At Tue, 7 Oct 2008 09:40:17 +1100, Geoff Huston wrote: > > ... I would argue (again) that the specification should be > complete and provide appropriate guidance to implementors for all > situations where interoperability is required, and this case, although > not common, has been visible in the routing table already and will > likely be visible in the routing table in future. Given that this does > not define a new signature standard for CMS, nor a major change in the > logic of ROA processing I do not see that this adds any undue > complexity to implementations and has the benefit of covering the full > range of anticipated use cases for ROAs in their application to > signing route origination.
It adds a requirement that the validator, rather than doing a "simple" tree walk, must now attempt to trace multiple paths through the tree in order to check the signatures on the ROA. This adds quite a bit of complexity to the validation process, for no gain that I can see. Unnecessary complexity in a security-sensitive piece of software is a bad thing, so I have no intention of implementing this even if you do get it into the specification. _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
