Iljitsch,
On 30 Apr 2015, at 19:48, Matthew Lepinski<mlepinski.i...@gmail.com> wrote:
For path validation (as opposed to origin validation), the path validation
algorithm returns one of two states. That is, either an update has a valid
signed path or it doesn't. (We discussed previously in SIDR whether there was a
useful third case for path validation, and the working group wasn't able to
come up with one.)
I think expired certificates qualifies. And a case can be made for strong
crypto algo vs weak crypto algo is a fourth one.
I'm puzzled by the comment re crypto strength. We don't have the TLS
situation where there
are lots of alg suites. We have one suite, and a well-documented (RFC
6915) process for
transitioning to a next suite.
Steve
_______________________________________________
sidr mailing list
sidr@ietf.org
https://www.ietf.org/mailman/listinfo/sidr