>>> I would prefer, given the identified case, that where a situation >>> exists that a manifest is is non-existent or discarded that the entire >>> publication point MUST be considered suspicious and not used for >>> validation of operational objects. I would be fine if the GB object >>> were still validated and used for human contact reasons with >>> sufficient warnings about lack of trust. >> >> off the bloody wall. the trust is gained through the cert chain. > > very well, "if the GB still validates through the cert chain." > > Provided of course that you have a valid GB object since without a > manifest a simple `cp 00001.gbr 00001.cer` will fail to validate under > the assumption you make the validation selection regime based on > filename extension
this is so far off into the weeds as to be picturesquely stunning. let me try with more words. the rpki is an x.509 based pki. it is the certs and validation chain(s) which rule. if a roa, gbr, ee cert, ... validates to a ta, it is good. period, end. finished. the purpose of the manifest is to try and reduce one known attack on this type of pki, removal of an object. end. period. fin. randy _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
