On 12/11/2008, at 11:40 AM, Randy Bush wrote:
George Michaelson wrote:
On 12/11/2008, at 9:41 AM, Randy Bush wrote:
The authors of these two drafts now believe that all SIDR WG
comments
have been integrated into these documents
only withdrawal of the bogons draft would address my comments
randy
I believe the BOA draft documents a structure which is going to be
very
useful in the partial deployment world of the RPKI, especially,
partial
deployments of origination attestation.
Its going to allow relying parties to tell the difference between a
bogon, and an as-yet un-attested route object. Thats documented in
the
validation draft.
The BOA is closely modelled on the ROA. Its logical structure,
associated certification processes, CMS representation, are all close
analogues. I fail to see a structural criticism which is valid, which
does not also go to the ROA, which you seem (from other comments) to
accept as a useful structure.
i believe you believe all that. this does not alter one iota that the
new draft does not address my comment.
the security model of the boa is seriously flawed. it mixes a
negative
model with the existing positive one. this will vastly complicate
things and to little utility.
WG Chair hat off
So to head away from generalities, what parts of either draft are the
issue here? The BOA draft is essentially a mirror of the ROA draft so
I assume that the BOA draft is in and of itself. The interpretation
and use of the BOA and ROA are described in the ROA Validation draft.
What parts of that draft present such vast complications?
I would also be interested to learn whether this is a common concern
or not and also interested to learn what other meaningful options
relying parties have in a world of partial deployment, because, as it
stands without BOAs, a world of ROAs and the absence of ROAS is pretty
much completely useless in terms of relying parties being able to
detect a routing lie.
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
