Danny,
I'm reducing my reply to minimize what has become a tedious process.
...
The charter is temporal and the product of the WG in the form of RFCs
will be much more persistent, I'm concerned by a line of reasoning that
says "Let's ignore and not even enumerate or concern ourselves with
these obvious threats because the current charter [deliberately] says
all we have to do is provide semantic validation of the AS_PATH" [and
doing anything more would quite possibly NOT be conducive to
expedited publication of BGPSEC].
While I appreciate your concerns, comments from one WG member do not
warrant changing the scope of a document to extend beyond the WG
charter. When the charter changes, or upon direction of the WG chairs
I will revise the doc.
...
And I'm saying that if we're going to employ a PKI solution on a distributed
loosely coherent resource certification infrastructure that's going
to be employed
by RPs in a non-determinsitc manner and result in "periodic updates" in the
routing system in order to minimize exposure windows, then we ought to look
at what architectural approaches can be considered or what new elements
invented to minimize unneeded state and churn in the network and maximize
resiliency without introducing the possibly for any array of new attacks.
Feel free to propose such mechanisms.
We've already seen issues where such an approach has been problematic with
DNSSEC in the wake of portions of the Internet being fragmented and causing
issues and inability to update certificates in the system at root, TLD and SLD
levels, and what you're proposing here is far far more troubling.
Can you point me to reports on those incidents. I have not heard about them.
...
If you're intended to play the "charter says .." card then we're
wasting our time.
Yes, we are both wasting our time at this stage.
Steve
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
