At 7:16 PM -0700 7/21/11, Terry Manderson wrote:
Hi Andrew,
Therefore, the BBN validator does the only thing sensible, which is
validate based on filename and certificate chain. After that, we check
against the manifest and emit a warning if it doesn't look right. And
we provide the user with configuration flags to control the output of
validator: does he want output from the "perfect" ROAs only (with
perfect manifests all the way up the chain), or is some level of
grayness acceptable.
Manifests are murky, especially when you misuse them. Filename
extensions are not.
Maybe the repository should have been constructed in LDAP with a manifest
object there to confirm the ldap search returned all the roa objects.
LDAP would be terrible in this context. It is not well suited to
the "I want everything that has changed since this time" model of
repository access that RPs need here.
Steve
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
