On 20/03/2013 17:41, Russ White wrote:
>
>> What we probably need need is something that flags that a Certificate
>> or a ROA has disappeared in the last X time. Then as operator we could
>> take the action to decide if this was an attack or a valid revocation.
>
> That is probably a good idea... But since the ROAs are time based
> themselves, it might be hard to do (?).
>
> :-)
Not sure if it is so hard.
If the ROA expires because of the date is not longer valid, then there
is normal and a high probability that there is no attack.
Only, if the ROA is valid in the previous state and in the current is
revoked or missing, then you will alert.
>
> Russ
>
/as
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
