Christopher Morrow <morrowc.li...@gmail.com> writes: > Pinging this thread to catch anyone who didn't reply but had thoughts > I'd like to close this out tomorrow before 5pm EST (10pm UTC).
I've been considering the concept behind this document and whether the concept should be carried forward by the working group. To me the starting ID is frequently badly written or has too few editors, etc. That always changes over time, so I'm not concerned about that issue in particular until it is proven that no one will take it up (and many won't volunteer for a question mark). So, on to the concept: in my younger years I was very strict and I would have been against this concept from the beginning, because it does bring the status of a given certificate into question. But my older and wiser self has seen far too many difficult and failed protocol deployments because of the complexity associated with "everyone everywhere needs to do the right thing all the time". To me, the validation reconsidered proposal mitigates some of the very likely real-world, real-human deployment scenarios. And I don't think that the RPKI publicity side can take too many negative hits (again, because I've watched too many other protocols slow down at the minimum when negative publicity hits them). In short, the validation reconsidered concept reduces the real-world impact of necessary and accidental changes, which to me means a deployment base that will be stronger even though we're "allowing more". Does that do strange things to the status of a given certificate? Yes, it definitely does. I know this will ruffle some feathers: but I believe the goal of the RPKI was to make a decision, based on available data, about the ability to trust that origin's announcement. Everything else has come after, or more likely as a result of implementing, that goal. The RPKI makes use of PKIX and certificates to achieve that goal, and along the way became a fundamental staple that we're hesitant to change. In the end, however, when I look at the primary original goal, along with the need for a robust deployment, the validation reconsidered proposal seems well worth the trade offs. -- Wes Hardaker Parsons _______________________________________________ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr
