Re: [sidr] I-D Action: draft-ietf-sidr-publication-09.txt

[George Michaelson]

This is a service protocol for people who are in a relationship about
RPKI objects, and want to commission and operate publication through
the parent who signs over them, and their products. The bPKI is not
RPKI, its discrete, and separate. So the intrusion of this protocol
into SIDR is about its consequence, not it, as a protocol itself. It
could be in a PKIX class generic WG. Meh. It doesn't matter, its here,
and we can move it.

It feels to me like its good-enough: it protects the payload, it
identifies each side, it is transactional (all-or-nothing) so the
partial failure consequences simply don't arise in a bulk operation:
either get it all right, or nothing changes.

Managing a bPKI is a nightmare all in itself. I like that this
discretely side-steps the question, because its really not material:
If you trust each other anyway because of outside process to use
certs, then this protocol lets a server-client pair talk and get a job
done.

Don't big the role up. Focus. This document is focussed and brief. That works.

Ship it.

PS my sense of 'why have repositories' is orthogonal to this question.
Given they exist, they need to be managed, and thats a service
function which should operate in an open specification. I will be
recommending operational people in APNIC to consider this for
implementation, if there is a driver for (re)publication through APNIC
to reduce repository count overall.

G

On Thu, Sep 22, 2016 at 8:40 AM, Rob Austein  wrote:
> Updated per request from WG chairs.  No changes to protocol syntax or
> semantics since version that went through WGLC.
>
> Other than refreshing the I-D (the old one-D was about to expire), the
> only change was a minor tweak to the RelaxNG schema, to better enforce
> syntactic constraints already present in the normative text.
>
> ___
> sidr mailing list
> sidr@ietf.org
> https://www.ietf.org/mailman/listinfo/sidr

___
sidr mailing list
sidr@ietf.org
https://www.ietf.org/mailman/listinfo/sidr

Re: [sidr] I-D Action: draft-ietf-sidr-publication-09.txt

[Rob Austein]

Updated per request from WG chairs.  No changes to protocol syntax or
semantics since version that went through WGLC.

Other than refreshing the I-D (the old one-D was about to expire), the
only change was a minor tweak to the RelaxNG schema, to better enforce
syntactic constraints already present in the normative text.

___
sidr mailing list
sidr@ietf.org
https://www.ietf.org/mailman/listinfo/sidr

[sidr] I-D Action: draft-ietf-sidr-publication-09.txt

[internet-drafts]

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Secure Inter-Domain Routing of the IETF.

Title   : A Publication Protocol for the Resource Public Key 
Infrastructure (RPKI)
Authors : Samuel Weiler
  Anuja Sonalker
  Rob Austein
Filename: draft-ietf-sidr-publication-09.txt
Pages   : 17
Date: 2016-09-21

Abstract:
   This document defines a protocol for publishing Resource Public Key
   Infrastructure (RPKI) objects.  Even though the RPKI will have many
   participants issuing certificates and creating other objects, it is
   operationally useful to consolidate the publication of those objects.
   This document provides the protocol for doing so.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-sidr-publication/

There's also a htmlized version available at:
https://tools.ietf.org/html/draft-ietf-sidr-publication-09

A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-sidr-publication-09


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

___
sidr mailing list
sidr@ietf.org
https://www.ietf.org/mailman/listinfo/sidr