The authors of draft-ietf-sidr-adverse-actions-00, "Adverse Actions by a
Certification Authority (CA) or Repository Manager in the Resource Public Key
Infrastructure (RPKI)”, believe that the document is ready for a working group
last call.
This starts a two week wglc which will end on 14 July
the introduction starts by labeling the basic make before break of a
provider switch, a perfectly normal operation, as an adverse action.
randy
___
sidr mailing list
sidr@ietf.org
https://www.ietf.org/mailman/listinfo/sidr
Randy,
I presume you are referring to the text that describes ROA competition,
although you didn't cite specific text in your message (too much typing?).
I'll revise that text to note the case of a resource transfer appears to
be competition, absent any additional info labeling it as such. Th
> I'll revise that text to note the case of a resource transfer appears to
> be competition
it is more than transfer. it is the very frequent operation of changing
tranist providers. i own P, but do not use bgp. my parent T0 announces
it for me (roa P-T0). i change upstream providers to T1.
Speaking as regular ol’ member:
On Jul 1, 2016, at 6:39 PM, Randy Bush wrote:
>> I'll revise that text to note the case of a resource transfer appears to
>> be competition
>
> it is more than transfer. it is the very frequent operation of changing
> tranist providers. i own P, but do not use
> I don’t see that there’s a requirement that a router have only one
> certificate, either. A router that was configured to speak as two
> different ASs might have one key certified by both ASs and might have
> two different keys, one for each AS.
that this is designed in is not an accident. we
Randy,
Thanks for providing additional examples to clarify your concerns.
I'll revise the intro text accordingly.
Steve
___
sidr mailing list
sidr@ietf.org
https://www.ietf.org/mailman/listinfo/sidr
Sandy,
I don’t see that there’s a requirement that a router have only one certificate,
either. A router that was configured to speak as two different ASs might have
one key certified by both ASs and might have two different keys, one for each
AS.
There was no intent to suggest that a router
Here is the revised text for the relevant part of the intro.
I don't see a need to change the text in the specific attack
descriptions, given this revised intro text.
Additionally, when a ROA or router certificate is created that
"competes" with an existing ROA or router certificate (resp
nly in emergency
scenarios.
Sriram
From: sidr [mailto:sidr-boun...@ietf.org] On Behalf Of Stephen Kent
Sent: Wednesday, July 06, 2016 1:42 PM
To: Randy Bush ; Sandra Murphy
Cc: sidr wg list
Subject: Re: [sidr] wglc for draft-ietf-sidr-adverse-actions-00
Here is the revised text for the relev
Sriram,
>A newer ROA competes with an older ROA if the newer ROA points to a
different ASN, contains the same or a more specific prefix, and is
issued by a different CA.
For DDoS mitigation service, (as an example) a /16 prefix owner may
create (well in advance)
two new ROAs for more
There’s been a rather energetic conversation about this but not many people
involved.
The wglc needs some more reviewers and commenters to gauge consensus.
There’s just a few days left - please consider reviewing the draft and
providing comments and publication worthiness to the list.
—Sandy
Hi,
I have a number of late comments (unfortunately no time to read this in detail
earlier)
First of all, I believe that the structure of the document, where analysis is
done without going into details of solutions, is useful.
That said I have some substantial comments. I think the order of th
Tim,
Thanks for taking the time to read and comment on the document.
I will change CA certificate analysis to be section 2.1, and make the
CRL section b 2.3, as per your request. The Manifest section will remain
2.2, ROAs will become 2.4, GB will become 2.5, and Router Certificates
will remai
Howdy folks!
This WGLC ended up being a bit more of a long discussion than I
anticipated... I think since this WGLC there have been 2 document updates
to catch comments/concerns/etc and I think deal with them properly.
I don't see anymore chatter for this document after 9/2/2016, so I think we
sho
15 matches
Mail list logo