Sandy,
On Jun 30, 2014, at 6:09 PM, Sandra Murphy <[email protected]> wrote:
So we need to come up with a way to get the AS number to the CA, also.
To continue this thought…
There's a list in RFC6487 of the certificate extensions that are allowed in the
PKCS#10 request.
Is there any reason why we could not just include the AS Resources extension in
the list of allowed extensions in the/a PKCS#10 request? AS Resources is a
list, which is what is needed.
Would that be the right authority relationship? (the router is the authority
for saying what AS(ASs) the router uses?
I would not say that the router is the authority; the operator is the
authority, and the operator
should be controlling the CA. Still, the router could include the AS
list in the request, and
the CA could filter it to match it's config database.
Steve
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
