Re: [Sidr] Rsync
Stephen Kent <kent@bbn.com> Wed, 19 March 2008 17:16 UTC
Return-Path: <sidr-bounces@ietf.org>
X-Original-To: ietfarch-sidr-archive@core3.amsl.com
Delivered-To: ietfarch-sidr-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A2DBB3A6E6E; Wed, 19 Mar 2008 10:16:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -100.677
X-Spam-Level:
X-Spam-Status: No, score=-100.677 tagged_above=-999 required=5 tests=[AWL=-0.240, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_ORG=0.611, RDNS_NONE=0.1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lQ61UBeCV8Js; Wed, 19 Mar 2008 10:16:37 -0700 (PDT)
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 984543A6F6E; Wed, 19 Mar 2008 10:16:34 -0700 (PDT)
X-Original-To: sidr@core3.amsl.com
Delivered-To: sidr@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 45AE33A6F66 for <sidr@core3.amsl.com>; Wed, 19 Mar 2008 10:16:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4RXW81NCX2HS for <sidr@core3.amsl.com>; Wed, 19 Mar 2008 10:16:32 -0700 (PDT)
Received: from mx12.bbn.com (mx12.bbn.com [128.33.0.81]) by core3.amsl.com (Postfix) with ESMTP id 4A1AD28C2D8 for <sidr@ietf.org>; Wed, 19 Mar 2008 10:16:23 -0700 (PDT)
Received: from dhcp89-089-071.bbn.com ([128.89.89.71]) by mx12.bbn.com with esmtp (Exim 4.60) (envelope-from <kent@bbn.com>) id 1Jc1rZ-0006xF-4v; Wed, 19 Mar 2008 13:14:05 -0400
Mime-Version: 1.0
Message-Id: <p06240506c406f981ba47@[128.89.89.71]>
In-Reply-To: <47E03B72.3040301@apnic.net>
References: <mailman.17.1205434814.25117.sidr@ietf.org><4D22EF37-FCF2-48BB-889F-8FE8C1 7A1B04@aepnetworks.com> <47DE5161.3030104@ripe.net> <004201c88855$c77f8540$6e00a8c0@ad.redback.com> <47DF04FB.9020103@apnic.net> <p06240503c40591103fc4@[128.89.89.71]> <Pine.WNT.4.64.0803181319130.928@SANDYM-LT.columbia.ads.sparta.com> <47E03B72.3040301@apnic.net>
Date: Wed, 19 Mar 2008 13:14:19 -0400
To: Geoff Huston <gih@apnic.net>
From: Stephen Kent <kent@bbn.com>
Cc: "'Michele (Mike) Hjorleifsson'" <mikeh@aepnetworks.com>, sidr@ietf.org
Subject: Re: [Sidr] Rsync
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: sidr-bounces@ietf.org
Errors-To: sidr-bounces@ietf.org
At 9:00 AM +1100 3/19/08, Geoff Huston wrote: >>On Tue, 18 Mar 2008, Stephen Kent wrote: >> >>>At 9:55 AM +1000 3/18/08, Robert Loomans wrote: >><snip> >>>It has been suggested that access to repositories might be >>>TLS-protected, even though the data is intended to be widely >>>available. The motivation is that requiring a TLS credential (issued >>>under the RPKI) could be used to reject DoS attacks by complete >>>outsiders. >> > > >Perhaps the clarifying question is: are you talking about read >access or write access? With regard to DoS concerns, I was talking about read access. >The comments I've seen that support the notion of no need for TLS >support appear to refer to read access, where anyone can be a >relying party and the combination of manifests and digital >signatures on retrieved objects is sufficient to ensure that the >relying party can determine the completeness and validity of the >retrieved information. I agree that write access poses greater access control concerns in general, but we should care about DoS in the context of read access. Since I was the one who made the comments, I guess I didn't make them clearly enough :-). >The comments I've seen in favour of TLS appear to refer to write >access where a CA or EE has outsouced the publication repository >management function to a third party and there may be some need for >a secured channel of write access as a means of DOS protection. Yes. There are lots of options here, and it is not clear if we need to have one standard way to do this, or just say that suitable access controls need to be employed, and give examples of reasonable ways to achieve such. >The drafts on this topic (draft-huston-sidr-repos-struct-01.txt, and >draft-ietf-sidr-res-certs-09.txt) refer only to read access. right. Steve _______________________________________________ Sidr mailing list Sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr
- [Sidr] Rsync Michele (Mike) Hjorleifsson
- Re: [Sidr] Rsync Robert Kisteleki
- Re: [Sidr] Rsync Tony Li
- Re: [Sidr] Rsync Michele (Mike) Hjorleifsson
- Re: [Sidr] Rsync Robert Loomans
- Re: [Sidr] Rsync Robert Loomans
- Re: [Sidr] Rsync Michele (Mike) Hjorleifsson
- Re: [Sidr] Rsync Robert Loomans
- Re: [Sidr] Rsync Geoff Huston
- Re: [Sidr] Rsync Robert Loomans
- Re: [Sidr] Rsync Stephen Kent
- Re: [Sidr] Rsync Sandra Murphy
- Re: [Sidr] Rsync Stephen Kent
- Re: [Sidr] Rsync Geoff Huston
- Re: [Sidr] Rsync Michele (Mike) Hjorleifsson
- Re: [Sidr] Rsync Robert Loomans
- Re: [Sidr] Rsync Stephen Kent