Hey Chris, The implications of putting signatures on updates that are both globally visible/verifiable and implicitly give object-level security to updates is WAY different than the semantics of the keying done today. The implications of the scope of these keys puts them in a much different role. I was assuming that was clear, but maybe not?
Eric ----- Original Message ----- From: Christopher Morrow [mailto:morrowc.li...@gmail.com] Sent: Friday, May 04, 2012 09:54 PM To: Osterweil, Eric Cc: morr...@ops-netman.net <morr...@ops-netman.net>; sandra.mur...@sparta.com <sandra.mur...@sparta.com>; da...@tcb.net <da...@tcb.net>; sidr@ietf.org <sidr@ietf.org>; sidr-cha...@tools.ietf.org <sidr-cha...@tools.ietf.org>; sidr-...@tools.ietf.org <sidr-...@tools.ietf.org> Subject: Re: [sidr] RPKI and private keys (was RE: Interim Meeting Draft Agenda: 04-30-2012 (April 30, 2012))) On Fri, May 4, 2012 at 9:37 PM, Osterweil, Eric <eosterw...@verisign.com> wrote: > Hey Chris, > > Yeah, I read that. I know there's a tendency for some people to want to talk > about bath houses on this list, but I was going to pass on that. > > As for draft-ymbk-bgpsec-rtr-rekeying-00.txt, that draft just points out the > inadequacies of either approach and that there is no good solution. My take > is that this is indicative of a misalignment between a given architecture and > implicit requirements. Sometimes you can't patch the holes in a leaky ship, > you need to reassess the requirements. I think the evidence illustrates that > this is the case here. > it seems to me that putting key-material on a distant router is done today... isn't it? or are you saying that how you do it today leaves you feeling icky, and you'd rather another method be devised? Could you outline a possible method? (provide a solution, for instance) > Eric > > > ----- Original Message ----- > From: Chris Morrow [mailto:morr...@ops-netman.net] > Sent: Friday, May 04, 2012 09:28 PM > To: Osterweil, Eric > Cc: 'sandra.mur...@sparta.com' <sandra.mur...@sparta.com>; 'da...@tcb.net' > <da...@tcb.net>; 'morrowc.li...@gmail.com' <morrowc.li...@gmail.com>; > 'sidr@ietf.org' <sidr@ietf.org>; 'sidr-cha...@tools.ietf.org' > <sidr-cha...@tools.ietf.org>; 'sidr-...@tools.ietf.org' > <sidr-...@tools.ietf.org> > Subject: Re: [sidr] RPKI and private keys (was RE: Interim Meeting Draft > Agenda: 04-30-2012 (April 30, 2012))) > > > > On 05/04/2012 08:59 PM, Osterweil, Eric wrote: > >> His point is NOT addressed by any draft in the wg (since you asked). > > read randy's mentioned draft? _______________________________________________ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr
