On 19/10/2008, at 8:54 PM, Robert Kisteleki wrote:
I also have serious concerns about the use of HTTPS, especially about how a relying party should verify the server's certificate. I believe that the current RPKI certificate policy and/or profile prohibits certificate use for client/server authentication purposes. That'd mean that a different (yet another?) PKI should be used for this. What PKI would that be?
There is already a well accepted PKI for handling web based security - and as much as that may irritate some as equally open to abuse - it is far better than not having channel security.
Although, I'm not closed to the idea of a TA being distributed for the purposes of RPKI Repository server security - just not sure if creating one is substantially better than using the existing known framework of third party certificate authorities already listed in most browsers/distributions.
Please advise. Cheers Terry _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
