On Tue, 18 Nov 2008, Andy Newton wrote:
On 11/18/08 11:01 AM, "Randy Bush" <[EMAIL PROTECTED]> wrote:
Andy Newton wrote:
After witnessing the CP document discussion, I'm left wondering if there is
to be one and only one RPKI.
nothing else makes any sense.
So, the IETF does not sanction the use of the RPKI specs for a set of
cooperative network providers who wish to establish their own trust anchors?
Or the use of the RPKI specs to a government or collective of governments
who wish to establish their own trust anchors?
I don't understand the change from talking about the CP to talking about
trust anchors. Could you explain what I'm missing?
arin does not like that the cp has to be agreed by the entire community
affected by it?
To which entire community are you making a reference? And how did you draw
your inference, given the definition of IETF participation?
Incidentally, I thought I heard Russ Housley say at the mike that the cert
format says what CP appliels and it points to this CP. If I understand,
using a different CP means changing the cert format. Am I wrong?
I see the following, which I presume is what Russ was referring to:
3.9.8. Certificate Policies
This extension MUST reference the Resource Certificate Policy, using
the OID Policy Identifier value of "1.3.6.1.5.5.7.14.2". This field
MUST be present and MUST contain only this value for Resource
Certificates.
No PolicyQualifiers are defined for use with this policy and thus
none must be included in this extension.
This extension MUST be present and it is critical.
-andy
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
