Robert Loomans wrote:
> Michele (Mike) Hjorleifsson wrote:
>> Ok let me be a lil more clear, i wasnt referring to public access to
>> the repo's i was talking about access to update the underlying
>> information
>> is the intent to allow the public to edit the data in these
>> repositories, my concern would be that if unprotected (or writable)
>> the repository could
>> become compromised and the unsuspecting download a copy of corrupt data.
>
> Ah... Updates to the repositories are an internal implementation
> decision between the CA, and the repository. None of the current drafts
> describe updating repositories. They only describe fetching from them.
Actually draft-huston-sidr-repos-structure attempted to do precisely that
Section 2 of that document may be a but implicit, but it defines as instance of
a publication repository as containing all the signed products of a CA or the
signed products of an EE. What is implicit is that neither a CA nor an EE would
allow third parties to write to their publication repository. Also note that as
these are all signed, foreign objects are detectable by relying parties.
Geoff
_______________________________________________
Sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
