Hi Randy, On 5/11/16 12:42 PM, Randy Bush wrote: >> I would propose adding some text to this draft (probably as a >> sub-section in section 2) that says that the SIA defined in RFC 6487 is >> omitted when a certificate is used to sign RPSL objects. > > perhaps you might also include your reasoning for this seemingly odd > choice.
The SIA in 6487 mandates an rsync URI that points to the object that is signed with the certificate. I am not aware of any RPSL servers that support referencing an RPSL object via rsync. > >> I agree that the original text allowing multiple signatures supports >> the case where the components of the primary key of the object (i.e., >> prefix+ASN) come from different resource holders. I will restore that >> text. > > this is gonna be really simple; no complications at all i am sure. > > btw, was this a consensus of the wg? The original draft supported multiple signature attributes. During WG review (WGLC?, don't recall), several people suggested simplifying the approach by only allowing one signature attribute. Given the route[6] example, we need multiple signatures modulo the proposed text to clarify the handling/generation of those signatures. Regards, Brian
signature.asc
Description: OpenPGP digital signature
_______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
