At 7:33 PM -0800 12/9/08, k claffy wrote:
On Tue, Dec 09, 2008 at 12:09:05PM -0500, Sandra Murphy wrote:
On Tue, 9 Dec 2008, Heather Schiller wrote:
>Stephen Kent wrote:
>>
>>P.S. Irrespective of my analysis above, yes, I do prefer a singly-rooted
>>PKI, with IANA as the only TA, but I can live with a set of TAs so long
>>as I can count them on my fingers, and they all are authoritative for the
>>resources in question :-).
>>_______________________________________________
>Steve, That's the concern -- what happens if 2 RIR's assert authority to
>the same resource?
That was my interpretation of John's concern, too.
I believe that part of the freedom granted to relying parties ("granted"
because there's no way to prevent them) is not only that relying parties
are free to choose their trust anchors, but also that the relying parties
are free to say what they trust their trust anchors to speak
authoritatively for.
that's correct.
So the relying parties can take care to ensure that they do not grant
overlapping authority to their trust anchors. It should be the case that
relying parties who mess that up, mess themselves up, not other people.
zoinks. that seems like an awful lot of trust to take
out of the architecture and put back into the oft
overtired or overworked or counterincented fingers sidr
is trying to secure against. are you still going with
'secure' in the title?
yes, I am :-). The insecurity that results from an RP making errors
primarily affects that RP, i.e., he/she is vulnerable to viewing
invalid origin assertions as being authentic, but no other RPs suffer
the same fate.
another problem, this relatively radical change in the
architecture turns a whole class of people who are guaranteed
to be proponents of sidr (like caida, whose research it will
make easier because it will reduce the amount of work we have
to do to resolve addresses to science) into people whose lives
sidr will make much harder for little benefit.
On what basis do you assert that there is little benefit from this
infrastructure?
so, you at least have some marketing issues.
but i see even deeper problems. it now sounds like a dlv-based
bgp, and afaict for the same reasons. geoff explains to drc:
My related observation is pretty much the same as yours - these are
thorny matters with many interests and perspectives. I for one don't
see this matter being resolved by a simple SIDR WG discussion - oh
no - thats just the opening statements in something that I fear will
carry on, like DNSSEC, for a decade or longer.
I am less pessimistic that Geoff in this regard, but I do think it
would be preferable to move forward with our 6 TA model, and work the
politics to to enable migration to a single TA (IANA) model. It will
be easy to make this migration if the community agrees.
as justified as that fear is, i can't imagine widespread support
for pulling another IPv6 to avoid pulling another DNSSEC.
I don't understand this metaphor. I fear you've been hanging out with
Randy too much :-)!
(i'm no DNSSEC fan, but we should acknowledge that the root is
closer to getting signed than it's ever been (thanks to meatspace
governments recognizing the alternatives are worse), while
IPv6 still doesn't even have any scalable routing architecture
to even talk about deploying. but i asked vixie to tune in
here, since he no doubt has some hard-earned wisdom from tilting
at dlv that is relevant.)
I agree that we're getting close on IANA as the single DNSSEC root.
This too has been a political issue, after a long technical
development process. I am hoping we have a shorter tech development
process for the RPKI.
seems to me we've got a long history of 'let's leave that
(economic/ownership/trust) part of this problem for some set
of people who is not us' in recent ietf attempts to retrofit
societal needs back into the Internet architecture, and scant
evidence that even the designers are happy with the results.
i agree that the trust architecture merits a separate draft,
but i don't see a good case for postponing that draft. especially
since geoff and others are pushing hard for the RIRs to allow for
legitimate sale of ipv4 addresses to the highest bidder, asap.
if we're gonna turn the economic and the ownership
architectures for IP addresses upside down at the same time,
we'd best make the trust architecture exceedingly clear.
We can split off the discussion of trust anchors options and
management into a separate I-D, if enough folks believe that will
help. But, I also agree with you that if we just use this document
restructuring to defer the problem, we are not making great progress.
Steve
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
