Howdy folks!
This WGLC ended up being a bit more of a long discussion than I
anticipated... I think since this WGLC there have been 2 document updates
to catch comments/concerns/etc and I think deal with them properly.
I don't see anymore chatter for this document after 9/2/2016, so I think we
Tim,
Thanks for taking the time to read and comment on the document.
I will change CA certificate analysis to be section 2.1, and make the
CRL section b 2.3, as per your request. The Manifest section will remain
2.2, ROAs will become 2.4, GB will become 2.5, and Router Certificates
will
Hi,
I have a number of late comments (unfortunately no time to read this in detail
earlier)
First of all, I believe that the structure of the document, where analysis is
done without going into details of solutions, is useful.
That said I have some substantial comments. I think the order of
There’s been a rather energetic conversation about this but not many people
involved.
The wglc needs some more reviewers and commenters to gauge consensus.
There’s just a few days left - please consider reviewing the draft and
providing comments and publication worthiness to the list.
—Sandy
Sriram,
>A newer ROA competes with an older ROA if the newer ROA points to a
different ASN, contains the same or a more specific prefix, and is
issued by a different CA.
For DDoS mitigation service, (as an example) a /16 prefix owner may
create (well in advance)
two new ROAs for
Sandy,
I don’t see that there’s a requirement that a router have only one certificate,
either. A router that was configured to speak as two different ASs might have
one key certified by both ASs and might have two different keys, one for each
AS.
There was no intent to suggest that a
Randy,
Thanks for providing additional examples to clarify your concerns.
I'll revise the intro text accordingly.
Steve
___
sidr mailing list
sidr@ietf.org
https://www.ietf.org/mailman/listinfo/sidr
> I don’t see that there’s a requirement that a router have only one
> certificate, either. A router that was configured to speak as two
> different ASs might have one key certified by both ASs and might have
> two different keys, one for each AS.
that this is designed in is not an accident. we
Speaking as regular ol’ member:
On Jul 1, 2016, at 6:39 PM, Randy Bush wrote:
>> I'll revise that text to note the case of a resource transfer appears to
>> be competition
>
> it is more than transfer. it is the very frequent operation of changing
> tranist providers. i own P,
> I'll revise that text to note the case of a resource transfer appears to
> be competition
it is more than transfer. it is the very frequent operation of changing
tranist providers. i own P, but do not use bgp. my parent T0 announces
it for me (roa P-T0). i change upstream providers to T1.
Randy,
I presume you are referring to the text that describes ROA competition,
although you didn't cite specific text in your message (too much typing?).
I'll revise that text to note the case of a resource transfer appears to
be competition, absent any additional info labeling it as such.
the introduction starts by labeling the basic make before break of a
provider switch, a perfectly normal operation, as an adverse action.
randy
___
sidr mailing list
sidr@ietf.org
https://www.ietf.org/mailman/listinfo/sidr
The authors of draft-ietf-sidr-adverse-actions-00, "Adverse Actions by a
Certification Authority (CA) or Repository Manager in the Resource Public Key
Infrastructure (RPKI)”, believe that the document is ready for a working group
last call.
This starts a two week wglc which will end on 14
13 matches
Mail list logo