On Nov 14, 2011, at 6:47 PM, Rob Austein wrote: > Danny, > > For purposes of this discussion, a LTA is semantically equivalent to a > collection of TAs plus a constraint list. Since LTAs are also a more > general mechanism (they can be shared by a group of like-minded folks > more easily than a constraint list -- just create a TAL pointing at > the LTA) and since LTAs have the nice property of keeping the raw > constraint list out of the validator itself (thus keeping the > validator that much simpler), my advice to anybody who thinks they > need a constraint list would be to use a LTA. > > We can discuss this further at the face to face meeting if you like, > but that's the summary as I see it at the technical layer.
That'd be good, because I'm not comfortable with that as an RP. > Layers 8+ are mostly out of scope for this list, so let me just say > that I am really hoping that IANA and the RIRs will get their > collective act together and issue a single TA before this becomes a > serious problem. They say that they intend to do so. As somebody (KC > Claffy?) said a few years ago, relying parties should not have to sort > out this mess, that's what the industry pays the RIRs to do. For the > moment I'm willing to take the RIRs' word that they intend to do their > job and just need a bit more time. YMMV. Until then (or even after in the event of a CA compromise), it's a technical issue and the capability for RPs to determine who holds what resources, or at least to constrain who they trust with what resources, and intersect that with the LTA 'federation' issue is very much an operational issue. -danny _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
