[sidr] TA questions

To: "sidr at ietf.org" <sidr at ietf.org>
Subject: [sidr] TA questions
From: Robert Kisteleki <robert at ripe.net>
Date: Thu, 05 Nov 2009 09:50:10 +0100
Delivered-to: sidr at core3.amsl.com
List-archive: <http://www.ietf.org/mail-archive/web/sidr>
List-help: <mailto:sidr-request@ietf.org?subject=help>
List-id: Secure Interdomain Routing <sidr.ietf.org>
List-post: <mailto:sidr@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
Organization: RIPE NCC
User-agent: Thunderbird 2.0.0.23 (Macintosh/20090812)

Hi,

I'm proxying two questions from our development team regarding the TA draft:

1) How do the authors envision key roll overs for the RTA?

Even though the draft allows for re-publication of the self-signed RTA withnew resources, it does not seem to address key roll overs for that RTA. Itseems one would have to publish a new ETA to support this, which would makeinvalidating the previous RTA (if that's ever needed) difficult.


2) Can we have a more clear pointer the RTACMS object for relying parties?

The current proposal has the ETA CA point to a directory. See page 7 of thedraft for an ascii-art representation of this. This means that relyingparties will have to find the actual RTACMS object in this directorythemselves. Probably rsync the whole thing and loop over the entries tofigure out which is which.


Robert

Follow-Ups:
- Re: [sidr] TA questions
  - From: George Michaelson

Prev by Date: [sidr] ISOC roundtable on Securing Routing Information
Next by Date: Re: [sidr] sidr-arch-09 refresh cycle time
Previous by thread: [sidr] ISOC roundtable on Securing Routing Information
Next by thread: Re: [sidr] TA questions
Index(es):
- Date
- Thread

[sidr] TA questions

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.