Sean,
...
Okay so I want to agree. But, I’m still trying to grok something you sent in
an earlier msg
(https://mailarchive.ietf.org/arch/msg/sidr/9vVsAheeeZMj7GI00nyGBDHBqPI) that I
think is related when you said:
RPs would not have to calculate/validate the SKI value; they would only
need to check for collisions within an AS.
No, and yes.
I was chatting with Sandy and noted that a compliant RP does have to
check that the
SKI is the has of the public key, as per RFC 6487. That RFC says that KI
values are computed
as SHA-1 hashes of the (relevant) public key (section 4.8.2), and that
RPs are supposed to
confirm this, as per item #3 in Section 7.2:
The certificate contains all fields that MUST be present, as
defined by this specification, *a**nd contains values for**
** selected fields that are **defined as allowable values by this**
** specification.
*This requirement is more stringent than what 5280 mandates. 5280
imposes requirements
on CAs wrt cert generation, but does not require that RPs verify that a
CA has adhered
to these requirements. This one-sided approach has not worked out well
in the PKI arena
in general, which is why the RPKI adopted a more symmetric model, i.e.,
specify what
each CA is supposed to do, and then have every RP verify that the CAs
are doing what they
are supposed to.
So, we can't change the hash alg used to compute KIs in the RPKI,
without a lot of effort,
something you alluded to later in your message.
Steve
_______________________________________________
sidr mailing list
sidr@ietf.org
https://www.ietf.org/mailman/listinfo/sidr