Rob Austein wrote:
I'd also question the purpose of TLS (ie, HTTPS vs HTTP) in this context. All the data are signed, there's no confidentiality or access control reuirement as far as I know, and the manifest design was specifically intended to remove the need for channel security. The draft doesn't contain any real analysis of what threats the protocol needs to defend against or why TLS is the right solution.
I also have serious concerns about the use of HTTPS, especially about how a relying party should verify the server's certificate. I believe that the current RPKI certificate policy and/or profile prohibits certificate use for client/server authentication purposes. That'd mean that a different (yet another?) PKI should be used for this. What PKI would that be?
Robert _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
