speaking as regular ol' member On Jul 24, 2014, at 12:09 PM, Tim Bruijnzeels <[email protected]> wrote:
> > On Jul 24, 2014, at 11:30 AM, Sandra Murphy <[email protected]> wrote: >> On Jul 24, 2014, at 10:37 AM, Russ Housley <[email protected]> wrote: >> … > >>> RFC 3779 has been implemented. For example, OpenSSL implements RFC 3779, >>> and others make use of this certificate handling software. We are not >>> talking about a little tweak to such a library. Implementation would >>> require a path validation parameter to pass the content of the ROA. >> >> Not sure that's the case. I think all RPKI recipients now need to do a >> computation of which of a cert's resources are valid, which are not. The >> *recipients* decide what the certificate says. This will impact >> interpretation of a ROA but I don't think it requires something that has to >> get passed around with the ROA. I may have misread what Russ meant. When I said "passed around", I meant passed with the ROA to someone downloading the RPKI data. --Sandy
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
