Geoff Huston wrote:
WG co-chair hat OFF
This is a posting made in my role as a document co-author, and not as a
co-chair of the WG
In reviewing the manifest document I notice that the document in its
current version defines a manifest as an RPKI construct. I have two
questions about this:
1. Should the manifest document be constrained in this manner as being
exclusively an RPKI construct, or should the reference to exclusive use
by the RPKI be removed such that the manifest is defined in a manner that
is agnostic to the context of the PKI in which the manifest may be used,
so that any CA may use a manifest?
2. In the context of the RPKI should the manifest document used a SHOULD
to specify that the resources in the RPKI EE certificate used to validate
the manifest's signature be specified using the inherit bit setting of
the RFC3779 extensions?
Do any of the document's co-authors, or any WG folk, have an opinion of
either or both of these questions that they'd like to share?
thanks,
Geoff
WG co-chair hat OFF
I think there's a benefit of allowing this construct to be used in an RPKI
related, but not strictly RPKI repository, or even in an RPKI unrelated
context. So I'd be in favor of making it more generic (see 1), which also
means relaxing the rules on the EE cert (see 2).
Robert
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
