On Thu, 5 Oct 2006 13:34:52 +0200, Iljitsch van Beijnum
<[EMAIL PROTECTED]> wrote:
> On 4-okt-2006, at 16:30, Steven M. Bellovin wrote:
>
> >> Having read the draft, I do have similar concerns with "double-ended"
> >> operations. The draft mentions that the new key should only be used
> >> when it's "at a point where it is reasonably certain that the other
> >> side would have it installed, too". This is not very exact language,
> >> and I wonder how implementations would handle this.
>
> > My intention, actually, was that operators would do that. "Attention
> > customers: we will be installing the 2007 BGP key on January 15.
> > Please
> > install the new key on your end before then." -- and then you
> > actually do
> > your end on Jan 20 or thereabouts.
>
> My perspective:
>
...
I don't know that I agree with the details of your scenario, but that's
irrelevant to my larger point: it isn't the implementation that decides,
it's people.
I also agree that it's better that everything be completely automated. As
the I-D says, this is advice on an interim solution until we can engineer
and deploy something better.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
_______________________________________________
Ietf mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/ietf
