On 19/07/11 11:59 PM, "Rob Austein" <[email protected]> wrote: > > What threat? Please describe it. > > The only "threat" I saw discussed is, in my opinion, a non-issue: an > attacker can mangle filenames in the unprotected data stream, thus > causing objects to fail validation. An attacker who can do that can > also mangle the objects themselves in the unprotected data stream, > which will also cause the objects to fail validation, so being able to > change the filenames doesn't give the attacker anything new.
I see those two as having a subtle difference. I guess I'm alone in that observation. > >> The suggestion of adding the mapping/type into the Manifest (while >> awkward in ietf processing) gives both the mapping result, and >> removes the CA/Repository threat identified. > > The file types are already in the manifest, because the file types are > encoded in the filenames, which are in the manifest. ok. So in which case before I give in to making repos-struct a PS, I would want to see words somewhere that say that the validation choice for an RPKI object file is to based on the filename in the manifest and not on the transferred filename. Do such words already exist? If so, where? And is that how validation implementations are already coded? For some reason all I can think about with this extensions discussion is the .txt.vbs windows worm exploit.. its all just so 1990's.. T. _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
