MjI1NTg1OTQwNTY0OCZhbXA7c2RhdGE9MEc5RHhGTDlDSnpzWURRWEVvJTJG ZW8ySW9UaEIlMkZtbmF5JTJCam9JZjJ6UXNsdyUzRCZhbXA7cmVzZXJ2ZWQ9MA0KDQpBbHRob3Vn aCB0aGVzZSBjb21tZW50cyBhcmUgcHJpbWFyaWx5IGZvciB0aGUgdXNlIG9mIHRoZSBSb3V0aW5n IEFEcywgaXQgd291bGQgYmUgaGVscGZ1bCBpZiB5b3UgY291bGQgY29uc2lkZXIgdGhlbSBhbG9u ZyB3aXRoIGFueSBvdGhlciBJRVRGIExhc3QgQ2FsbCBjb21tZW50cyB0aGF0IHlvdSByZWNlaXZl LCBhbmQgc3RyaXZlIHRvIHJlc29sdmUgdGhlbSB0aHJvdWdoIGRpc2N1c3Npb24gb3IgYnkgdXBk YXRpbmcgdGhlIGRyYWZ0Lg0KDQpEb2N1bWVudDogZHJhZnQtaWV0Zi1zaWRyb3BzLWJncHNlYy1h bGdzLXJmYzgyMDgtYmlzLTA0DQpSZXZpZXdlcjogQ2FybG9zIFBpZ25hdGFybw0KSW50ZW5kZWQg U3RhdHVzOiBQcm9wb3NlZCBTdGFuZGFyZA0KDQpTdW1tYXJ5Og0KVGhpcyBkb2N1bWVudCBzcGVj aWZpZXMgdGhlIGFsZ29yaXRobXMgYW5kIHBhcmFtZXRlcnMgZm9yIEJHUHNlYyAoQm9yZGVyIEdh dGV3YXkgUHJvdG9jb2wgU2VjdXJpdHkpLg0KDQpDb21tZW50czoNClRoaXMgaXMgYSBjbGVhciwg Y29tcHJlaGVuc2l2ZSwgYW5kIHdlbGwgd3JpdHRlbiBkb2N1bWVudC4gSXQgc3RhdGVzIGl0IHVw ZGF0ZXMgKGlmIGFwcHJvdmVkKSBSRkMgODIwOCwgYW5kIEkgcGFydGljdWxhcmx5IGFwcHJlY2lh dGUgU2VjdGlvbiAxLjIsICJDaGFuZ2VzIGZyb20gUkZDIDgyMDgiLCBpbiBleHBsaWNpdGx5IHNo b3dpbmcgaG93LiBIb3dldmVyLCBpdCBpcyB1bmNsZWFyIHRvIG1lIGlmIHRoZSByaWdodCByZWxh dGlvbnNoaXAgaXMgdG8gInVwZGF0ZSIgb3IgdG8gIm9ic29sZXRlIiBSRkMgODIwOC4gU2hvdWxk IHRoaXMgZG9jdW1lbnQgYmUgYXBwcm92ZWQgYW5kIHB1Ymxpc2hlZCwgd291bGQgUkZDIDgyMDgg c3RpbGwgYmUgYWN0aXZlIGFuZCByZWxldmFudCwgb25seSB1cGRhdGVkLCBvciByZS13cml0dGVu Pw0KDQpNaW5vciBJc3N1ZXM6DQoNCjEuICBJbnRyb2R1Y3Rpb24NCg0KICBUaGlzIGRvY3VtZW50 IHVwZGF0ZXMgW1JGQzc5MzVdIHRvIGFkZCBzdXBwb3J0IGZvciBhKSBhIGRpZmZlcmVudA0KICBh bGdvcml0aG0gZm9yIEJHUHNlYyBjZXJ0aWZpY2F0ZSByZXF1ZXN0cywgd2hpY2ggYXJlIGlzc3Vl ZCBvbmx5IGJ5DQogIEJHUHNlYyBzcGVha2VyczsgYikgYSBkaWZmZXJlbnQgU3ViamVjdCBQdWJs aWMgS2V5IEluZm8gZm9ybWF0IGZvcg0KDQpDTVA6IERvZXMgdGhpcyBkb2N1bWVudCB1cGRhdGUg UkZDNzkzNSBvciBSRkM4MjA4IG9uIHRoZXNlIGlzc3Vlcz8gTWVhbmluZywgaWYgaXQgcmVhbGx5 IHVwZGF0ZXMgUkZDNzkzNSwgdGhlbiBpdCB3b3VsZCBvYnNvbGV0ZSBSRkMgODIwOC4gSWYgaXQg ZG9lcyBub3Qgb2Jzb2xldGUgUkZDIDgyMDgsIHRoZW4gaXQgd291bGQgdXBkYXRlIFJGQyA4MjA4 IGFuZCBSRkMgNzkzNSwgcGVyaGFwcz8gQ01QOiBJIGJlbGlldmUgdGhlIHJpZ2h0IG1ldGFkYXRh IHdvdWxkIGJlOiBVcGRhdGVzOiA3OTM1IE9ic29sZXRlczogODIwOA0KDQpDTVA6IEFsc28sIGFu IGVkaXRvcmlhbDogdGhpcyBpcyBhIHZlcnkgdGhpY2sgcGFyYWdyYXBoIHRvIHBhcnNlIGNvbnRh aW5pbmcgYW4gZW51bWVyYXRlZCBsaXN0IGVtYmVkZGVkIGluIGl0LiBTaG91bGQgY2xhcml0eSBi ZSBpbXByb3ZlZCBpZiB0dXJuZWQgaW50byBhbiBhY3R1YWwgbGlzdD8gKGEpLCAoYiksIGV0Yy4N Cg0KICBBcHBlbmRpeCBBIGNvbnRhaW5zIGV4YW1wbGUgQkdQc2VjIFVQREFURSBtZXNzYWdlcyBh cyB3ZWxsIGFzIHRoZQ0KICBwcml2YXRlIGtleXMgdXNlZCB0byBnZW5lcmF0ZSB0aGUgbWVzc2Fn ZXMgYW5kIHRoZSBjZXJ0aWZpY2F0ZXMNCiAgbmVjZXNzYXJ5IHRvIHZhbGlkYXRlIHRoZSBzaWdu YXR1cmVzLg0KDQpDTVA6IE1heWJlIG92ZXJraWxsLCBidXQgbWlnaHQgYmUgdXNlZnVsIHRvIGV4 cGxpY2l0bHkgc2F5IHRoYXQgdGhlIEFwcGVuZGl4IGlzIG5vbi1ub3JtYXRpdmUuIEp1c3QgYSB0 aG91Z2h0IGZvciB5b3VyIGNvbnNpZGVyYXRpb24uDQoNCjIuMS4gQWxnb3JpdGhtIElEIFR5cGVz DQoNCiAgbyAgU3BlY2lhbC1Vc2UgQWxnb3JpdGhtIElEDQoNCiAgICAgU3BlY2lhbC1Vc2UgYWxn b3JpdGhtIElEcyBzcGFuIGZyb20gMHhGQSAoMjUwKSB0byAweEZFICgyNTQpLiAgVG8NCiAgICAg YWxsb3cgZG9jdW1lbnRhdGlvbiBhbmQgZXhwZXJpbWVudGF0aW9uIHRvIGFjY3VyYXRlbHkgZGVz Y3JpYmUNCg0KQ01QOiBJIHdhcyB3b25kZXJpbmcgaWYgaXQgaXMgYXBwcm9wcmlhdGUgdG8gdXNl IGEgY29tbW9uIGJsb2NrIGZvciBib3RoIGRvY3VtZW50YXRpb24gKHBhcGVyKSBhbmQgZXhwZXJp bWVudGF0aW9uICh3aXJlIGluIGxhYnMpLiBDTVA6IEluIHRoaXMsIEkgbm90ZSB0aGF0IFJGQyA0 NzI3IHNheXM6DQoNCiIgIEl0IGlzIG5vdA0KICBhcHByb3ByaWF0ZSB0byB1c2UgYWRkcmVzc2Vz IGluIHRoZSBkb2N1bWVudGF0aW9uIHByZWZpeCBbUkZDMzg0OV0NCiAgZm9yIGV4cGVyaW1lbnRh dGlvbi4iDQoNCkNNUDogU28sIHdoaWxlIEkgaGF2ZSBubyBzdHJvbmcgcG9zaXRpb24gKEkgdGhp bmspLCBpdCBtaWdodCBiZSB1c2VmdWwgdG8gY29uc2lkZXIgc2VwYXJhdGluZyB0aGVzZSB0d28g c2VtYW50aWNzIHdpdGggZGlmZmVyZW50IGFsbG9jYXRpb25zLg0KDQo4LiAgUmVmZXJlbmNlcw0K DQpDTVA6IExhc3RseSwgSSBhbSBzdXJlIEFEcyBhcmUgY2hlY2tpbmcgZG93bnJlZnMgYW5kIHRo ZSBzdWNoLg0KDQpBbHNvIE5pdHM6DQoNCkZvdW5kIHBvc3NpYmxlIElQdjYgYWRkcmVzcyAnMjAw MTowMDEwOjAwMDA6MDAwMDowMDAwOjAwMDA6YzYzMzo2NDY0JyBpbiBwb3NpdGlvbiA3ODMgaW4g dGhlIHBhcmFncmFwaDsgdGhpcyBkb2Vzbid0IG1hdGNoIFJGQyAzODQ5J3Mgc3VnZ2VzdGVkDQoy MDAxOkRCODo6LzMyIGFkZHJlc3MgcmFuZ2Ugb3IgUkZDIDQxOTMncyBVbmlxdWUgTG9jYWwgQWRk cmVzcyByYW5nZSBGQzAwOjovNy4NCg0KQ01QOiBJIGhvcGUgdGhlc2UgYXJlIHVzZWZ1bC4NCg0K VGhhbmsgeW91LA0KDQpDYXJsb3MgUGlnbmF0YXJvLg0KDQoNCg== --_000_E27801656EBA4D5F8CB518E47ACD6B4Cciscocom_ Content-Type: text/html; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 PGh0bWw+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVudD0i dGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjwvaGVhZD4NCjxib2R5IHN0eWxlPSJ3b3JkLXdy YXA6IGJyZWFrLXdvcmQ7IC13ZWJraXQtbmJzcC1tb2RlOiBzcGFjZTsgbGluZS1icmVhazogYWZ0 ZXItd2hpdGUtc3BhY2U7IiBjbGFzcz0iIj4NClRoYW5rIHlvdSBmb3IgaGF2aW5nIGNvbnNpZGVy ZWQgbXkgY29tbWVudHMsIE9saXZlciwgYW5kIGFjdGluZyBvbiB0aGVtLg0KPGRpdiBjbGFzcz0i Ij48YnIgY2xhc3M9IiI+DQo8ZGl2IGNsYXNzPSIiPg0KPGRpdiBkaXI9ImF1dG8iIHN0eWxlPSJj YXJldC1jb2xvcjogcmdiKDAsIDAsIDApOyBjb2xvcjogcmdiKDAsIDAsIDApOyBsZXR0ZXItc3Bh Y2luZzogbm9ybWFsOyBvcnBoYW5zOiBhdXRvOyB0ZXh0LWFsaWduOiBzdGFydDsgdGV4dC1pbmRl bnQ6IDBweDsgdGV4dC10cmFuc2Zvcm06IG5vbmU7IHdoaXRlLXNwYWNlOiBub3JtYWw7IHdpZG93 czogYXV0bzsgd29yZC1zcGFjaW5nOiAwcHg7IC13ZWJraXQtdGV4dC1zaXplLWFkanVzdDogYXV0 bzsgLXdlYmtpdC10ZXh0LXN0cm9rZS13aWR0aDogMHB4OyB0ZXh0LWRlY29yYXRpb246IG5vbmU7 IHdvcmQtd3JhcDogYnJlYWstd29yZDsgLXdlYmtpdC1uYnNwLW1vZGU6IHNwYWNlOyBsaW5lLWJy ZWFrOiBhZnRlci13aGl0ZS1zcGFjZTsiIGNsYXNzPSIiPg0KPGRpdiBkaXI9ImF1dG8iIHN0eWxl PSJ3b3JkLXdyYXA6IGJyZWFrLXdvcmQ7IC13ZWJraXQtbmJzcC1tb2RlOiBzcGFjZTsgbGluZS1i cmVhazogYWZ0ZXItd2hpdGUtc3BhY2U7IiBjbGFzcz0iIj4NCjxkaXYgc3R5bGU9ImNhcmV0LWNv bG9yOiByZ2IoMCwgMCwgMCk7IGNvbG9yOiByZ2IoMCwgMCwgMCk7IGZvbnQtZmFtaWx5OiBIZWx2 ZXRpY2E7IGZvbnQtc2l6ZTogMTJweDsgZm9udC1zdHlsZTogbm9ybWFsOyBmb250LXZhcmlhbnQt Y2Fwczogbm9ybWFsOyBmb250LXdlaWdodDogbm9ybWFsOyBsZXR0ZXItc3BhY2luZzogbm9ybWFs OyB0ZXh0LWFsaWduOiBzdGFydDsgdGV4dC1pbmRlbnQ6IDBweDsgdGV4dC10cmFuc2Zvcm06IG5v bmU7IHdoaXRlLXNwYWNlOiBub3JtYWw7IHdvcmQtc3BhY2luZzogMHB4OyAtd2Via2l0LXRleHQt c3Ryb2tlLXdpZHRoOiAwcHg7IHRleHQtZGVjb3JhdGlvbjogbm9uZTsiPg0KVGhhbmtzLDwvZGl2 Pg0KPGRpdiBzdHlsZT0iY2FyZXQtY29sb3I6IHJnYigwLCAwLCAwKTsgY29sb3I6IHJnYigwLCAw LCAwKTsgZm9udC1mYW1pbHk6IEhlbHZldGljYTsgZm9udC1zaXplOiAxMnB4OyBmb250LXN0eWxl OiBub3JtYWw7IGZvbnQtdmFyaWFudC1jYXBzOiBub3JtYWw7IGZvbnQtd2VpZ2h0OiBub3JtYWw7 IGxldHRlci1zcGFjaW5nOiBub3JtYWw7IHRleHQtYWxpZ246IHN0YXJ0OyB0ZXh0LWluZGVudDog MHB4OyB0ZXh0LXRyYW5zZm9ybTogbm9uZTsgd2hpdGUtc3BhY2U6IG5vcm1hbDsgd29yZC1zcGFj aW5nOiAwcHg7IC13ZWJraXQtdGV4dC1zdHJva2Utd2lkdGg6IDBweDsgdGV4dC1kZWNvcmF0aW9u OiBub25lOyI+DQo8YnIgY2xhc3M9IiI+DQo8L2Rpdj4NCjxkaXYgc3R5bGU9ImNhcmV0LWNvbG9y OiByZ2IoMCwgMCwgMCk7IGNvbG9yOiByZ2IoMCwgMCwgMCk7IGZvbnQtZmFtaWx5OiBIZWx2ZXRp Y2E7IGZvbnQtc2l6ZTogMTJweDsgZm9udC1zdHlsZTogbm9ybWFsOyBmb250LXZhcmlhbnQtY2Fw czogbm9ybWFsOyBmb250LXdlaWdodDogbm9ybWFsOyBsZXR0ZXItc3BhY2luZzogbm9ybWFsOyB0 ZXh0LWFsaWduOiBzdGFydDsgdGV4dC1pbmRlbnQ6IDBweDsgdGV4dC10cmFuc2Zvcm06IG5vbmU7 IHdoaXRlLXNwYWNlOiBub3JtYWw7IHdvcmQtc3BhY2luZzogMHB4OyAtd2Via2l0LXRleHQtc3Ry b2tlLXdpZHRoOiAwcHg7IHRleHQtZGVjb3JhdGlvbjogbm9uZTsiPg0K4oCUIENhcmxvcyBQaWdu YXRhcm88L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjxkaXY+PGJyIGNsYXNzPSIiPg0K PGJsb2NrcXVvdGUgdHlwZT0iY2l0ZSIgY2xhc3M9IiI+DQo8ZGl2IGNsYXNzPSIiPk9uIEFwciAx MSwgMjAxOSwgYXQgNToxNiBQTSwgQm9yY2hlcnQsIE9saXZlciAoRmVkKSAmbHQ7PGEgaHJlZj0i bWFpbHRvOm9saXZlci5ib3JjaGVydEBuaXN0LmdvdiIgY2xhc3M9IiI+b2xpdmVyLmJvcmNoZXJ0 QG5pc3QuZ292PC9hPiZndDsgd3JvdGU6PC9kaXY+DQo8YnIgY2xhc3M9IkFwcGxlLWludGVyY2hh bmdlLW5ld2xpbmUiPg0KPGRpdiBjbGFzcz0iIj4NCjxkaXYgY2xhc3M9IiI+Q2FybG9zLDxiciBj bGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCkkgZml4ZWQgdGhlIE5leHRIb3AgSVB2NiBhZGRyZXNz IHRvIHVzZSBhIHByaXZhdGUgdXNlIElQLiBJdCB3YXMgYW4gZWFzeSBmaXggd2hpY2ggZG9lcyBu b3QgYWZmZWN0IHRoZSBzaWduYXR1cmVzLjxiciBjbGFzcz0iIj4NCkkgZm9sbG93ZWQgeW91ciBh ZHZpc2UgdG8gc3BsaXQgdGhlIFNwZWNpYWwtVXNlIElEIGludG8gYSByYW5nZSBmb3IgRXhwZXJp bWVudGFsLUlEIGFuZCBEb2N1bWVudGF0aW9uLUlELjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0i Ij4NClRoZSB0b3BpYyBvZiBvYnNvbGV0ZSB2cyB1cGRhdGUgaXMgc3RpbGwgb3BlbiBhbmQgSSB3 YWl0IGZvciBJRVNHIGd1aWRhbmNlLjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCklmIHdh bnRlZC9yZXF1ZXN0ZWQsIEkgY2FuIHVwbG9hZCBhIHZlcnNpb24gMDUgb2YgdGhlIGRvY3VtZW50 IHdpdGggdGhlIG1vZGlmaWNhdGlvbnMgSSBvdXRsaW5lZCBpbiB0aGUgcHJldmlvdXMgZW1haWxz IGFscmVhZHkuPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KT2xpdmVyPGJyIGNsYXNzPSIi Pg0KPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KLS0tLS1PcmlnaW5hbCBNZXNzYWdlLS0t LS08YnIgY2xhc3M9IiI+DQpGcm9tOiBDYXJsb3MgUGlnbmF0YXJvIHZpYSBEYXRhdHJhY2tlciAm bHQ7PGEgaHJlZj0ibWFpbHRvOm5vcmVwbHlAaWV0Zi5vcmciIGNsYXNzPSIiPm5vcmVwbHlAaWV0 Zi5vcmc8L2E+Jmd0Ow0KPGJyIGNsYXNzPSIiPg0KU2VudDogVHVlc2RheSwgTWFyY2ggMjYsIDIw MTkgMzozMyBQTTxiciBjbGFzcz0iIj4NClRvOiA8YSBocmVmPSJtYWlsdG86cnRnLWRpckBpZXRm Lm9yZyIgY2xhc3M9IiI+cnRnLWRpckBpZXRmLm9yZzwvYT48YnIgY2xhc3M9IiI+DQpDYzogPGEg aHJlZj0ibWFpbHRvOnNpZHJvcHNAaWV0Zi5vcmciIGNsYXNzPSIiPnNpZHJvcHNAaWV0Zi5vcmc8 L2E+OyA8YSBocmVmPSJtYWlsdG86aWV0ZkBpZXRmLm9yZyIgY2xhc3M9IiI+DQppZXRmQGlldGYu b3JnPC9hPjsgPGEgaHJlZj0ibWFpbHRvOmRyYWZ0LWlldGYtc2lkcm9wcy1iZ3BzZWMtYWxncy1y ZmM4MjA4LWJpcy5hbGxAaWV0Zi5vcmciIGNsYXNzPSIiPg0KZHJhZnQtaWV0Zi1zaWRyb3BzLWJn cHNlYy1hbGdzLXJmYzgyMDgtYmlzLmFsbEBpZXRmLm9yZzwvYT48YnIgY2xhc3M9IiI+DQpTdWJq ZWN0OiBSdGdkaXIgdGVsZWNoYXQgcmV2aWV3IG9mIGRyYWZ0LWlldGYtc2lkcm9wcy1iZ3BzZWMt YWxncy1yZmM4MjA4LWJpcy0wNDxiciBjbGFzcz0iIj4NCkltcG9ydGFuY2U6IEhpZ2g8YnIgY2xh c3M9IiI+DQo8YnIgY2xhc3M9IiI+DQpSZXZpZXdlcjogQ2FybG9zIFBpZ25hdGFybzxiciBjbGFz cz0iIj4NClJldmlldyByZXN1bHQ6IEhhcyBJc3N1ZXM8YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9 IiI+DQpIZWxsbyw8YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQpJIGhhdmUgYmVlbiBzZWxl Y3RlZCBhcyB0aGUgUm91dGluZyBEaXJlY3RvcmF0ZSByZXZpZXdlciBmb3IgdGhpcyBkcmFmdC4g VGhlIFJvdXRpbmcgRGlyZWN0b3JhdGUgc2Vla3MgdG8gcmV2aWV3IGFsbCByb3V0aW5nIG9yIHJv dXRpbmctcmVsYXRlZCBkcmFmdHMgYXMgdGhleSBwYXNzIHRocm91Z2ggSUVURiBsYXN0IGNhbGwg YW5kIElFU0cgcmV2aWV3LCBhbmQgc29tZXRpbWVzIG9uIHNwZWNpYWwgcmVxdWVzdC4gVGhlIHB1 cnBvc2Ugb2YgdGhlDQogcmV2aWV3IGlzIHRvIHByb3ZpZGUgYXNzaXN0YW5jZSB0byB0aGUgUm91 dGluZyBBRHMuPGJyIGNsYXNzPSIiPg0KRm9yIG1vcmUgaW5mb3JtYXRpb24gYWJvdXQgdGhlIFJv dXRpbmcgRGlyZWN0b3JhdGUsIHBsZWFzZSBzZWU8YnIgY2xhc3M9IiI+DQrigIs8YSBocmVmPSJo dHRwczovL2djYzAxLnNhZmVsaW5rcy5wcm90ZWN0aW9uLm91dGxvb2suY29tLz91cmw9aHR0cCUz QSUyRiUyRnRyYWMudG9vbHMuaWV0Zi5vcmclMkZhcmVhJTJGcnRnJTJGdHJhYyUyRndpa2klMkZS dGdEaXImYW1wO2FtcDtkYXRhPTAyJTdDMDElN0NvbGl2ZXIuYm9yY2hlcnQlNDBuaXN0LmdvdiU3 QzQzNTBlNWUyZGI5MTQxNjAyYTQwMDhkNmIyMjFkZDE1JTdDMmFiNWQ4MmZkOGZhNDc5N2E5M2Uw NTQ2NTVjNjFkZWMlN0MxJTdDMCU3QzYzNjg5MjI1NTg1OTQwNTY0OCZhbXA7YW1wO3NkYXRhPTBH OUR4Rkw5Q0p6c1lEUVhFbyUyRmVvMklvVGhCJTJGbW5heSUyQmpvSWYyelFzbHclM0QmYW1wO2Ft cDtyZXNlcnZlZD0wIiBjbGFzcz0iIj5odHRwczovL2djYzAxLnNhZmVsaW5rcy5wcm90ZWN0aW9u Lm91dGxvb2suY29tLz91cmw9aHR0cCUzQSUyRiUyRnRyYWMudG9vbHMuaWV0Zi5vcmclMkZhcmVh JTJGcnRnJTJGdHJhYyUyRndpa2klMkZSdGdEaXImYW1wO2FtcDtkYXRhPTAyJTdDMDElN0NvbGl2 ZXIuYm9yY2hlcnQlNDBuaXN0LmdvdiU3QzQzNTBlNWUyZGI5MTQxNjAyYTQwMDhkNmIyMjFkZDE1 JTdDMmFiNWQ4MmZkOGZhNDc5N2E5M2UwNTQ2NTVjNjFkZWMlN0MxJTdDMCU3QzYzNjg5MjI1NTg1 OTQwNTY0OCZhbXA7YW1wO3NkYXRhPTBHOUR4Rkw5Q0p6c1lEUVhFbyUyRmVvMklvVGhCJTJGbW5h eSUyQmpvSWYyelFzbHclM0QmYW1wO2FtcDtyZXNlcnZlZD0wPC9hPjxiciBjbGFzcz0iIj4NCjxi ciBjbGFzcz0iIj4NCkFsdGhvdWdoIHRoZXNlIGNvbW1lbnRzIGFyZSBwcmltYXJpbHkgZm9yIHRo ZSB1c2Ugb2YgdGhlIFJvdXRpbmcgQURzLCBpdCB3b3VsZCBiZSBoZWxwZnVsIGlmIHlvdSBjb3Vs ZCBjb25zaWRlciB0aGVtIGFsb25nIHdpdGggYW55IG90aGVyIElFVEYgTGFzdCBDYWxsIGNvbW1l