Hi, Andy,
Sorry to take so long to reply... I was out of the office for much of
Thurs/Fri. Responses in line below....
On 11/12/15 9:43 AM, Andy Newton wrote:
On Nov 5, 2015, at 3:53 PM, Karen Seo <[email protected]> wrote:
Folks,
I think the authors have brought up some pertinent issues which have helped inspire other
work which subsumes them. So I thank them but agree that it seems appropriate to drop
this draft since those issues are now being covered in other documents and those
documents have additional detail. Randy's I-D discusses INR transfers. Steve's draft on
adverse action provides a detailed analysis of the "operational fragility" of
the RPKI in the face of attacks and errors. So, if the adverse actions draft is adopted
by the WG, we (the WG) could use the requirements stemming from these two IDs as the
basis for a solution(s) document. Just personal preference, but I also find having one
document per topic/issue (at least when they're as complex as is the case with the threat
analysis) easier to follow and would also like to separate defining of issues and their
requirements from describing the solution.
If I’m reading your argument correctly, you’re saying that
validation-reconsidered is not necessary because Kent’s adverse actions draft
provides a solution.
Sorry, what I meant was that it would be a good idea for the WG to do a
threat analysis which could then be used to prioritize issues and shape
solutions but not contain solutions. Do you agree with this premise?
The adverse actions seems to me to be a good place to start. If
validation reconsidered identifies threats that aren't covered in the
threat analysis, I think we should add them to the threat analysis.
Except that it doesn’t. Validation reconsidered stops the harm before it
happens, where as the adverse actions draft says two things: 1) monitor and fix
the harm after it has happened, and 2) RPs should be smarter. Setting aside the
hand-waving and lack of a concrete solution, these are not comparable proposals.
I defer to Steve on this, I believe he intends to remove the
remediation text.
Thank you,
Karen
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
