Hi all, > On 27 Feb 2017, at 10:24, Oleg Muravskiy <[email protected]> wrote: > > Hi everybody, > >> On 23 Feb 2017, at 20:25, Alvaro Retana (aretana) <[email protected]> wrote: >> >> Tim: >> >> Hi! >> >> Given the feedback so far on the list, I think we should roll back the >> updates in preparation for next week’s IESG Telechat. > > Currently RFC7730 (TAL format) only allows rsync URIs in there. > > In order to allow RRDP in TAL, I think we have to keep the update to RFC7730 > in draft-ietf-sidr-delta-protocol, namely this part of the draft:
While I share my co-author's enthusiasm to update the TAL document, I propose to do this as a separate effort so that the delta protocol doesn't depend on this. It's not needed by the protocol after all, but would help scale access to Trust Anchor certificates. Also when we go here I believe we will have to allow HTTPS specifically as an alternative scheme. And we may have discussions whether it should be allowed in addition or even instead of rsync (which I believe may be a lot simpler than phasing out rsync everywhere else). Tim > > ============================================================================ > 4.3. Updates to RFC7730 > > 4.3.1. Update in Section 2.1, Trust Anchor Locator Format > > OLD: > > where the URI section is comprised of one of more of the ordered > sequence of: > > 1.1) an rsync URI [RFC5781], > > 1.2) a <CRLF> or <LF> line break. > > NEW: > > where the URI section is comprised of one of more of the ordered > sequence of: > > 1.1) a URI [RFC3986], > > 1.2) a <CRLF> or <LF> line break. > > 4.3.2. Update in Section 2.2, TAL and Trust Anchor Certificate > Considerations > > OLD: > > Each rsync URI in the TAL MUST reference a single object. It MUST > NOT reference a directory or any other form of collection of > objects. > > ... > > Where the TAL contains two or more rsync URIs, then the same self- > signed CA certificate MUST be found at each referenced location. > > NEW: > > Each URI in the TAL MUST reference a single object. It MUST NOT > reference a directory or any other form of collection of objects. > > ... > > Where the TAL contains two or more URIs, then the same self-signed > CA certificate MUST be found at each referenced location. > > 4.3.3. Update in Section 5.1, Normative References > > Remove the reference to RFC5781, "The rsync URI Scheme". > > Add a reference to RFC3986, "Uniform Resource Identifier (URI): > Generic Syntax". > > > ============================================================================ > > What do you think? > > Oleg > > >> >> Thanks! >> >> Alvaro. >> >> On 2/17/17, 9:56 AM, "sidr on behalf of Alvaro Retana (aretana)" >> <[email protected] on behalf of [email protected]> wrote: >> >>> **Chairs**: Given that this is a significant change, and that the WG may >>> have not been >>> focused on the discussion, and that we now have a little more time given >>> the fact that the >>> IESG review of this document was deferred until Mar/2… Please explicitly >>> ask the WG to >>> review the Updates to RFC6480, RFC6481 and RFC7730. I think that a week of >>> discussion >>> on the list should be enough. >> >> > _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
