Tim,
I think I was not clear in requesting clarification for your tests. I
didn't mean to
ask what your RP code does. I was asking what your CA code does to
detect and reject
over-claiming, and what it will do under relaxed validation rules. I ask
because it
may be harder to perform such checks when there is an explicit intent to
issue a CA cert
that contains INRs not present in the parent cert.
....
And I understand that a whole tree being invalidated is a pretty
strong motivator for fixing stuff. But I find the operational impact
and liability of this happening at the top of the hierarchy
disproportionate. Therefore I am advocating a model where the impact
is limited to INRs in question. In my opinion that is still bad enough
to motivate fixing things.
maybe.
Very practical example: if we stuff up our TA certificate now we
invalidate 2000+ members. With relaxed validation we would only affect
a few. And yes, this is still bad enough that we would want to fix it
ASAP.
With relaxed validation a CA can make a mistake that erroneously
allocates INRs to a child,
and there is no validation failure if the child and its descendents
don't use the INRs in question.
So feedback may not be as forthcoming.
The first sentence of the Abstract for TAO says:
This document defines an extension to the rpki-updown protocol to
provide support for transferring Internet Number Resources from one
INR holder to another.
That seems pretty clear.
That is indeed pretty clear. It is cited under 'alternative
approaches' though, so maybe we would do well to make it clear here
that this approach is designed to address one specific set of problems
(i.e. transfers), or leave it out.
You mean that the doc of which you are a coauthor mischaracterized TAO :-).
Steve
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
