Hiya Stephen, On 5/18/16 11:51 AM, Stephen Farrell wrote: > Stephen Farrell has entered the following ballot position for > draft-ietf-sidr-rpsl-sig-11: Discuss > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-sidr-rpsl-sig/ > > > > ---------------------------------------------------------------------- > DISCUSS: > ---------------------------------------------------------------------- > > > I'd like to check one thing - this may be needed for strict > compliance with RPKI thing but it seems kinda weird to also > impose that here, but anyway... > > Is 3.2 step 1 needed? That seems like useless complexity > here. If it is needed, how does the verifier check that > it's really a single-use? I don't see the point TBH. >
This text was driven by the statement in RFC 6487 (Section 3) that says: The private key associated with an EE certificate is used to sign a single RPKI signed object, i.e., the EE certificate is used to validate only one object. Step 1 in 3.2 is there so that this approach follows the above directive on the use of the RPKI infrastructure/certificates. Regards, Brian
signature.asc
Description: OpenPGP digital signature
_______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
