Geoff,
So, if the adverse actions draft is adopted by the WG, we (the WG) could use
the requirements stemming from these two IDs as the basis for a solution(s)
document.
And that in a nutshell is exactly why I oppose the adoption of this document.
It appears to me that this step assumes that the adverse actions has catalogued
avery possible problem
Sorry for not being clear. I did not mean to imply that this work is
100% complete or to pre-empt the WG's right to modify the draft and
decide when it is complete. It could well be, as you suggest, that the
adverse actions draft requires extension and modification. And that is
the WG's prerogative. However, I do believe this draft provides a good
starting place for WG collaboration on the issue of what threats are
faced by the RPKI and how they would impact it. And such an analysis
(once vetted and approved by the WG) would provide useful input towards
picking which vulnerabilities most need addressing and how to address
them, even if the analysis was not 100% comprehensive.
and now all we need to do now is to replace the magic placeholders with some
action or other. I’m sorry but this premise is just not realistic and this
approach in the draft is just not realistic for me.
I'm confused by this statement. The threat analysis/attack model does
not magically produce solutions. What the draft does (IMHO) is to
methodically go through possible attacks and describe the resulting
impact if the attack is successful. Whether or not the list of attacks
is 100% complete, one can use the analysis to (a) prioritize the
identified attacks/vulnerabilities as to impact (and therefore
importance to mitigate) (b) generate the corresponding requirements for
the solutions and (c) identify those attacks/vulnerabilities for which
no reasonably feasible mitigation can be found, so that we know those
dangers remain. I agree that the more complete the analysis the better
but I wouldn't throw out the approach.
Just personal preference, but I would like the Working Group to
address some basic design issues here that invoke brittleness in all
kinds of known and unknown ways rather than play hunt the wumpus with
some supposedly comprehensive list of everything that could ever
possibly go wrong. ever. regards, Geoff
Could the problem cases you mention in your draft be added to the
adverse actions draft? For example, there are categories for when the
CA makes various kinds of errors.
Thank you,
Karen
_______________________________________________
sidr mailing list
sidr@ietf.org
https://www.ietf.org/mailman/listinfo/sidr