[{"author": "Job Snijders", "text": "
allo!
", "time": "2023-03-29T04:00:41Z"}, {"author": "Warren Kumari", "text": "Huge huge thanks to Nathalie for having served.
", "time": "2023-03-29T04:01:53Z"}, {"author": "Job Snijders", "text": "yes, she helped bring some order to the proceedings of SIDROPS - which I appreciate
", "time": "2023-03-29T04:02:32Z"}, {"author": "Randy Bush", "text": "^H
", "time": "2023-03-29T04:02:56Z"}, {"author": "Michael Hollyman", "text": "Happy to try the notes
", "time": "2023-03-29T04:03:19Z"}, {"author": "Warren Kumari", "text": "Moar bits to sign! :-P
", "time": "2023-03-29T04:11:52Z"}, {"author": "Keyur Patel", "text": "thank you Michael
", "time": "2023-03-29T04:12:57Z"}, {"author": "Ties de Kock", "text": "Do routers take the union of VRPs over the connected RTR sessions in practice? Or does that differ by vendor?
", "time": "2023-03-29T04:13:17Z"}, {"author": "Ties de Kock", "text": "Thanks for the answer!
", "time": "2023-03-29T04:14:33Z"}, {"author": "Job Snijders", "text": "The solution is simple: TCP over Multicast!
", "time": "2023-03-29T04:21:41Z"}, {"author": "Rob Austein", "text": "RPKI over NNTP
", "time": "2023-03-29T04:25:11Z"}, {"author": "Ties de Kock", "text": "Head of line blocking probably would be less apparent with the RIPE validator because all retrieval was asynchronous there..
The downside of async fetching is that revalidation is needed more often - which is computationally expensive as well.
", "time": "2023-03-29T04:27:09Z"}, {"author": "Ties de Kock", "text": "_every_ complete update of a repository causes a revalidation of the trees under one or more TALs
", "time": "2023-03-29T04:29:23Z"}, {"author": "Rob Austein", "text": "Well, maybe. Refetch doesn't have to imply full revalidation, particularly if nothing has changed.
", "time": "2023-03-29T04:30:22Z"}, {"author": "George Michaelson", "text": "\"there was a lively discussion at the microphone\" seems to me to cover this in the notes
", "time": "2023-03-29T04:31:09Z"}, {"author": "Rob Austein", "text": "In fairness, Steve Kent was advocating decoupling fetch from validation from day one, implementors mostly didn't listen because it was painful. In retrospect, he was right.
", "time": "2023-03-29T04:31:43Z"}, {"author": "Ties de Kock", "text": "Rob Austein said:
\n\n\nWell, maybe. Refetch doesn't have to imply full revalidation, particularly if nothing has changed.
\n
For future implementations I would indeed recommend more memoisation than we did have at the time. We bet on parallelism there. Think we ended with ~ 70s mean delay after a TAL published a new notification file
", "time": "2023-03-29T04:33:22Z"}, {"author": "Jeffrey Haas", "text": "Is there anyone that works on rrdp in the room that I can ask a question after the session?
", "time": "2023-03-29T04:37:29Z"}, {"author": "Rob Austein", "text": "Define \"the room\" :)
", "time": "2023-03-29T04:38:55Z"}, {"author": "Nan Geng", "text": "So, there are 5 aspa objects in the rpki repo now?
", "time": "2023-03-29T04:39:03Z"}, {"author": "Jeffrey Haas", "text": "Rob Austein said:
\n\n\nDefine \"the room\" :)
\n
Physically present for speech based knowledge transfer without the need to setup remote presence. At least first round.
", "time": "2023-03-29T04:40:26Z"}, {"author": "Romain Fontugne", "text": "How hard is it to create ASPA objects?
", "time": "2023-03-29T04:42:35Z"}, {"author": "George Michaelson", "text": "You need access to 3779 bearing certificates and keys.
", "time": "2023-03-29T04:51:52Z"}, {"author": "George Michaelson", "text": "a delegated CA makes that simpler, otherwise you need the supplier of signing services to accept a TBS either as ASN.1 specified binary or by a GUI to specify the things to be put into the ASN1 to be signed over
", "time": "2023-03-29T04:52:26Z"}, {"author": "Ties de Kock", "text": "\n\notherwise you need the supplier of signing services to accept a TBS either as ASN.1 specified binary or by a GUI to specify the things to be put into the ASN1 to be signed over
\n
And keep the artifact on the manifest
", "time": "2023-03-29T04:52:59Z"}, {"author": "George Michaelson", "text": "yes. they need to be published.
", "time": "2023-03-29T04:53:29Z"}, {"author": "Ties de Kock", "text": "There is an API to create ASPA objects on RIPE NCC's pilot environment, but this is not enabled in production.
", "time": "2023-03-29T04:54:22Z"}, {"author": "Rob Austein", "text": "Because of the need to publish and renew and all, other than hand-constructed test cases, adding new object type involves code changes both engine and UI, so software update cycle.
", "time": "2023-03-29T04:54:24Z"}, {"author": "George Michaelson", "text": "https://krill.docs.nlnetlabs.nl/en/stable/manage-aspas.html
", "time": "2023-03-29T04:54:56Z"}, {"author": "Tom Hill", "text": "So.. what's the equivalent to a route object in the IRR, but for signalling upstream ASNs?
", "time": "2023-03-29T04:56:37Z"}, {"author": "Tom Hill", "text": "In the interest of maintaining good hygiene that lets us go straight to invalid
", "time": "2023-03-29T04:57:03Z"}, {"author": "Tom Hill", "text": "I'll laugh if anyone says RPSL, for the record :grinning_face_with_smiling_eyes:
", "time": "2023-03-29T04:58:04Z"}, {"author": "Jeffrey Haas", "text": "Chairs should remind people to wear their masks and do so properly.
