> From: sidr-boun...@ietf.org [mailto:sidr-boun...@ietf.org] On Behalf Of > Randy Bush > > > Note that cut/copy and paste operations over a SSH-proected CLI > session > > for keys over a certain sizes is error-prone; a less error process is > to > ^-prone > > use a USB or CF device to copy the key to and then insert the device > in > > to the router. > > way too detailed. you noted that pure text copy/paste is error prone. > that's enough. do you really want to get into the 42 other ways of > doing it? how about copy/paste of a checksummed package containing the > credential? or xmodem? and don't forget paper tape! :) >
[WEG] Agree with Randy. Was more thinking about this in terms of the hardware swap scenario (section 5), rather than initial key provisioning. You say that vendors SHOULD allow the key to be offloaded and then provide examples of offload methods, but sneakernet isn't one of them. I don't think we have to tell implementers to support importing a key from a filesystem (in whatever form) but being explicit about the ability to EXPORT it to a filesystem is a different matter. Thanks Wes This E-mail and any of its attachments may contain Time Warner Cable proprietary information, which is privileged, confidential, or subject to copyright belonging to Time Warner Cable. This E-mail is intended solely for the use of the individual or entity to which it is addressed. If you are not the intended recipient of this E-mail, you are hereby notified that any dissemination, distribution, copying, or action taken in relation to the contents of and attachments to this E-mail is strictly prohibited and may be unlawful. If you have received this E-mail in error, please notify the sender immediately and permanently delete the original and any copy of this E-mail and any printout. _______________________________________________ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr
