On 05/04/2012 10:06 PM, Osterweil, Eric wrote:
Hey Chris,
The implications of putting signatures on updates that are both
globally visible/verifiable and implicitly give object-level security
to updates is WAY different than the semantics of the keying done
today. The implications of the scope of these keys puts them in a
much different role. I was assuming that was clear, but maybe not?
I think we're talking about 2 different (at least) things...
Eric
----- Original Message ----- From: Christopher Morrow
[mailto:[email protected]] Sent: Friday, May 04, 2012 09:54 PM
To: Osterweil, Eric Cc:
[email protected]<[email protected]>;
[email protected]<[email protected]>;
[email protected]<[email protected]>; [email protected]<[email protected]>;
[email protected]<[email protected]>;
[email protected]<[email protected]> Subject: Re: [sidr]
RPKI and private keys (was RE: Interim Meeting Draft Agenda:
04-30-2012 (April 30, 2012)))
On Fri, May 4, 2012 at 9:37 PM, Osterweil,
Eric<[email protected]> wrote:
Hey Chris,
Yeah, I read that. I know there's a tendency for some people to
want to talk about bath houses on this list, but I was going to
pass on that.
As for draft-ymbk-bgpsec-rtr-rekeying-00.txt, that draft just
points out the inadequacies of either approach and that there is no
good solution. My take is that this is indicative of a misalignment
between a given architecture and implicit requirements. Sometimes
you can't patch the holes in a leaky ship, you need to reassess the
requirements. I think the evidence illustrates that this is the
case here.
it seems to me that putting key-material on a distant router is done
today... isn't it? or are you saying that how you do it today leaves
you feeling icky, and you'd rather another method be devised?
Could you outline a possible method? (provide a solution, for
instance)
Eric
----- Original Message ----- From: Chris Morrow
[mailto:[email protected]] Sent: Friday, May 04, 2012 09:28
PM To: Osterweil, Eric Cc:
'[email protected]'<[email protected]>;
'[email protected]'<[email protected]>;
'[email protected]'<[email protected]>;
'[email protected]'<[email protected]>;
'[email protected]'<[email protected]>;
'[email protected]'<[email protected]> Subject: Re:
[sidr] RPKI and private keys (was RE: Interim Meeting Draft Agenda:
04-30-2012 (April 30, 2012)))
On 05/04/2012 08:59 PM, Osterweil, Eric wrote:
His point is NOT addressed by any draft in the wg (since you
asked).
read randy's mentioned draft?
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
