[top post only] I agree with Pekka's recommendations here and think recasting it to be far more precise about what problems we're discussing in the architecture document is very important.
-danny On Mar 10, 2008, at 4:59 PM, Pekka Savola wrote: > Hi, > > As discussed in the meeting, it might make sense to scope the > architecture document in such a manner that the document doesn't need > to be in progress while the more specific secure routing work goes on. > > I believe this recasting needs to start from the basics (preferably > from the draft name but changing that isn't probably worth it), > because the current Title and Abstract can be read to describe secure > internet routing infrastructure, which it doesn't really do in the > wider interpretation. > > Replace title: > > An Infrastructure to Support Secure Internet Routing > > with e.g.: > > A Public Key Infrastructure to Describe Route Origination > Authorizations > > I don't see a need to have Secure Internet Routing in the title at > all; it is prone to mislead the user. > > Similar recasting should be applied in Abstract and Introduction, e.g. > with Abstract: > > Abstract > > This document describes an architecture for an infrastructure to > support secure Internet routing. The foundation of this > architecture > is a public key infrastructure (PKI) that represents the allocation > hierarchy of IP address space and Autonomous System Numbers; > certificates from this PKI are used to verify signed objects that > authorize autonomous systems to originate routes for specified IP > address prefixes. The data objects that comprise the PKI, as well > as > other signed objects necessary for secure routing, are stored and > disseminated through a distributed repository system. This document > also describes at a high level how this architecture can be used to > add security features to common operations such as IP address space > allocation and route filter construction. > > Replace with (also summarizing it a bit): > > This document describes a public key infrastructure (PKI), the > certificates of which could be used to verify signed objects that > authorize autonomous systems to originate routes for specified IP > address prefixes. These and supporting data objects can be > stored and > disseminated through a distributed repository system. > > Possibly also keep the last sentence, but this is a bit of can of > worms because these mechanisms have already been described as > incomplete (and to avoid this can of worms, some text in section 7.2 > and 7.3 could possibly be removed or reworded): > > This document > also describes at a high level how this architecture can be used to > add security features to common operations such as IP address space > allocation and route filter construction. > > -- > Pekka Savola "You each name yourselves king, yet the > Netcore Oy kingdom bleeds." > Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings > _______________________________________________ > Sidr mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/sidr _______________________________________________ Sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
