Re: [sidr] draft-ietf-sidr-repos-struct to Standards Track
Sandra Murphy <Sandra.Murphy@sparta.com> Tue, 19 July 2011 21:29 UTC
Return-Path: <Sandra.Murphy@cobham.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EF22522800F for <sidr@ietfa.amsl.com>; Tue, 19 Jul 2011 14:29:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.996
X-Spam-Level:
X-Spam-Status: No, score=-101.996 tagged_above=-999 required=5 tests=[AWL=0.603, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5u3YbWSXug1p for <sidr@ietfa.amsl.com>; Tue, 19 Jul 2011 14:29:34 -0700 (PDT)
Received: from M4.sparta.com (M4.sparta.com [157.185.61.2]) by ietfa.amsl.com (Postfix) with ESMTP id 1DA5A228006 for <sidr@ietf.org>; Tue, 19 Jul 2011 14:29:33 -0700 (PDT)
Received: from Beta5.sparta.com (beta5.sparta.com [157.185.63.21]) by M4.sparta.com (8.13.5/8.13.5) with ESMTP id p6JLTC9P016887; Tue, 19 Jul 2011 16:29:12 -0500
Received: from mailbin2.ads.sparta.com (mailbin.sparta.com [157.185.85.6]) by Beta5.sparta.com (8.13.8/8.13.8) with ESMTP id p6JLTBM9012620; Tue, 19 Jul 2011 16:29:12 -0500
Received: from SMURPHY-LT.columbia.ads.sparta.com ([157.185.81.116]) by mailbin2.ads.sparta.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.4675); Tue, 19 Jul 2011 17:29:11 -0400
Date: Tue, 19 Jul 2011 17:29:10 -0400
From: Sandra Murphy <Sandra.Murphy@sparta.com>
To: Terry Manderson <terry.manderson@icann.org>
In-Reply-To: <CA4C2EE9.17FA1%terry.manderson@icann.org>
Message-ID: <Pine.WNT.4.64.1107191720470.6484@SMURPHY-LT.columbia.ads.sparta.com>
References: <CA4C2EE9.17FA1%terry.manderson@icann.org>
X-X-Sender: sandy@mailbin.sparta.com
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"; format="flowed"
X-OriginalArrivalTime: 19 Jul 2011 21:29:11.0144 (UTC) FILETIME=[E648E680:01CC465A]
Cc: sidr wg list <sidr@ietf.org>
Subject: Re: [sidr] draft-ietf-sidr-repos-struct to Standards Track
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Jul 2011 21:29:35 -0000
On Tue, 19 Jul 2011, Terry Manderson wrote: > On 20/07/11 6:43 AM, "Randy Bush" <randy@psg.com> wrote: > >>> ok. So in which case before I give in to making repos-struct a PS, I would >>> want to see words somewhere that say that the validation choice for an RPKI >>> object file is to based on the filename in the manifest and not on the >>> transferred filename. >> >> again, the manifest may represent a proper subset of the valid objects in the >> directory >> > > Which I think is sloppy behaviour. It is a fundamental part of the proposed repository structure. The following text from section 2.2 of the repos-struct draft: The RPKI design requires that a CA be uniquely associated with a single key pair. Thus, the administrative entity that is a CA performs key rollover by generating a new CA certificate with a new Subject name, as well as a new key pair [I-D.ietf-sidr-keyroll]. (The reason for the new Subject name is that in the context of the RPKI the Subject names in all certificates issued by a CA are intended to be unique, and because the RPKI key rollover procedure creates a new instance of a CA with the new key, the name constraint implies the need for a new Subject name for the CA with the new key.) In such cases the entity SHOULD continue to use the same repository publication point for both CA instances during the key rollover, ensuring that the value of the AIA extension in indirect subordinate objects that refer to the certificates issued by this CA remain valid across the key rollover, and that the re-issuance of subordinate certificates in a key rollover is limited to the collection of immediate subordinate products of this CA. In such cases the repository publication point will contain the CRL, manifest and subordinate certificates of both CA instances. says that in times of CA key rollover, the publication point directory should contain two manifests and all the files from both manifests. So neither manifest contains all the files names in the directory. --Sandy, speaking as wg chair > > T. > > _______________________________________________ > sidr mailing list > sidr@ietf.org > https://www.ietf.org/mailman/listinfo/sidr >
- [sidr] draft-ietf-sidr-repos-struct to Standards … Stewart Bryant
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Stephen Kent
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Geoff Huston
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Rob Austein
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Geoff Huston
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Rob Austein
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Terry Manderson
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Terry Manderson
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Geoff Huston
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Stephen Kent
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Stephen Kent
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Geoff Huston
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Terry Manderson
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Terry Manderson
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Terry Manderson
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Randy Bush
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Randy Bush
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Tim Bruijnzeels
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Terry Manderson
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Randy Bush
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Terry Manderson
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Randy Bush
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Terry Manderson
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Rob Austein
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Tim Bruijnzeels
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Sandra Murphy
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Sandra Murphy
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Sandra Murphy
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Randy Bush
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Terry Manderson
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Randy Bush
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Terry Manderson
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Terry Manderson
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Terry Manderson
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Sandra Murphy
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Sandra Murphy
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Terry Manderson
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Stephen Kent
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Stephen Kent
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Rob Austein
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Stephen Kent
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Terry Manderson
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Andrew Chi
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Terry Manderson
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… t.petch
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Stephen Kent
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… Stephen Kent
- Re: [sidr] draft-ietf-sidr-repos-struct to Standa… t.petch
- [sidr] draft-ietf-sidr-repos-struct - Track Stewart Bryant