Russ,
The "automated" changes would be similar to the ones that you would do
on your own CA.
As adding a new attack surface by using web interfaces, yes we are as
you said, the convenience has a price. Nevertheless if well protected it
could be an acceptable trade-off. Forcing everyone to have their own CA
(possible as it should be from a security stand point) would make rpki
very complex to deploy for the small/medium players (similar to DNSSEC
today).
Perhaps we should document all these.
Regards,
as
On 06/12/2012 17:42, Russ White wrote:
>
>> Yes, the hosted keep your private key, but you can modify your ROAs
>> anytime you want. At least the hosted systems that I know provide a web
>> interface to do that. The ROA would be published immediately or a few
>> minute/hours later, depending of the rpki-operator (my personal view and
>> with my network operator hat on is that it should be immediately or in
>> minutes).
>
> Modulo the propagation time...
>
> But isn't it bad to allow automated changes to a certificate that's
> designed to operate "at human speeds," (based on other conversations on
> this list), and is so critical to the operation of the routing system?
> Aren't we just adding to the total attack surface available against the
> routing system by allowing users to go into a web page and change what's
> advertised into the ROA system?
>
> I know --it takes that bit of the problem out of the actual BGP space,
> and moves it into another space altogether, but... I don't see banking
> as being "more secure" because you can do all your banking on line
> --it's more convenient, but I think there's a clear tradeoff in security
> and convenience here, right?
>
> If this is the type of system that's envisioned, shouldn't the risks
> involved be documented someplace?
>
> Russ
>
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
