Re: [sidr] Terry Manderson's Discuss on draft-ietf-sidr-rpki-validation-reconsidered-08: (with DISCUSS and COMMENT)

Terry: Hi! Any thoughts on this document? Thanks! Alvaro. On December 22, 2017 at 9:52:21 AM, Tim Bruijnzeels (t...@ripe.net) wrote: Dear Terry, We just uploaded version -10 that we hope addresses your points. This version adds: - explicit text in the abstract stating that this document

[sidr] AD Review of draft-ietf-sidr-slurm-04

Dear authors: I just finished reading this document. I have some comments (below) that should be easy to address — please take a look. I need you to address the References before I start the IETF Last Call because of the DownRef to rfc6483. Thanks! Alvaro. Major: M1. Section 3.1: I'm not

Re: [sidr] Mirja Kühlewind's No Objection on draft-ietf-sidr-slurm-07: (with COMMENT)

On March 29, 2018 at 3:45:39 PM, Mirja Kühlewind (i...@kuehlewind.net) wrote: The shepherd write-up says "Internet Standard" but I assume "Proposed Standard" as indicated in the datatracker is correct...? Yes, it is a PS. Alvaro. ___ sidr mailing

Re: [sidr] rsaEncryption vs sha256WithRSAEncryption in RPKI certificates

[Adding sidrops.] Hi! I was just looking at this report… https://www.rfc-editor.org/errata_search.php?rfc=7935 The report says: "All existing RPKI readers and writers that I've seen, as well as the global RPKI repository certificates themselves, currently use rsaEncryption as the public key

Re: [sidr] Review of draft-ietf-sidr-as-migration

On 3/31/15, 2:29 PM, George, Wes wesley.geo...@twcable.commailto:wesley.geo...@twcable.com wrote: Wes: Some replies below. Thanks! Alvaro. Added SIDR, responses below inline, which of course messed up your original numbering. I haven't pushed the rev yet, as I'm waiting to make sure that I

Re: [sidr] AD Review of draft-ietf-sidr-rpki-rtr-rfc6810-bis-07

On 4/26/16, 6:58 PM, "Rob Austein" <s...@hactrn.net> wrote: Rob: Hi! >At Sat, 23 Apr 2016 00:09:07 +, Alvaro Retana (aretana) wrote: >> >> * Section 1.2. (Changes from RFC 6810): "The protocol >> described in this document is la

[sidr] AD Review of draft-ietf-sidr-rpki-rtr-rfc6810-bis-07

Hi! I have a couple of Major comments related to the existence/co-existence of two versions of the protocol. I would like to see the comments discussed/addressed before starting the IETF Last Call. Thanks!! Alvaro. Major: 1. RFC6810. * Section 1.2. (Changes from RFC 6810):

Re: [sidr] AD Review of draft-ietf-sidr-rpki-rtr-rfc6810-bis-07

On 5/26/16, 11:15 AM, "sidr on behalf of Stephen Kent" wrote: [Sorry for the delay...] > >> ... >>> It means that most of the code one needs to deal with version one is >>> the same as the code one needs to deal with version zero. Feel free >>>

Re: [sidr] AD Review of draft-ietf-sidr-rpki-rtr-rfc6810-bis-07

Rob: Hi! Did you have comments on this? I'm assuming that we're expecting an updated document at some point, but if we need to discuss more... Thanks! Alvaro. On 5/25/16, 12:09 AM, "Alvaro Retana (aretana)" <aret...@cisco.com> wrote: >On 4/26/16, 6:58 PM, "Rob A

Re: [sidr] Terry Manderson's No Objection on draft-ietf-sidr-delta-protocol-07: (with COMMENT)

Tim: Hi! Given the feedback so far on the list, I think we should roll back the updates in preparation for next week’s IESG Telechat. Thanks! Alvaro. On 2/17/17, 9:56 AM, "sidr on behalf of Alvaro Retana (aretana)" <sidr-boun...@ietf.org<mailto:sidr-boun...@ietf.org>

Re: [sidr] Protocol Action: 'BGP Prefix Origin Validation State Extended Community' to Proposed Standard (draft-ietf-sidr-origin-validation-signaling-11.txt)

ent is the product of the Secure Inter-Domain Routing Working > Group. > > The IESG contact persons are Alvaro Retana, Alia Atlas and Deborah > Brungard. > > A URL of this Internet Draft is: > https://datatracker.ietf.org/doc/draft-iet

Re: [sidr] Terry Manderson's No Objection on draft-ietf-sidr-delta-protocol-07: (with COMMENT)

Hi! I just want to provide a little bit more background on the topic below – and ask the Chairs to take an action to confirm with the WG. During the discussion resulting from my AD review of this document [1], the topic of whether the intent of the document was to replace rsync or not came up

