Sandy,
I think "draft-ietf-sidr-rpki-validation-reconsidered served a valuable
purpose,
highlighting valid concerns about potential fragility in the RPKI, in
the face of
errors by CAs and in the context of INR transfers. However, I feel that
this I-D
should not progress.
The topic of INR transfers is being addressed in much grater detail in
draft-ymbk-sidr-transfer (which lists Geoff and George as co-authors).
This doc.
for which I provided extensive comments over the summer, is examining
discussing
INR transfers in a more thorough fashion and thus should provide a
better basis for
selecting a standard mechanism for their support.
The impact of errors by CAs is being examined in a much broader context
in an I-D that
Di Ma and I have authored: draft-kent-sidr-adverse-actions. This
document examines
a very wide range of impacts that can result from an error by a CA or an
attack
against a CA (or an error/attack involving a repository manager). Thus I
feel that it
will provide a more comprehensive analysis of the sort of concerns raised in
validation-reconsidered.
Finally, the the validation algorithm change proposed in
validation-reconsidered does
not address the broader range of errors noted in adverse-actions. It
also is not compatible
with current RP software designs that validates CA (not just EE) certs
as part of local cache
maintenance.
Once the sidr-transfer and adverse-actions I-Ds are completed, I believe
the WG
will be a much better position to develop mechanisms that will address
both sets
of concerns noted above.
Steve
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