bnRzIHRoYXQgeW91IHJlY2VpdmUsIGFuZCBzdHJpdmUgdG8gcmVzb2x2ZSB0aGVtIHRocm91Z2gg ZGlzY3Vzc2lvbiBvciBieSB1cGRhdGluZyB0aGUgZHJhZnQuPGJyIGNsYXNzPSIiPg0KPGJyIGNs YXNzPSIiPg0KRG9jdW1lbnQ6IGRyYWZ0LWlldGYtc2lkcm9wcy1iZ3BzZWMtYWxncy1yZmM4MjA4 LWJpcy0wNDxiciBjbGFzcz0iIj4NClJldmlld2VyOiBDYXJsb3MgUGlnbmF0YXJvPGJyIGNsYXNz PSIiPg0KSW50ZW5kZWQgU3RhdHVzOiBQcm9wb3NlZCBTdGFuZGFyZDxiciBjbGFzcz0iIj4NCjxi ciBjbGFzcz0iIj4NClN1bW1hcnk6PGJyIGNsYXNzPSIiPg0KVGhpcyBkb2N1bWVudCBzcGVjaWZp ZXMgdGhlIGFsZ29yaXRobXMgYW5kIHBhcmFtZXRlcnMgZm9yIEJHUHNlYyAoQm9yZGVyIEdhdGV3 YXkgUHJvdG9jb2wgU2VjdXJpdHkpLjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCkNvbW1l bnRzOjxiciBjbGFzcz0iIj4NClRoaXMgaXMgYSBjbGVhciwgY29tcHJlaGVuc2l2ZSwgYW5kIHdl bGwgd3JpdHRlbiBkb2N1bWVudC4gSXQgc3RhdGVzIGl0IHVwZGF0ZXMgKGlmIGFwcHJvdmVkKSBS RkMgODIwOCwgYW5kIEkgcGFydGljdWxhcmx5IGFwcHJlY2lhdGUgU2VjdGlvbiAxLjIsICZxdW90 O0NoYW5nZXMgZnJvbSBSRkMgODIwOCZxdW90OywgaW4gZXhwbGljaXRseSBzaG93aW5nIGhvdy4g SG93ZXZlciwgaXQgaXMgdW5jbGVhciB0byBtZSBpZiB0aGUgcmlnaHQgcmVsYXRpb25zaGlwIGlz DQogdG8gJnF1b3Q7dXBkYXRlJnF1b3Q7IG9yIHRvICZxdW90O29ic29sZXRlJnF1b3Q7IFJGQyA4 MjA4LiBTaG91bGQgdGhpcyBkb2N1bWVudCBiZSBhcHByb3ZlZCBhbmQgcHVibGlzaGVkLCB3b3Vs ZCBSRkMgODIwOCBzdGlsbCBiZSBhY3RpdmUgYW5kIHJlbGV2YW50LCBvbmx5IHVwZGF0ZWQsIG9y IHJlLXdyaXR0ZW4/PGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KTWlub3IgSXNzdWVzOjxi ciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCjEuICZuYnNwO0ludHJvZHVjdGlvbjxiciBjbGFz cz0iIj4NCjxiciBjbGFzcz0iIj4NCiZuYnNwOyZuYnNwO1RoaXMgZG9jdW1lbnQgdXBkYXRlcyBb UkZDNzkzNV0gdG8gYWRkIHN1cHBvcnQgZm9yIGEpIGEgZGlmZmVyZW50PGJyIGNsYXNzPSIiPg0K Jm5ic3A7Jm5ic3A7YWxnb3JpdGhtIGZvciBCR1BzZWMgY2VydGlmaWNhdGUgcmVxdWVzdHMsIHdo aWNoIGFyZSBpc3N1ZWQgb25seSBieTxiciBjbGFzcz0iIj4NCiZuYnNwOyZuYnNwO0JHUHNlYyBz cGVha2VyczsgYikgYSBkaWZmZXJlbnQgU3ViamVjdCBQdWJsaWMgS2V5IEluZm8gZm9ybWF0IGZv cjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCkNNUDogRG9lcyB0aGlzIGRvY3VtZW50IHVw ZGF0ZSBSRkM3OTM1IG9yIFJGQzgyMDggb24gdGhlc2UgaXNzdWVzPyBNZWFuaW5nLCBpZiBpdCBy ZWFsbHkgdXBkYXRlcyBSRkM3OTM1LCB0aGVuIGl0IHdvdWxkIG9ic29sZXRlIFJGQyA4MjA4LiBJ ZiBpdCBkb2VzIG5vdCBvYnNvbGV0ZSBSRkMgODIwOCwgdGhlbiBpdCB3b3VsZCB1cGRhdGUgUkZD IDgyMDggYW5kIFJGQyA3OTM1LCBwZXJoYXBzPyBDTVA6IEkgYmVsaWV2ZSB0aGUgcmlnaHQgbWV0 YWRhdGENCiB3b3VsZCBiZTogVXBkYXRlczogNzkzNSBPYnNvbGV0ZXM6IDgyMDg8YnIgY2xhc3M9 IiI+DQo8YnIgY2xhc3M9IiI+DQpDTVA6IEFsc28sIGFuIGVkaXRvcmlhbDogdGhpcyBpcyBhIHZl cnkgdGhpY2sgcGFyYWdyYXBoIHRvIHBhcnNlIGNvbnRhaW5pbmcgYW4gZW51bWVyYXRlZCBsaXN0 IGVtYmVkZGVkIGluIGl0LiBTaG91bGQgY2xhcml0eSBiZSBpbXByb3ZlZCBpZiB0dXJuZWQgaW50 byBhbiBhY3R1YWwgbGlzdD8gKGEpLCAoYiksIGV0Yy48YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9 IiI+DQombmJzcDsmbmJzcDtBcHBlbmRpeCBBIGNvbnRhaW5zIGV4YW1wbGUgQkdQc2VjIFVQREFU RSBtZXNzYWdlcyBhcyB3ZWxsIGFzIHRoZTxiciBjbGFzcz0iIj4NCiZuYnNwOyZuYnNwO3ByaXZh dGUga2V5cyB1c2VkIHRvIGdlbmVyYXRlIHRoZSBtZXNzYWdlcyBhbmQgdGhlIGNlcnRpZmljYXRl czxiciBjbGFzcz0iIj4NCiZuYnNwOyZuYnNwO25lY2Vzc2FyeSB0byB2YWxpZGF0ZSB0aGUgc2ln bmF0dXJlcy48YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQpDTVA6IE1heWJlIG92ZXJraWxs LCBidXQgbWlnaHQgYmUgdXNlZnVsIHRvIGV4cGxpY2l0bHkgc2F5IHRoYXQgdGhlIEFwcGVuZGl4 IGlzIG5vbi1ub3JtYXRpdmUuIEp1c3QgYSB0aG91Z2h0IGZvciB5b3VyIGNvbnNpZGVyYXRpb24u PGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KMi4xLiBBbGdvcml0aG0gSUQgVHlwZXM8YnIg Y2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQombmJzcDsmbmJzcDtvICZuYnNwO1NwZWNpYWwtVXNl IEFsZ29yaXRobSBJRDxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCiZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwO1NwZWNpYWwtVXNlIGFsZ29yaXRobSBJRHMgc3BhbiBmcm9tIDB4RkEg KDI1MCkgdG8gMHhGRSAoMjU0KS4gJm5ic3A7VG88YnIgY2xhc3M9IiI+DQombmJzcDsmbmJzcDsm bmJzcDsmbmJzcDsmbmJzcDthbGxvdyBkb2N1bWVudGF0aW9uIGFuZCBleHBlcmltZW50YXRpb24g dG8gYWNjdXJhdGVseSBkZXNjcmliZTxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCkNNUDog SSB3YXMgd29uZGVyaW5nIGlmIGl0IGlzIGFwcHJvcHJpYXRlIHRvIHVzZSBhIGNvbW1vbiBibG9j ayBmb3IgYm90aCBkb2N1bWVudGF0aW9uIChwYXBlcikgYW5kIGV4cGVyaW1lbnRhdGlvbiAod2ly ZSBpbiBsYWJzKS4gQ01QOiBJbiB0aGlzLCBJIG5vdGUgdGhhdCBSRkMgNDcyNyBzYXlzOjxiciBj bGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCiZxdW90OyAmbmJzcDtJdCBpcyBub3Q8YnIgY2xhc3M9 IiI+DQombmJzcDsmbmJzcDthcHByb3ByaWF0ZSB0byB1c2UgYWRkcmVzc2VzIGluIHRoZSBkb2N1 bWVudGF0aW9uIHByZWZpeCBbUkZDMzg0OV08YnIgY2xhc3M9IiI+DQombmJzcDsmbmJzcDtmb3Ig ZXhwZXJpbWVudGF0aW9uLiZxdW90OzxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCkNNUDog U28sIHdoaWxlIEkgaGF2ZSBubyBzdHJvbmcgcG9zaXRpb24gKEkgdGhpbmspLCBpdCBtaWdodCBi ZSB1c2VmdWwgdG8gY29uc2lkZXIgc2VwYXJhdGluZyB0aGVzZSB0d28gc2VtYW50aWNzIHdpdGgg ZGlmZmVyZW50IGFsbG9jYXRpb25zLjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCjguICZu YnNwO1JlZmVyZW5jZXM8YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQpDTVA6IExhc3RseSwg SSBhbSBzdXJlIEFEcyBhcmUgY2hlY2tpbmcgZG93bnJlZnMgYW5kIHRoZSBzdWNoLjxiciBjbGFz cz0iIj4NCjxiciBjbGFzcz0iIj4NCkFsc28gTml0czo8YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9 IiI+DQpGb3VuZCBwb3NzaWJsZSBJUHY2IGFkZHJlc3MgJzIwMDE6MDAxMDowMDAwOjAwMDA6MDAw MDowMDAwOmM2MzM6NjQ2NCcgaW4gcG9zaXRpb24gNzgzIGluIHRoZSBwYXJhZ3JhcGg7IHRoaXMg ZG9lc24ndCBtYXRjaCBSRkMgMzg0OSdzIHN1Z2dlc3RlZDxiciBjbGFzcz0iIj4NCjIwMDE6REI4 OjovMzIgYWRkcmVzcyByYW5nZSBvciBSRkMgNDE5MydzIFVuaXF1ZSBMb2NhbCBBZGRyZXNzIHJh bmdlIEZDMDA6Oi83LjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCkNNUDogSSBob3BlIHRo ZXNlIGFyZSB1c2VmdWwuPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KVGhhbmsgeW91LDxi ciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCkNhcmxvcyBQaWduYXRhcm8uPGJyIGNsYXNzPSIi Pg0KPGJyIGNsYXNzPSIiPg0KPC9kaXY+DQo8L2Rpdj4NCjwvYmxvY2txdW90ZT4NCjwvZGl2Pg0K PGJyIGNsYXNzPSIiPg0KPC9kaXY+DQo8L2JvZHk+DQo8L2h0bWw+DQo= --_000_E27801656EBA4D5F8CB518E47ACD6B4Cciscocom_-- From nobody Mon Apr 15 14:38:01 2019 Return-Path: X-Original-To: sidrops@ietf.org Delivered-To: sidrops@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id CBE18120242; Mon, 15 Apr 2019 14:37:58 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: Cc: sidrops@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.95.0 Auto-Submitted: auto-generated Precedence: bulk Reply-To: sidrops@ietf.org Message-ID: <155536427875.10868.9303402297476612035@ietfa.amsl.com> Date: Mon, 15 Apr 2019 14:37:58 -0700 Archived-At: Subject: [Sidrops] I-D Action: draft-ietf-sidrops-bgpsec-algs-rfc8208-bis-05.txt X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Apr 2019 21:37:59 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the SIDR Operations WG of the IETF. Title : BGPsec Algorithms, Key Formats, and Signature Formats Authors : Sean Turner Oliver Borchert Filename : draft-ietf-sidrops-bgpsec-algs-rfc8208-bis-05.txt Pages : 23 Date : 2019-04-15 Abstract: This document specifies the algorithms, algorithm parameters, asymmetric key formats, asymmetric key sizes, and signature formats used in BGPsec (Border Gateway Protocol Security). This document obsoletes RFC 8208 ("BGPsec Algorithms, Key Formats, and Signature Formats") by adding Documentation Algorithm IDs, Experimentation Algorithm IDs, correcting the range of unassigned algorithms IDs to fill the complete range, and restructured the document for better reading. This document also includes example BGPsec UPDATE messages as well as the private keys used to generate the messages and the certificates necessary to validate those signatures. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-sidrops-bgpsec-algs-rfc8208-bis/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-sidrops-bgpsec-algs-rfc8208-bis-05 https://datatracker.ietf.org/doc/html/draft-ietf-sidrops-bgpsec-algs-rfc8208-bis-05 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-sidrops-bgpsec-algs-rfc8208-bis-05 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Mon Apr 15 14:39:52 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 982AC120192; Mon, 15 Apr 2019 14:39:44 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.002 X-Spam-Level: X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nist.gov Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f7k0ZnydTWUn; Mon, 15 Apr 2019 14:39:42 -0700 (PDT) Received: from GCC01-DM2-obe.outbound.protection.outlook.com (mail-eopbgr840108.outbound.protection.outlook.com [40.107.84.108]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 04104120230; Mon, 15 Apr 2019 14:39:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nist.gov; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=r/nMZ/6ZVwd7i1dXsmAMJBTrWt3uf9esWv0HINPwhNA=; b=k8NH8Zqs+7pCKncpwb+6dL++IRZ7hadlSypr3fa3SdyFutVOZVvH4aVbfkzQp2nZKjsHRnfeae9JuywqpmtCF4iNq7D1NHqlbNlj4KLAOQQ2Cu5TJhI8WS4ru+wuTzoXMrrX1S0y7AkVU/3VXGzBaiUIpYRJabULZSF5z7O8rCc= Received: from SN6PR09MB3167.namprd09.prod.outlook.com (20.177.250.204) by SN6PR09MB3165.namprd09.prod.outlook.com (20.177.250.202) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1792.19; Mon, 15 Apr 2019 21:39:39 +0000 Received: from SN6PR09MB3167.namprd09.prod.outlook.com ([fe80::694c:8a72:b9a7:5832]) by SN6PR09MB3167.namprd09.prod.outlook.com ([fe80::694c:8a72:b9a7:5832%2]) with mapi id 15.20.1792.018; Mon, 15 Apr 2019 21:39:39 +0000 From: "Borchert, Oliver (Fed)" To: Sean Turner , Alexey Melnikov CC: Benjamin Kaduk , Warren Kumari , SIDROps Chairs , "draft-ietf-sidrops-bgpsec-algs-rfc8208-bis@ietf.org" , SIDR Operations WG , Chris Morrow , The IESG Thread-Topic: [Sidrops] Alexey Melnikov's Discuss on draft-ietf-sidrops-bgpsec-algs-rfc8208-bis-04: (with DISCUSS) Thread-Index: AQHU78WVwxYQIWvxVk6QM4XyxdXWDaY1vIuAgAAsaQCAAAC6AIAA0aWAgAAfQgCABqpDgA== Date: Mon, 15 Apr 2019 21:39:39 +0000 Message-ID: <0D7B26FA-D7E5-41EE-B0FD-0C634F12BB5E@nist.gov> References: <155491848705.8904.6102999785203393745.idtracker@ietfa.amsl.com> <7433410F-E7A3-47B8-87F1-C170C30CE4E5@sn3rd.com> <20190410213026.GH18549@kduck.mit.edu> <554dd3b6-4e1b-4582-8411-cf98425b1d21@www.fastmail.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/10.17.1.190326 authentication-results: spf=none (sender IP is ) smtp.mailfrom=oliver.borchert@nist.gov; x-originating-ip: [2610:20:6222:140:a838:e6cd:25f6:27f0] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 5a369ed0-7d4b-4218-85b2-08d6c1eadcf5 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600140)(711020)(4605104)(4618075)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7193020); SRVR:SN6PR09MB3165; x-ms-traffictypediagnostic: SN6PR09MB3165: x-microsoft-antispam-prvs: x-forefront-prvs: 000800954F x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(396003)(366004)(376002)(39860400002)(136003)(346002)(199004)(189003)(7736002)(256004)(14444005)(71200400001)(97736004)(5660300002)(6486002)(106356001)(6512007)(8936002)(105586002)(99286004)(6436002)(33656002)(6116002)(229853002)(82746002)(86362001)(36756003)(93886005)(54906003)(68736007)(110136005)(102836004)(305945005)(46003)(11346002)(83716004)(446003)(476003)(316002)(58126008)(2616005)(71190400001)(2906002)(4326008)(81156014)(478600001)(486006)(14454004)(81166006)(53936002)(6246003)(8676002)(76176011)(53546011)(186003)(25786009)(6506007); DIR:OUT; SFP:1102; SCL:1; SRVR:SN6PR09MB3165; H:SN6PR09MB3167.namprd09.