On 18/07/11 12:32 PM, "Stephen Kent" <[email protected]> wrote:
>> But wouldn't the CMS (and ASN.1 for that matter) effectively tell >> the RP what the object was intended to be? It strikes me that the >> file name extension is a bit of syntactic sugar rather than an >> essential and necessary component, so I'm curious to understand what >> has changed in this particular PKI that makes the filename extension >> such a necessary attribute. If this is the case would a rogue CA be >> able to mount an effective DOS attack for all RPs by deliberately >> mis-naming objects? > > If youy want to compare the RPKI to the general PKI repository model > (X.500), note that in an X.500 directory, every object is tagged in a > fashion analogous to the filename extension. LDAP tags objects as > well. So why is it not appropriate to do so, in a normative fashion > here? > >From what little I know about LDAP/X.500 directories, the tagging is driven from the DIT. Surely that is more analogous to the RPKI manifest than a filename based extension. Or am I missing your point or some key example/information? I'm happy to see things tagged in a normative fashion, I just think putting the eggs into the filename/directory basket as a standards action is worrying. Cheers Terry _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