Re: [sidr] Mirja Kühlewind's Discuss on draft-ietf-sidr-rpki-rtr-rfc6810-bis-08: (with DISCUSS)

Thanks Rob! Yes, initially this document was marked to obsolete rfc6810, but at the same time it mandated the use of the previous version as part of the Protocol Version Negotiation. Given that it may take a while before caches and routers both implement this new version, we decided to

Re: [sidr] Alissa Cooper's Discuss on draft-ietf-sidr-rpki-oob-setup-06: (with DISCUSS and COMMENT)

Hi! I was going to wait for the author, but he has been out sick this week… ☹ Picking up from Benoit’s comment – the use of “protocol” is misleading. What is described is a process that can be followed and the necessary information exchanged “to simplify configuration…by setting up

Re: [sidr] draft-ietf-sidr-bgpsec-protocol

Sriram: Hi! Yes, I think I may have read more into Keyur’s comment than what he was asking for, so I think we’re ready to go. ☺ I’ll approve publication. Thanks!! Alvaro. On 1/16/17, 10:10 PM, "Sriram, Kotikalapudi (Fed)" >

Re: [sidr] Mirja Kühlewind's No Objection on draft-ietf-sidr-bgpsec-protocol-21: (with COMMENT)

ACK On 1/17/17, 10:52 AM, "Mirja Kuehlewind (IETF)" > wrote: thanks for the very clear clarification. Not sure if it’s just me or if that’s not clearly stated in the draft, but maybe it would be worth it double-checking.

Re: [sidr] Mirja Kühlewind's No Objection on draft-ietf-sidr-bgpsec-protocol-21: (with COMMENT)

Mirja: Hi! If an AS in the path doesn’t support BGPsec, then BGP goes back to “normal” mode (as in before BGPsec), and the assurance that the “update propagated via the sequence of ASes listed” is lost. In other words, from the origin AS to the AS before the one not supporting BGPsec, we can

[sidr] AD Review of sidr-origin-validation-signaling-09

Dear authors: Hi! I have a couple of comments about this document (below). I am going to start the IETF Last Call, and schedule it in the next IESG Telechat, with the expectation that my comments will be addressed before then. Thanks! Alvaro. C1. The reference to rfc7607 should be

Re: [sidr] AD Review of sidr-origin-validation-signaling-09

Either way is fine. The document is scheduled for the Telechat on Dec/15. I expect maybe a couple of directorate reviews before that – if they come in by Dec/9 and you have time to pdate, then please do. Otherwise, let’s wait for the IESG to comment. Thanks! Alvaro. On 11/13/16, 4:25 PM,

[sidr] AD Review of draft-ietf-sidr-bgpsec-protocol-18

Dear authors: Hi! First of all, thank you for taking on the duties of editing this document. I have several comments (see below). For the most part, I think they should be easy to solve as many are related to clarifications. Most of the comments I classified as Major are due to the use of

[sidr] AD Review of draft-ietf-sidr-bgpsec-ops-10

Randy: Hi! Thanks for working on this document! I have two issues I want to highlight upfront, and then some comments (below). I would like to see these two issues addressed, along with the Major comments below, before moving the document forward. These two upfront issues are probably more

[sidr] Confederations and Private ASNs (WAS: AD Review of draft-ietf-sidr-bgpsec-protocol-18)

[Changed the Subject to specifically discuss Confederation support, and hopefully get some attention from the WG.] Sriram: Hi! I think the only item left is the Confederations one…and we might be speaking past each other. Yes, I agree that the collusion problem is one that (as you mentioned

Re: [sidr] AD Review of draft-ietf-sidr-bgpsec-ops-10

Yes, I agree. I just sent a message to the authors of the protocol spec (cc’d the WG) along the same lines. On 12/9/16, 7:57 PM, "Randy Bush" > wrote: first the protocol spec needs to make clear if the real AS can proxy sign for a connected private AS. then

Re: [sidr] Confederations and Private ASNs (WAS: AD Review of draft-ietf-sidr-bgpsec-protocol-18)

On 12/13/16, 7:26 AM, "Sriram, Kotikalapudi (Fed)" wrote: > [Sriram-3] I understand now your main comment about confederation. I think > there are > two ways to address it (of course I hope other people chime in as well): > > Choice A: The pCount = 0 solution

Re: [sidr] Mirja Kühlewind's No Objection on draft-ietf-sidr-bgpsec-algs-16: (with COMMENT)

On 12/12/16, 8:34 AM, "Mirja Kuehlewind" wrote: Mirja: Hi! > -- > COMMENT: > -- > > Just a thought: Would it be useful to add an IESG

