On Aug 24, 2011, at 12:19 PM, Joe Touch wrote: > Is there ever a reason that this service should exist as a totally open and > insecure port?
Given that it is explicitly listed in the draft, I find it worrisome that you even ask the question. Caches and routers MUST implement unprotected transport over TCP using a port, RPKI-Rtr, to be assigned, see Section 12. Operators SHOULD use procedural means, ACLs, ... to reduce the exposure to authentication issues. > Also, is there a reason for not assuming that the out-of-band and in-band > services cannot exist on the same port (other than performance of the > connection establishment)? Those aren't enough !?!? --Paul Hoffman _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
