At Wed, 7 Jul 2010 10:40:40 +1000, Geoff Huston wrote: > On 07/07/2010, at 12:29 AM, Rob Austein wrote: > > > I would also like to see some discussion of the simplified trust > > anchor proposal. > > What appears to me missing in this second model, aside from the > comments provided earlier by Steve Kent, is the singalling to > relying parties as to the suggested refresh interval for the RTA. IN > the ETA/RTA model the CRLDP provides a time interval that can be > used by RPs to configure their next refresh of the local RTA. In > this model what is the suggested refresh interval? Does one > explicitly use short validity times on the RTA (this would be > strange/ possibly bad) or does one leave it to the RP to just guess > (again this seems strange/ possibly bad).
The simplified mechanism has no need for an explicit refresh interval. The self-signed RPKI certificate (corresponding to the RTA in the ETA/RTA model) is just another object to be retrieved using rsync, so one using rsync to retrieve it on validation if it has changed, same as any other object. No special handling needed. _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
