-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Terry,
I wanted to ask you about this line: - ------------------ 4.1.1 e. Confirm that all of the objects listed in the downloaded manifest have been retrieved. - ------------------ What if I have a partial download of the URIs from the manifest? What if the successfully downloaded object files match the stored hashes? I personally believe that the manifest itself has to be only entirely download but partial downloads of object should be permitted. Regards, Roque On Aug 24, 2008, at 10:36 PM, Terry Manderson wrote: > > > .. and in the bad form of following-up to my own post. > > > On 29/07/2008, at 11:10 PM, Terry Manderson wrote: >> >> The ubiquity of HTTP provides a strong platform for both server and >> client development. I'm not sure it would expose an attack surface >> by adding http. It may be that specifying just https may eliminate >> additional vectors. Do you have any in mind? > > I had the opportunity on the weekend to catch up with an old colleague > who now spends her time dealing with banking sector network security. > After the usual banter about the selection of red wine we 'talked > shop'. > > She was quite immovable in her view that regardless of the validation > constructs of RPKI, the end to end fetching and publishing MUST be > over a path that covers confidentiality, integrity, and availability. > > So in her eyes the important things are: > - That when you establish a discussion with endpoint you are (to the > best of current technology) certain it really is the endpoint. > - That you are talking (unmolested) to the endpoint you think you are > for the entirety of the session. > - That what is retrieved by the client is audit-able at both the > server and the client. > - That retrievals are predictable, and perfectly repeatable. > - That the client _never_ permits a downgrade, or unsecured retrieval > of information > - That Trust anchor management for both the client ssl and the PRKI > is considered in such a way that it minimises the fact there is no > such thing as trusted computing (her words). > > I asked for situations that she could identify (ie problems) and after > the expected Kaminsky DNS issue discussion, I was showed the secret > decoder ring and she suggested that I wasn't being paranoid enough > given we are dealing with and constructing operational systems which > affect the control plane. > > I'm not sure how this might reflect in the ARRRM draft yet, but I > thought it worthwhile to share. > > Cheers, > Terry > _______________________________________________ > sidr mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/sidr -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) iEYEARECAAYFAkiyw5wACgkQnk+WSgHpbO7jNgCg1dHvT3z3QcYbecGKxIEw/ZpE Nu0An2hhqQd35VT9GOXYYq3K8H1H3IZ3 =SzHP -----END PGP SIGNATURE----- _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
