At 10:56 PM -0700 10/28/09, Terry Manderson wrote:
Oppose.
the following, I think, needs attention.
* Section 4.3 Access Protocols
" Current efforts to implement a repository system use RSYNC [14] as
the single access protocol. RSYNC, as used in this implementation,
provides all of the above functionality. A document specifying the
conventions for use of RSYNC in the PKI will be prepared."
I am not aware of rsync being used to upload/change/delete objects in a
repository as a single access protocol. My understanding is that rsync is
mandated as one of the protocols for download, and at present, the former
modification actions are done using Up/down otherwise known as
draft-ietf-sidr-rescerts-provisioning-05.
OK. The text should characterize rsync as being used for read access,
and not for R/W.
* Section 5. Manifests
This section enters the discussion that the repository system is
untrusted(sic), and the manifests are needed due to attack risks. Yet this
isn't further discussed or fleshed out as to why the repo structure is not
trusted and potentially why no further effort is made to have a trustable
repo structure irrespective of the attack vectors of an untrusted repository
system.
Any widely distributed repository system will never be trusted to a
high degree. The same threat model that motivates using DNESEC
motivates using manifests.
Steve
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
