On Tue, Dec 09, 2008 at 12:09:05PM -0500, Sandra Murphy wrote:
On Tue, 9 Dec 2008, Heather Schiller wrote:
>Stephen Kent wrote:
>>
>>P.S. Irrespective of my analysis above, yes, I do prefer a singly-rooted
>>PKI, with IANA as the only TA, but I can live with a set of TAs so long
>>as I can count them on my fingers, and they all are authoritative for the
>>resources in question :-).
>>_______________________________________________
>Steve, That's the concern -- what happens if 2 RIR's assert authority to
>the same resource?
That was my interpretation of John's concern, too.
I believe that part of the freedom granted to relying parties ("granted"
because there's no way to prevent them) is not only that relying parties
are free to choose their trust anchors, but also that the relying parties
are free to say what they trust their trust anchors to speak
authoritatively for.
So the relying parties can take care to ensure that they do not grant
overlapping authority to their trust anchors. It should be the case that
relying parties who mess that up, mess themselves up, not other people.
zoinks. that seems like an awful lot of trust to take
out of the architecture and put back into the oft
overtired or overworked or counterincented fingers sidr
is trying to secure against. are you still going with
'secure' in the title?
another problem, this relatively radical change in the
architecture turns a whole class of people who are guaranteed
to be proponents of sidr (like caida, whose research it will
make easier because it will reduce the amount of work we have
to do to resolve addresses to science) into people whose lives
sidr will make much harder for little benefit.
so, you at least have some marketing issues.
but i see even deeper problems. it now sounds like a dlv-based
bgp, and afaict for the same reasons. geoff explains to drc:
My related observation is pretty much the same as yours - these are
thorny matters with many interests and perspectives. I for one don't
see this matter being resolved by a simple SIDR WG discussion - oh
no - thats just the opening statements in something that I fear will
carry on, like DNSSEC, for a decade or longer.
as justified as that fear is, i can't imagine widespread support
for pulling another IPv6 to avoid pulling another DNSSEC.
(i'm no DNSSEC fan, but we should acknowledge that the root is
closer to getting signed than it's ever been (thanks to meatspace
governments recognizing the alternatives are worse), while
IPv6 still doesn't even have any scalable routing architecture
to even talk about deploying. but i asked vixie to tune in
here, since he no doubt has some hard-earned wisdom from tilting
at dlv that is relevant.)
seems to me we've got a long history of 'let's leave that
(economic/ownership/trust) part of this problem for some set
of people who is not us' in recent ietf attempts to retrofit
societal needs back into the Internet architecture, and scant
evidence that even the designers are happy with the results.
i agree that the trust architecture merits a separate draft,
but i don't see a good case for postponing that draft. especially
since geoff and others are pushing hard for the RIRs to allow for
legitimate sale of ipv4 addresses to the highest bidder, asap.
if we're gonna turn the economic and the ownership
architectures for IP addresses upside down at the same time,
we'd best make the trust architecture exceedingly clear.
k
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
