You could also limit which hosts can rsync Michele (Mike) Hjorleifsson
On Mar 17, 2008, at 13:38, "Tony Li" <[EMAIL PROTECTED]> wrote: > > One benefit would be a secure, automatic exchanges without cleartext > authentication. > > Tony > > > |I wonder what the benefit would be? (I can't parse "somewhat > |protected") > | > |We need no encryption on the channel, as all the published > |information is > |public. The objects themselves (manifests, certs, CRLs, ROAs, ...) > are > |signed so you can catch tampering. Finally, the existence of manifest > |provides source authentication. So there does not seem to be > |any advantages > |for this. > | > |OTOH, you *would* have to incorporate a completely separate > |PKI in order to > |authenticate hosts (potentially thousands of them). > _______________________________________________ Sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
