David,
What you may be looking for is Steve Kent's Trust Anchor Management
presentation (and the errata slide 13) - the last items in the SIDR
materials from IETF 75.
https://datatracker.ietf.org/meeting/75/materials.html
John
On 2009Sep14, at 3:58 PM, David Conrad wrote:
With SIDR,
Hi John,
While I appreciate the work by Steve here to allow a relying party to
put on the rose coloured validation glasses, it is an inside view
looking out. That means is allows an organisation to locally say what
it believes is the RPKI view of the world irrespective of what is said
At 9:51 AM +1000 9/15/09, Terry Manderson wrote:
Hi John,
While I appreciate the work by Steve here to allow a relying party
to put on the rose coloured validation glasses, it is an inside view
looking out. That means is allows an organisation to locally say
what it believes is the RPKI view
Hi Steve,
On 15/09/2009, at 11:03 AM, Stephen Kent wrote:
Terry,
I think you misunderstand the nature of trust anchors in PKIs. No
entity can force all relying parties adopt the entity as a TA,
period. The acceptance of a TA is always a local matter, if the
software is properly
Let me start by saying a couple of positive things:
1) In order to even start on securing this space, we are going to need
some sort of certificates
2) As far as I can tell, in order for the certificates to make any sense
they have got to be related to the hierarchy of address assignment.
In message 48da8f07-cc0a-4cfa-9153-056585483...@virtualized.org
David Conrad writes:
[.. snip, sorry ..]
Is this scenario accurate?
I haven't a clue. :-) I'm out of the layer 8 loop.
My understanding is that an entity with a very large address space
would be entitled to run their own
In message 6c269e52-839e-46f4-9db1-449cb2376...@isoc.org
John Schnizlein writes:
David,
What you may be looking for is Steve Kent's Trust Anchor Management
presentation (and the errata slide 13) - the last items in the SIDR
materials from IETF 75.