Re: [sidr] AD Review of draft-ietf-sidr-bgpsec-pki-profiles-18

That workd for me. Thanks! Alvaro. On 12/6/16, 4:08 PM, "Sean Turner" > wrote: I concur and I’ve got an editor’s copy with all the changes incorporated. Unless I hear otherwise I’ll hold off on posting until we’ve collected and addressed all of the

Re: [sidr] AD Review of draft-ietf-sidr-bgpsec-ops-10

Randy: Hi! In thinking about this point some more…what about draft-ietf-sidr-slurm? Isn’t that supposed to address the private space? Thanks! Alvaro. On 12/2/16, 12:56 PM, "Randy Bush" > wrote: M4. Still in Section 7: “To prevent exposure of the

Re: [sidr] AD Review of draft-ietf-sidr-bgpsec-ops-10

Hi! Yes, there should be something about private ASNs in the protocol spec. It would be nice to also see some operational guidance in this document. Alvaro. On 12/7/16, 7:07 PM, "Randy Bush" > wrote: otoh, private AS numbers are used in non-confed

Re: [sidr] I-D Action: draft-ietf-sidr-rpki-rtr-rfc6810-bis-08.txt

Rob: Thanks for the update! I’m starting the IETF Last Call. I have two comments that result from not Obsoleting RFC6810: 1. If this document is not Obsoleting RFC6810, then clarifying the title would avoid confusion from having 2 RFCs with the same name. My suggestion is to change

Re: [sidr] AD Review of sidr-origin-validation-signaling-09

Hi! Yes, the text below works for me. And I would assume it works for Tero as well. Thanks!! Alvaro. On 11/30/16, 11:20 AM, "John G. Scudder" > wrote: On Nov 30, 2016, at 9:18 AM, Randy Bush > wrote: section 4.5

Re: [sidr] AD Review of draft-ietf-sidr-bgpsec-protocol-18

Just noticed one more thing: the reference to I-D.ietf-sidr-rtr-keying is no longer needed. Thanks! Alvaro. On 12/1/16, 9:10 PM, "Alvaro Retana (aretana)" <aret...@cisco.com<mailto:aret...@cisco.com>> wrote: On 11/27/16, 12:21 PM, "Sriram, Kotikalapudi (Fed)"

Re: [sidr] AD Review of draft-ietf-sidr-bgpsec-ops-10

Randy: Hi! Do you think we can get an update out for this document soon? I just put the BGPsec spec up for the Jan/5 IESG Telechat, and it would be great if we could get this document in as well. Thanks! Alvaro. On 11/8/16, 12:28 AM, "Randy Bush" >

Re: [sidr] AD Review of draft-ietf-sidr-bgpsec-protocol-18

On 11/27/16, 12:21 PM, "Sriram, Kotikalapudi (Fed)" wrote: Sriram: Hi! Thanks for addressing my comments. I have some remaining comments below. I flagged a couple of items that I think the Chairs should consult the WG on, but I’ll leave it up to them to

[sidr] AD Review of draft-ietf-sidr-bgpsec-pki-profiles-18

Dear authors: Hi! I just finished reading this document. I have some comments (please see below) I would like you to address, but I wouldn’t characterize any of them as major, so I’m starting the IETF Last Call and placing this document in the next available IESG Telechat. Thanks! Alvaro.

Re: [sidr] AD Review of draft-ietf-sidr-bgpsec-ops-10

On 12/2/16, 10:56 AM, "Randy Bush" wrote: Randy: Hi! I’m fine with your comments, proposed text. Just a couple of more replies below. Thanks! Alvaro. … > > M2. In Section 7. (Routing Policy): “As BGPsec will be rolled out > > over…a long time. Hence a normal

Re: [sidr] Ben Campbell's No Objection on draft-ietf-sidr-bgpsec-ops-12: (with COMMENT)

On 1/3/17, 9:00 PM, "Randy Bush" wrote: | | -12.2: [I-D.ietf.sider.bgpsec.overview] is mentioned in section 2 as | | needed to understand this document. That suggests it should be a | | normative reference. | | ennie meenie. i think some other reviewer had me push refs

Re: [sidr] AD Review of draft-ietf-sidr-delta-protocol-04

et. So, I invite any of them to | disagree or suggest changes to the things below. Thanks for that. I have some comments below – I want us to discuss the Update issue (M16) so we can start the IETF Last Call. Thanks! Alvaro. | On 20 Dec 2016, at 14:15, Alvaro Retana (aretana) &l

