At 9:08 PM -0700 7/17/11, Terry Manderson wrote:
On 18/07/11 12:42 PM, "Stephen Kent" <[email protected]> wrote:
At 4:42 PM -0700 7/17/11, Terry Manderson wrote:
the filename extension, which is part of the "file" data type above,
conveys the needed info. yes, one could add an OID here, but
ultimately an RP will check the syntax and know which file is what
type. Som, adding an OID doesn't seem to help much in a manifest.
So, I'm confused.. if the RP ultimately checks the syntax, why is tagging
needed at all?
see my reply to you message (now in flight :-)).
> if there are no mandated filename extensions, then every pub point is
> a mini-DoS attack, as Rob noted. We can't prevent a rogue pub point
manager (or CA) from mislabelling files relative to the 3-char
extension, but why invite chaos :-)?
Right, so its a processing issue.
yes.
So through the hierarchy (loosely speaking TA points to CA, CA points to
Rescert, Rescert points to publication point and manifest) the lesser of the
chaos scenarios would be to put the 'labeling' in the highest possible
location within the publication point. I'm guessing the most sane is the
Manifest, if it is truly a standards action requirement.
As the manifest is a signed object, it has the benefit of being tightly
interpreted as an attestation by the issuer that this 'file' with a
specified hash is a ROA. How much clearer do you need to be? or want to be?
yes, publication of a manifest is mandatory. But, if you read the
manifest spec closely, especially the error case discussion, you'll
see that RPs are encouraged to accept objects that do not appear on a
manifest, under certain circumstances. Thus, if we were to rely
exclusively on the manifest contents to direct RP processing we would
degrade the functionality currently specified.
> An earlier draft of this doc called the extensions mere
> recommendations. I persuaded Geoff to make them mandatory. The
arguments I made then still
apply, which is why STD vs. BCP seems appropriate, to me.
Were those arguments made on list? if so I will go hunting and reflect on
them with a Merlot in hand this evening.
I don't recall. I may have sent them directly to Geoff.
Steve
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
