At Sun, 05 Aug 2007 11:27:01 +1000, Geoff Huston wrote: > > Rob Austein wrote: > > Having thought about this a bit, I remain skeptical about the need for > > or desirability of multiple signatures on ROAs. > > > > First, as others have mentioned, this is a relatively low-probability > > hypothetical case, and if it occurs at all it would be the result of > > an issuer deliberately chosing to make life complicated for its > > subjects. This does not strike me as a strong case for complicating > > the protocol (if anything, it strikes me as the opposite, absent proof > > that this complexity really is necessary).
I still stand by this part of what I said. > > Second, I don't see why this can't be handled via multiple ROAs > > instead of multiple signatures on a single ROA. As I understand it, > > relying parties in this system are going to have to deal with the > > possibility of multiple ROAs for the same AS number in any case; > > adding multiple signatures to ROAs will not change that. > > So if seems to me that you are saying that an advertisement for > 192.0.2.0/24 originated from AS65000 could be validated by two ROAs, > namely 192.0.2.0/25 authorizing AS65000 and 192.0.2.128/25 authorizing > AS65000 > > To me, this appears to make the relying party's job harder given that > the relying party is no longer just looking for either exact match ROAs > or covering aggregate ROAs but now also has to search for a collection > of more specific ROAs that could be used to construct an aggregate that > matches the prefix to be validated. Upon further consideration and some offline discussion, I agree with you on this point. I was confused about the other cases where I thought one might need to construct an aggregate from multiple ROAs. But this was a side point. That my proposed work-around to a non-problem is itself unworkable does not change the nature of the non-problem. > > So, since on the one hand this whole mess can be avoided by an issuer > > who wants to avoid it, and on the other hand there's a perfectly good > > way to handle it that we're going to have to support anyway, on the > > gripping hand I do not support the proposed change to allow multiple > > signatures. > > > > I don't agree with this assessment and to me ruling out the ability of > multiple signatures on a ROA introduces the potential for undue levels > of uncertainty in relying party validation of route objects. For that > reason I continue to support the concept of allowing multiple signatures > on a ROAs. I don't see how this follows. I still don't believe that there's any real need for multiple signatures, because there's no good reason for the issuer to force this mess upon its subjects. As far as I can tell this is a non-problem to which we do not need a solution. _______________________________________________ Sidr mailing list [email protected] https://www1.ietf.org/mailman/listinfo/sidr
