On 12/3/2011 12:47 AM, Randy Bush wrote:
so are you saying bottom up is just a no-go?
I believe I am, in that by following the AIA pointers you may be lead
to places that may not match your chosen trust anchors.
This is particularly the case for those who want to set up local TAs
as per some draft or another.
as at least one validation implementation, bbn, is bottom up, and was
done by clueful folk next to some draft or another, i suspect we need to
document this in a warning some place.
randy
BBN's validator does have both top-down and bottom-up capability
(currently, both run by default). This was intended to handle any
future use cases where a child is somehow obtained before its parent.
As it turns out, all use cases that we've tested so far only require
top-down. And the bottom-up capability only leads us to old, abandoned
data.
Note that Local TA is unaffected; that "tree" is shallow, locally
managed, and processed in a manner that doesn't require AIAs.
As others have mentioned, bottom-up introduces complexity with (1) stray
AIA pointers, and (2) multiple issuers if AIAs must be strict. We have
a countermeasure for 1, and currently we aren't strict about 2. But if
no bottom-up use cases ever come up, we will default the BBN validator
to run top-down only.
-Andrew
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