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: 4zn8kz0kIruLjAfl7ucd9cy3b4TGYT9bE+IyuHkv8OD/42oECsJi7ef+xSodKw/s5wU8upVctURWPnbvnpqfevXV4QSzFvrSFuKLQH+QPDcWR89qJlXVs7OxHN7KV/gDPE1QF4FfVPPvUOFvpgd4oupXmGkQfFNwmyytUtDKnkMbr2MscpMrNNKDDGWDZMKiXvz5qvP43+NqAY8KGSuD+WPn/23aMb6YU8fXD6ysP2Tr3jD0t7ArgYHPt0ilPujbLViRpfzJbBJNR2CxTpi1xR/Un5RX+cl4EvjhxLIxHI5D2zrsVtE5Cqb3dCKqv7U191+c6WG4Tz0NCksELvGm1tedoyVJNboGSRkK7Sqyi1DCv/NhIqfHRASODQAPS8yxKRhfCmhthrzJFMva2IcgIwGHEmIu/XHi+L9gmn68Hfc= Content-Type: text/plain; charset="utf-8" Content-ID: <4DA846B8A3D5364B9C2629E8942B6DAC@namprd09.prod.outlook.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-OriginatorOrg: nist.gov X-MS-Exchange-CrossTenant-Network-Message-Id: 5a369ed0-7d4b-4218-85b2-08d6c1eadcf5 X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Apr 2019 21:39:39.1739 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR09MB3165 Archived-At: Subject: Re: [Sidrops] Alexey Melnikov's Discuss on draft-ietf-sidrops-bgpsec-algs-rfc8208-bis-04: (with DISCUSS) X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Apr 2019 21:39:45 -0000 RnJvbSBJRVNHIGV2YWx1YXRpb24gcmVjb3JkOg0KPiBBbHZhcm8gUmV0YW5hIFllcw0KPiBDb21t ZW50ICgyMDE5LTA0LTExKQ0KPiBJIHN1cHBvcnQgQWxleGV5J3MgRElTQ1VTUzogdGhpcyBkb2N1 bWVudCBzaG91bGQgYmUgbWFya2VkIGFzIE9ic29sZXRpbmcgcmZjODIwOC4NCg0KSSBtb2RpZmll ZCB0aGUgZHJhZnQgdG8gIk9ic29sZXRlcyIgYW5kIHVwbG9hZGVkIGRyYWZ0LWlldGYtc2lkcm9w cy1iZ3BzZWMtYWxncy1yZmM4MjA4LWJpcy0wNSB3aXRoIHRoZSBsYXRlc3QgY2hhbmdlcy4NCg0K T2xpdmVyDQoNCg0K77u/T24gNC8xMS8xOSwgNzo1MiBBTSwgIlNlYW4gVHVybmVyIiA8c2VhbkBz bjNyZC5jb20+IHdyb3RlOg0KDQogICAgDQogICAgDQogICAgPiBPbiBBcHIgMTEsIDIwMTksIGF0 IDA2OjAwLCBBbGV4ZXkgTWVsbmlrb3YgPGFhbWVsbmlrb3ZAZmFzdG1haWwuZm0+IHdyb3RlOg0K ICAgID4gDQogICAgPiBPbiBXZWQsIEFwciAxMCwgMjAxOSwgYXQgMTA6MzAgUE0sIEJlbmphbWlu IEthZHVrIHdyb3RlOg0KICAgID4+IE9uIFdlZCwgQXByIDEwLCAyMDE5IGF0IDA1OjI3OjUwUE0g LTA0MDAsIFNlYW4gVHVybmVyIHdyb3RlOg0KICAgID4+PiANCiAgICA+Pj4gDQogICAgPj4+PiBP biBBcHIgMTAsIDIwMTksIGF0IDE0OjQ4LCBXYXJyZW4gS3VtYXJpIDx3YXJyZW5Aa3VtYXJpLm5l dD4gd3JvdGU6DQogICAgPj4+PiANCiAgICA+Pj4+IA0KICAgID4+Pj4gDQogICAgPj4+PiBPbiBX ZWQsIEFwciAxMCwgMjAxOSBhdCAxOjQ4IFBNIEFsZXhleSBNZWxuaWtvdiB2aWEgRGF0YXRyYWNr ZXIgPG5vcmVwbHlAaWV0Zi5vcmc+IHdyb3RlOg0KICAgID4+Pj4gLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KICAg ID4+Pj4gRElTQ1VTUzoNCiAgICA+Pj4+IC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCiAgICA+Pj4+IA0KICAgID4+ Pj4gVGhpcyBpcyBhIGZpbmUgZG9jdW1lbnQgYW5kIHNvcnJ5IGZvciBuaXQtcGlja2luZywgYnV0 IHdoeSBpcyB0aGlzIGRvY3VtZW50DQogICAgPj4+PiAiVXBkYXRlczogODIwOCIgaW5zdGVhZCBv ZiAiT2Jzb2xldGU6IDgyMDgiPw0KICAgID4+Pj4gDQogICAgPj4+PiANCiAgICA+Pj4+IFRoYW5r cyBhbiBleGNlbGxlbnQgcXVlc3Rpb24gLS0gSSBzdXNwZWN0IHRoYXQgdGhlIGFuc3dlciBpcyBz aW1wbHkgIldob29wcywgdGhhdCB3YXMgYSBtaXN0YWtlIiAtLSBpcyB0aGF0IGNvcnJlY3Q/DQog ICAgPj4+PiBXDQogICAgPj4+IA0KICAgID4+PiBOb3BlIHRoaXMgZHJhZnQgaXMgYW4gdXBkYXRl cyBiZWNhdXNlIGl04oCZcyBqdXN0IGFkZGluZyBzb21lIHRoaW5ncyB0byA4MjA4IG5vdCByZXBs YWNpbmcgaXQgZW50aXJlbHkuDQogICAgPj4gDQogICAgPj4gRXIsIHdoYXQgaXMgbGVmdCBpbiA4 MjA4IHRoYXQncyBub3QgYmVpbmcgcmVwbGFjZWQ/DQogICAgPj4gVGhlIGRpZmYgc2VlbXMgcHJl dHR5IGluZGljYXRpdmUgdGhhdCBhbGwgdGhlIGNvbnRlbnQgaXMgcHJlc2VudCBpbiB0aGUgbmV3 DQogICAgPj4gZG9jLCB0byBtZS4NCiAgICA+IA0KICAgID4gRXhhY3RseS4gVGhpcyBkb2N1bWVu dCBkb2Vzbid0IGp1c3QgdXBkYXRlIHRoZSBJQU5BIHJlZ2lzdHJhdGlvbiBwcm9jZXNzLCBpdCBp bmNvcnBvcmF0ZXMgdGhlIHdob2xlIFJGQyA4MjA4IGNvbnRlbnQuIEFmdGVyIGl0IGlzIHB1Ymxp c2hlZCBhcyBhbiBSRkMsIHRoZXJlIHdvdWxkIG5ldmVyIGJlIGFueSBuZWVkIGZvciBwZW9wbGUg dG8gcmVhZCBSRkMgODIwOC4gVGhpcyBtZWFucyBpdCBpcyBvYnNvbGV0ZSByZWxhdGlvbnNoaXAu DQogICAgDQogICAgTm8gYXJndW1lbnQgd2hhdHNvZXZlciBmcm9tIG1lIGFib3V0IHdoZXRoZXIg dGhpcyBpcyBhbiBvYnNvbGV0ZXMvdXBkYXRlcy4gIGFtIGxvb2tpbmcgZm9yd2FyZCB0byB0aGUg ZmluYWxpemVkIElFU0cgc3RhdGVtZW50IG9uIHVwZGF0ZXMgdnMgb2Jzb2xldGVzIDspLg0KICAg IA0KICAgIHNwdA0KDQo= From nobody Mon Apr 15 15:07:21 2019 Return-Path: X-Original-To: sidrops@ietf.org Delivered-To: sidrops@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id C07C5120033; Mon, 15 Apr 2019 15:07:13 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: Adam Roach via Datatracker To: "The IESG" Cc: draft-ietf-sidrops-bgpsec-algs-rfc8208-bis@ietf.org, Chris Morrow , sidrops-chairs@ietf.org, morrowc@ops-netman.net, sidrops@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.95.0 Auto-Submitted: auto-generated Precedence: bulk Reply-To: Adam Roach Message-ID: <155536603378.10831.5630248103398185981.idtracker@ietfa.amsl.com> Date: Mon, 15 Apr 2019 15:07:13 -0700 Archived-At: Subject: [Sidrops] Adam Roach's No Objection on draft-ietf-sidrops-bgpsec-algs-rfc8208-bis-05: (with COMMENT) X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Apr 2019 22:07:14 -0000 Adam Roach has entered the following ballot position for draft-ietf-sidrops-bgpsec-algs-rfc8208-bis-05: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-sidrops-bgpsec-algs-rfc8208-bis/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Thanks for addressing my DISCUSS. From nobody Mon Apr 15 23:40:28 2019 Return-Path: X-Original-To: sidrops@ietf.org Delivered-To: sidrops@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 7B20C12003E; Mon, 15 Apr 2019 23:40:20 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: Alexey Melnikov via Datatracker To: "The IESG" Cc: draft-ietf-sidrops-bgpsec-algs-rfc8208-bis@ietf.org, Chris Morrow , sidrops-chairs@ietf.org, morrowc@ops-netman.net, sidrops@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.95.0 Auto-Submitted: auto-generated Precedence: bulk Reply-To: Alexey Melnikov Message-ID: <155539682049.10741.15291522919382531407.idtracker@ietfa.amsl.com> Date: Mon, 15 Apr 2019 23:40:20 -0700 Archived-At: Subject: [Sidrops] Alexey Melnikov's No Objection on draft-ietf-sidrops-bgpsec-algs-rfc8208-bis-05: (with COMMENT) X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Apr 2019 06:40:21 -0000 Alexey Melnikov has entered the following ballot position for draft-ietf-sidrops-bgpsec-algs-rfc8208-bis-05: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-sidrops-bgpsec-algs-rfc8208-bis/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Thank you for addressing my DISCUSS. From nobody Tue Apr 16 05:47:52 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7BE91120362; Tue, 16 Apr 2019 05:47:51 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -7 X-Spam-Level: X-Spam-Status: No, score=-7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nlnetlabs.nl Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Xay53a20agTs; Tue, 16 Apr 2019 05:47:50 -0700 (PDT) Received: from dicht.nlnetlabs.nl (open.nlnetlabs.nl [185.49.140.10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9D774120352; Tue, 16 Apr 2019 05:47:49 -0700 (PDT) Received: from [IPv6:2a04:b900::1:f49b:919b:4c21:e66] (unknown [IPv6:2a04:b900:0:1:f49b:919b:4c21:e66]) by dicht.nlnetlabs.nl (Postfix) with ESMTPSA id 7A382278AD; Tue, 16 Apr 2019 14:47:46 +0200 (CEST) Authentication-Results: dicht.nlnetlabs.nl; dmarc=pass (p=none dis=none) header.from=nlnetlabs.nl Authentication-Results: dicht.nlnetlabs.nl; spf=pass smtp.mailfrom=tim@nlnetlabs.nl DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=nlnetlabs.nl; s=default; t=1555418866; bh=ta0Tu8C6ce5dFg7wnGNfjgjngMI4YmIaGhHLAsZt7cE=; h=Subject:From:In-Reply-To:Date:Cc:References:To; b=f/akMA8K1nuJuP1QTCoe9/lh11dJ810VQS/ujSjfB8Z8QZrENMIxl6e8AnR+GB8QF Yk3mFijc576fO3oClzUHVkHjUQUaGpR7Dz+d+54WK/LpcD0qxRItKBI7QqNwDpr6XM tKXqIZZ2YwJ//ntZephLuQ4KFPRhI87Jfe5w5CxE= Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.8\)) From: Tim Bruijnzeels In-Reply-To: <155491689193.9336.11988651941770388340.idtracker@ietfa.amsl.com> Date: Tue, 16 Apr 2019 14:47:45 +0200 Cc: The IESG , morrowc@ops-netman.net, sidrops-chairs@ietf.org, sidrops@ietf.org, draft-ietf-sidrops-https-tal@ietf.org Content-Transfer-Encoding: quoted-printable Message-Id: <06A75E77-16DA-4391-91A0-7A0A53AFB66F@nlnetlabs.nl> References: <155491689193.9336.11988651941770388340.idtracker@ietfa.amsl.com> To: Adam Roach X-Mailer: Apple Mail (2.3445.104.8) Archived-At: Subject: Re: [Sidrops] Adam Roach's Yes on draft-ietf-sidrops-https-tal-07: (with COMMENT) X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Apr 2019 12:47:51 -0000 Hi Adam, all, > On 10 Apr 2019, at 19:21, Adam Roach via Datatracker = wrote: >=20 > Adam Roach has entered the following ballot position for > draft-ietf-sidrops-https-tal-07: Yes >=20 > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut = this > introductory paragraph, however.) >=20 >=20 > Please refer to = https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. >=20 >=20 > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-sidrops-https-tal/ >=20 >=20 >=20 > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- >=20 > Thanks to everyone who worked on this document. >=20 > = --------------------------------------------------------------------------= - >=20 > I find it curious and somewhat problematic that there is not a = section, > equivalent to the existing section 4, that deals with RSYNC = considerations. In > particular, the attack described in the first paragraph of section 4 = appears > to be unavoidable when the TAL contains an RSYNC URI. Minimally, this = document > should draw attention to that fact, at least in the Security = Considerations > section. Ideally, it would deprecate -- or at least discourage -- the = use of > RSYNC URIs for this reason. Good point. How about if we change the name of section 4 from "HTTPS Considerations" = to "URI Scheme Considerations" And start off with: Please note that the RSYNC protocol provides neither transport security = nor any means by which the Relying Party can validate that they are = connected to the proper host. There it is RECOMMENDED that HTTPS is used = as the preferred scheme. And change: Note that a Man in the Middle (MITM) cannot produce a CA certificate that would be considered valid according to the process described in = =20 Section 3. However, a MITM attack can be performed to prevent the Relying Party from learning about an updated CA certificate. Because of this, Relying Parties MUST do TLS certificate and host name validation when they fetch a CA certificate using an HTTPS URI on a TAL. To: =20 Relying Parties MUST do TLS certificate and host name validation when they fetch a CA certificate using an HTTPS URI on a TAL. Note that, although a Man in the Middle (MITM) cannot produce a CA certificate that would be considered valid according to the process described in = =20 Section 3, this attack can prevent that the Relying Party learns = about an updated CA certificate. Some background - I don't think the following needs to be in the = document: In my mind it was implicit and obvious that rsync should be discouraged, = to the point that I forgot to mention this completely.. The end goal is = to phase out rsync. But this document still allows both.