>> >> Provided of course that you have a valid GB object since without a >> manifest a simple `cp 00001.gbr 00001.cer` will fail to validate under
oops that should have been `mv 00001.gbr 00001.cer`. >> the assumption you make the validation selection regime based on >> filename extension > > this is so far off into the weeds as to be picturesquely stunning. no its not.. Rob has said: " Attempt validation based on the filename type; if that fails, the object is toast regardless of whether the filename appears in the manifest or not. " That means if I rename an object it will not validate. (irrespective of being in the manifest or not) so really, 'rm *mft; for for foobar in * ; do mv $foobar $foobar.gbr ; done' will wipe out the entire repository and nothing will validate, except the valid GB record.. Did I interpret Rob incorrectly? So similarly 'for for foobar in * ; do mv $foobar hahha$foobar ; done' will mean that the manifest will mismatch, but provides a very clear signal if we use the MUST word to the RP such that the RP will set aside the entire publication point and start the human interaction process with a no harm/no foul result. > > let me try with more words. the rpki is an x.509 based pki. it is the > certs and validation chain(s) which rule. if a roa, gbr, ee cert, > ... validates to a ta, it is good. period, end. finished. > > the purpose of the manifest is to try and reduce one known attack on > this type of pki, removal of an object. end. period. fin. The problem is Randy, that this PKI requires full and complete distribution through a sane repository system. Failure to have a full and complete repository WILL lead to unintended (ie bad) results. So its not just the PKI alone. Terry _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
