At 12:53 PM +1000 7/18/11, Geoff Huston wrote:
...
How is this X.500 directory "tagging" achieved in other PKIs? Three
letter filename extension conventions? Or some other tag mechanism?
I was referring specifically to the X.500 directory, which tags via
its ASN.1 encoding for data types. But, in reality nobody uses X.500.
LDAP is used instead, and it is based on X.500 (more precisely,
X.501).
LDAP directories are accessed using the LDAP protocol, so file names
don't enter into the picture. One identifies the entry (by
distinguished name) and the object type (class) within the entry by
OID, and the requests that value of the object (speaking about
retrieval). It is up to the implementation of the LDAP protocol to
find the right type of object based on the search parameters
provided, and to update or retrieve the objects accordingly.
The RPKI repository design is very different. it is not intended to
support searching the way X.500 or LDAP does. Our operational model
says that every RP needs to retrieve the current version of every
object at every pub point (to first order), periodically. We selected
rsync as the access protocol, and it uses directory and file names to
locate objects. So, given our access model and our choice of access
protocol, I think we ought to assume that filenames are the
appropriate object names, and filename extensions are a convenient
object type indicator, for use with this protocol.
Some RPs might, for example decide to not download GB files because
these files are not critical to ROA validation. I am told that one
can use rsync to perform selective retrieval based on a filename
extension, so the use of such extensions seems very reasonable, as a
means of enabling such selective retrieval.
Steve
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
