At 4:39 PM +0200 9/17/09, Andrei Robachevsky wrote:
Stephen Kent wrote on 16-09-2009 17:53:
[...]
Statements about perceived trust in TAs are useful in PKIs that anoint
3rd parties as TAs, independent of real world authorization. The RPLI is
not such a PKI. Instead it seeks to have the real world entities that
manage allocation of resources act as CAs. I would urge us to NOT try to
make the RPKI into a trusted 3rd party PKI.
I agree. However, I envisage a scenario when the RP in your local TA
management scheme announces itself globally as a root CA/TA. And then
the question arises how one can distinguish between these ersatz RPKIs
and associated stuff (repositories, ROAs, etc.)?
Steve
Andrei
Andrie,
The local TA management mechanisms I described makes no provisions
for advertising TAs to a larger community. Any means of doing this
are outside the scope of the mechanism. If an entity has the
authority to convince other entities (in some domain) to accept it's
vision of the RPKI, based on applying local TA management mechanisms,
then it can do so, but how it does so it outside of the local TA
management mechanism.
Steve
_______________________________________________
sidr mailing list
sidr@ietf.org
https://www.ietf.org/mailman/listinfo/sidr