=20 I proposed at some point that it should allow HTTPS only - in my mind = this would just mean that for some time TALs could be presented in both = RFC7730 format and this new format. But the WG preferred the approach = where this update allows both schemes, and a future update can be done = to remove RSYNC. With this in mind we introduced the "Trust Anchor URI" in this document = and only specify once (section 2.2) which schemes are allowed. This = should make a future update easy. =20 >=20 > [This would be a discuss-level comment if this were a green-field = document, but > I don't want to stand in the way of improving an existing mechanism, = so I'm only > leaving it as a comment. The authors may choose to move forward = without fixing > this issue] >=20 > = --------------------------------------------------------------------------= - >=20 > =C2=A72.2: >=20 >> In this document we define a Trust Anchor URI as a URI that can be >> used to retrieved a current Trust Anchor certificate >=20 > Nit: "...to retrieve..." ack Kind regards, Tim Bruijnzeels >=20 >=20 > _______________________________________________ > Sidrops mailing list > Sidrops@ietf.org > https://www.ietf.org/mailman/listinfo/sidrops From nobody Wed Apr 17 01:34:13 2019 Return-Path: X-Original-To: sidrops@ietf.org Delivered-To: sidrops@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 4854A120125; Wed, 17 Apr 2019 01:34:07 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: Cc: sidrops@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.95.0 Auto-Submitted: auto-generated Precedence: bulk Reply-To: sidrops@ietf.org Message-ID: <155549004725.29226.9306101528215084687@ietfa.amsl.com> Date: Wed, 17 Apr 2019 01:34:07 -0700 Archived-At: Subject: [Sidrops] I-D Action: draft-ietf-sidrops-rp-04.txt X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Apr 2019 08:34:07 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the SIDR Operations WG of the IETF. Title : Requirements for Resource Public Key Infrastructure (RPKI) Relying Parties Authors : Di Ma Stephen Kent Filename : draft-ietf-sidrops-rp-04.txt Pages : 11 Date : 2019-04-17 Abstract: This document provides a single reference point for requirements for Relying Party (RP) software for use in the Resource Public Key Infrastructure (RPKI) in the context of securing Internet routing. It cites requirements that appear in several RPKI RFCs, making it easier for implementers to become aware of these requirements that are segmented with orthogonal functionalities. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-sidrops-rp/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-sidrops-rp-04 https://datatracker.ietf.org/doc/html/draft-ietf-sidrops-rp-04 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-sidrops-rp-04 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Wed Apr 17 03:07:51 2019 Return-Path: X-Original-To: sidrops@ietf.org Delivered-To: sidrops@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 74110120342; Wed, 17 Apr 2019 03:07:44 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: Cc: sidrops@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.95.0 Auto-Submitted: auto-generated Precedence: bulk Reply-To: sidrops@ietf.org Message-ID: <155549566440.29288.9645002161525075660@ietfa.amsl.com> Date: Wed, 17 Apr 2019 03:07:44 -0700 Archived-At: Subject: [Sidrops] I-D Action: draft-ietf-sidrops-rp-05.txt X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Apr 2019 10:07:45 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the SIDR Operations WG of the IETF. Title : Requirements for Resource Public Key Infrastructure (RPKI) Relying Parties Authors : Di Ma Stephen Kent Filename : draft-ietf-sidrops-rp-05.txt Pages : 12 Date : 2019-04-17 Abstract: This document provides a single reference point for requirements for Relying Party (RP) software for use in the Resource Public Key Infrastructure (RPKI) in the context of securing Internet routing. It cites requirements that appear in several RPKI RFCs, making it easier for implementers to become aware of these requirements that are segmented with orthogonal functionalities. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-sidrops-rp/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-sidrops-rp-05 https://datatracker.ietf.org/doc/html/draft-ietf-sidrops-rp-05 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-sidrops-rp-05 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Wed Apr 17 03:20:41 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9399B12049C; Wed, 17 Apr 2019 03:20:32 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I6s-M8eXpw3v; Wed, 17 Apr 2019 03:20:28 -0700 (PDT) Received: from out20-86.mail.aliyun.com (out20-86.mail.aliyun.com [115.124.20.86]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E50861204D7; Wed, 17 Apr 2019 03:20:27 -0700 (PDT) X-Alimail-AntiSpam: AC=CONTINUE; BC=0.07716651|-1; CH=green; DM=CONTINUE|CONTINUE|true|0.363123-0.0111206-0.625756; FP=0|0|0|0|0|-1|-1|-1; HT=e02c03299; MF=madi@rpstir.net; NM=1; PH=DS; RN=2; RT=2; SR=0; TI=SMTPD_---.EMbUz2o_1555496104; Received: from 192.168.218.230(mailfrom:madi@rpstir.net fp:SMTPD_---.EMbUz2o_1555496104) by smtp.aliyun-inc.com(10.147.43.95); Wed, 17 Apr 2019 18:15:04 +0800 Content-Type: text/plain; charset=gb2312 Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.8\)) From: Di Ma In-Reply-To: <155549566440.29288.9645002161525075660@ietfa.amsl.com> Date: Wed, 17 Apr 2019 18:15:03 +0800 Cc: SIDROps Chairs Content-Transfer-Encoding: quoted-printable Message-Id: <5315E402-60BF-4538-9762-D0AA48D0DAAE@rpstir.net> References: <155549566440.29288.9645002161525075660@ietfa.amsl.com> To: SIDR Operations WG X-Mailer: Apple Mail (2.3445.104.8) Archived-At: Subject: Re: [Sidrops] I-D Action: draft-ietf-sidrops-rp-05.txt X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Apr 2019 10:20:39 -0000 Hi, folks, We authors have just updated this document based on the comments from = the list during the WGLC. Di > =D4=DA 2019=C4=EA4=D4=C217=C8=D5=A3=AC18:07=A3=ACinternet-drafts@ietf.or= g =D0=B4=B5=C0=A3=BA >=20 >=20 > A New Internet-Draft is available from the on-line Internet-Drafts = directories. > This draft is a work item of the SIDR Operations WG of the IETF. >=20 > Title : Requirements for Resource Public Key = Infrastructure (RPKI) Relying Parties > Authors : Di Ma > Stephen Kent > Filename : draft-ietf-sidrops-rp-05.txt > Pages : 12 > Date : 2019-04-17 >=20 > Abstract: > This document provides a single reference point for requirements for > Relying Party (RP) software for use in the Resource Public Key > Infrastructure (RPKI) in the context of securing Internet routing. > It cites requirements that appear in several RPKI RFCs, making it > easier for implementers to become aware of these requirements that > are segmented with orthogonal functionalities. >=20 >=20 > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-sidrops-rp/ >=20 > There are also htmlized versions available at: > https://tools.ietf.org/html/draft-ietf-sidrops-rp-05 > https://datatracker.ietf.org/doc/html/draft-ietf-sidrops-rp-05 >=20 > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=3Ddraft-ietf-sidrops-rp-05 >=20 >=20 > Please note that it may take a couple of minutes from the time of = submission > until the htmlized version and diff are available at tools.ietf.org. >=20 > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ >=20 > _______________________________________________ > Sidrops mailing list > Sidrops@ietf.org > https://www.ietf.org/mailman/listinfo/sidrops From nobody Thu Apr 18 14:48:21 2019 Return-Path: X-Original-To: sidrops@ietf.org Delivered-To: sidrops@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 5F35F12040A; Thu, 18 Apr 2019 14:48:17 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: Stewart Bryant via Datatracker To: Cc: sidrops@ietf.org, ietf@ietf.org, draft-ietf-sidrops-lta-use-cases.all@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.95.0 Auto-Submitted: auto-generated Precedence: bulk Reply-To: Stewart Bryant Message-ID: <155562409732.25526.1571500373372550686@ietfa.amsl.com> Date: Thu, 18 Apr 2019 14:48:17 -0700 Archived-At: Subject: [Sidrops] Rtgdir last call review of draft-ietf-sidrops-lta-use-cases-05 X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Apr 2019 21:48:18 -0000 Reviewer: Stewart Bryant Review result: Has Nits This is a well written document. There are a couple of nits that need addressing but otherwise it is ready to publish. ============ 6. Security Considerations Though the above use cases are all constrained to local contexts, they violate the model of a single global PKI, albeit to meet real operational needs. Hence they MUST be implemented to assure the local constraint. SB> I can see why RFC2119 language is used, and it seems correct to use it, however Nits is complaining that there is no RFC2119 boilerplate. ========= [I-D.ietf-sidr-bgpsec-overview] Lepinski, M. and S. Turner, "An Overview of BGPSEC", draft-ietf-sidr-bgpsec-overview-02 (work in progress), May 2012. SB> Nits asks if you mean this version or -08? From nobody Thu Apr 18 16:51:17 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C913812021C; Thu, 18 Apr 2019 16:51:09 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.901 X-Spam-Level: X-Spam-Status: No, score=-6.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 34h6LUK90Na3; Thu, 18 Apr 2019 16:51:08 -0700 (PDT) Received: from ran.psg.com (ran.psg.com [IPv6:2001:418:8006::18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9C4EA12020A; Thu, 18 Apr 2019 16:51:08 -0700 (PDT) Received: from localhost ([127.0.0.1] helo=ryuu.rg.net) by ran.psg.com with esmtp (Exim 4.90_1) (envelope-from ) id 1hHGo6-0007Q2-55; Thu, 18 Apr 2019 23:51:06 +0000 Date: Thu, 18 Apr 2019 16:51:05 -0700 Message-ID: From: Randy Bush To: Stewart Bryant via Datatracker Cc: , sidrops@ietf.org In-Reply-To: <155562409732.25526.1571500373372550686@ietfa.amsl.com> References: <155562409732.25526.1571500373372550686@ietfa.amsl.com> User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/25.3 Mule/6.0 (HANACHIRUSATO) MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") Content-Type: text/plain; charset=US-ASCII Archived-At: Subject: Re: [Sidrops] Rtgdir last call review of draft-ietf-sidrops-lta-use-cases-05 X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Apr 2019 23:51:10 -0000 thanks stewart; review appreciated > 6. Security Considerations > > Though the above use cases are all constrained to local contexts, > they violate the model of a single global PKI, albeit to meet real > operational needs. Hence they MUST be implemented to assure the > local constraint. > > SB> I can see why RFC2119 language is used, and it seems correct to use it, > however Nits is complaining that there is no RFC2119 boilerplate. will fix > [I-D.ietf-sidr-bgpsec-overview] > Lepinski, M. and S. Turner, "An Overview of BGPSEC", > draft-ietf-sidr-bgpsec-overview-02 (work in progress), May > 2012. > > SB> Nits asks if you mean this version or -08? the ref is from pre ww2. it's an rfc now. will fix. thanks again randy From nobody Thu Apr 18 16:59:16 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DDDED120248; Thu, 18 Apr 2019 16:59:06 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.901 X-Spam-Level: X-Spam-Status: No, score=-6.