On Dec 21, 2011, at 11:55 AM, Russ Housley wrote: > Stephane: > > Sorry, I was too terse in my response. Let me try again. > > All of the inputs to the server are signed, so there is no concern about > theses objects being modified. > > Once process by the server, a protocol that provides authentication and > integrity protection is used between the server and router. From the Table > of Contents, the choices are clear: > 7.1. SSH Transport > 7.2. TLS Transport > 7.3. TCP MD5 Transport > 7.4. TCP-AO Transport > > I would personally prefer that the TCP MD5 choice not be used, but the model > is clear. > > This approach lets the server handle that certificate path construction, > signature checking, and revocation checking. It seems desirable to offload > these potentially expensive operations, while preserving the integrity of the > subset of the information actually needed by the router.
Right, so precisely back to my original concern: "Caches and routers MUST implement unprotected transport over TCP using a port, rpki-rtr, to be assigned, see Section 12. Operators SHOULD use procedural means, ACLs, ... to reduce the exposure to authentication issues." -danny _______________________________________________ Ietf mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf
