Danny, The response from Pekka is essentially correct.
SIDR decided to issue certs based on the resource allocation hierarchy, because that hierarchy is authoritative for resource allocation, and it requires no introduction of new trust points re attesting to resource allocations (consistent with the RPSEC requirements doc). Each ISP is a relying party in this PKI and, as in every PKI, each RP is empowered to select it own set of trust anchors. Thus ISPs can choose to recognize one another as TAs, in lieu of the default TAs. You can approximate a web of trust model in this fashion, though it is not an exact mapping since X.509 certs do not accommodate multiple signatures. The technical term for the PKI structure you can achieve is a "mesh." The proposal for dealing with stale data (as reflected in the manifest I-D) is to continue to use what you have. Thus the concerns you cite about what happens if anyone (IR or ISP) fails to publish data are not all valid ones. It is fair to note that new or changed data that is not published, or that is not fetched in a timely fashion, could cause ISPs to reject routes based on such changes. Unfortunately, without making change to BGP to carry such data, or providing some parallel distribution mechanism that is similarly timely, ... Steve _______________________________________________ Sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
