On 7/20/2011 11:24 PM, Terry Manderson wrote:
The problem is Randy, that this PKI requires full and complete distribution
through a sane repository system. Failure to have a full and complete
repository WILL lead to unintended (ie bad) results.
I agree that relying parties (RPs) need eventual access to the full
repository system, and it's true that repositories (not just filenames)
are considered unprotected structures.
But IMO this is why we have RP software that:
(1) caches valid objects from previous downloads,
(2) validates through the certificate chain, and
(3) does *not* simply blacklist an entire subtree when a single manifest
disappears (or more generally, when other parent objects are
inaccessible through the repo system).
With RP software that does those things, intermittent repository
dropouts and even intermittent corrupted repositories are okay.
What am I missing?
-Andrew
_______________________________________________
sidr mailing list
sidr@ietf.org
https://www.ietf.org/mailman/listinfo/sidr
