Sandy,
speaking as regular ol' member
On Jul 24, 2014, at 12:09 PM, Tim Bruijnzeels <t...@ripe.net> wrote:
On Jul 24, 2014, at 11:30 AM, Sandra Murphy <sa...@tislabs.com> wrote:
On Jul 24, 2014, at 10:37 AM, Russ Housley <hous...@vigilsec.com> wrote:
…
RFC 3779 has been implemented. For example, OpenSSL implements RFC 3779, and
others make use of this certificate handling software. We are not talking
about a little tweak to such a library. Implementation would require a path
validation parameter to pass the content of the ROA.
Not sure that's the case. I think all RPKI recipients now need to do a
computation of which of a cert's resources are valid, which are not. The
*recipients* decide what the certificate says. This will impact interpretation
of a ROA but I don't think it requires something that has to get passed around
with the ROA.
I may have misread what Russ meant. When I said "passed around", I meant
passed with the ROA to someone downloading the RPKI data.
For that interpretation of "passed around" I agree that this is not the
case, i.e., no added
data need be downloaded from a repository or cache.
Steve
_______________________________________________
sidr mailing list
sidr@ietf.org
https://www.ietf.org/mailman/listinfo/sidr