All,
Having thought about this a bit, I remain skeptical about the need for
or desirability of multiple signatures on ROAs.
First, as others have mentioned, this is a relatively low-probability
hypothetical case, and if it occurs at all it would be the result of
an issuer deliberately chosing to make life complicated for its
subjects. This does not strike me as a strong case for complicating
the protocol (if anything, it strikes me as the opposite, absent proof
that this complexity really is necessary).
I agree with Rob here. I'd have no problem with extending the protocol
if there was a valid case for doing so. However, the two cases that
were mentioned on the list so-far, are low probability cases that can
be handled by having 2 ROAs. Until somebody comes up with a third
case that needs this, let's not make things more complicated than
they already are.
Henk
--
------------------------------------------------------------------------------
Henk Uijterwaal Email: henk.uijterwaal(at)ripe.net
RIPE Network Coordination Centre http://www.amsterdamned.org/~henk
P.O.Box 10096 Singel 258 Phone: +31.20.5354414
1001 EB Amsterdam 1016 AB Amsterdam Fax: +31.20.5354445
The Netherlands The Netherlands Mobile: +31.6.55861746
------------------------------------------------------------------------------
# Lawyer: "Now sir, I'm sure you are an intelligent and honest man--"
# Witness: "Thank you. If I weren't under oath, I'd return the compliment."
_______________________________________________
Sidr mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/sidr
