I am sympathetic to the concerns that Randy has cited. In particular, I
am uncomfortable
with the ability of a signer to enumerate an unconstrained list of
object types that
are signed. We need to consider the semantic of each object that can be
covered by a
sig and decide whether they are consistent with what the RPKI certifies.
If not, then
that object type must be excluded. If we can come to agreement on a
scheme of this
sort, I might be supportive of this proposal.
Steve
p.s. I have raised this concern in the past. If the current version of
the doc,
which I have not reviewed recently, has addresses this issue, then maybe
we're
OK.
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
