...
As a general comment, I have doubts about any high degree of
isomorphism between key rollover and algorithm migration, and
consequently I wonder if the proposed approach of attempting to use
a single document is creating a artificial incentive to define a
single approach when in fact they are operationally quite distinct
functions and may justifiably be efficiently addressed by distinct
algorithms. If that is indeed the case that the most operationally
effective and efficient procedures are quite distinct then the
rationale to describe these procedures in a single document would
appear to me to pretty much entirely unconvincing.
My model for key rollover assumes an interval when old and new keys
(and certs) are both valid, which is a common notion in PKIs. Your
key rollover discussion (Section 8 of the resource cert profile)
seems to include a similar notion. You work hard to limit the number
of signed products that are simultaneously represented under the old
and new certs associated with a CA that is rekeying. I was thinking
about a more liberal approach :-).
I believe that for alg migration such an interval is absolutely
required, but is just longer that for key rollover. Your comments on
alg migration (Section 3 of the RPKI alg profile) seem to call for a
transition interval with old and new signed products simultaneously
available. You advocate a dual-signing (where feasible) approach, to
limit the number of directory entries and, presumably, to make it
easier for CAs to maintain synch between signed products issued under
the old and new algs.
So, we both seem to agree on the need for a transition interval for
key rollover and alg migration, but we have slightly different
notions about the details of how signed products are represented
during the transition interval. To me that suggests a lot of
similarity between the two processes.
Steve
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
