Having thought about this a bit, I remain skeptical about the need for or desirability of multiple signatures on ROAs.
First, as others have mentioned, this is a relatively low-probability hypothetical case, and if it occurs at all it would be the result of an issuer deliberately chosing to make life complicated for its subjects. This does not strike me as a strong case for complicating the protocol (if anything, it strikes me as the opposite, absent proof that this complexity really is necessary). Second, I don't see why this can't be handled via multiple ROAs instead of multiple signatures on a single ROA. As I understand it, relying parties in this system are going to have to deal with the possibility of multiple ROAs for the same AS number in any case; adding multiple signatures to ROAs will not change that. So I don't see a big gain here, just another code path that will need to be debugged and a more complicated algorithm for deciding whether a ROA is valid (what's a relying party supposed to do if if one signature on a ROA is valid and the other is not? If five are valid and three are not? Is there an upper limit to the number of signatures? At one point does this become a denial of service attack on the relying party? ...). So, since on the one hand this whole mess can be avoided by an issuer who wants to avoid it, and on the other hand there's a perfectly good way to handle it that we're going to have to support anyway, on the gripping hand I do not support the proposed change to allow multiple signatures. _______________________________________________ Sidr mailing list [email protected] https://www1.ietf.org/mailman/listinfo/sidr
