On 18/07/11 12:42 PM, "Stephen Kent" <k...@bbn.com> wrote:
> At 4:42 PM -0700 7/17/11, Terry Manderson wrote: > > the filename extension, which is part of the "file" data type above, > conveys the needed info. yes, one could add an OID here, but > ultimately an RP will check the syntax and know which file is what > type. Som, adding an OID doesn't seem to help much in a manifest. So, I'm confused.. if the RP ultimately checks the syntax, why is tagging needed at all? > > if there are no mandated filename extensions, then every pub point is > a mini-DoS attack, as Rob noted. We can't prevent a rogue pub point > manager (or CA) from mislabelling files relative to the 3-char > extension, but why invite chaos :-)? Right, so its a processing issue. So through the hierarchy (loosely speaking TA points to CA, CA points to Rescert, Rescert points to publication point and manifest) the lesser of the chaos scenarios would be to put the 'labeling' in the highest possible location within the publication point. I'm guessing the most sane is the Manifest, if it is truly a standards action requirement. As the manifest is a signed object, it has the benefit of being tightly interpreted as an attestation by the issuer that this 'file' with a specified hash is a ROA. How much clearer do you need to be? or want to be? > > An earlier draft of this doc called the extensions mere > recommendations. I persuaded Geoff to make them mandatory. The > arguments I made then still > apply, which is why STD vs. BCP seems appropriate, to me. > Were those arguments made on list? if so I will go hunting and reflect on them with a Merlot in hand this evening. Terry _______________________________________________ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr
