>>> I think there is an easier way, as already suggested. Add the object >>> type to the manifest in FileandHash. >>> >>> 1) the rescert points to the publication point and manifest >>> 2) the manifest is mandatory >>> 3) the manifest is signed >>> 4) the manifest is nicely(?) readable ASN.1 >> >> so move the deck chairs from coding the type in a directory maintained >> by the operating system to one the spec and the programmers write and >> maintain? big win there, eh? > > The win is to eliminate a threat that has already been identified on the > list.
and is based on a weak premise. rpki security is based on object, not transport, security. stuff might be garbled in transport. and please remember that the manifest may be a proper subset of the directory. randy _______________________________________________ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr
