I have mixed feelings about this proposal.
I do not object in principle to signed RPSL, and using an EE cert
from the RPKI to verify signed RPSL data seems reasonable as well.
However, I worry that we need to tightly restrict which RPSL data can
be validated using an RPKI cert. My concern is that it would be easy
for folks to misinterpret the extent of what an RPLI cert attests to,
and thus accord signed RPSL data more trust than it deserves. I also
worry that using RPKI certs for this purpose might cause folks to
want to have Subject names be meaningful, not arbitrary, as now
required by our specs. So, if Robert is comfortable with imposing
these sorts of constraints, I think it appropriate to make this a
work item.
Finally, I am also very sympathetic to the non-technical issue Randy
cited, i.e., will adoption of this as a WG item distract us from the
rest of the work we are already pursuing? Our first priority should
be to focus on the 11 extant WG documents, achieve consensus, and
progress them to RFCs.
Steve
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
