Sandra Murphy wrote:
On Tue, 9 Dec 2008, Heather Schiller wrote:
Stephen Kent wrote:
Steve
P.S. Irrespective of my analysis above, yes, I do prefer a
singly-rooted PKI, with IANA as the only TA, but I can live with a
set of TAs so long as I can count them on my fingers, and they all
are authoritative for the resources in question :-).
_______________________________________________
Steve, That's the concern -- what happens if 2 RIR's assert authority
to the same resource?
That was my interpretation of John's concern, too.
I believe that part of the freedom granted to relying parties ("granted"
because there's no way to prevent them) is not only that relying parties
are free to choose their trust anchors, but also that the relying
parties are free to say what they trust their trust anchors to speak
authoritatively for.
So the relying parties can take care to ensure that they do not grant
overlapping authority to their trust anchors. It should be the case
that relying parties who mess that up, mess themselves up, not other
people.
--Sandy
It sounds like you are suggesting that it is up to the operator to
decide who is authoritative for a set of resources. This seems
illogical because the operator doesn't control the resources and who is
authoritative for them. Deciding which RIR should be authoritative for
a resource is non trivial and should not be left up to individual
operators. Appointing a single TA - and having it delegate downward
resolves this conflict. ..alternatively find some other way to ensure
that multiple TA's can not have a conflict.
--Heather
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
