IETF Logo Mail Archive

Re: [sidr] Origin Ops, TALs and Local TAs

Christopher Morrow <morrowc.lists@gmail.com> Tue, 29 November 2011 15:36 UTC

Return-Path: <christopher.morrow@gmail.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0E1891F0C46 for <sidr@ietfa.amsl.com>; Tue, 29 Nov 2011 07:36:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.299
X-Spam-Level:
X-Spam-Status: No, score=-103.299 tagged_above=-999 required=5 tests=[AWL=0.300, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dR9-9ZGuqEfP for <sidr@ietfa.amsl.com>; Tue, 29 Nov 2011 07:36:27 -0800 (PST)
Received: from mail-gx0-f172.google.com (mail-gx0-f172.google.com [209.85.161.172]) by ietfa.amsl.com (Postfix) with ESMTP id 7306221F8C3F for <sidr@ietf.org>; Tue, 29 Nov 2011 07:36:27 -0800 (PST)
Received: by ggnp4 with SMTP id p4so8039945ggn.31 for <sidr@ietf.org>; Tue, 29 Nov 2011 07:36:27 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type; bh=/5Gu9vXh8ldqpzXkw8seslVBQkJ/C+XLK3bnQfJoCUc=; b=NK/4l0ieQff5gigNb5JmmKnS1wPfmqNb5GWSJGOJHZ0nSiHTOIzpy4bw06VFjkF5tR 76nCdfQfWpyeg3NFCCH0Zic8KaRWQwP8tVCdUpRdhEkJX1TCY7hH8VOoaR+Ru/timdyV CHyPQKpsOlyxPHRAdO5gnwQoygPs0XT5jttGo=
MIME-Version: 1.0
Received: by 10.50.104.137 with SMTP id ge9mr55639144igb.38.1322580986763; Tue, 29 Nov 2011 07:36:26 -0800 (PST)
Sender: christopher.morrow@gmail.com
Received: by 10.231.207.78 with HTTP; Tue, 29 Nov 2011 07:36:26 -0800 (PST)
In-Reply-To: <p06240801cafaa8c5e519@128.89.89.6>
References: <80D9C12A-354E-4A90-8E97-946519E499D0@tcb.net> <p06240801cae79ccfa546@172.20.1.65> <72E12AD7-CFAF-4FBD-8A98-F93038F7E8FB@tcb.net> <p06240803caf95d6f5166@128.89.89.6> <CAL9jLaZ7ccqD6gkyy1Rd2gdqwf3=C28D77Y1YSb2eMRGn8OGoQ@mail.gmail.com> <p06240801cafaa8c5e519@128.89.89.6>
Date: Tue, 29 Nov 2011 10:36:26 -0500
X-Google-Sender-Auth: UdnVUiwkPnDNIiU_STimRQyaqPE
Message-ID: <CAL9jLabQgB-Fd1LQV0J0q2zqGYjodVAyOHTS7rh6hosigqiiiw@mail.gmail.com>
From: Christopher Morrow <morrowc.lists@gmail.com>
To: Stephen Kent <kent@bbn.com>
Content-Type: text/plain; charset="ISO-8859-1"
Cc: sidr@ietf.org
Subject: Re: [sidr] Origin Ops, TALs and Local TAs
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Nov 2011 15:36:28 -0000

On Tue, Nov 29, 2011 at 10:27 AM, Stephen Kent <kent@bbn.com> wrote:
> There are controls to allow RPs to ignore the expiration of the certs for
> the widget maker, but that's not the best outcome. Ultimately the widget
> maker
> would like to have a new CA cert issued to it, and continue to manage the'
> corresponding CRL, manifest, and ROA(s). All of that can be accommodated
> using the LTA mechanisms, but it will become complex if there are a lot of
> exceptions of this sort.

I think this last bit gets at danny's concern (after the 'but every
asn in the path has to agree that the root is wrong' bit)... lots more
complexity here is not helpful :(

-chris

v2.23.0 | Report a Bug | By Email