> On Tue, 18 Mar 2008, Stephen Kent wrote: > >> At 9:55 AM +1000 3/18/08, Robert Loomans wrote: > <snip> >> It has been suggested that access to repositories might be >> TLS-protected, even though the data is intended to be widely >> available. The motivation is that requiring a TLS credential (issued >> under the RPKI) could be used to reject DoS attacks by complete >> outsiders. >
Perhaps the clarifying question is: are you talking about read access or write access? The comments I've seen that support the notion of no need for TLS support appear to refer to read access, where anyone can be a relying party and the combination of manifests and digital signatures on retrieved objects is sufficient to ensure that the relying party can determine the completeness and validity of the retrieved information. The comments I've seen in favour of TLS appear to refer to write access where a CA or EE has outsouced the publication repository management function to a third party and there may be some need for a secured channel of write access as a means of DOS protection. The drafts on this topic (draft-huston-sidr-repos-struct-01.txt, and draft-ietf-sidr-res-certs-09.txt) refer only to read access. _______________________________________________ Sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
