On Tue, Nov 24, 2015 at 12:58 PM Wes Hardaker <[email protected]> wrote:
> Christopher Morrow <[email protected]> writes: > > > Pinging this thread to catch anyone who didn't reply but had thoughts > > I'd like to close this out tomorrow before 5pm EST (10pm UTC). > > I've been considering the concept behind this document and whether the > concept should be carried forward by the working group. To me the > starting ID is frequently badly written or has too few editors, etc. > That always changes over time, so I'm not concerned about that issue in > particular until it is proven that no one will take it up (and many > won't volunteer for a question mark). > > So, on to the concept: in my younger years I was very strict and I would > have been against this concept from the beginning, because it does bring > the status of a given certificate into question. But my older and wiser > self has seen far too many difficult and failed protocol deployments > because of the complexity associated with "everyone everywhere needs to > do the right thing all the time". To me, the validation reconsidered > proposal mitigates some of the very likely real-world, real-human > deployment scenarios. And I don't think that the RPKI publicity side > can take too many negative hits (again, because I've watched too many > other protocols slow down at the minimum when negative publicity hits > them). In short, the validation reconsidered concept reduces the > real-world impact of necessary and accidental changes, which to me means > a deployment base that will be stronger even though we're "allowing > more". > > Does that do strange things to the status of a given certificate? Yes, > it definitely does. I know this will ruffle some feathers: but I > believe the goal of the RPKI was to make a decision, based on available > data, about the ability to trust that origin's announcement. Everything > else has come after, or more likely as a result of implementing, that goal. > The RPKI makes use of PKIX and certificates to achieve that goal, and > along the way became a fundamental staple that we're hesitant to > change. > > In the end, however, when I look at the primary original goal, along > with the need for a robust deployment, the validation reconsidered > proposal seems well worth the trade offs. > I've been delaying responding because I wasn't sure how to articulate my thoughts (and because I got sidetracked!). Wes managed to capture what I was thinking nicely. We should complete this. Hopefully I'm not too late for my views to be taken into account. W > > -- > Wes Hardaker > Parsons > > _______________________________________________ > sidr mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/sidr >
_______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
