On 8/2/2011 10:34 AM, Paul Hoffman wrote:
Greetings again. Section 7 of draft-ietf-sidr-rpki-rtr-14 has a list of
supported transports. However, it does not list the one that some people have
said that they expect it to be run under sometimes, namely bare TCP. If we all
know that this is likely to be the case, we should have it listed in the
document. I propose the following for the end of section 7, just before 7.1:
Caches and routers MAY use unprotected TCP as a transport,
even though this provides none of the security protections of
the other protocols listed here. Unprotected TCP MUST only be
used when there is other forms of trusted security in place.
Hi, all,
IMO, this last line should read:
other forms of trusted security at or below TCP
I.e., TLS is not a viable solution to "untrusted TCP" - it may address
trust at other layers, but not at the transport.
Joe
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