", "time": "2023-03-29T05:07:02Z"}, {"author": "Ties de Kock", "text": "This _sounds_ like we need conformance testing files
", "time": "2023-03-29T05:10:51Z"}, {"author": "Rob Austein", "text": "Keep in mind that one of the reasons for SLURM was concerns about country A generating RPKI data that country B considered illegal and requiring ISPs in country B to filter. One can argue about whether governments should do such things and about whether the IETF should make this easier, but part of the point was having a mechanism that was simple enough that one could reasonably expect to get the same result from feeding the same set of filter rules into two RPs.
", "time": "2023-03-29T05:13:18Z"}, {"author": "Randy Bush", "text": "and why would you ever believe a slurm file from anyone else?
", "time": "2023-03-29T05:18:15Z"}, {"author": "Rob Austein", "text": "Because the somebody else inthis case is a government that will shut you down or arrest you if you don't accept that SLURM file. \"Believe\" may not be the word you're looking for here :)
", "time": "2023-03-29T05:20:03Z"}, {"author": "Randy Bush", "text": "bingo geoff!!!
", "time": "2023-03-29T05:34:55Z"}, {"author": "George Michaelson", "text": "Signed objects do have a lifetime however
", "time": "2023-03-29T05:39:22Z"}, {"author": "George Michaelson", "text": "(to Rudiger)
", "time": "2023-03-29T05:39:29Z"}, {"author": "Rob Austein", "text": "geoff's suggestion made a lot of sense to me
", "time": "2023-03-29T05:40:11Z"}, {"author": "Job Snijders", "text": "Jeffrey Haas said:
\n\n\nIs there anyone that works on rrdp in the room that I can ask a question after the session?
\n
I can help
", "time": "2023-03-29T05:41:10Z"}, {"author": "Jeffrey Haas", "text": "Job Snijders said:
\n\n\nJeffrey Haas said:
\n\n\nIs there anyone that works on rrdp in the room that I can ask a question after the session?
\nI can help
\n
Please join Ties and I briefly at end. Thanks!
", "time": "2023-03-29T05:42:54Z"}, {"author": "Job Snijders", "text": "Ties de Kock said:
\n\n\nThis _sounds_ like we need conformance testing files
\n
what is this a reference to if you don't mind repeating?
", "time": "2023-03-29T05:51:40Z"}, {"author": "Rob Austein", "text": "This stuff needs to be written down in a form that someone can actually analyze. I agree that we should look into these problems, but just asserting that problems exist and that we therefore need to rev protocols is a bit hasty.
", "time": "2023-03-29T05:51:48Z"}, {"author": "Ties de Kock", "text": "\n", "time": "2023-03-29T05:52:51Z"}, {"author": "Ties de Kock", "text": "Conformance testing \u2014 an element of conformity assessment, and also known as compliance testing, or type testing \u2014 is testing or other activities that determine whether a process, product, or service complies with the requirements of a specification, technical standard, contract, or regulation. Wikipedia
\n
In practice: A set of inputs + set of expected outputs
", "time": "2023-03-29T05:53:10Z"}, {"author": "Job Snijders", "text": "right, but what is 'this' in your message?
", "time": "2023-03-29T05:53:18Z"}, {"author": "Ties de Kock", "text": "It was SLURM-ASPA and a comment about implementations having the exact same behaviour
", "time": "2023-03-29T05:53:38Z"}, {"author": "Job Snijders", "text": "ah, yes, good idea
", "time": "2023-03-29T05:53:51Z"}, {"author": "Ties de Kock", "text": "So a few combination of inputs and outputs to slurm(raw_vrps_aspa_and_keys, aspa_file) -> effective_vrps_aspa_keys
that contain the scenarios that we want to describe
Romain Fontugne said:
\n\n\nHow hard is it to create ASPA objects?
\n
you can use:
\n$ echo 302002023cca301a300402020b6230040202205b3005020300c7903005020303259e | xxd -r -ps > econtent\n$ openssl genrsa -out ee.key 2048\n$ openssl req -new -key ee.key -out ee.csr -subj "/CN=$(date +%s)"\n$ openssl ca -batch -config openssl.cnf -in ee.csr -out ee.cert -extensions signing_ca_ext -days 365\n$ openssl cms -sign -binary -nodetach -nosmimecap -keyid -econtent_type 1.2.840.113549.1.9.16.1.49 -signer ee.cert -inkey ee.key -in econtent -outform DER -out ASPA.asa\n
@Romain Fontugne https://mailarchive.ietf.org/arch/msg/sidrops/xBKeFYOtaSeeHxkoKzLwQq2JBWw/ for an API in our pilot environment
", "time": "2023-03-29T05:57:06Z"}, {"author": "Job Snijders", "text": "Ties de Kock said:
\n\n\nSo a few combination of inputs and outputs to
\nslurm(raw_vrps_aspa_and_keys, aspa_file) -> effective_vrps_aspa_keys
that contain the scenarios that we want to describe
yes, in an implementation/interop report I'd hope that can be demonstrated to have been validated for the implementations claiming compliance (I believe SIDROPS requires 2 implementations before things can move forward to IESG, such conformance testing would be 1 way of demonstrating that)
", "time": "2023-03-29T05:57:40Z"}, {"author": "Rob Austein", "text": "I want problem analysis for what Tim is talking about before we decide what protocol changes are needed. Best practice document is reasonable.
", "time": "2023-03-29T05:58:32Z"}]