Re: [sidr] draft-ietf-sidr-repos-struct to Standards Track

[Stephen Kent <kent@bbn.com>]

At 12:53 PM +1000 7/18/11, Geoff Huston wrote:
>...
>How is this X.500 directory "tagging" achieved in other PKIs? Three 
>letter filename extension conventions? Or some other tag mechanism?

I was referring specifically to the X.500 directory, which tags via 
its ASN.1 encoding for data types. But, in reality nobody uses X.500. 
LDAP is used instead, and it is based on X.500 (more precisely, 
X.501).

LDAP directories are accessed using the LDAP protocol, so file names 
don't enter into the picture. One identifies the entry (by 
distinguished name) and the object type (class) within the entry by 
OID, and the requests that value of the object (speaking about 
retrieval).  It is up to the implementation of the LDAP protocol to 
find the right type of object based on the search parameters 
provided, and to update or retrieve the objects accordingly.

The RPKI repository design is very different. it is not intended to 
support searching the way X.500 or LDAP does. Our operational model 
says that every RP needs to retrieve the current version of every 
object at every pub point (to first order), periodically. We selected 
rsync as the access protocol, and it uses directory and file names to 
locate objects. So, given our access model and our choice of access 
protocol, I think we ought to assume that filenames are the 
appropriate object names, and filename extensions are a convenient 
object type indicator, for use with this protocol.

Some RPs might, for example decide to not download GB files because 
these files are not critical to ROA validation. I am told that one 
can use rsync to perform selective retrieval based on a filename 
extension, so the use of such extensions seems very reasonable, as a 
means of enabling such selective retrieval.

Steve