sted service simultaneously for some time, allowing relying parties to
pick up the new objects, before switching off the hosted service.
Similarly, when someone wants to wholesale replace their RPKI infrastructure
with a new implementation they may choose to run old and new side-by-side.
Rob
--
22)
> --
> Title : A Profile for X.509 PKIX Resource Certificates
> Publication Date: February 2012
> Author(s) : G. Huston, G. Michaelson, R. Loomans
> Category: PROPOSED STANDARD
> Source : S
st such an object:
http://tools.ietf.org/html/draft-huston-sidr-aao-profile-03
Rob
--
Robert Loomans email: robe...@apnic.net
Senior Software Engineer, APNICsip:robe...@voip.apnic.net
http://www.apnic.net/ phone:
> opposed. If you are opposed, please indicate why.
>
> --Sandy, speaking with wg chair bonnet on
>
> ___
> sidr mailing list
> sidr@ietf.org
> https://www.ietf.org/mailman/listinfo/sidr
--
Robert Loomans email:
please indicate why.
>
> --Sandy, speaking with wg chair derby on
>
> ___
> sidr mailing list
> sidr@ietf.org
> https://www.ietf.org/mailman/listinfo/sidr
--
Robert Loomans email: robe...@apnic.net
Se
he IESG or if you are
> opposed. If you are opposed, please indicate why.
>
> --Sandy, speaking with wg chair turban on
>
> ___
> sidr mailing list
> sidr@ietf.org
> https://www.ietf.org/mailman/listinfo/sidr
--
Robert Loo
> opposed. If you are opposed, please indicate why.
>
> --Sandy, speaking with wg chair beret on
>
> ___
> sidr mailing list
> sidr@ietf.org
> https://www.ietf.org/mailman/listinfo/sidr
--
Robert Loomans
mission to the IESG or if you are
> opposed. If you are opposed, please indicate why.
>
> --Sandy, speaking with wg chair homburg on
>
> ___
> sidr mailing list
> sidr@ietf.org
> https://www.ietf.org/mailman/listinfo/sidr
--
R
doption will end in two weeks on 8 Sep
> 2010.
>
> --Sandy, speaking as wg chair
>
>
> ___
> sidr mailing list
> sidr@ietf.org
> https://www.ietf.org/mailman/listinfo/sidr
--
Robert Loomans email:
00 Bad Data
There is an existing HTTP code for this: 503 Service Unavailable.
Rob
--
Robert Loomans email: robe...@apnic.net
Senior Software Engineer, APNICsip:robe...@voip.apnic.net
http://www.apnic.net/ phone:
o see one set of terminology for results from
the RPKI. Hopefully, one that doesn't conflict with other PKI usage.
Rob
--
Robert Loomans
On 24/05/2010, at 10:15, Terry Manderson
wrote:
On 22/05/10 10:30 PM, "Robert Loomans" wrote:
[ If you were to base a comparison f
valid = 1
unknown = 0
invalid = -1
]
I don't think that "unverified" quite cuts it in this context, as it is not the
negative counterpart to the positive "verified" assertion. A naive
reader/implementer might believe that "unverified" is less du
I'm in favour, and I'm happy to review drafts.
Rob
--
Robert Loomans email: robe...@apnic.net
Senior Software Engineer, APNICsip:robe...@voip.apnic.net
http://www.apnic.net/ phone: +61 7
with this: A MUST would be too strong here; I believe that a
SHOULD is appropriate.
Rob
--
Robert Loomans email: robe...@apnic.net
Senior Software Engineer, APNICsip:robe...@voip.apnic.net
http://www.apnic.net/ phone:
Please accept, I'm happy to review.
Rob
--
Robert Loomans email: robe...@apnic.net
Senior Software Engineer, APNICsip:robe...@voip.apnic.net
http://www.apnic.net/ phone: +61 7 3858
dation is sufficient as-is, needs nit fixes, or
more.
Thanks,
Rob
--
Robert Loomans email: robe...@apnic.net
Senior Software Engineer, APNICsip:robe...@voip.apnic.net
http://www.apnic.net/ phone:
see a clear statement as to what this draft
says for which the existing draft-ietf-sidr-roa-validation is insufficient.
Rob
--
Robert Loomans email: robe...@apnic.net
Senior Software Engineer, APNICsip:robe...@voip.apnic.net
http://www.apnic.net/
operational routing decisions (e.g., ISPs,
RIRs, NIRs) SHOULD download and validate updates at least once
every
three hours.
Rob
--
Robert Loomans Email: robe...@apnic.net
Senior Software Engineer, APNICPhone:+61 7 3858 3100
http
sted best practice (and the default installed by
relying party tools) is 12 hours, say, then a large percentage of
installations will be using 12 hours, because people don't bother to
change defaults.
Rob
--
Robert Loomans email: robe...@apnic.net
Senior Software E
I support adoption, and I will review.
Rob
--
Robert Loomans email: robe...@apnic.net
Senior Software Engineer, APNICsip:robe...@voip.apnic.net
http://www.apnic.net/ phone: +61 7 3858 3100
Yes, please adopt this draft as a WG item.
Rob
--
Robert Loomans
On 26/03/2009, at 12:32, Sandra Murphy wrote:
There were objections yesterday in the sidr meeting to the way that
draft-ietf-sidr-ta-00.txt became a wg draft.
draft-ietf-sidr-ta-00.txt was an extract of an important
> ... where resources are listed in the 3779 attributes following the
> paradigm that no two TA organisations can be authoritative for the
> same information? (in that model)
I'm not sure that's a valid assumption. I believe that this would
preclude make-before-break transfer
a BOA, it means that neither
AS5 *nor* prefixes 10.0.0.0/8 and more specific should *ever* appear in
routing, together or separately.
Geoff, George, Terry, is my understanding correct?
Rob
--
Robert Loomans Email: [EMAIL PROTECTED]
Senior Software Engineer, APNIC
txt
> http://www3.ietf.org/proceedings/08nov/slides/sidr-3.pdf
I'm happy to see this adopted as a WG item... and I will participate in
discussion and review.
Rob
--
Robert Loomans Email: [EMAIL PROTECTED]
Senior Software Engineer, APNIC
http://www.imc.org/ietf-pkix/pkix-oid.asn
Both id-cp(id-pkix 14) and id-cp-sbgpCertificatePolicy(id-cp 1) are
already assigned.
Cheers,
Rob
--
Robert Loomans Email: [EMAIL PROTECTED]
Senior Software Engineer, APNICPhone:+61 7 3858 3100
Friday, Oct 22.
I'm for adoption: I would like to see the idea explored.
I will participate in any discussion.
Rob
--
Robert Loomans Email: [EMAIL PROTECTED]
Senior Software Engineer, APNIC Phone: +61 7 3858 3100
http://www.apnic.ne
uld be counter to the purpose of the manifest.
> IMHO, of course.
Yes, a partial manifest is useless. You can't validate it.
Rob
--
Robert Loomans Email: [EMAIL PROTECTED]
Senior Software Engineer, APNIC Phone: +61 7
such
>a case this situation should result in a warning to the effect that:
>"The following files that should have been present in the repository
> at , are missing . This indicates an
>attack against this publication point, or the repository, or an error
>by the
the way of value to enforce this within
the ROA. The noise it adds is harmless.
Having a canonical form can reduce the number of interoperability
problems and makes writing test cases easier.
Rob
--
Robert Loomans Email: [EMAIL PROTECTED]
Senior Soft
[ Disclaimer: I am a co-author of this draft ]
I believe this is appropriate for SIDR adopt, and I will comment on it.
Rob
--
Robert Loomans Email: [EMAIL PROTECTED]
Senior Software Engineer, APNIC Phone: +61 7 3858 3100
http://www.apnic.net
--
Robert Loomans Email: [EMAIL PROTECTED]
Senior Software Engineer, APNIC Phone: +61 7 3858 3100
http://www.apnic.net Fax: +61 7 3858 3199
smime.p7s
Description: S/MIME Cryptographic Signature
Sandy,
I would like to request that draft-huston-sidr-bogons-00.txt be adopted
as a SIDR WG document.
As a counterpart to the ROA draft, I believe this falls within SIDR's
charter.
http://www.potaroo.net/ietf/all-ids/draft-huston-sidr-bogons-00.txt
Cheers,
Rob
--
Robert Lo
be in
place :)
Cheers,
Rob
--
Robert Loomans Email: [EMAIL PROTECTED]
Senior Software Engineer, APNIC Phone: +61 7 3858 3100
http://www.apnic.net Fax: +61 7 3858 3199
smime.p7s
Description: S/MIM
t's certainly possible assuming the manifest is there. Currently
the manifests are optional.
Rob
--
Robert Loomans Email: [EMAIL PROTECTED]
Senior Software Engineer, APNIC Phone: +61 7 3858 3100
http://www.apnic.net
note that as these are all signed, foreign
objects are detectable by relying parties.
Ok, what I said was poorly worded. I'll rephrase: None of the current
drafts specify the mechanisms or protocols used to modify the contents
of the repositories.
Rob
--
Robert Lo
m, is called an
> “aggregate” if the compilation and its resulting copyright are not
> used to limit the access or legal rights of the compilation's users
> beyond what the individual works permit. Inclusion of a covered work
> in an aggregate does not cause this License t
cribe fetching from them.
Rob
--
Robert Loomans Email: [EMAIL PROTECTED]
Senior Software Engineer, APNIC Phone: +61 7 3858 3100
http://www.apnic.net Fax: +61 7 3858 3199
smime.p7s
Description: S/MIME Cryptogr
--
Robert Loomans Email: [EMAIL PROTECTED]
Senior Software Engineer, APNIC Phone: +61 7 3858 3100
http://www.apnic.net Fax: +61 7 3858 3199
smime.p7s
Description: S/MIME Cryptographic Signature
appropriate certificates, CRLs, etc.
Rob
--
Robert Loomans Email: [EMAIL PROTECTED]
Senior Software Engineer, APNIC Phone: +61 7 3858 3100
http://www.apnic.net Fax: +61 7 3858 3199
smime.p7s
Description: S/MIME
I would like this adopted.
I will continue to help with writing and reviewing.
Rob
--
Robert Loomans Email: [EMAIL PROTECTED]
Senior Programmer/Analyst, APNIC Phone:+61 7 3858 3100
http://www.apnic.net Fax:+61 7
I'd like to see manifests adopted.
I will read and comment on the drafts.
Rob
--
Robert Loomans Email: [EMAIL PROTECTED]
Senior Programmer/Analyst, APNIC Phone:+61 7 3858 3100
http://www.apnic.net Fax:+61 7
the encoding match.
If it did, it would conflict with RFC3779 which requires the minimal
encoding.
eg, A ROA could have two prefixes, say 11.0.0.0/8 and 12.0.0.0/8,
encoded as two IPAddress fields, whereas RFC3779 would dictate that they
would be encoded as a range 11.0.0.0-12.255.255.255.
Rob
if the TA is provided as a self-signed cert.
Alternatively, if there isn't a URL in the TA material, where do we
start pulling pulling certs from?
Rob
--
Robert Loomans Email: [EMAIL PROTECTED]
Programmer/Analyst, APNIC Phone:
y minimising
the "chattiness" of the protocol and thus the effect of round-trip
times. I think that is another property of rsync that would be useful to
retain.
Rob
--
Robert Loomans Email: [EMAIL PROTECTED]
Programmer/Analyst, APNIC
ts/files, and, if you already have an old tree, just the
changes. We could implement this in any transport, but RSYNC does this
for free.
> In general, the draft seems to systematically misspell words like
> "authorise" and "recognise", in defiance of the authors'
45 matches
Mail list logo
