On Nov 3, 2011, at 11:43 AM, Stephen Kent wrote: > Can you point me to reports on those incidents. I have not heard about them.
I could cite others, but this should serve the purpose: <http://www.nytimes.com/2011/01/29/technology/internet/29cutoff.html> Consider this and assume operators had infrastructure (e.g., root & TLD servers) that was serving signed zones that couldn't be updated and expired while partitioned from the rest of the Internet. The result is that validating recursive name servers within that catchment couldn't validate the received responses, and they were therefore not valid and not able to resolve resources. Designing a system so reliant on heavy cryptography machinery, but then saying "just use expired certificates if you can't update your caches", that's crazy talk that would likely violate most of our day job security policies for even SSL or VPN access policies -- and here we want to apply it to a newly enhanced routing protocol and resource certification infrastructure --- I challenge that assumption. And on further reflection, I think recommending that expired certificates be used (even in algorithm rollovers, presumably for the purpose of fixing cryptographic vulnerabilities) may well NOT be aligned with our two primary charter objectives: * Is an Autonomous System (AS) authorized to originate an IP prefix * Is the AS-Path represented in the route the same as the path through which the NLRI traveled I intend to ask the security ADs for a statement on suitably of use for expired certificates, and would appreciate such an explanation from the SIDR technical advisor as well as the chairs at the upcoming meeting. -danny
_______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
