i think this is a worthwhile effort and this document is a good place to
start.
--
presuming there is consensus to adopt, i have some some nits we can
discuss when it is a wg item.
o i thought folk wanted a blank line between the URI(s) and the key
o last para of 2.2 says
Where the TAL contains two or more rsync URIs, then the same
self-signed CA certificate MUST be found at each referenced
location.
maybe should say what happens when one or more do not have the same
cert? does the whole TAL get ignored?
o same last para of 2.2
it is RECOMMENDED that the domain name parts of each of these
URIs resolve to distinct IP addresses that are used by a diverse
set of repository publication points, and these IP addresses be
included in distinct Route Origination Authorizations (ROAs)
objects signed by different CAs.
as this is ops guidance, and really the core of the proposed change,
perhaps the rationale for this should be given
o 3.1
Retrieve the object referenced by (one of) the URI(s) contained
in the TAL.
you may want to give some guidance as to which one. pseudo-random?
first? think load balancing, proximity, ..., a la dns
and then there are the questions folk have been raising about
consistency, etc., which i will leave to them.
randy
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