Re: [sidr] draft-ietf-sidr-bgpsec-protocol

On 1/6/17, 12:40 AM, "Sriram, Kotikalapudi (Fed)" wrote: [Cut the distribution list a little.] Sriram: Hi! Happy New Year! I have some comments on this, please see below. Thanks! Alvaro. … | | 1) Section 4.1 “The BGPsec Path attribute and

Re: [sidr] AD Review of draft-ietf-sidr-delta-protocol-04

Tim: Congratulations! ☺ I think we’re in sync with everything else, just this last piece is outstanding. Thanks! Alvaro. On 1/9/17, 6:55 AM, "Tim Bruijnzeels" > wrote: Let me try to make the point again – I didn’t do a good job above. In fact,

Re: [sidr] AD Review of draft-ietf-sidr-rpki-oob-setup-04

On 12/20/16, 12:33 PM, "Rob Austein" <s...@hactrn.net> wrote: | At Tue, 20 Dec 2016 14:24:27 +0000, Alvaro Retana (aretana) wrote: | | C1. Why isn?t an IETF namespace [RFC3688] used in the XML schema? I | | would strongly suggest that you use one and reques

Re: [sidr] Confederations and Private ASNs (WAS: AD Review of draft-ietf-sidr-bgpsec-protocol-18)

Hi! I am (obviously) fine with it. Thanks! Alvaro. Thumb-typed and autocorrected.. > On Dec 20, 2016, at 5:56 PM, Sriram, Kotikalapudi (Fed) > wrote: > > If we agree and others on the WG list express no objection or find no fault > in this solution, I will be

Re: [sidr] AD Review of draft-ietf-sidr-rpki-oob-setup-04

Rob: Hi! You added some text about offer and referral: A parent is unlikely to need to send both and elements, but strictly speaking they are not mutually exclusive, so a parent which really needs to express that it both offers repository service to its child and is also willing to

[sidr] AD Review of draft-ietf-sidr-rpki-oob-setup-04

Rob: Hi! How are you? I just finished reading this document. Thanks for the work! I have some comments (below) that should be easy to address. I think the major one is about the ordering of the XML attributes (C2); I’ll start the IETF Last Call once (at least) that point is resolved.

[sidr] AD Review of draft-ietf-sidr-delta-protocol-04

Dear authors: Hi! I just finished reading this document. I have several comments (please see below); I marked many of them as “Major”, some because of the use of Normative language, but my main concern is that I think error conditions in the protocol are underspecified (see M7, M8, M10,

Re: [sidr] AD Review of draft-ietf-sidr-rpki-oob-setup-04

Yes, I’m good. Thanks!! Alvaro. On 12/21/16, 1:13 PM, "Rob Austein" > wrote: I hope this addresses the issue. ___ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr

Re: [sidr] Confederations and Private ASNs (WAS: AD Review of draft-ietf-sidr-bgpsec-protocol-18)

On 12/21/16, 12:47 PM, "Sriram, Kotikalapudi (Fed)" wrote: Sriram: Hi! | I said in my previous post: | "(2) It also keeps confed ASes from failing to validate properly the signature injected at the boundary." | | I retract my observation… … | | So

Re: [sidr] BGPsec draft and extended messages

Hi! [Speaking as AD] The requirement for Extended Messages has been in the BGPSec draft since the beginning (at least the WG -00 version). Changing it now would mean a significant deviation in the process – but not impossible. Before committing to supporting any change to the document, I

Re: [sidr] I-D Action: draft-ietf-sidr-bgpsec-algs-17.txt

Hi! I just approved! Thanks! Alvaro. On 3/6/17, 11:54 AM, "sidr on behalf of Sean Turner" wrote: This version addresses the IESG comments we got from Alexey (drive home the point that these algs are different than the rest of the RPKI)

Re: [sidr] AD Review of draft-ietf-sidr-rpki-validation-reconsidered-07

Dear authors: Hi! It’s been 3 months since this e-mail, which was the last of the thread started from my review. I am expecting a revised ID – what are the plans to move forward? Thanks! Alvaro. On 3/15/17, 10:24 AM, "sidr on behalf of Tim Bruijnzeels"

Re: [sidr] Ben Campbell's Discuss on draft-ietf-sidr-rpki-validation-reconsidered-08: (with DISCUSS and COMMENT)

[Explicitly adding Terry…] Tim: Hi! As I think you understand from the response below, there are two parts to consider when deploying: what can be done, and what will be done. Interpreting what Ben and Terry wrote…what I think they are asking is for you to clarify in this document the

Re: [sidr] Mirja Kühlewind's No Objection on draft-ietf-sidr-rpki-validation-reconsidered-08: (with COMMENT)

On 8/24/17, 9:55 AM, "Mirja Kühlewind" wrote: Mirja: Hi! > -- > COMMENT: > -- > > Given this new mechanism seems to be the recommended