Hi Steve, On 8/6/14, 12:44 PM, Stephen Kent wrote: > Carlos, > > ... > It seems curious to me that it has taken 7 years for senior RIR tech > staff to > determine that there is a problem. You are relatively new to this > effort, but what > is the excuse for your co-authors?
I like reading here that there indeed you acknowledge that indeed *there is* a problem. We have some progress then. Sorry for being slow though, I promise to be better in the future. >>> But, then, so are IPv4 and v6 address prefixes. Do you propose creating >>> separate PKIs >>> for IPv4 and IPv6 addresses? >> Definitely not. Again, S-BGP is not a particularly good data point. I >> propose to *unbundle* the analysis of resource types when validating >> certs. I believe that is clear from my earlier email and from our draft. > The earlier draft did not contain an algorithm for doing what > Geoff has recently suggested as a way to do this. That I-D contained > a set of text that tried to convey what the authors wanted to happen, > but it was sloppy and focused only on EE cert validation. The current > I-D tries to describe a problem space, and it should do so without > prejudice wrt a solution. Your comments suggest otherwise. > (Also, since you keep criticizing S-BGP, how extensive is your > understanding Steve, you put words in my mouth, words that I didn't say. I don't criticize s-BGP. For all I know, it may very well be the best technology ever designed. However, the fact that it failed to gain any traction is undeniable. You might argue that the world at large is stupid and they failed to acknowledge they had the cure for everything in S-BGP, but I think we all know better than that. > the system, beyond knowing the acronym. Have you read any of the papers, > or are > your comments based on hearsay?) Mmmm I tried to find a single operator running S-BGP and failed. Sorry. Steve, I think you're taking this too personally. I understand that 3779 is your brainchild, and no one is saying that it is 'wrong' in any sense. The question about whether it is applicable to route and path validation as it is is a valid one, and there is very, very little coming from the rest of the WG explaining why we need strict 3779 or detailing what new attack vectors would be introduced by validation-revisited. Have a great weekend. -Carlos _______________________________________________ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr
