Re: [sidr] Subject names wrt sidr-ta, sidr-arch

To: Terry Manderson <terry at terrym.net>
Subject: Re: [sidr] Subject names wrt sidr-ta, sidr-arch
From: Samuel Weiler <weiler+lists.sidr at watson.org>
Date: Thu, 16 Apr 2009 11:57:50 -0400 (EDT)
Cc: sidr at ietf.org
Delivered-to: sidr at core3.amsl.com
In-reply-to: <EC2847B6-B3A0-40A7-883F-7F3C2DC7E40B at terrym.net>
List-archive: <http://www.ietf.org/mail-archive/web/sidr>
List-help: <mailto:sidr-request@ietf.org?subject=help>
List-id: Secure Interdomain Routing <sidr.ietf.org>
List-post: <mailto:sidr@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
References: <EC2847B6-B3A0-40A7-883F-7F3C2DC7E40B at terrym.net>
User-agent: Alpine 2.00 (BSF 1167 2008-08-23)

On Mon, 13 Apr 2009, Terry Manderson wrote:

For no meaningful names:
	CPS isn't constructed to do identity checks on the resource recipient
Subordinate CAs may adopt a different CPS and make naminginconsistent

...

So, in this light I would urge the authors to remove allrequirements for ANY RPKI certs to be named, including the higherorder RPKI certs.


I concur.

As convenient as is surely would be to have meaningful names for IANAand the RIRs, there's nothing eventiny another entity from issingcerts with those names, and surely some tools will be written thatcheck the names rather than the keys. Let's not lead the tool writersinto such temptation.


-- Sam

Follow-Ups:
- Re: [sidr] Subject names wrt sidr-ta, sidr-arch
  - From: Samuel Weiler

References:
- [sidr] Subject names wrt sidr-ta, sidr-arch
  - From: Terry Manderson

Prev by Date: Re: [sidr] Subject names wrt sidr-ta, sidr-arch
Next by Date: Re: [sidr] GOST & SIDR
Previous by thread: Re: [sidr] Subject names wrt sidr-ta, sidr-arch
Next by thread: Re: [sidr] Subject names wrt sidr-ta, sidr-arch
Index(es):
- Date
- Thread

Re: [sidr] Subject names wrt sidr-ta, sidr-arch

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.