Hi, I wonder what the benefit would be? (I can't parse "somewhat protected")
We need no encryption on the channel, as all the published information is public. The objects themselves (manifests, certs, CRLs, ROAs, ...) are signed so you can catch tampering. Finally, the existence of manifest provides source authentication. So there does not seem to be any advantages for this. OTOH, you *would* have to incorporate a completely separate PKI in order to authenticate hosts (potentially thousands of them). Robert Michele (Mike) Hjorleifsson wrote: > If the consensus is to go forward with rsync, may i suggest we start > with rsync over ssh so that the information being transferred is > somewhat protected > the accepting sites can setup key and host based authentication to add > a layer of security as well. > > > ----------------------------------------- > Mike Hjorleifsson > US Technical Sales Manager > AEP Networks, Inc > 347 Elizabeth Avenue > Somerset, NJ 08773 > Ph: 732-652-5257 > Em: [EMAIL PROTECTED] > Apple ACTC || Microsoft MCP/MCT/MPS > Citrix CCA/CCI || Novell Linux Engineer > FTOCC Certified VOIP Technician > > > > > > > > _______________________________________________ > Sidr mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/sidr _______________________________________________ Sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