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GIljNaPsiNvA; Thu, 18 Apr 2019 16:59:05 -0700 (PDT) Received: from ran.psg.com (ran.psg.com [IPv6:2001:418:8006::18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9A7AD12004C; Thu, 18 Apr 2019 16:59:05 -0700 (PDT) Received: from localhost ([127.0.0.1] helo=ryuu.rg.net) by ran.psg.com with esmtp (Exim 4.90_1) (envelope-from ) id 1hHGvn-0007R0-RH; Thu, 18 Apr 2019 23:59:04 +0000 Date: Thu, 18 Apr 2019 16:59:03 -0700 Message-ID: From: Randy Bush To: Stewart Bryant via Datatracker Cc: , sidrops@ietf.org In-Reply-To: <155562409732.25526.1571500373372550686@ietfa.amsl.com> References: <155562409732.25526.1571500373372550686@ietfa.amsl.com> User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/25.3 Mule/6.0 (HANACHIRUSATO) MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") Content-Type: text/plain; charset=US-ASCII Archived-At: Subject: Re: [Sidrops] Rtgdir last call review of draft-ietf-sidrops-lta-use-cases-05 X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Apr 2019 23:59:07 -0000 > [I-D.ietf-sidr-bgpsec-overview] > Lepinski, M. and S. Turner, "An Overview of BGPSEC", > draft-ietf-sidr-bgpsec-overview-02 (work in progress), May > 2012. > > SB> Nits asks if you mean this version or -08? i lied. it is not a current draft so can not be referenced. and i can not find it was publised as an rfc. so i referenced 8205 randy From nobody Fri Apr 19 06:32:34 2019 Return-Path: X-Original-To: sidrops@ietf.org Delivered-To: sidrops@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id F26831202E6; Fri, 19 Apr 2019 06:32:32 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: The IESG To: "IETF-Announce" X-Test-IDTracker: no X-IETF-IDTracker: 6.95.0 Auto-Submitted: auto-generated Precedence: bulk Cc: morrowc@ops-netman.net, draft-ietf-sidrops-bgpsec-algs-rfc8208-bis@ietf.org, The IESG , sidrops@ietf.org, sidrops-chairs@ietf.org, Chris Morrow , warren@kumari.net, rfc-editor@rfc-editor.org Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Message-ID: <155568075298.5432.12828403251807271319.idtracker@ietfa.amsl.com> Date: Fri, 19 Apr 2019 06:32:32 -0700 Archived-At: Subject: [Sidrops] Protocol Action: 'BGPsec Algorithms, Key Formats, and Signature Formats' to Proposed Standard (draft-ietf-sidrops-bgpsec-algs-rfc8208-bis-05.txt) X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Apr 2019 13:32:33 -0000 The IESG has approved the following document: - 'BGPsec Algorithms, Key Formats, and Signature Formats' (draft-ietf-sidrops-bgpsec-algs-rfc8208-bis-05.txt) as Proposed Standard This document is the product of the SIDR Operations Working Group. The IESG contact persons are Warren Kumari and Ignas Bagdonas. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-ietf-sidrops-bgpsec-algs-rfc8208-bis/ Technical Summary This document specifies the algorithms, algorithm parameters, asymmetric key formats, asymmetric key sizes, and signature formats used in BGPsec (Border Gateway Protocol Security). This document updates RFC 8208 ("BGPsec Algorithms, Key Formats, and Signature Formats") by adding Special-Use Algorithm IDs and correcting the range of unassigned algorithms IDs to fill the complete range. This document also includes example BGPsec UPDATE messages as well as the private keys used to generate the messages and the certificates necessary to validate those signatures. Working Group Summary There was nothing in the WG review which was notable. Document Quality This is an update to the existing document, there was nothing super special here. It's the specification of algorithms and parameters to those algorithms to be used in the BGPSec protocol Personnel Document Shepherd: Chris Morrow (morrowc@ops-netman.net) Responsible AD: Warren Kumari (warren@kumari.net) From nobody Wed Apr 24 13:57:45 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B80A112041B; Wed, 24 Apr 2019 13:57:35 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.899 X-Spam-Level: X-Spam-Status: No, score=-6.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CiycaWkFt6Dr; Wed, 24 Apr 2019 13:57:33 -0700 (PDT) Received: from nagasaki.bogus.com (nagasaki.bogus.com [IPv6:2001:418:1::81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BEA95120417; Wed, 24 Apr 2019 13:57:33 -0700 (PDT) Received: from [IPv6:2607:fb90:322d:baab:2d25:5a1f:c51c:c29b] ([IPv6:2607:fb90:322d:baab:2d25:5a1f:c51c:c29b]) (authenticated bits=0) by nagasaki.bogus.com (8.15.2/8.15.2) with ESMTPSA id x3OKvVqa024389; Wed, 24 Apr 2019 20:57:33 GMT (envelope-from joelja@bogus.com) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (1.0) From: Joel Jaeggli X-Mailer: iPhone Mail (16E227) In-Reply-To: Date: Wed, 24 Apr 2019 13:57:31 -0700 Cc: Stewart Bryant via Datatracker , rtg-dir@ietf.org, sidrops@ietf.org Content-Transfer-Encoding: quoted-printable Message-Id: <6344FA11-A853-474A-BF2C-F884ABE9637E@bogus.com> References: <155562409732.25526.1571500373372550686@ietfa.amsl.com> To: Randy Bush Archived-At: Subject: Re: [Sidrops] Rtgdir last call review of draft-ietf-sidrops-lta-use-cases-05 X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Apr 2019 20:57:36 -0000 =20 Sent from my iPhone > On Apr 18, 2019, at 16:51, Randy Bush wrote: >=20 > thanks stewart; review appreciated >=20 >> 6. Security Considerations >>=20 >> Though the above use cases are all constrained to local contexts, >> they violate the model of a single global PKI, albeit to meet real=20 >> operational needs. Hence they MUST be implemented to assure the >> local constraint. >>=20 >> SB> I can see why RFC2119 language is used, and it seems correct to use i= t, >> however Nits is complaining that there is no RFC2119 boilerplate. >=20 > will fix >=20 >> [I-D.ietf-sidr-bgpsec-overview] >> Lepinski, M. and S. Turner, "An Overview of BGPSEC", >> draft-ietf-sidr-bgpsec-overview-02 (work in progress), May >> 2012. >>=20 >> SB> Nits asks if you mean this version or -08? >=20 > the ref is from pre ww2. it's an rfc now. will fix. >=20 > thanks again >=20 > randy >=20 > _______________________________________________ > Sidrops mailing list > Sidrops@ietf.org > https://www.ietf.org/mailman/listinfo/sidrops >=20 From nobody Wed Apr 24 16:32:26 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C09CF12018F; Wed, 24 Apr 2019 16:32:17 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.901 X-Spam-Level: X-Spam-Status: No, score=-6.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mgMOEQu46moP; Wed, 24 Apr 2019 16:32:16 -0700 (PDT) Received: from ran.psg.com (ran.psg.com [IPv6:2001:418:8006::18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7391C120196; Wed, 24 Apr 2019 16:32:16 -0700 (PDT) Received: from localhost ([127.0.0.1] helo=ryuu.rg.net) by ran.psg.com with esmtp (Exim 4.90_1) (envelope-from ) id 1hJRN8-0003dO-Ik; Wed, 24 Apr 2019 23:32:14 +0000 Date: Wed, 24 Apr 2019 16:32:14 -0700 Message-ID: From: Randy Bush To: Joel Jaeggli Cc: Stewart Bryant via Datatracker , rtg-dir@ietf.org, sidrops@ietf.org In-Reply-To: <6344FA11-A853-474A-BF2C-F884ABE9637E@bogus.com> References: <155562409732.25526.1571500373372550686@ietfa.amsl.com> <6344FA11-A853-474A-BF2C-F884ABE9637E@bogus.com> User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/26.2 Mule/6.0 (HANACHIRUSATO) MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") Content-Type: text/plain; charset=US-ASCII Archived-At: Subject: Re: [Sidrops] Rtgdir last call review of draft-ietf-sidrops-lta-use-cases-05 X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Apr 2019 23:32:18 -0000 are you trying to tell me to publish -06 with these fixed? randy From nobody Wed Apr 24 19:54:41 2019 Return-Path: X-Original-To: sidrops@ietf.org Delivered-To: sidrops@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id C81AA120123; Wed, 24 Apr 2019 19:54:33 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: Cc: sidrops@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.95.0 Auto-Submitted: auto-generated Precedence: bulk Reply-To: sidrops@ietf.org Message-ID: <155616087369.32109.6889733745815699266@ietfa.amsl.com> Date: Wed, 24 Apr 2019 19:54:33 -0700 Archived-At: Subject: [Sidrops] I-D Action: draft-ietf-sidrops-rpkimaxlen-02.txt X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Apr 2019 02:54:34 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the SIDR Operations WG of the IETF. Title : The Use of Maxlength in the RPKI Authors : Yossi Gilad Sharon Goldberg Kotikalapudi Sriram Job Snijders Ben Maddison Filename : draft-ietf-sidrops-rpkimaxlen-02.txt Pages : 12 Date : 2019-04-24 Abstract: This document recommends ways to reduce forged-origin attack surface by prudently limiting the address space that is included in Route Origin Authorizations (ROAs). One recommendation is to avoid using the maxLength attribute in ROAs except in some specific cases. The recommendations complement and extend those in RFC 7115. The document also discusses creation of ROAs for facilitating Distributed Denial of Service (DDoS) mitigation services. Considerations related to ROAs and origin validation for the case of destination-based Remote Triggered Black Hole (RTBH) filtering are also highlighted. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-sidrops-rpkimaxlen/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-sidrops-rpkimaxlen-02 https://datatracker.ietf.org/doc/html/draft-ietf-sidrops-rpkimaxlen-02 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-sidrops-rpkimaxlen-02 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Mon Apr 29 06:47:49 2019 Return-Path: X-Original-To: sidrops@ietf.org Delivered-To: sidrops@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id CFD14120365; Mon, 29 Apr 2019 06:47:35 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit From: =?utf-8?q?Mirja_K=C3=BChlewind_via_Datatracker?= To: "The IESG" Cc: draft-ietf-sidrops-lta-use-cases@ietf.org, Chris Morrow , sidrops-chairs@ietf.org, morrowc@ops-netman.net, sidrops@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.95.1 Auto-Submitted: auto-generated Precedence: bulk Reply-To: =?utf-8?q?Mirja_K=C3=BChlewind?= Message-ID: <155654565583.15899.253597532069368895.idtracker@ietfa.amsl.com> Date: Mon, 29 Apr 2019 06:47:35 -0700 Archived-At: Subject: [Sidrops] =?utf-8?q?Mirja_K=C3=BChlewind=27s_Discuss_on_draft-ie?= =?utf-8?q?tf-sidrops-lta-use-cases-05=3A_=28with_DISCUSS=29?= X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 29 Apr 2019 13:47:43 -0000 Mirja Kühlewind has entered the following ballot position for draft-ietf-sidrops-lta-use-cases-05: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-sidrops-lta-use-cases/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- 1) I’m not sure I really understand the following use case..? Also is “re-routing to acceptable content” actually a use case we want to endorse in an RFC? "Alice is responsible for the trusted routing for a large organization, commercial or geo-political, in which management requests routing engineering to redirect their competitors' prefixes to socially acceptable data. 2) This sentence in the security considerations section uses normative language without having the respective disclaimer in the document: “Hence they MUST be implemented to assure the local constraint.” However, I also don’t understand what such a normative statement is supposed to say. I’m not sure if local trust actors are the only solution to the stated use case/problems; if that’s what the sentence tries to say, I disagree, however, in any case it doesn’t seem to make sense to use normative wording here. 3) Also, this sentence in the security consideration section, needs probably more explanation: “Authentication of modification 'recipes' will be needed.” What is “will be needed” supposed to mean? How can this be achieved? What happens if it’s not implemented? From nobody Mon Apr 29 08:44:54 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0DFCE1200F9; Mon, 29 Apr 2019 08:35:17 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.338 X-Spam-Level: X-Spam-Status: No, score=-1.338 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, KHOP_DYNAMIC=1.363, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YvZ84LHUhQ3h; Mon, 29 Apr 2019 08:35:15 -0700 (PDT) Received: from mx0b-00273201.pphosted.com (mx0a-00273201.pphosted.com [208.84.