This late comment regarding draft-ietf-sidr-algorithm-agility was posted
to the IETF list in response to the IETF LC. Not everyone looks at the
main IETF list so I am relaying it to the SIDR list.
Stewart
-------- Original Message --------
Subject: Re: [sidr] Last Call:
<draft-ietf-sidr-algorithm-agility-08.txt> (Algorithm Agility Procedure
for RPKI.) to Proposed Standard
Date: Mon, 17 Dec 2012 16:42:16 -0500
From: Eric Osterweil <[email protected]>
To: IETF Disgust <[email protected]>
All,
Sorry for the late reply. I realize these comments come after the 12/14
deadline, but it is my hope that they can still inform any active decision
processes.
I'd like to mention that some of us have calculated that the global RPKI will
take a significant amount of time to crawl [1], and the algorithm agility draft
(as it is currently proposed) will almost double that time, because it will
necessarily almost double the number of objects in the global RPKI. I
personally worry a lot about this approach, as I feel it will likely lead to an
operationally unviable standard, in which routing will be unable to adapt to
changes in configuration for days, weeks, or even months, because of this
design (described in [1]).
The lateness of this message is simply a consequence of the fact that our
analyses have taken longer than we planned, and I do apologize for that.
Thanks,
Eric
[ 1 ] http://techreports.verisignlabs.com/tr-lookup.cgi?trid=1120005&rev=2
On Nov 30, 2012, at 10:38 AM, The IESG wrote:
The IESG has received a request from the Secure Inter-Domain Routing WG
(sidr) to consider the following document:
- 'Algorithm Agility Procedure for RPKI.'
<draft-ietf-sidr-algorithm-agility-08.txt> as Proposed Standard
The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive comments to the
[email protected] mailing lists by 2012-12-14. Exceptionally, comments may be
sent to [email protected] instead. In either case, please retain the
beginning of the Subject line to allow automated sorting.
Abstract
This document specifies the process that Certification Authorities
(CAs) and Relying Parties (RPs) participating in the Resource Public
Key Infrastructure (RPKI) will need to follow to transition to a new
(and probably cryptographically stronger) algorithm set. The process
is expected to be completed in a time scale of months or years.
Consequently, no emergency transition is specified. The transition
procedure defined in this document supports only a top-down migration
(parent migrates before children).
The file can be obtained via
http://datatracker.ietf.org/doc/draft-ietf-sidr-algorithm-agility/
IESG discussion can be tracked via
http://datatracker.ietf.org/doc/draft-ietf-sidr-algorithm-agility/ballot/
No IPR declarations have been submitted directly on this I-D.
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
.
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
