On 07/07/2010, at 1:07 PM, Rob Austein wrote: > At Wed, 7 Jul 2010 10:40:40 +1000, Geoff Huston wrote: >> On 07/07/2010, at 12:29 AM, Rob Austein wrote: >> >>> I would also like to see some discussion of the simplified trust >>> anchor proposal. >> >> What appears to me missing in this second model, aside from the >> comments provided earlier by Steve Kent, is the singalling to >> relying parties as to the suggested refresh interval for the RTA. IN >> the ETA/RTA model the CRLDP provides a time interval that can be >> used by RPs to configure their next refresh of the local RTA. In >> this model what is the suggested refresh interval? Does one >> explicitly use short validity times on the RTA (this would be >> strange/ possibly bad) or does one leave it to the RP to just guess >> (again this seems strange/ possibly bad). > > The simplified mechanism has no need for an explicit refresh interval. > The self-signed RPKI certificate (corresponding to the RTA in the > ETA/RTA model) is just another object to be retrieved using rsync, so > one using rsync to retrieve it on validation if it has changed, same > as any other object. No special handling needed.
And key roll over of the RTA? _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
