Hi Steve,
I appreciate the backlog of mail you are working from, as you note in your
mail, but
I always think it useful to have carefully read a document before performing a
critique. I'm sure
you would agree with that sentiment. I was therefore quite surprised to find
you had said the
On 20 May 2014, at 4:38 am, Christopher Morrow morrowc.li...@gmail.com wrote:
On Thu, Apr 17, 2014 at 11:35 AM, Tim Bruijnzeels t...@ripe.net wrote:
Certificate 1: {10.0.0.0/12, AS64501, AS64505, AS64509} (TA certificate)
Certificate 2: {10.0.0.0/22, AS64501, AS64505, AS64511}
Certificate
On Tue, May 20, 2014 at 8:10 AM, Geoff Huston gih...@gmail.com wrote:
On 20 May 2014, at 4:38 am, Christopher Morrow morrowc.li...@gmail.com
wrote:
It's unclear to me what would happen if you split this into a
prefix/asn per cert and just carried more certs in your purse. Why
would I not
On Thu, Apr 17, 2014 at 11:35 AM, Tim Bruijnzeels t...@ripe.net wrote:
Certificate 1: {10.0.0.0/12, AS64501, AS64505, AS64509} (TA certificate)
Certificate 2: {10.0.0.0/22, AS64501, AS64505, AS64511}
Certificate 3: {10.0.0.0/20, AS64501, AS64509}
It's unclear to me what would happen if you
Hi,
Sorry for the late reply, I have been very busy with other work.
On Mar 18, 2014, at 9:09 PM, Sriram, Kotikalapudi
kotikalapudi.sri...@nist.gov wrote:
That is good. But what I meant was (in your I-D under discussion) does
the alternate validation algorithm for a ROA need slightly
That is good. But what I meant was (in your I-D under discussion) does
the alternate validation algorithm for a ROA need slightly different wording
(as compared to that for certificates)?
I think not. RFC6482 did not define how the EE certificate is to be validated.
It simply states that
Hi Sriram,
Perhaps if I rephrase the validation question a little,
it may be a little clearer.
The validation question is: Given a certificate X and a TA certificate,
for what resources is this certificate valid?
Suggestion:
s/Given a certificate X and a TA certificate/Given a
Hi Sriram,
I am espousing method B in your terminology.
Perhaps if I rephrase the validation question a little, it may be a little
clearer.
The validation question is: Given a certificate X and a TA certificate, for
what resources is this certificate valid?
You point out
(In terms of
Hi Srinam,
Thanks for your questions - let me try and answer them as best I can...
I went through your -01 draft and the SIDR presentation slides from last week
once again,
and have the following questions:
(1) An update with prefix-origin pair {5.0.0.0/24, AS64511} is received.
Geoff,
About my Question (3), let us discuss this a bit more carefully with an example.
There is this ROA: {10.0.0.0/24, AS64499} that we wish to validate.
It is signed with Certificate 3, which has the following certificate path to
the TA:
Certificate 1: It lists {10.0.0.0/12, AS64501,
I went through your -01 draft and the SIDR presentation slides from last week
once again,
and have the following questions:
(1) An update with prefix-origin pair {5.0.0.0/24, AS64511} is received.
There is a ROA: {5.0.0.0/22, maxLength = 24; AS64511} in the RPKI.
However, it is signed using
11 matches
Mail list logo
