see inline
Pedro Martinez-Julia writes:
>> To: anima@ietf.org
>> Subject: [Anima] Autonomic Registry
>>
>> Dear WG members,
>>
>> According to the presentation in the NMRG session, the ANIMA model relies
>> in a registry which seems to be centralized. I think it does not suit
You are using the word "registry", but it's a registrar. The different in
the word is perhaps subtle, but very significant.
>> autonomicity as well as a distributed registry would, so different
definition
>> and implementation strategies can appear in the future. In order to be a
>> widely accepted model, which I think would be really useful, ANImA should
>> support different kinds of registries. Please let me know if you have
plans to
>> consider it. Thank you.
Michael Behringer (mbehring) <mbehr...@cisco.com> wrote:
> Generically, ANIMA devices get a domain certificate. Today, practically
> all certificate management solutions are centralised, with a central
> CA, and several RAs (Registration Authorities). So for now this is the
> working model. And a registrar is logically an RA in this model. Given
> that certificate interactions are infrequent, and given that this PKI
> model is very well developed, I think this is a reasonable starting
> point.
And, the centralized nature of current PKI implementations is an
implementation limitation, not an architectural limitation.
The architecture supports talking the nearest registrar which is functioning.
There are PKI implementation challenges with partitioning of the PKIX
SerialNumber space (which must be unique), but it's a solved problem.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works | network architect [
] m...@sandelman.ca http://www.sandelman.ca/ | ruby on rails [
--
Michael Richardson <mcr+i...@sandelman.ca>, Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ Anima mailing list Anima@ietf.org https://www.ietf.org/mailman/listinfo/anima
