At 9:00 AM +1100 3/19/08, Geoff Huston wrote: >>On Tue, 18 Mar 2008, Stephen Kent wrote: >> >>>At 9:55 AM +1000 3/18/08, Robert Loomans wrote: >><snip> >>>It has been suggested that access to repositories might be >>>TLS-protected, even though the data is intended to be widely >>>available. The motivation is that requiring a TLS credential (issued >>>under the RPKI) could be used to reject DoS attacks by complete >>>outsiders. >> > > >Perhaps the clarifying question is: are you talking about read >access or write access?
With regard to DoS concerns, I was talking about read access. >The comments I've seen that support the notion of no need for TLS >support appear to refer to read access, where anyone can be a >relying party and the combination of manifests and digital >signatures on retrieved objects is sufficient to ensure that the >relying party can determine the completeness and validity of the >retrieved information. I agree that write access poses greater access control concerns in general, but we should care about DoS in the context of read access. Since I was the one who made the comments, I guess I didn't make them clearly enough :-). >The comments I've seen in favour of TLS appear to refer to write >access where a CA or EE has outsouced the publication repository >management function to a third party and there may be some need for >a secured channel of write access as a means of DOS protection. Yes. There are lots of options here, and it is not clear if we need to have one standard way to do this, or just say that suitable access controls need to be employed, and give examples of reasonable ways to achieve such. >The drafts on this topic (draft-huston-sidr-repos-struct-01.txt, and >draft-ietf-sidr-res-certs-09.txt) refer only to read access. right. Steve _______________________________________________ Sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
