Re: [sidr] WGLC draft-sidr-rpki-rtr - take 2?

[Randy Bush <randy@psg.com>]

> 1) use md5 (as a MUST, with ssh as a MAY) and rev the doc at a later
> point to say that AO is a MUST and remove md5
> 2) move this doc along the path
> 3) get implementations of the protocol today to start using md5

the base problem is a conflict between having and liking running code
and that the transport coverage is not what we would want in the long
run.

we now have running code from all major players in the game (junos, ios,
and ios/xr) which use cleartext.  while this is clearly not desirable,
we wanted running code while the ietf did rinse repeat for as long as
amused it.

and we have cleartext server code on many unix and unix-wannabe
platforms.  there is also ssh server code on thos platforms.

one of the three major vendor platforms is testing ssh now.  the others
are probably hoping this ssh thing will go away. :)

in 2012, we will probably see AO on most router platforms.  this will be
driven as much or more by bgp's needs as rpki-rtr's.  unfortunately,
server implementations are likely to trickle in more slowly.

so, in the long run, we can do the 'right' thing, presuming fashions do
not change.  but, in the meantime, running code trumps.  so the doc will
probably stay as it is, most stuff will run over cleartext as ssh will
be slowly deploying.  next rev, we can go AO as mandatory.

no, i do not like this.  but i am running the validation stuff and am
not writing code, so i ain't complainin' too much.

randy