On 8/24/2011 1:27 PM, Paul Hoffman wrote:
On Aug 24, 2011, at 12:19 PM, Joe Touch wrote:
Is there ever a reason that this service should exist as a totally open and
insecure port?
Given that it is explicitly listed in the draft, I find it worrisome that you
even ask the question.
Caches and routers MUST implement unprotected transport over TCP
using a port, RPKI-Rtr, to be assigned, see Section 12. Operators
SHOULD use procedural means, ACLs, ... to reduce the exposure to
authentication issues.
I saw a declaration that this was required, but no REASON that
unprotected transport was necessary.
Also, is there a reason for not assuming that the out-of-band and
in-band services cannot exist on the same port (other than performance
of the connection establishment)?
Those aren't enough !?!?
"those"? I listed only one - performance.
There are not enough ports to assign multiples just for performance reasons.
Joe
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