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 56444120025; Mon, 29 Apr 2019 08:35:15 -0700 (PDT) Received: from pps.filterd (m0108157.ppops.net [127.0.0.1]) by mx0a-00273201.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x3TFTvNx024022; Mon, 29 Apr 2019 08:35:14 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=from : to : cc : subject : date : message-id : content-type : content-transfer-encoding : mime-version; s=PPS1017; bh=+e8exzyKuNP3Kg88cBLcc/RQpE1Ybu7ZRDqBcpWdsTA=; b=L907e7D/EegRE1SkjHISZUM9J6XQFVkP+sa0A0pzUDbEp7CW13C0FiT4efAfIxEk5GRm WhMK6B1V1VRZq5NN2YfVPorXnUlB1tCO6amkudC8FHlvUIL6w4tR2umYoyMkeRMlpOdu qZ0cx6uhOgO91cMRS5r5tSk5lUIIHe7UjWea/W+GFQRmQt8iaJLR00S1dtXZ2ZAQhHlx 9OqZbLMq4/Qei0atOzk1VxGz8POERJNxwOX2n0X/2kzc+xSqJryl/2YP3qhlQyR06RV5 /+5lZMsJqHsWYjw3CJUABvKz5VoCOPKMWaHE8ewYDMJbTDg5rZEUTJa5ihxnRhllkWqK Dg== Received: from nam03-co1-obe.outbound.protection.outlook.com (mail-co1nam03lp2055.outbound.protection.outlook.com [104.47.40.55]) by mx0a-00273201.pphosted.com with ESMTP id 2s639d02sn-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Mon, 29 Apr 2019 08:35:14 -0700 Received: from BYAPR05MB5029.namprd05.prod.outlook.com (20.177.230.211) by BYAPR05MB4325.namprd05.prod.outlook.com (52.135.202.25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1835.12; Mon, 29 Apr 2019 15:35:12 +0000 Received: from BYAPR05MB5029.namprd05.prod.outlook.com ([fe80::10d9:40a0:faa3:4f79]) by BYAPR05MB5029.namprd05.prod.outlook.com ([fe80::10d9:40a0:faa3:4f79%7]) with mapi id 15.20.1835.010; Mon, 29 Apr 2019 15:35:12 +0000 From: John E Drake To: "rtg-ads@ietf.org" CC: "rtg-dir@ietf.org" , "draft-ietf-sidrops-https-tal.all@ietf.org" , "sidrops@ietf.org" Thread-Topic: rtgdir Last Call Review requested: draft-ietf-sidrops-https-tal Thread-Index: AdT+nkLPouyZk4ydSqm5qxauiLiPnA== Content-Class: Date: Mon, 29 Apr 2019 15:35:12 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-product: dlpe-windows dlp-version: 11.1.100.23 dlp-reaction: no-action msip_labels: MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Enabled=True; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_SiteId=bea78b3c-4cdb-4130-854a-1d193232e5f4; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Owner=jdrake@juniper.net; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_SetDate=2019-04-29T15:35:09.6606321Z; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Name=Juniper Internal; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Application=Microsoft Azure Information Protection; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Extended_MSFT_Method=Automatic; Sensitivity=Juniper Internal x-originating-ip: [66.129.241.12] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 7528be4a-79ad-404b-020b-08d6ccb84516 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600141)(711020)(4605104)(4618075)(2017052603328)(7193020); SRVR:BYAPR05MB4325; x-ms-traffictypediagnostic: BYAPR05MB4325: x-ms-exchange-purlcount: 1 x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:9508; x-forefront-prvs: 0022134A87 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39860400002)(346002)(376002)(396003)(366004)(136003)(189003)(199004)(186003)(74316002)(7696005)(478600001)(66446008)(53936002)(68736007)(102836004)(99286004)(256004)(966005)(25786009)(14444005)(54906003)(86362001)(476003)(4326008)(19621155008)(450100002)(316002)(486006)(71190400001)(6916009)(52536014)(66556008)(8936002)(305945005)(14454004)(2501003)(6116002)(64756008)(73956011)(5640700003)(6306002)(7736002)(26005)(66066001)(66946007)(3846002)(71200400001)(76116006)(8676002)(2906002)(9686003)(5660300002)(6436002)(55016002)(6506007)(2351001)(81166006)(97736004)(81156014)(66476007)(33656002); DIR:OUT; SFP:1102; SCL:1; SRVR:BYAPR05MB4325; H:BYAPR05MB5029.namprd05.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: juniper.net does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: BlGQN5x0JeDxyQhVrhPFtJ60sYvq770F4OkVX5V2Pg966ld40Mt8vgPaufoezBynrp36dqbl63RxlLexHBv1lVtrlCBaVQshkSiXf9coQfTkQi+rrVwL2Exv++mf1RQISoSoOw4GzPjiuyzoVW8PhpOS8/JXA5x49iuI78I4CG5COnZQ/f5ASmQLJAMZ7KGxjGhD9w044rO/EM/iaGMnUF2VAAE00K9drriJWoVF76OKA/EBHPq8HHcVe+PwdCguxKAAKFf+AynEFLR+8my8T3KcgPaN8cmn0JvaFwVqDHu7AVZcR1SGL0M2YQImtni4gSqdEPLcpIBvLzjp3HkDLNHVjl9K1I+/G9NQtQGZb8ulFF9LP1eMQgLbR9Xbf0uUOX7AOEEfITA4m+JaXVmNlWHCidcfo3e+pugGXNvS6c0= Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: juniper.net X-MS-Exchange-CrossTenant-Network-Message-Id: 7528be4a-79ad-404b-020b-08d6ccb84516 X-MS-Exchange-CrossTenant-originalarrivaltime: 29 Apr 2019 15:35:12.3153 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR05MB4325 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-04-29_09:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1904290108 Archived-At: X-Mailman-Approved-At: Mon, 29 Apr 2019 08:44:52 -0700 Subject: [Sidrops] rtgdir Last Call Review requested: draft-ietf-sidrops-https-tal X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 29 Apr 2019 15:35:17 -0000 Hello, I have been selected as the Routing Directorate reviewer for this draft. Th= e Routing Directorate seeks to review all routing or routing-related drafts= as they pass through IETF last call and IESG review, and sometimes on spec= ial request. The purpose of the review is to provide assistance to the Rout= ing ADs. For more information about the Routing Directorate, please see htt= p://trac.tools.ietf.org/area/rtg/trac/wiki/RtgDir Although these comments are primarily for the use of the Routing ADs, it wo= uld be helpful if you could consider them along with any other IETF Last Ca= ll comments that you receive, and strive to resolve them through discussion= or by updating the draft. Document: draft-ietf-sidrops-https-tal-07 Reviewer: John Drake Review Date: 29-Apr-2019 IETF LC End Date: 30-Apr-2019 Intended Status: Standards Track Summary: No issues found. This document is ready for publication. Comments: The document was well structured, clear, and concise, and I found it immens= ely entertaining. Major Issues: No major issues found=20 Minor Issues: No minor issues found=20 Yours Irrespectively, John Juniper Internal From nobody Mon Apr 29 15:15:19 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B33D51200EA; Mon, 29 Apr 2019 15:15:10 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.901 X-Spam-Level: X-Spam-Status: No, score=-6.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WUkA0XCKz2Un; Mon, 29 Apr 2019 15:15:09 -0700 (PDT) Received: from ran.psg.com (ran.psg.com [IPv6:2001:418:8006::18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E1B4212031F; Mon, 29 Apr 2019 15:15:08 -0700 (PDT) Received: from localhost ([127.0.0.1] helo=ryuu.rg.net) by ran.psg.com with esmtp (Exim 4.90_1) (envelope-from ) id 1hLEYE-0008T1-Fh; Mon, 29 Apr 2019 22:15:06 +0000 Date: Mon, 29 Apr 2019 15:15:05 -0700 Message-ID: From: Randy Bush To: =?ISO-8859-1?Q?=22Mirja_K=FChlewind_via_Datatracker=22?= Cc: The IESG , sidrops@ietf.org In-Reply-To: <155654565583.15899.253597532069368895.idtracker@ietfa.amsl.com> References: <155654565583.15899.253597532069368895.idtracker@ietfa.amsl.com> User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/26.2 Mule/6.0 (HANACHIRUSATO) MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") Content-Type: text/plain; charset=ISO-2022-JP Archived-At: Subject: Re: [Sidrops] =?iso-8859-1?q?Mirja_K=FChlewind=27s_Discuss_on_draft-?= =?iso-8859-1?q?ietf-sidrops-lta-use-cases-05=3A_=28with_DISCUSS=29?= X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 29 Apr 2019 22:15:11 -0000 > 1) I$B!G(Bm not sure I really understand the following use case..? > "Alice is responsible for the trusted routing for a large > organization, commercial or geo-political, in which management > requests routing engineering to redirect their competitors' prefixes > to socially acceptable data. think alice being (us|china|uk|justabouteverybody) blocking/redirecting sites which are socially or politically unacceptable in their country. this year's excuses are terrorism and child porn, though religious bigotry is close behind. > Also is $B!H(Bre-routing to acceptable content$B!I(B actually a use case we want > to endorse in an RFC? good question. governments do this all the time whether we like it or not. as the technology to do this is likely the same as for carol's case (the 'dutch court attack'), whether to publish the use case is above my pay grade. pretending the use case does not exist may cause reviewers to invoke a large flightless bird. > 2) This sentence in the security considerations section uses > normative language without having the respective disclaimer in the > document: $B!H(BHence they MUST be implemented to assure the local > constraint.$B!I(B > However, I also don$B!G(Bt understand what such a normative statement is > supposed to say. I$B!G(Bm not sure if local trust actors are the only > solution to the stated use case/problems; if that$B!G(Bs what the sentence > tries to say, I disagree, however, in any case it doesn$B!G(Bt seem to make > sense to use normative wording here. clearly wording could be improved. my guess is the author meant that the result must be able to be validated as if the changed data were part of the validatable global pki while including the local context, perhaps with the addition of trust anchors or some other magic. > 3) Also, this sentence in the security consideration section, needs > probably more explanation: > $B!H(BAuthentication of modification 'recipes' will be needed.$B!I(B What is > $B!H(Bwill be needed$B!I(B supposed to mean? How can this be achieved? What > happens if it$B!G(Bs not implemented? see for example rfc 8416, Simplified Local Internet Number Resource Management with the RPKI, for which this draft was originally to be a gating rfc. the problem there is that slurm is a nice syntax for a recipe to meet some goals of lta-use-cases, but why the heck should i trust carol's slurm recipe when she (or some intermediate party) sends it to me? how do i know it really came from carol and not a monkey in the middle? i doubt global ops will agree on a global back-door set of trust anchors. if it is not implemented, the receiver is taking a major risk trusting tree patches passed around within their organization (alice), let alone more global contexts (carol). suddenly what was a databse based on object security could be patching in objects based on transport security or no security at all. randy From nobody Mon Apr 29 20:59:59 2019 Return-Path: X-Original-To: sidrops@ietf.org Delivered-To: sidrops@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id DAE0E1207D5; Mon, 29 Apr 2019 20:59:49 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: Adam Roach via Datatracker To: "The IESG" Cc: draft-ietf-sidrops-lta-use-cases@ietf.org, Chris Morrow , sidrops-chairs@ietf.org, morrowc@ops-netman.net, sidrops@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.95.1 Auto-Submitted: auto-generated Precedence: bulk Reply-To: Adam Roach Message-ID: <155659678989.12846.6228625087288154485.idtracker@ietfa.amsl.com> Date: Mon, 29 Apr 2019 20:59:49 -0700 Archived-At: Subject: [Sidrops] Adam Roach's No Objection on draft-ietf-sidrops-lta-use-cases-05: (with COMMENT) X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 30 Apr 2019 03:59:50 -0000 Adam Roach has entered the following ballot position for draft-ietf-sidrops-lta-use-cases-05: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-sidrops-lta-use-cases/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Thanks for the work on this document. I have two minor editorial suggestions. --------------------------------------------------------------------------- Please expand the following acronyms upon first use and in the title; see https://www.rfc-editor.org/materials/abbrev.expansion.txt for guidance. - RPKI - LIR - PI - RIR - CA --------------------------------------------------------------------------- ID Nits reports: ** The document seems to lack a both a reference to RFC 2119 and the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. RFC 2119 keyword, line 177: '...eds. Hence they MUST be implemented t...' Please consider adding the boilerplate specified in RFC 8174. From nobody Tue Apr 30 01:35:09 2019 Return-Path: X-Original-To: sidrops@ietf.org Delivered-To: sidrops@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 467BA120099; Tue, 30 Apr 2019 01:35:01 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: Cc: sidrops@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.95.1 Auto-Submitted: auto-generated Precedence: bulk Reply-To: sidrops@ietf.org Message-ID: <155661330120.12988.5654470767721704147@ietfa.amsl.com> Date: Tue, 30 Apr 2019 01:35:01 -0700 Archived-At: Subject: [Sidrops] I-D Action: draft-ietf-sidrops-https-tal-08.txt X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 30 Apr 2019 08:35:02 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the SIDR Operations WG of the IETF. Title : Resource Public Key Infrastructure (RPKI) Trust Anchor Locator Authors : Geoff Huston Samuel Weiler George Michaelson Stephen Kent Tim Bruijnzeels Filename : draft-ietf-sidrops-https-tal-08.txt Pages : 11 Date : 2019-04-30 Abstract: This document defines a Trust Anchor Locator (TAL) for the Resource Public Key Infrastructure (RPKI). TALs allow Relying Parties in the RPKI to download the current Trust Anchor (TA) CA certificate from one or more locations, and verify that the key of this self-signed certificate matches the key on the TAL. Thus, Relying Parties can be configured with TA keys, but allow these TAs to change the content of their CA certificate. In particular it allows TAs to change the set of IP Address Delegations and/or Autonomous System Identifier Delegations included in the RFC3779 extension of their certificate. This document obsoletes the previous definition of Trust Anchor Locators in RFC 7730 by adding support for RFC3986 Uniform Resource Identifiers (URIs) that use HTTPS as the scheme. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-sidrops-https-tal/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-sidrops-https-tal-08 https://datatracker.ietf.org/doc/html/draft-ietf-sidrops-https-tal-08 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-sidrops-https-tal-08 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Tue Apr 30 01:36:31 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E70C2120250; Tue, 30 Apr 2019 01:36:20 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -7 X-Spam-Level: X-Spam-Status: No, score=-7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nlnetlabs.nl Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zFMxxdNIC1wS; Tue, 30 Apr 2019 01:36:19 -0700 (PDT) Received: from dicht.nlnetlabs.nl (open.nlnetlabs.nl [185.49.140.10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AA34212024C; Tue, 30 Apr 2019 01:36:18 -0700 (PDT) Received: from [IPv6:2a04:b900::1:2088:c5f3:c1f7:710b] (unknown [IPv6:2a04:b900:0:1:2088:c5f3:c1f7:710b]) by dicht.nlnetlabs.nl (Postfix) with ESMTPSA id 09F461026B; Tue, 30 Apr 2019 10:36:17 +0200 (CEST) Authentication-Results: dicht.nlnetlabs.nl; dmarc=pass (p=none dis=none) header.from=nlnetlabs.nl Authentication-Results: dicht.nlnetlabs.nl; spf=pass smtp.mailfrom=tim@nlnetlabs.nl DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=nlnetlabs.nl; s=default; t=1556613377; bh=/mjAfeNXjlTo7ahu1Ge3EL+fZwF6DhMeipdcrLwe8zA=; h=Subject:From:In-Reply-To:Date:Cc:References:To; b=X2oH5s2IWc84LHUgACbcMJTk4cdNvMMcAGV0G3rO0s+ZFjYN+C6qGL4AChpOTuTW8 azELEoPRs6EODLABceL6BqUDNzOlCyS9YZhk+/oeggftpLRQxU4Q6QLjoFI3qPvoU4 1PJKPt7hlzpkQsy4J68nSW4ZH14M2GDGaNdwZ17s= Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.8\)) From: Tim Bruijnzeels In-Reply-To: <155486682558.19696.15312172563014424742.idtracker@ietfa.amsl.com> Date: Tue, 30 Apr 2019 10:36:16 +0200 Cc: The IESG , morrowc@ops-netman.net, sidrops-chairs@ietf.org, sidrops@ietf.org, draft-ietf-sidrops-https-tal@ietf.org Content-Transfer-Encoding: quoted-printable Message-Id: References: <155486682558.19696.15312172563014424742.idtracker@ietfa.amsl.com> To: Benjamin Kaduk X-Mailer: Apple Mail (2.3445.104.8) Archived-At: Subject: Re: [Sidrops] Benjamin Kaduk's No Objection on draft-ietf-sidrops-https-tal-07: (with COMMENT) X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 30 Apr 2019 08:36:21 -0000 Hi Benjamin, My apologies. While updating -07 based on the review comments I found = that I overlooked your response. See response in-line, I am including these in the -08 that will follow = shortly. > On 10 Apr 2019, at 05:27, Benjamin Kaduk via Datatracker = wrote: >=20 > Benjamin Kaduk has entered the following ballot position for > draft-ietf-sidrops-https-tal-07: No Objection >=20 > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut = this > introductory paragraph, however.) >=20 >=20 > Please refer to = https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. >=20 >=20 > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-sidrops-https-tal/ >=20 >=20 >=20 > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- >=20 > Thank you for keeping the diff from RFC 7730 tidy! >=20 > Abstract >=20 > their CA certificate. In particular it allows TAs to change the set > of Internet Number Resources included in the RFC3779 extension of > their certificate. >=20 > Neither "Internet Number" nor "Number Resources" appears in RFC 3779 = that I > can see. (On a quick skim, I'm still not sure if we mean AS number or = IP > address/prefix.) >=20 ack, clarified. > Section 2.1 >=20 > the trust anchor per se. In the RPKI, certificates contain > extensions that represent Internet Number Resources (INRs) = [RFC3779]. >=20 good point, I am used to this term so I took it for granted. Now = clarified. > (As above, I don't see INRs mentioned in RFC 3779.) >=20 > Since comments are new in this rev of TAL, do we want to caution = consumers > that implementations may not necessarily support comments yet? I added the following section: 1.2. Changes from RFC7730 The TAL format defined in this document differs from the definition in = [RFC7730] in that:=20 =E2=80=A2 it allows for the use of the HTTPS scheme in URIs; and =E2=80=A2 it allows for the inclusion of an optional comment = section. Note that current Relying Parties may not support this new format yet. = Therefore it is RECOMMENDED that a Trust Anchor operator maintains a = [RFC7730] TAL file for a time as well until they are satisfied that RP = tooling has been updated. >=20 > Section 2.3 >=20 > The trust anchor MUST contain a stable key. This key MUST NOT = change > when the certificate is reissued due to changes in the INR > extension(s), when the certificate is renewed prior to expiration, = or > for any reason other than a key change. >=20 > (This seems a bit tautological...) >=20 > If an entity wishes to withdraw a self-signed CA certificate as a > putative trust anchor, for any reason, including key rollover, the > entity MUST remove the object from the location referenced in the > TAL. >=20 > Certain classes of attacker could continue to publish the last-known > certificate as a trust anchor and prevent this withdrawl from taking > effect; we should probably cover that in the security considerations. >=20 see below 2.4, or am I missing another point here? > Section 2.4 >=20 > We say that it's RECOMMENDED to have different domains (so as to get > different IP addresses) but this example shows only a single domain. >=20 > Section 4 >=20 > Note that a Man in the Middle (MITM) cannot produce a CA certificate > that would be considered valid according to the process described in > Section 3. [...] >=20 > I think the key part is that the attacker cannot produce a *new* CA > certificate that differs from a legitimate one, but they can MITM the = HTTPS > connection and present a legitimate (but potentially stale) CA = certificate. We have this (slightly re-worded text) in the Security section: Note that, although a Man in the Middle (MITM) cannot produce a CA certificate that would be considered valid according to the process described in Section 3, this attack can prevent that the Relying Party learns about an updated CA certificate. This does not go on to clarify the consequences of such possible = attacks, but I believe this is sufficient warning to implementers. >=20 > o DNS names in Repository Server certificates SHOULD NOT contain = the > wildcard character "*". >=20 > Would a Relying Party ever reject the HTTPS connection (and thus, the > delivered TA) if a wildcard certificate is presented for the HTTPS > connection? This is most likely controlled by the HTTPS client library used by the = RP software. In some cases it may not be possible to tweak the = behaviour. Therefore I think the SHOULD NOT is the right level.=20 >=20 > Section 5 >=20 > This TAL does not directly provide a list of resources covered by = the > referenced self-signed CA certificate. Instead, the RP is referred > to the trust anchor itself and the INR extension(s) within this > certificate. This provides necessary operational flexibility, but = it > also allows the certificate issuer to claim to be authoritative for > any resource. Relying parties should either have great confidence = in > the issuers of such certificates that they are configuring as trust > anchors, or they should issue their own self-signed certificate as a > trust anchor and, in doing so, impose constraints on the subordinate > certificates. >=20 > Are there any external databases that a RP could consult to affect the > decision of whether to believe that a TA should actually be claiming = the > indicated resource(s)? (It would be a bit silly, given that this is = the > RPKI already, but still...) I think this is out of scope for this document. But the RIRs do publish = their stats here on the NRO website: https://www.nro.net/about/rirs/statistics/ >=20 >=20 > _______________________________________________ > Sidrops mailing list > Sidrops@ietf.org > https://www.ietf.org/mailman/listinfo/sidrops From nobody Tue Apr 30 06:36:35 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 47FF912001B; Tue, 30 Apr 2019 06:36:34 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.65 X-Spam-Level: X-Spam-Status: No, score=-1.65 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BpNnu2xm4ONb; Tue, 30 Apr 2019 06:36:33 -0700 (PDT) Received: from mail-it1-f196.google.com (mail-it1-f196.google.com [209.85.166.196]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D2BA9120025; Tue, 30 Apr 2019 06:36:29 -0700 (PDT) Received: by mail-it1-f196.google.com with SMTP id s3so4682107itk.1; Tue, 30 Apr 2019 06:36:29 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=D1tljOK9JCC0ANaQ8X76MbQCjuX/I7Husv/5qdRm+9w=; b=JgWterYjCfx59cNHg2e6Yj/GNmB2vj3bW+NHS5JXgPOyhKMh+P6UU9TAId+HsUFajG iWmywOkXFahKLqPJb6X69yyqMSPYybN9XYjiYwOQZ7ncUK7BlC/YC4wMiz2y1uBQe+Ds FjyQqu3IXVVtRhY5RK+JCUBFBpz+HIWzkapxZUbIHEdElsGEZ288xJXbY8MMOSnS35+9 LnDOWZrkXB9hZPNYr/43+n3KjPBdazzSWOgP4XlUfb2mWNKnj1KY1X6C60Z1b4Cfmr2y 7QuAtfTLjwAuqWKMf+KrsLv6YN/bq7opIc/Ubsjg4fdTptoG2yJPPR4CSoNr/0Pub5Zy 7b0A== X-Gm-Message-State: APjAAAUJaDVnXSSoHzoDm+w0yz+hkX9jW696MobNeX4iLFTOd91N7+HI SNrPWQvQQ0/fxFWkCQkxLyVXlIbVbEpzsQ263cc= X-Google-Smtp-Source: APXvYqzGK+jnVSRuABwcNLBq/zdiHoIZCDc0b5/xcG7wyYvTWoBjdIJqVy6pn0JeEXBsLhw19IOKLkMkosrUMB8CL5o= X-Received: by 2002:a24:7dd2:: with SMTP id b201mr3935057itc.93.1556631388928; Tue, 30 Apr 2019 06:36:28 -0700 (PDT) MIME-Version: 1.0 References: <155659678989.12846.6228625087288154485.idtracker@ietfa.amsl.com> In-Reply-To: <155659678989.12846.6228625087288154485.idtracker@ietfa.amsl.com> From: Barry Leiba Date: Tue, 30 Apr 2019 09:36:17 -0400 Message-ID: To: Adam Roach Cc: The IESG , draft-ietf-sidrops-lta-use-cases@ietf.org, Chris Morrow , sidrops@ietf.org, sidrops-chairs@ietf.org Content-Type: text/plain; charset="UTF-8" Archived-At: Subject: Re: [Sidrops] Adam Roach's No Objection on draft-ietf-sidrops-lta-use-cases-05: (with COMMENT) X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 30 Apr 2019 13:36:35 -0000 > ** The document seems to lack a both a reference to RFC 2119 and the > recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 > keywords. > > RFC 2119 keyword, line 177: '...eds. Hence they MUST be implemented t...' > > Please consider adding the boilerplate specified in RFC 8174. Or, alternatively (and my preference), re-word that brief paragraph in the Security Considerations so that it doesn't use "MUST". I find "Hence they MUST be implemented to assure the local constraint." hard to understand anyway, so re-wording might help. Barry From nobody Tue Apr 30 09:24:48 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E5B6F1202CC; Tue, 30 Apr 2019 09:24:37 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.901 X-Spam-Level: X-Spam-Status: No, score=-6.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CwH3LKwLDh9S; Tue, 30 Apr 2019 09:24:36 -0700 (PDT) Received: from ran.psg.com (ran.psg.com [IPv6:2001:418:8006::18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 54BF412008D; Tue, 30 Apr 2019 09:24:36 -0700 (PDT) Received: from localhost ([127.0.0.1] helo=ryuu.rg.net) by ran.psg.com with esmtp (Exim 4.90_1) (envelope-from ) id 1hLVYV-0006XR-Ia; Tue, 30 Apr 2019 16:24:31 +0000 Date: Tue, 30 Apr 2019 09:24:30 -0700 Message-ID: From: Randy Bush To: Barry Leiba Cc: Adam Roach , The IESG , draft-ietf-sidrops-lta-use-cases@ietf.org, Chris Morrow , sidrops@ietf.org, sidrops-chairs@ietf.org In-Reply-To: References: <155659678989.12846.6228625087288154485.idtracker@ietfa.amsl.com> User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/26.2 Mule/6.0 (HANACHIRUSATO) MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Archived-At: Subject: Re: [Sidrops] Adam Roach's No Objection on draft-ietf-sidrops-lta-use-cases-05: (with COMMENT) X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 30 Apr 2019 16:24:38 -0000 >> Please consider adding the boilerplate specified in RFC 8174. >=20 > Or, alternatively (and my preference), re-word that brief paragraph in > the Security Considerations so that it doesn't use "MUST". I find > "Hence they MUST be implemented to assure the local constraint." hard > to understand anyway, so re-wording might help. as mirja k=FChlewind pointed out, that paragraph was a bungle. how about 6. Security Considerations Though the above use cases are all constrained to local contexts, they violate the model of a single Global RPKI, albeit to meet real operational needs. Hence the result must be able to be validated as if the changed data were part of the validatable Global RPKI while including the local context, perhaps with the addition of trust anchors or authenticatable patching of trust. Modification 'recipes' may lack authentication. E.g., if modifications to the tree are passed around a la SLURM files, see [RFC8416], what was object security becomes, at best, transport security, or authentication by other trust domains such as PGP. randy From nobody Tue Apr 30 09:27:50 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 98082120317 for ; Tue, 30 Apr 2019 09:27:35 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.68 X-Spam-Level: X-Spam-Status: No, score=-1.68 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, T_SPF_HELO_PERMERROR=0.01, T_SPF_PERMERROR=0.01] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=nostrum.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uRCAzU7U2D7j for ; Tue, 30 Apr 2019 09:27:34 -0700 (PDT) Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AA82D120319 for ; Tue, 30 Apr 2019 09:27:33 -0700 (PDT) Received: from MacBook-Pro.roach.at (99-152-146-228.lightspeed.dllstx.sbcglobal.net [99.152.146.228]) (authenticated bits=0) by nostrum.com (8.15.2/8.15.2) with ESMTPSA id x3UGRT6I048756 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Tue, 30 Apr 2019 11:27:31 -0500 (CDT) (envelope-from adam@nostrum.com) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=nostrum.com; s=default; t=1556641652; bh=cSndnKczwUyQHWOM2SXDY5rkiovAnfIQal0RpePxRZQ=; h=Subject:To:Cc:References:From:Date:In-Reply-To; b=H2plLRs2ULTeVDE3jPygrKsaYa+sLYYguzvlSSTW33LJB4kpG2OjrSsB7kuy711Pq kD8eJ8HnZh0D/hx4/XJSrBBuf74FmeNWL3w0FClNwleBGRI+irDqr8cN6v0MBwsfls wVHqhRI7DrImGh8KsvPLBjym+WOE/CbfBgFs1lDk= X-Authentication-Warning: raven.nostrum.com: Host 99-152-146-228.lightspeed.dllstx.sbcglobal.net [99.152.146.228] claimed to be MacBook-Pro.roach.at To: Randy Bush , Barry Leiba Cc: Chris Morrow , sidrops@ietf.org, draft-ietf-sidrops-lta-use-cases@ietf.org, The IESG , sidrops-chairs@ietf.org References: <155659678989.12846.6228625087288154485.idtracker@ietfa.amsl.com> From: Adam Roach Message-ID: <2dfbc782-b88a-5488-2fd7-71751b91ac36@nostrum.com> Date: Tue, 30 Apr 2019 11:27:24 -0500 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:60.0) Gecko/20100101 Thunderbird/60.6.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US Archived-At: Subject: Re: [Sidrops] Adam Roach's No Objection on draft-ietf-sidrops-lta-use-cases-05: (with COMMENT) X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 30 Apr 2019 16:27:43 -0000 This seems like an even better resolution to the problem. Thanks, Randy. /a On 4/30/19 11:24 AM, Randy Bush wrote: >>> Please consider adding the boilerplate specified in RFC 8174. >> Or, alternatively (and my preference), re-word that brief paragraph in >> the Security Considerations so that it doesn't use "MUST". I find >> "Hence they MUST be implemented to assure the local constraint." hard >> to understand anyway, so re-wording might help. > as mirja kühlewind pointed out, that paragraph was a bungle. how about > > 6. Security Considerations > > Though the above use cases are all constrained to local contexts, > they violate the model of a single Global RPKI, albeit to meet real > operational needs. Hence the result must be able to be validated as > if the changed data were part of the validatable Global RPKI while > including the local context, perhaps with the addition of trust > anchors or authenticatable patching of trust. > > Modification 'recipes' may lack authentication. E.g., if > modifications to the tree are passed around a la SLURM files, see > [RFC8416], what was object security becomes, at best, transport > security, or authentication by other trust domains such as PGP. > > randy > From nobody Tue Apr 30 09:30:41 2019 Return-Path: X-Original-To: sidrops@ietfa.amsl.com Delivered-To: sidrops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5143C12025E; Tue, 30 Apr 2019 09:30:31 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.9 X-Spam-Level: X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z5EuIEA3T02p; Tue, 30 Apr 2019 09:30:30 -0700 (PDT) Received: from ran.psg.com (ran.psg.com [IPv6:2001:418:8006::18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 196951200B4; Tue, 30 Apr 2019 09:30:30 -0700 (PDT) Received: from localhost ([127.0.0.1] helo=ryuu.rg.net) by ran.psg.com with esmtp (Exim 4.90_1) (envelope-from ) id 1hLVeG-0006eP-5n; Tue, 30 Apr 2019 16:30:28 +0000 Date: Tue, 30 Apr 2019 09:30:26 -0700 Message-ID: From: Randy Bush To: Adam Roach via Datatracker Cc: "The IESG" , draft-ietf-sidrops-lta-use-cases@ietf.org, Chris Morrow , sidrops-chairs@ietf.org, sidrops@ietf.org In-Reply-To: <155659678989.12846.6228625087288154485.idtracker@ietfa.amsl.com> References: <155659678989.12846.6228625087288154485.idtracker@ietfa.amsl.com> User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/26.2 Mule/6.0 (HANACHIRUSATO) MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") Content-Type: text/plain; charset=US-ASCII Archived-At: Subject: Re: [Sidrops] Adam Roach's No Objection on draft-ietf-sidrops-lta-use-cases-05: (with COMMENT) X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 30 Apr 2019 16:30:31 -0000 > Please expand the following acronyms upon first use and in the title; > see https://www.rfc-editor.org/materials/abbrev.expansion.txt for guidance. > > - RPKI i think i will leave that to the rfced, as it blows line length in the xml2rfc i run rest ok randy From nobody Tue Apr 30 10:01:33 2019 Return-Path: X-Original-To: sidrops@ietf.org Delivered-To: sidrops@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 2402812008D; Tue, 30 Apr 2019 10:01:32 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: Cc: sidrops@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.95.1 Auto-Submitted: auto-generated Precedence: bulk Reply-To: sidrops@ietf.org Message-ID: <155664369204.7664.7673474961871059315@ietfa.amsl.com> Date: Tue, 30 Apr 2019 10:01:32 -0700 Archived-At: Subject: [Sidrops] I-D Action: draft-ietf-sidrops-lta-use-cases-06.txt X-BeenThere: sidrops@ietf.org X-Mailman-Version: 2.1.29 List-Id: A list for the SIDR Operations WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 30 Apr 2019 17:01:32 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the SIDR Operations WG of the IETF. Title : Use Cases for Localized Versions of the RPKI Author : Randy Bush Filename : draft-ietf-sidrops-lta-use-cases-06.txt Pages : 6 Date : 2019-04-30 Abstract: There are a number of critical circumstances where a localized routing domain needs to augment or modify its view of the Global RPKI. This document attempts to outline a few of them. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-sidrops-lta-use-cases/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-sidrops-lta-use-cases-06 https://datatracker.ietf.org/doc/html/draft-ietf-sidrops-lta-use-cases-06 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-sidrops-lta-use-cases-06 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/